Fault Evaluation for Security-Critical Communications Devices by Rae, Andrew et al.
0018-9162/06/$20.00 © 2006 IEEE 61P u b l i s h e d  b y  t h e  I E E E  C o m p u t e r  S o c i e t y
R E S E A R C H  F E A T U R E
From a security perspective, the major worry is not
catastrophic failure, since a communications device that
shuts down can’t leak classified information. Rather, the
focus is on checking for silent failures, which compro-
mise the device’s security function in some way not obvi-
ous to its operator. A communications device in an
extremely sensitive environment, such as a government
or military network, could therefore contain elaborate
mechanisms to check that the device is working securely.
Unfortunately, these elaborate mechanisms often come
with their own set of security problems. 
Assessing the consequences of an individual failure is
a tedious but straightforward process. The problem gets
exponentially more complicated when the task is to
identify complicit faults, in which two or more (possi-
bly silent) failures that are harmless individually com-
bine to create an insecure situation. For example, a
device with 15 security-critical components—a simplis-
tic case—has 32,767 component groups that could result
in complicit faults. Evaluating this many alternatives
rapidly becomes impractical. 
What makes the conjunction of silent and complicit
failures so dangerous is that an undetected silent fault can
lie dormant until it becomes part of a complicit fault. Even
if individual component failures occur rarely, this greatly
increases the likelihood of multiple simultaneous failures.
Moreover, every communications device is different, and
the quality of each information security evaluation ulti-
mately relies on the evaluator’s skills and experience. 
Communications devices for government or military applications must keep data secure,
even when their electronic components fail. Combining information flow and risk analyses
could make fault-mode evaluations for such devices more efficient and cost-effective.
Andrew Rae, Invensys Rail Systems Australia
Colin Fidge, Queensland University of Technology
Luke Wildman, The University of Queensland
C ommunications devices that aim to safeguardclassified information in government and mili-tary networks must have highly reliable anddependable security functions that continue evenwhen a component within the device fails. Ensur-
ing that level of reliability and dependability is a formida-
ble task, demanding a careful evaluation of all security con-
sequences stemming from each possible failure. This, in
turn, requires analyzing the device’s design and construc-
tion in great detail, an exercise that can be tedious and error
prone. A domain-separation device, for example, which
lets operators control information flow between high- and
low-security networks, can include dozens of components
whose failure could affect information security.
Some commonly used domain-separation devices are
data diodes, which allow one-way information flow
only; multicomputer switches, which let different secu-
rity domains share peripheral devices; context filters,
which constrict information flow; and cryptographic
devices, which allow the transmission of classified infor-
mation over insecure networks.
International standards, such as the Common Criteria
for Information Technology Security Evaluation,1 offer
frameworks and bookkeeping tools for performing secu-
rity evaluations,2 but such standards provide little spe-
cific technical guidance, especially for high-grade
evaluations. Traditional techniques for analyzing elec-
tronic circuitry3 are also somewhat useful but fall short
of addressing specific security evaluation needs.
Fault Evaluation for
Security-Critical
Communications Devices
    May 2006
62 Computer
11
22
33
44
55
66
D
D
C
C
B
B
A
A
Ti
tle
N
um
be
r
R
ev
is
io
n
Si
ze B D
at
e:
2/
02
/2
00
6
Sh
ee
t  
  o
f
Fi
le
:
Y
:\p
ro
te
l\S
he
et
1.
Sc
h
D
ra
w
n 
B
y:
M
C
LR
/V
PP
1
R
A
0/
A
N
0
2
R
A
1/
A
N
1
3
R
A
2/
A
N
2/
V
re
f-
4
R
A
3/
A
N
2/
V
re
f+
5
R
A
5/
A
N
4/
SS
7
R
E0
/R
D
/A
N
5
8
R
E1
/W
R
/A
N
6
9
R
E2
/C
S/
A
N
7
10
V
dd
11
V
ss
12
R
C
0/
T1
O
SI
/T
1C
K
I
15
R
C
1/
T1
O
SI
/C
C
P2
16
R
C
2/
C
C
P1
17
R
C
3/
SC
K
/S
C
L
18
R
A
4/
T0
C
K
I
6
R
D
0/
PS
P0
19
R
D
1/
PS
P1
20
O
SC
1/
C
LK
IN
13
O
SC
2/
C
LK
O
U
T
14
R
B
7/
PG
D
40
R
B
6/
PG
C
39
R
B
5
38
R
B
4
37
R
B
3/
PG
M
36
R
B
2
35
R
B
1
34
R
B
0/
IN
T
33
V
dd
32
V
ss
31
R
D
7/
PS
P7
30
R
D
6/
PS
P6
29
R
D
5/
PS
P5
28
R
D
4/
PS
P4
27
R
C
7/
R
X
/D
T
26
R
C
6/
TX
/C
K
25
R
C
5/
SD
O
24
R
C
4/
SD
I/S
D
A
23
R
D
3/
PS
P3
22
R
D
2/
PS
P2
21
U
8
Z1
cr
ys
ta
l
C
14
15
pf
C
13
15
pf
V
C
C
V
C
C
C
4
0.
