Date post: | 14-Apr-2017 |
Category: |
Technology |
Upload: | black-sea-summit-it-conference-in-odessa |
View: | 134 times |
Download: | 1 times |
3
Why crack hardware?
● Steal firmware to make clones● Rewrite certain values● Steal user data● Use free firmware● Intercept IoT communications● Hijack quadcopters● Fun
4
Myths
● High difficulty● High equipment cost● High time consumption● (proper defence turns myths into reality)
6
A few revelations
● Pointers exist● Data buses exist● Power lines exist● Clocking exists● Hardware executes programs● Code does not exist outside of hardware
8
Physical manifestations of codeNon-intrusive attack vectors
● Time consumption● Power consumption● Radio emission● Photon emisison● Electron storage
➞ Timing attacks
➞ Power analysis
➞ Van Eck phreaking
➞ Microscope
➞ Memory retention
9
Timing attacks
● Commonly used algorithms take shortcuts● Most algorithms use branching● Can be executed remotely
● Easiest target: Naive password● Best target: HMAC● Tricky target: RSA
10
Power analysis
● Transistors consume power when they switch● Wires have capacitance and inductance● Simple operations utilize less transistors
● Targets: any software crypto implementations● Tricky targets: any hardware crypto
implementations
11
Simple power analysis
● Timing attack, but visualized● Easily prevented with proper implementation● Allows reverse-engineering to some degree
13
Differential power analysis
● Usually, many traces can be taken● Traces can be time-aligned with each other● Operations use different amount of power on
different input● Differences can be statistically analyzed● Proper crypto implementation would not help
15
Electron storage
● External memory can be read by anyone● Volatile memory is not so volatile● Memory content is usually preserved on resets● Cells have limited resource
16
Software defence
● Random data - best crypto● Use only proper crypto● Write attempts before checking● Use hashing, if possible● Constant time comparison● Corrupt before write● No naive writes● No naive branching
19
EM-pulse
● Requires some knowledge of topology● Can be precise and reproducible● Low level of intrusion
23
Hardware defence
● Know your vendor● Decapping-proof cases● Use modern technology● crack ur self● Make your own hardware!● Decap your own chips and remove redundant stuff!● Cover your PCB in a self-igniting material!
25
Everyone is vulnerable
● X-Box 360 — HMAC, memcmp timing attack● Yubikey 2 — RSA key leakage, DPA ● Atmel XMEGA — AES hardware implementation, DPA● AMD — forgot to add header length for SMU firmware
signing● ProASIC3 — thought nobody could break their
backdoor key● Apple — FBI cracked that encrypted phone
26
Conclusions
● Customer hand — enemy land● Hardware developer should be paranoid● Proper crypto implementation is not enough● Surviving long enough is enough● Consider making your firmware free