Security mesh layout engine

For some secure hardware applications, a tamper-dectection mesh is required to protect sensitive parts of the circuit from attack.  The mesh consists of one or more conductors that are monitored by the processor or security supervisor. If the conductors are broken, an attack is assumed and defensive action can be taken – typically the encryption keys are erased to prevent them from being exposed. This is usually what is found under the keys of a PIN entry keypad, as it provides protection against attackers eavesdropping on key presses.

Example keypad layout
Example keypad layout

By having multiple mesh layout patterns, we can further help prevent weaknesses in one mesh design from being exploited in another.  However, it can take a long time to prepare a sufficiently robust layout, especially when dealing with irregular shapes and vias.


With this in mind, I developed a mesh layout engine – like an auto-router, but focussed on specifically the mesh layout problem.  It takes a CAD file as input, along with layout parameters, and generates a layout pattern in a fraction of the time it would take a human.  This output can then be incorporated in PCB or artwork designs for manufacturing.

The primary challenge is getting sufficiently good coverage, while still maintaining the topological constraints that allow the circuits to terminate where specified.  Blindly routing across the space is bound to get you trapped behind circuitry, with no way of completing the connection.

Instead, the solution is to maintain a valid topology all the way through the layout process.   However, this approach can be computationally expensive.  By drawing on graph theory, we can map the problem to a space where the topological constraints are always satisfied, which allows rapid randomised layout.  It is then mapped back to the physical design space, for final stochastic optimisation.

This layout engine forms a core part of my hardware security services.