01
uF
C
5
0.
01
uF
m
ai
n 
C
PU
R
1
47
0
V
C
C
C
11
10
uF
C
12
10
0n
F
C
10
10
0u
F
R
2
22
0
1 2
JP
5
PO
W
ER
 L
ED
12
JP
4
PO
W
E
R
M
C
LR
/V
PP
1
R
A
0/
A
N
0
2
R
A
1/
A
N
1
3
R
A
2/
A
N
2/
V
re
f-
4
R
A
3/
A
N
2/
V
re
f+
5
R
A
5/
A
N
4/
SS
7
R
E0
/R
D
/A
N
5
8
R
E1
/W
R
/A
N
6
9
R
E2
/C
S/
A
N
7
10
V
dd
11
V
ss
12
R
C
0/
T1
O
SI
/T
1C
K
I
15
R
C
1/
T1
O
SI
/C
C
P2
16
R
C
2/
C
C
P1
17
R
C
3/
SC
K
/S
C
L
18
R
A
4/
T0
C
K
I
6
R
D
0/
PS
P0
19
R
D
1/
PS
P1
20
O
SC
1/
C
LK
IN
13
O
SC
2/
C
LK
O
U
T
14
R
B
7/
PG
D
40
R
B
6/
PG
C
39
R
B
5
38
R
B
4
37
R
B
3/
PG
M
36
R
B
2
35
R
B
1
34
R
B
0/
IN
T
33
V
dd
32
V
ss
31
R
D
7/
PS
P7
30
R
D
6/
PS
P6
29
R
D
5/
PS
P5
28
R
D
4/
PS
P4
27
R
C
7/
R
X
/D
T
26
R
C
6/
TX
/C
K
25
R
C
5/
SD
O
24
R
C
4/
SD
I/S
D
A
23
R
D
3/
PS
P3
22
R
D
2/
PS
P2
21
U
11
V
C
C
V
C
C
C
6
0.
01
uF
C
7
0.
01
uF
2n
d 
C
PU
910
8
U
6C
M
C
74
F0
8
re
d 
by
pa
ss
 =
 1
re
d 
da
ta
 in
12
3
U
6A
M
C
74
F0
8
sh
ut
do
w
n 
= 
1
bl
ac
k 
by
pa
ss
 =
 1
re
d 
te
xt
 o
ut
bl
ac
k 
te
xt
 in
bl
ac
k 
te
xt
 o
ut
1234561112
8
U
3
SN
74
LS
30
45
6
U
6B
M
C
74
F0
8
PR
E
4
C
LK
3
D
2
C
LR
1
Q
5
Q
6
U
2A
M
C
74
F7
4
V
C
C
C
16
15
 p
f
C
15
15
 p
f
R
4
47
0
4
13
A
7D
R
ES
PA
C
K
1
4
13
A
8D
R
ES
PA
C
K
1
6
11
A
8F
R
ES
PA
C
K
1 7
10
A
8G
R
ES
PA
C
K
1 7
10
A
9G
R
ES
PA
C
K
1 8
9
A
9H
R
ES
PA
C
K
1
8
9
A
7H
R
ES
PA
C
K
1
2
15
A
8B
R
ES
PA
C
K
1 3
14
A
8C
R
ES
PA
C
K
1 5
12
A
9E
R
ES
PA
C
K
1 6
11
A
9F
R
ES
PA
C
K
1
6
11
A
7F
R
ES
PA
C
K
1 7
10
A
7G
R
ES
PA
C
K
1
5
12
A
7E
R
ES
PA
C
K
1
3
14
A
9C
R
ES
PA
C
K
1 4
13
A
9D
R
ES
PA
C
K
1
2
15
A
9B
R
ES
PA
C
K
11
16
A
9A
R
ES
PA
C
K
1
3
14
A
7C
R
ES
PA
C
K
1
1
16
A
8A
R
ES
PA
C
K
1
V
C
C
V
C
C
V
C
C
V
C
C
1
2
3
U
4A
M
C
14
07
7B
5
6
4
U
4B
M
C
14
07
7B
5
6
4
U
5B
M
C
14
07
7B
8
9
10
U
4C
M
C
14
07
7B
8
9
10
U
5C
M
C
14
07
7B
12
13
11
U
4D
M
C
14
07
7B
1
2
3
U
5A
M
C
14
07
7B
12
13
11
U
5D
M
C
14
07
7B
2
15
A
7B
R
ES
PA
C
K
1 8
9
A
8H
R
ES
PA
C
K
1
1
16
A
7A
R
ES
PA
C
K
1
R
1I
N
13
R
2I
N
8
T1
IN
11
T2
IN
10
GND
15
V+
2
V-
6
VCC
16
R
1O
UT
12
R
2O
UT
9
T1
O
U
T
14
T2
O
U
T
7
C
1+
1
C
2+
4
C
1-
3
C
2-
5
U
1
ST
23
2 
R
S-
23
2 
D
ri
ve
rs
 a
nd
 R
ec
ei
ve
rs
+
C
8
1u
F
+
C
9
1u
F
+
C
2
1u
F
+
C
3
1u
F
+
C
1
1u
F
V
C
C
Re
d 
Tx
 in
 p
in
 2 R
ed
 R
x 
ou
t p
in
 1
Bl
ac
k 
Tx
 in
 p
in
 2
Bl
ac
k 
R
x 
ou
t p
in
 1
5
12
A
8E
R
ES
PA
C
K
1
Z2 cr
ys
ta
l
12
3
U
7A
M
C
74
F3
2 45
6
U
7B
M
C
74
F3
2
1
2
3
U
10
A
M
C
74
F1
25
4
5
6
U
10
B
M
C
74
F1
25
10
9
8
U
10
C
M
C
74
F1
25
R
5
22
0
R
7
22
0
1
1
2
2
R
6
22
0
sh
ut
do
w
n 
= 
1
go
od
 =
 0
cl
oc
k 
sy
nc
 =
 1
1
2
JP
7
fa
ul
t i
ns
er
t
1
2
JP
8
V
cc
1
2
JP
9
G
nd
123
JP
6
m
