Cracking Hardware
?
1 like?561 views
Black Sea Summit conference 2016 Feedback form: http://bit.ly/2cyQWjX Website: http://blacksea-it.com/en/
Cracking Hardware
- 2. 2 What is hardware ¡ñ Silicon die ¡ñ Transistors ¡ñ Memory cells ¡ñ Other stuff ¡ñ Wires
- 3. 3 Why crack hardware? ¡ñ Steal firmware to make clones ¡ñ Rewrite certain values ¡ñ Steal user data ¡ñ Use free firmware ¡ñ Intercept IoT communications ¡ñ Hijack quadcopters ¡ñ Fun
- 4. 4 Myths ¡ñ High difficulty ¡ñ High equipment cost ¡ñ High time consumption ¡ñ (proper defence turns myths into reality)
- 6. 6 A few revelations ¡ñ Pointers exist ¡ñ Data buses exist ¡ñ Power lines exist ¡ñ Clocking exists ¡ñ Hardware executes programs ¡ñ Code does not exist outside of hardware
- 7. 7 Attacks
- 8. 8 Physical manifestations of code Non-intrusive attack vectors ¡ñ Time consumption ¡ñ Power consumption ¡ñ Radio emission ¡ñ Photon emisison ¡ñ Electron storage ? Timing attacks ? Power analysis ? Van Eck phreaking ? Microscope ? Memory retention
- 9. 9 Timing attacks ¡ñ Commonly used algorithms take shortcuts ¡ñ Most algorithms use branching ¡ñ Can be executed remotely ¡ñ Easiest target: Naive password ¡ñ Best target: HMAC ¡ñ Tricky target: RSA
- 10. 10 Power analysis ¡ñ Transistors consume power when they switch ¡ñ Wires have capacitance and inductance ¡ñ Simple operations utilize less transistors ¡ñ Targets: any software crypto implementations ¡ñ Tricky targets: any hardware crypto implementations
- 11. 11 Simple power analysis ¡ñ Timing attack, but visualized ¡ñ Easily prevented with proper implementation ¡ñ Allows reverse-engineering to some degree
- 12. 12 SPA on exponentiation in RSA
- 13. 13 Differential power analysis ¡ñ Usually, many traces can be taken ¡ñ Traces can be time-aligned with each other ¡ñ Operations use different amount of power on different input ¡ñ Differences can be statistically analyzed ¡ñ Proper crypto implementation would not help
- 15. 15 Electron storage ¡ñ External memory can be read by anyone ¡ñ Volatile memory is not so volatile ¡ñ Memory content is usually preserved on resets ¡ñ Cells have limited resource
- 16. 16 Software defence ¡ñ Random data - best crypto ¡ñ Use only proper crypto ¡ñ Write attempts before checking ¡ñ Use hashing, if possible ¡ñ Constant time comparison ¡ñ Corrupt before write ¡ñ No naive writes ¡ñ No naive branching
- 19. 19 EM-pulse ¡ñ Requires some knowledge of topology ¡ñ Can be precise and reproducible ¡ñ Low level of intrusion
- 20. 20 Decapping
- 22. 22 Voltage contrast & Microprobbing
- 23. 23 Hardware defence ¡ñ Know your vendor ¡ñ Decapping-proof cases ¡ñ Use modern technology ¡ñ crack ur self ¡ñ Make your own hardware! ¡ñ Decap your own chips and remove redundant stuff! ¡ñ Cover your PCB in a self-igniting material!
- 24. 24 Dumb stuff ¡ñ Backdoors ¡ñ Memory protection routines ¡ñ Using external memory ¡ñ FPGA bit streams
- 25. 25 Everyone is vulnerable ¡ñ X-Box 360 ¡ª HMAC, memcmp timing attack ¡ñ Yubikey 2 ¡ª RSA key leakage, DPA ¡ñ Atmel XMEGA ¡ª AES hardware implementation, DPA ¡ñ AMD ¡ª forgot to add header length for SMU firmware signing ¡ñ ProASIC3 ¡ª thought nobody could break their backdoor key ¡ñ Apple ¡ª FBI cracked that encrypted phone
- 26. 26 Conclusions ¡ñ Customer hand ¡ª enemy land ¡ñ Hardware developer should be paranoid ¡ñ Proper crypto implementation is not enough ¡ñ Surviving long enough is enough ¡ñ Consider making your firmware free
- 27. 27 KOHCTPYKTOP: Engineer of the People
- 28. 28 TIS-100