If you suspect your device may be vulnerable to cloning, it probably is! Often-cloned products include consumables like battery packs,
digital-content playback devices, and electronic product peripherals.
Designers must understand the types of
attacks their product is likely to face. Some
attacks duplicate the design entirely, which
happened in 2006 with a well known cell-phone platform. More common attacks involve
the reverse engineering of interface protocols.
Still others extract unlock codes or re-enlist a
depleted consumable.
A common defense is to use obfuscated
source code. Use caution, though, as it can
hinder debugging and code verification and
helps little when attackers directly copy binaries or use debugging environments.
A better set of anti-cloning tools includes protected device keys, microprocessors with hardware support for cryptography, and robust
authentication protocols. Many traditionally
constrained computing environments now contain enough processing power to enable standard, well-reviewed cryptographic protocols. When possible, devices
should have individual keys that can be managed and revoked.
Look for memory protection, on-chip ROM,
JTAG disablement, and security fuses. Implementations should be resistant to side channel
attacks like timing attacks and differential power analysis. High-security applications should
disable ASIC scan and other silicon debug features. And, protect verification processes.
Some game consoles can be "chipped" to
bypass copy protection mechanisms.
Seek experienced security reviews, as a single implementation problem can render a
security system useless. Also, take care in key
issuance, storage, and revocation, as these
design choices affect SKU management costs
and may hinder recovery from in-field attacks.