od
e 
le
ds
le
d 
tu
rn
s 
on
 w
ith
 "0
'
R
3
22
0
12
JP
3
B
la
ck
 d
at
a12
JP
1
R
ed
 D
at
a
1
2
JP
10
Sh
ut
do
w
n
1
2
JP
2
R
es
et
 s
w
itc
h
R
1I
N
13
R
2I
N
8
T1
IN
11
T2
IN
10
GND
15
V+
2
V-
6
VCC
16
R
1O
U
T
12
R
2O
U
T
9
T1
O
U
T
14
T2
O
U
T
7
C
1+
1
C
2+
4
C
1-
3
C
2-
5
U
9
ST
23
2 
R
S-
23
2 
D
riv
er
s 
an
d 
R
ec
ei
ve
rs
+
C
20
1u
F
+
C
18
1u
F
+
C
19
1u
F
+
C
17
1u
F
+
C
21
1u
F
V
in
3
GND
2
+5
V
1
T1
M
C
78
L0
5C
P
V
C
C
V
C
C
Figure 1. Schematic of the prototype cryptographic device in the case study (rotate to view). Classified data arrives (top left) and
goes to the two microprocessors (middle and right) for encryption.The circuitry at the top right checks the resulting encrypted
data, and the data leaves via the switching circuit (bottom left).
Obviously, there can be no magic-
bullet solution. Nevertheless, a well-
defined evaluation process can
make the identification task more
effective and efficient and provide
a framework for producing clearer,
more succinct information security
reports.
To that end, we have evolved a
rigorous way to structure the
search for information security
fault modes that combines tech-
niques from information flow and
risk analysis. In a case study of a
prototype cryptographic device,4
we found that security evaluations
were more thorough and that it
was easier to organize a sound
overall case for evidence that supports or refutes the
device’s alleged security level.
THE EVALUATION CHALLENGE
Figure 1 is a schematic of a prototype cryptographic
device,4 one of several domain-separation devices that
Australia’s Defence Signals Directorate produced as
unclassified experimental testbeds. The device encrypts
the plaintext data it receives from a high-security com-
puter and sends the encrypted data to a low-security net-
work. (It also decrypts data it receives from the network,
but our focus in this article is encryption.) 
The device uses one of several encryption algorithms,
depending on its operating mode. It also has a nonen-
crypting bypass mode, which lets binary data pass
through it when the network connection is initializing.
The device also has an integral self-diagnostic feature,
intended to ensure that it is encrypting classified infor-
mation correctly. 
If the device detects a fault in the encryption process,
it shuts itself down until the operator presses a fault-
reset button. As a safeguard against silent failures in the
self-diagnosis circuit itself, the operator can activate a
fault-insert switch, which causes the internal check to
fail and should immediately stop device communication.
