An Attack Surface is the sum of all possible security risk exposures. It can also be explained as the aggregate of all known, unknown, and potential vulnerabilities, and controls across all hardware, software, and network components. Tapping into different locations, components, and layers (including hardware/software) of the target system, an attacker can exploit one or more vulnerabilities and mount an attack, for example, extract secret information from a system.
In the context of hardware security, attack surfaces define the level of abstraction in which the attacker focuses on launching a hardware attack. Keeping the attack surface as small as possible is a common goal for developing countermeasures. With respect to hardware security, three main attack surfaces are as follows.
Chip Level Attacks
Chips can be targeted for reverse engineering, cloning, malicious insertion, side-channel attacks, and piracy. Counterfeit or fake chips can be sold as original units if the attacker can create a copy that has a similar appearance or features as the original. Trojan-infected chips can also find their place in the supply chain, which can pose a threat of unauthorized access, or malfunction. Side-channel attacks can be mounted on a chip with the goal to extract secret information stored inside it. For example, a cryptochip performing encryption with a private key, or a processor running protected code and/or operating on protected data are both vulnerable to leakage of secret information through this attack.
PCBs are common targets for attackers, as they are much easier to reverse engineer and tamper than ICs. Design information of most modern PCBs can be extracted through relatively simple optical inspection (for example, X-Ray tomography) and efficient signal processing. Primary goals for these attacks are to reverse engineer the PCB, and obtain the schematic of the board to redesign it and create fake units. Attackers may also physically tamper a PCB (for instance, cut a trace or replace a component) to make them leak sensitive information, or bypass DRM protection.
Complex attacks involving the interaction of hardware-software components can be mounted on the system. By directly focusing on the most vulnerable parts in a system, such as DFT infrastructure at PCB level (for example, JTAG) and memory modules, attackers may be able to compromise the system’s security by gaining unauthorized control and access to sensitive data.