Bringing Hardware Hacking to Life
Presented as part of the 2015 HCSS conference.
Abstract:
But is it practical? This question is always banded about to dismiss some research publication showing an advanced attack such as side-channel power analysis or glitching. Most of these publications are using university-backed labs or expensive commercial equipment, leading to the assumption an attacker wouldalso require such equipment.
But this assumption is false – the attacks can be applied with a few hundred dollars worth of equipment. And they can be applied to real devices, effectively breaking otherwise secure encryption algorithms. It’s not enough to have correctly implemented AES-256 in a bootloader for example; if the AES implementation is a standard off-the-shelf implementation, it might be possible to recover the encryption key from a bootloader with minimal work.
This presentation details both the theoretical side and practical side of side-channel power analysis attacks, with a quick detour into fault injection. The presenter has worked extensively on the open-source ChipWhisperer project, which aims to teach embedded and software engineers about the vulnerabilities hiding in what are assumed to be secure algorithms.
As we design secure systems for the future, resistance against fault injection and side-channel power analysis will become more important than ever. While such attacks are not yet a regular occurrence, they will undoubtedly become the next lowest hanging fruit to be picked once a better job of patching simple software vulnerabilities is performed. But many of these vulnerabilities cannot be patched with a firmware update – they require costly changes to hardware.
This presentation details not only the technical workings of side-channel power analysis and glitching attacks, but also how they apply to real systems, and what this means to those designing those systems. All the tools used in this presentation are open-source, giving attendees the ability to dive into more details and try their hand at power analysis and glitching attacks.
Biography:
Colin O’Flynn is pursuing a PhD in embedded hardware security, and as part of this work has designed the open-source ChipWhisperer project. This project won second place in the Hack-a-day Prize 2014 and has been presented widely at everything from Blackhat USA/EU/Abu Dhabi to a number of academic conferences.
.