As Figure 1 shows, the device has two serial RS-232
connectors (left) for interfacing to the high-security com-
puter and low-security network. A main microprocessor
(center) performs the encryption functions and controls
the device’s overall operating mode. A redundant second
microprocessor (right) duplicates the encryption process
(presumably using independently developed software). 
Both processors send their encrypted data, as parallel
8-bit bytes, to a comparison circuit (top right), which
activates a flip-flop (top left) to disable dataflow to the
high-security output if the encrypted bytes do not match.
A switching circuit (bottom left) includes an inhibitory
shutdown buffer and various logic gates that the main
microprocessor uses to switch dataflow according to
whether the device is in encryption or bypass mode.
From this circuitry tangle, our challenge was to pro-
duce a comprehensive, accurate, and succinct informa-
tion security report that documents the consequences to
security of one or more component failures.
AN EFFICIENT EVALUATION PROCESS
Our process comprises three main steps: extract one
or more dataflow backbones, extract sources of control
signals, and conduct a fault-mode analysis. Although
we focus on the analysis of overt information flow, the
process is also suitable for evaluating covert informa-
tion flow.
Extracting the backbone
This step begins with an information flow trace to
identify the device’s security-critical communications
backbone—the path (or paths) of potential dataflow
from high-security sources to low-security sinks.
Using the schematic in Figure 1, we applied our under-
standing of the device’s design to sort the connections
into two classes. A data connection carries information
that is meaningful in the external security domains, in
particular, classified information. Conversely, a control
connection carries signals that are meaningful only to
the device’s internal components. 
The backbone emerges from a trace of all information
flow paths emanating from sources of high-security data.
These include inputs from the high-security domain and
generators of classified information such as encryption
keys and passwords. The backbone terminates at com-
ponents that block the flow of high-security data or at
low-security data sinks. Of particular interest are out-
puts accessible from the low-security domain.
Figure 2 shows the dataflow backbone for the crypto-
graphic device in its normal operating modes. On the left
is RS-232 connector JP1 and RS-232 receiver U1, which
63
JP3
U6C
U8
Main
CPU
U11
U10CJP1
Encryption/bypass
mode switching
High-
security
connector
U10A
U5A Low-
security
connector
JP7
Comparison logic
[similarly for gates
U5B-D and U4A-D]
U7B
Shutdown
gate
Fault insert switch
U1
RS232
Rx
U9
RS232
TX
2nd
CPU
Figure 2.The cryptographic device’s dataflow backbone in normal operating modes.
Classified data arrives at left. In bypass mode, it follows the uppermost path and exits
right. In encryption mode, it goes to the microprocessors for encryption and exits right
via the shutdown gate.
    May 2006
64 Computer
ating modes. In encryption mode, the primary informa-
tion pathway for encrypted data is from the main
processor through gates U10C, U7B, and U10A and
then to RS-232 driver U9 and RS-232 connector JP3,
which form the interface to the low-security network.
Simultaneously, both the main and secondary proces-
sors send the results of their encryption algorithms to
the comparison circuit through an array of eight XNOR
gates (Figure 2 shows only one of these), U4A to U4D
and U5A to U5D. The comparison circuit uses this infor-
mation to generate an inhibitory shutdown signal, which
ultimately controls buffer U10A, if the encrypted bytes
differ. (Because most of the comparison circuitry
processes control signals only, we exclude the compar-
ison circuit from the dataflow backbone in Figure 2.) In
addition, the main processor’s output to XNOR gate
U5A goes through fault insert switch JP7, which, when
activated, breaks the connection to force the two proces-
sors’ outputs to be different.
In bypass mode, the main processor enables AND gate
U6C to let information flow through the device without
going through the processors. Thus, the (static) circuitry
diagram in Figure 2 combines all possible high-to-low
security information flow in any of the device’s (dynamic)
modes.
Already, the backbone diagram offers a much clearer
view of security-critical information flow through the
device than the original schematic diagram. However, a
security evaluator must perform similar backbone dis-
sections for all pairs of high-security data sources and
low-security data sinks. In addition, an evaluation should
derive backbones for all possible fault modes of compo-
nents into which high-security data might flow, especially
modes that could reroute classified information flow into
either data or control pathways. In Figure 1, a direct con-
nection from RS-232 converter U9 to main processor
U8 is part of the decryption data path from the low-
security network to the high-security computer. Thus,
the evaluator might want to explore a backbone in
which a software error causes processor U8 to attempt
to use this connection in reverse, sending classified infor-
mation directly to the low-security network.
Extracting control-signal sources
The next step is to consider the sources of the control
signals that influence each extracted backbone’s behav-
ior. Finding such signals requires tracing backward from
all backbone components that have a control input until
reaching the control signal’s origin.
The dataflow backbone in Figure 2, for example, has
three logic gates, U6C, U10C, and U10A, which form
part of the high-to-low dataflow path and have addi-
tional control inputs. We needed to trace each of these
inputs back to its source. 
Figure 3 shows the device’s control paths terminating
at gates U6C and U10C. It reveals that not only are both
together form the interface to the high-security computer.
(Labels with “U” refer to particular physical chips on the
processor board; for example, label U6C denotes the third
gate on the sixth chip.) From here, high-security data flows
in three directions, depending on the operating mode,
which the main processor controls. In encryption mode,
classified information goes to both main processor U8 and
secondary processor U11 for encryption. In bypass mode,
information from the high-security computer travels via
AND gate U6C toward the low-security output. 
The main processor controls logic gates U6C and
U10C to switch between encryption and bypass oper-
U8
U6C
U10C
Main
CPU
Figure 3. Control flow leading into the encryption/bypass
switching gates. A single signal from the microprocessor con-
trols two complementary logic gates. In bypass mode, data
from the high-security domain flows through gate U6C; in
encryption mode, it flows through gate U10C.
Clock
sync
Flip-
flop
U6BComparison logic
Fault reset
switch
[Similarly for gates
U5B-D and U4A-D]
U5A
U8 U11Main
CPU
JP7
U3
JP2
U2A
U10A
2nd
CPU
Fault insert
switch
Figure 4. Control flow leading into the shutdown gate.
Encrypted data that the microprocessors (bottom) produce
flows into the comparison circuitry (middle), which enables the
buffer gate (top) only if the encrypted bytes match.This circuit
also connects to two switches on the encryption device’s front
panel.
gates under microprocessor U8’s control, but the same
output pin (component U8 pin C1 in Figure 1) controls
both. When the device is in encryption mode, processor
U8 sends a 0 signal on this pin to disable AND gate U6C
and enable buffer U10C. Encrypted data then flows from
processor U8 to the low-security network via buffer
10C, as in Figure 2. When the device is in bypass mode,
processor U8 sends a 1 signal to enable U6C and dis-
able U10C, thus allowing data to flow directly from the
high-security computer to the low-security network.
Figure 3 thus highlights a potentially dangerous sin-
gle-point failure in the device’s design. Any hardware or
software fault that pulls up the voltage on this particu-
lar pin will let unencrypted information flow directly to
the low-security network, along the bypass path, even
when the device is in encryption mode and the main
microprocessor is encrypting data correctly. Activating
the fault insert switch will still introduce a discrepancy
into the encrypted data being sent to the comparison cir-
cuit and will cause the device to shut down, thus giving
the operator the misleading impression that the device
is working securely.
Tracing control flow back from Figure 2’s gate U10A
revealed a much more complex situation, as Figure 4
shows. Shutdown buffer U10A blocks information flow to
the low-security network if an encryption failure occurs.
Flip-flop U2A governs shutdowns and ensures that infor-
mation flow restarts only when the operator presses reset
switch JP2. Simultaneous clock pulses from the two micro-
processors through AND gate U6B enable the flip-flop for
each encrypted byte produced. The comparison circuit,
which comprises NAND gate U3 and eight
XNOR gates, U4A to U4D and U5A to
U5D (Figure 4 shows only one of these),
checks that both microprocessors’ en-
crypted outputs are in agreement. The
complexity of the control circuit in Figure
4 clearly raises the possibility of numerous
potential fault modes.
Just as extracting the backbone pro-
vided insight into the device’s dataflow
design, so control circuitry dissections
such as those in Figures 3 and 4 help secu-
rity evaluators understand how the device
behaves and give structure and clarity to
the overall security rationale.
Fault-mode analysis
So far our process has traced informa-
tion flow to dissect the device’s logical
design and identify obvious weak points.
The next step is to apply risk analysis tech-
niques to the results to identify less obvious
fault modes. This step is important
because it incorporates evidence from
other aspects of the device’s design such as
its physical construction, power circuitry, and processor
board layout.
Circuitry diagrams, such as the one in Figure 4, are
highly amenable to fault-tree analysis.5 Fault trees are
rooted at a particular failure and define the conditions
for its occurrence.6 Subordinate nodes describe either
“or” cases—in which any of the following conditions
produces the failure of interest—or “and” cases—in
which all succeeding conditions must occur to produce
the failure. Leaf nodes represent atomic conditions that
evaluators cannot usefully decompose or choose not to
explore in depth. 
The fault tree in Figure 5 summarizes our analysis of
the control circuit in Figure 4 to identify failures that
would prevent the shutdown gate from working when
the main microprocessor is not encrypting classified
information securely. We produced the tree by tracing
down the control circuit and considering all possible
component failures, informed by the device’s processor
board layout and power circuitry.4 In particular, we con-
sidered primary failures and failures of command for
each component. Normally, fault trees appear in graph-
ical notation,6 but we prefer a textual form because it
provides more space for explanations.
The fault tree offers many insights—some obvious,
others subtle and alarming. Condition 1 makes the obvi-
ous point that tristate buffer U10A becomes a single
point of failure when the main microprocessor does not
encrypt correctly. The same is true for the other com-
plicit single-component failures in conditions 2.1, 2.2.1,
2.3.1, and 2.4.1.
    May 2006 65
The encryption device may be insecure when in encryption mode if microprocessor U8
does not (adequately) encrypt classified data and shutdown gate U10A is enabled, due to
any of:
1. Shutdown gate U10A is faulty.
2. A 0 signal is received from flip-flop U2A, due to any of:
2.1 Flip-flop U2A is faulty.
2.2 A fault reset signal is received, due to any of:
2.2.1 Reset switch JP2 is faulty.
2.2.2 Reset switch JP2 is activated.
2.3 A 0 signal is received from NAND gate U3, due to any of:
2.3.1 NAND gate U3 is faulty.
2.3.2 All inputs to NAND gate U3 are 1, due to any of:
2.3.2.1 XNOR gates U4A to U4D and U5A to U5D all produce 1, 
due to any of:
2.3.2.1.1 XNOR chips U4 and U5 are faulty.
2.3.2.1.2 Resistor pack 1 short circuits.
2.3.2.2 Both microprocessors U8 and U11 fail to encrypt and produce 
identical outputs.
2.3.2.3 Both microprocessors U8 and U11 produce no output to XNOR 
gates U4A to U4D and U5A to U5D.
2.4 No clock signal is sent to flip-flop U2A, due to any of:
2.4.1 AND gate U6B is faulty.
2.4.2 No clock signal is produced by microprocessor U8.
2.4.3 No clock signal is produced by microprocessor U11.
Figure 5. Fault tree for the circuit in Figure 4.The tree helps evaluators succinctly
identify combinations of failures that would allow a security leak when the main
microprocessor is not encrypting classified information correctly.
66 Computer
A less obvious failure is condition 2.2.2. Depending
on the type of flip-flop used, this condition reveals that
a poorly trained operator can make the cryptographic
device insecure during an encryption failure by repeat-
edly pressing or even taping down the fault reset switch.
Because conditions 2.3.2.2 and 2.3.2.3 require both
microprocessors to fail in exactly the same way, the secu-
rity evaluator might dismiss them as highly unlikely.
Nevertheless, fault-tree analysis ensures that evaluators
at least properly document them and thus highlights
even remote possibilities.
More alarming is the fault tree
starting at condition 2.4, which
reveals three additional single-point
failures that will keep the self-diag-
nosis circuit from working. Indeed,
the same software failure that caused
the main processor not to encrypt
properly could also stop it from
sending the necessary 100-ms clock
pulse, thus preventing detection of
the encryption failure.
Finally, conditions 2.3.2.1.1 and 2.3.2.1.2 are partic-
ularly interesting, since they became visible only after
we analyzed the device’s processor board layout and
power circuitry. Condition 2.3.2.1 requires all eight
XNOR gates in Figure 1 to fail in the same way, which
seems highly unlikely at first. However, the device’s
processor board layout4 confirms that this gate array
consists of two identical four-gate integrated circuit
chips, U4 and U5, thus making the fault possible
through only two complicit failures.
Even worse, fault insert switch JP7, which is meant to
help highlight failures in the comparison circuitry, actually
connects to only one of the XNOR gates, U5A. A fault that
causes chip U4 to produce outputs of only 1 is a silent fail-
ure that an operator would not be able to detect by acti-
vating the switch; thus, the operator would mistakenly
believe that the cryptographic device is working correctly.
Such a failure can remain undetected until a similar prob-
lem occurs in chip U5, crippling the self-diagnostic circuitry. 
Condition 2.3.2.1.2 reveals another way in which
this can happen. The schematic diagram in Figure 1
shows that resistors in Resistor Pack 1 protect all the
outputs of XNOR gates U4A to U4D and U5A to U5D.
The device’s processor board layout4 shows that this
pack comprises three IC chips, each of which houses
eight resistors. Thanks to the particular layout of the
processor board, short circuits across just two of these
chips, U7 and U8, would be sufficient to pull up the
outputs of all eight XNOR gates and disable the self-
diagnostic circuitry. Once again, only deep knowledge
of the circuitry reveals the feasibility of this complicit
fault; activating the fault insert switch would not make
the failure of chip U7 detectable. (In fact, it appears to
be a mere accident of the processor board’s layout that
all eight XNOR outputs are not wired to a single resis-
tor chip.) 
As this brief example shows, evaluators can apply risk
analysis to identify a broad range of potential fault
modes and clearly relate them to the original circuit
design. It is thus a highly effective adjunct to informa-
tion flow analysis.
Covert channels
Our case study of the prototype cryptographic device
focuses on overt information flow.
However, our technique of separat-
ing the device’s dataflow and control
flow paths also helps in the search for
potential covert channels—any infor-
mation flow pathway that the device’s
designer did not intend.7 Of particu-
lar concern are covert channels that
a malicious agent in the high-security
domain can exploit to surreptitiously
transmit classified information to the
low-security domain.
Covert channels can be control channels, timing chan-
nels, or a mix. In a control channel, the malicious agent
sends classified information along a control-signal path-
way. In a timing channel, the agent superimposes extra
information on a data path by varying the duration of,
or intervals between, data units—extra information that
could be immune from the data transformations nor-
mally used to declassify high-security information. In a
mixed covert channel, the enemy agent sends additional
information through a control path by adjusting the
control-signal timing.
As the dataflow backbone in Figure 2 shows, any
device that transfers data from a high-security to a low-
security domain is inherently dangerous. Apart from the
obvious risks associated with the cryptographic device’s
bypass mode, the dataflow backbone could harbor a
timing covert channel when, say, the device is in a char-
acter-by-character encryption mode. To solve this in
practice, either the cryptographic device’s software must
smooth the timing of characters through the device, or
the operator must combine the device with a data pump
that can perform this function. 
Less obvious are control and mixed covert channels,
both of which involve the device’s control circuitry, but
our dissections of the schematic diagram can effectively
ferret these out, since the circuit display is ideal for
covert channel analysis.
In general, there may be a covert channel through a
control circuit when it has a high-security data input
and controls an information-flow path leading to a low-
security data sink. In Figure 4, the cryptographic device’s
comparison circuit has the potential to be a covert chan-
nel. Because the microprocessors (bottom) could con-
tain high-security data, and the buffer gate (top) controls
Separating the device’s
dataflow and 
control flow paths 
also helps in the search for
potential covert channels.
information flow to the low-security domain, this cir-
cuit requires close scrutiny. 
To assess the effectiveness of our process in covert
channel analysis, we attempted to determine if there was
a measurable information-content relationship between
the circuit’s data input and its control output. We con-
cluded that the comparison circuit does not harbor an
exploitable covert channel. When the cryptographic
device is working properly, the circuit produces constant
output only. When the device fails, the flip-flop ensures
that it cannot restart until the oper-
ator presses the fault reset button.
Thus, for a malicious agent to send a
message by varying the comparison
circuit’s output, the operator would
have to continually press or tape
down the reset button. Even in this
scenario, the agent could encode the
message only awkwardly as a series
of interruptions to the data sent to
the low-security domain. A far more
attractive target is the direct covert pathway that the
backbone in Figure 2 offers.
A similar analysis of Figure 3 reveals that an agent
could send a covert message to the low-security domain
by switching the encryption device in and out of bypass
mode, provided that someone in the low-security
domain could detect the difference between plaintext
and encrypted data. Again, however, the inherent dan-
gers of the bypass mode itself completely overshadow
this remote possibility.
C onducting high-grade information security evalua-tions for computer communications devices is intel-lectually challenging, time-consuming, costly, and
error prone. We believe that our structured approach can
reveal potential fault modes because it simplifies evalu-
ating a device’s logical design and physical construction.
By combining information-flow and risk-analysis tech-
niques, evaluators can use the process to produce a thor-
ough and transparent security argument.
In other work, we have applied static analysis tech-
niques to the evaluation problem, treating a device’s
schematic circuitry diagram as an information flow
graph.8 This work shows how to trace information flow
in different operating modes by representing connectiv-
ity between components as being conditional on specific
device states.
We have also developed a way to define the security-
critical region of components with particular security
significance by identifying components that lie on a path
from a high-security data source to a low-security sink.9
Finally, to make these concepts practical, we have imple-
mented them in an interactive analysis tool10 that reads
schematic diagrams written in the Very High Speed
Integrated Circuit (VHSIC) Hardware Description
Language.
Nevertheless, much work remains. A complete infor-
mation security evaluation should analyze the software
running on the device’s microprocessors. At the very
least, it must verify that the microprocessor pins appear-
ing as outputs in the schematic diagram are the only ones
that corresponding programs write to. 
Also, with an understanding of the software, we can
extend our fault-tree analysis to account for particu-
lar embedded program features.
For example, inspecting the main
microprocessor’s program in the
case study shows how commands
from the high-security computer
change the device’s encryption
mode, which can include setting it
into the potentially insecure bypass
mode.
In general, however, although tech-
niques for evaluating secure informa-
tion flow through applications software exist,11,12 specific
security evaluation techniques for embedded programs
remain a topic for further research.■
Acknowledgments 
We thank Andrew Matthews for his encouragement
and advice on information security evaluations, Tim
McComb for developing the SIFA tool, and the anony-
mous reviewers for their helpful suggestions. This
research was funded by the Defence Signals Directorate
and the Australian Research Council via Linkage-
Projects Grant LP0347620, Formally Based Security
Evaluation Procedures.
References
1. The Common Criteria Project Sponsoring Organizations,
Common Criteria for Information Technology Security Eval-
uation, ISO/IEC Standard 15408, 2.1 ed., Aug. 1999.
2. D.S. Herrmann, Using the Common Criteria for IT Security
Evaluation, Auerbach, 2003.
3. K. Banks, “Tips for Checking Schematics,” Embedded Sys-
tems, vol. 16, no. 6, June 2003, pp. 36-38.
4. J. Graves, “Cryptographic Device,” tech. report, Defence Sig-
nals Directorate, Dec. 2003.
5. A. Amendola et al., “Component Modeling and Computer-
Aided Fault Tree Construction,” Proc. 5th European Conf.
Electrotechnics (Eurocon 82), E. Lauger and J. Moltoft, eds.,
North-Holland, 1982, pp. 153-158. 
6. SAE Committee S-18, “Guidelines and Methods for Con-
ducting the Safety Assessment Process on Civil Airborne Sys-
tems and Equipment,” tech. report ARP4761, SAE Int’l, 1996.
7. D.A. MacKenzie, “Covert Channels,” Mechanizing Proof:
Computing, Risk and Trust, MIT Press, 2001, pp. 151-196.
    May 2006 67
A complete information
security evaluation 
should analyze the 
software running on the
device’s microprocessors.
68 Computer
8. A.J. Rae and C.J. Fidge, “Information Flow Analysis for Fail-
Secure Devices,” The Computer J., Jan. 2005, pp. 17-26.
9. A.J. Rae and C.J. Fidge, “Identifying Critical Components
during Information Security Evaluations,” J. Research and
Practice in Information Technology, Nov. 2005, pp. 391-402.
10. T. McComb and L.P. Wildman, “SIFA: A Tool for Evaluation
of High-Grade Security Devices,” Proc. 10th Australasian
Conf. Information Security and Privacy (ACISP 2005), C.
Boyd and J. Nieto, eds., LNCS 3574, Springer-Verlag, 2005,
pp. 230-241.
11. D. Clark, C. Hankin, and S. Hunt, “Information Flow for
ALGOL-like Languages,” Computer Languages, Apr. 2002,
pp. 3-28.
12. R. Joshi and K.R.M. Leino, “A Semantic Approach to Secure
Information Flow,” Science of Computer Programming, May
2000, pp. 113-138.
Andrew Rae is a systems assurance engineer for Invensys
Rail Systems Australia. His research interests include safety
and security evaluations for software-intensive systems,
automated fault-tree analysis, and preparation of safety
cases. Rae received a BEng in computer systems from the
University of Queensland. Contact him at Andrew.J.Rae@
wrsa.com.au.
Colin Fidge is a professor of computer science in the School
of Software Engineering and Data Communications at
Queensland University of Technology. His research interests
include security evaluations, legacy program maintenance,
and high-integrity software engineering. He received a PhD
in computer science from the Australian National Univer-
sity. Contact him at c.fidge@qut.edu.au.
Luke Wildman is a senior research officer in the School of
Information Technology and Electrical Engineering at the
University of Queensland. His research interests include
formal methods, security and safety analysis techniques,
theorem proving and model checking, and automated test-
ing tools. Wildman received a BSc(Hons) in computer sci-
ence from the University of Queensland. Contact him at
luke@itee.uq.edu.au.
To submit a manuscript for peer review, 
see Computer’s author guidelines: 
www.computer.org/computer/author.htm 
Computer
magazine
looks ahead 
to future 
technologies
• Computer, the flagship publication of the IEEE Computer Society,
publishes peer-reviewed technical content that covers all aspects of
computer science, computer engineering, technology, and
applications.
• Articles selected for publication in Computer are edited to enhance 
readability for the nearly 100,000 computing professionals who 
receive this monthly magazine.
• Readers depend on Computer to provide current, unbiased,
thoroughly researched information on the newest directions in
computing technology.
Welcomes Your Contribution
