Hta t17
0 likes286 views
This document discusses fault injection attacks on secure boot implementations in embedded systems. It begins by explaining how secure boot works, using a hardware root of trust to verify that only authorized code is executed. It then introduces different methods of fault injection, such as voltage manipulation and electromagnetic interference, that can corrupt code verification and execution. Examples are given of how faults could bypass signature checks or modify execution. Countermeasures at both the software and hardware level are outlined to make systems more robust against fault injection. The document concludes that while hardware roots of trust increase security, physical attacks still remain a threat, and both hardware and software countermeasures are needed to protect against fault injection in secure embedded systems.
1 of 36
Download to read offline
Ad
Recommended
Ht w25
Ht w25SelectedPresentations
油
This document discusses firmware threats and solutions. It begins with a presentation on firmware threats, implications, and UEFI Secure Boot. It then discusses how UEFI Secure Boot and Windows 8 Trusted Boot work to secure the boot process. Finally, it covers secure firmware updates and concludes that securing firmware is foundational to system security.Embedded government espionage
Embedded government espionageMuts Byte
油
The document discusses the pervasive threats of embedded government espionage and cybercrime, highlighting issues like state-level backdooring and the inadequacies of traditional security measures, such as cryptography and antivirus solutions. It outlines various historical malware incidents, the exploitation of hardware components, and the advantages cybercriminals have due to poor design and security practices. Recommendations for improving security include rigorous firmware verification and the acknowledgment that existing solutions may not fully protect against advanced threats.Cigarette VS Bubble Gum
Cigarette VS Bubble GumNaruenart
油
This document discusses rootkits and firmware attacks on network devices like firewalls and routers. It analyzes the operating systems, access controls, and integrity measures of various devices from manufacturers like Fortinet, Juniper, Cisco, and Check Point. Many devices have weaknesses like unencrypted firmware, removable storage, and restricted but not eliminated root access. Attacks could target the BIOS, kernel, file system or applications to gain persistent hidden access. Demonstrations show how to rootkit Fortinet and Juniper devices by bypassing signature checks or installing malicious packages. In conclusion, many network devices prioritize functionality over integrity, leaving them vulnerable to supply chain attacks and firmware tampering. Regular integrity checks and secure development practices are recommended for丱舒从亠 仂 于舒 弍舒仆从 弍仂仍亠, 亠仄 于舒亳 从仍亳亠仆仂于
丱舒从亠 仂 于舒 弍舒仆从 弍仂仍亠, 亠仄 于舒亳 从仍亳亠仆仂于Positive Hack Days
油
The document discusses targeted attacks on financial institutions. It provides information on:
1) Known targeted attackers like Cobalt, Corkow, and Anunak and their favorite targets like ATMs, card processing, and SWIFT systems.
2) Future targeted attackers that may go after financial networks.
3) The common targets of these attacks, which include corporate internet banking software, payment gateways, ATMs, trade terminals, and SWIFT/ARM CBR systems.
4) The malware delivery methods used by these groups, such as driveby downloads, pay-per-install, web hacks, phishing emails, and spear phishing.Rovnix
RovnixAanchalJain72
油
Rovnix is an advanced bootkit malware that infects the Master Boot Record and operates in kernel mode. It uses a custom TCP/IP stack to bypass firewalls and stores components in a virtual file system outside of partitions. Rovnix downloads other malware like Carberp, Upatre, Vundo, and Repezor. It tampers with Windows kernel data to load a malicious driver and intercepts hard disk I/O to prevent modification of the Volume Boot Record. Rovnix variants also use private TCP/IP stacks to hide network traffic. Microsoft Security Essentials or Windows Defender can detect and remove Rovnix, and users should install reliable antivirus software, update regularly, avoid untrustedBlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without deviceBlueHat Security Conference
油
This document discusses a massive fuzzing system for USB device drivers on Windows, addressing the challenges of analyzing closed-source drivers installed via Windows Update. It outlines the architecture of the fuzzing system, including techniques for monitoring and testing without physical hardware, and emphasizes the importance of controlling various system states during the fuzzing process. The goal is to identify vulnerabilities in driver implementations to enhance system security.Thin Clients for Corporate
Thin Clients for CorporateRDP Workstations Pvt Ltd
油
The document details the specifications and features of an aw-100 thin client system, including technical attributes such as device configuration, supported operating systems, video and audio capabilities, weight, and power consumption. It emphasizes the streamlined computing performance and absence of noise, backed by a three-year warranty and advanced replacement service. Additionally, it discusses licensing requirements for the operating system and software, referring readers to the respective vendor websites for more information.CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE
油
The document discusses the 'DeviceDisabler,' a lightweight hypervisor developed to hide physical devices in mobile gadgets, aiming to protect against cyber espionage by managing access to sensors such as cameras and microphones. It outlines existing security vulnerabilities associated with high-resolution devices, such as eavesdropping through gyroscope and existing malware incidents, while proposing strategies for securing control over device functionality. The hypervisor operates independently of the OS, encrypts part of the disk, and ensures only authorized devices are accessible, tackling the challenges of device circumvention by users.Stu t19 a
Stu t19 aSelectedPresentations
油
This document summarizes key cyber warfare attacks and what can be learned from them. It discusses the Stuxnet worm targeting Iran's nuclear facilities, the Flame and Red October spyware platforms, and shared techniques like using stolen certificates and numerous zero-day exploits to remain undetected. It's noted that air-gapping is insufficient, logical flaws are hard to fix, and privilege escalation will be a continued threat. Strong encryption, SSL pinning, and focusing on local security are recommended over network-based detection. Fully automated attacks may soon compete with nation-states as trust breaks down in the new landscape.Spo2 w22
Spo2 w22SelectedPresentations
油
The document discusses the potential for mass mobile device compromises through exploit kits. It outlines how exploit kits currently work on desktop computers and how their methods could translate to mobile. Mobile devices are increasingly popular and contain sensitive user information, making them attractive targets. Exploit kits already identify mobile clients and mobile malware exists, so the remaining barrier is connecting these threats through mobile-specific exploits. With profiling of mobile platforms, targeted mobile exploits could efficiently compromise users on a large scale similar to existing desktop attacks.Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSoumitra Bhattacharyya
油
The document discusses security trends over time for various technologies and the need for security in embedded devices. It notes that early computer viruses in the 1980s and 1990s aimed to cause damage, while more recent threats in the 2000s and beyond increasingly target financial gain. The document outlines some design challenges for security in embedded devices, including limited resources, physical accessibility, and the need for simple yet robust solutions. It emphasizes that security needs to be considered early in product design.Mbs r33 b
Mbs r33 bSelectedPresentations
油
This document summarizes different types of mobile encryption and common issues. It discusses five types of mobile encryption including SSL, disk encryption, keychain, app encryption, and containers. It then describes examples of problems with SSL implementation and proxying, issues cracking Android and iOS encryption, weaknesses in keychain storage, and common app encryption failures like hard-coded keys. The document provides recommendations to properly implement strong encryption, avoid storing sensitive data on devices, and follow best practices.Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
油
This document provides an overview of trusted computing concepts including:
- Defining security and how it can be violated through hardware and software flaws
- Explaining key terms like trust, trustworthy, and trusted computing
- Describing major trusted computing components like the endorsement key, sealed storage, remote attestation, and direct anonymous attestation
- Discussing issues around privacy, anonymity, and digital rights management in trusted computing systemsBlue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...Cristofaro Mune
油
The presentation discusses the vulnerabilities and challenges of secure boot on embedded devices, highlighting various attack methods, including fault injection and hardware modifications. It emphasizes the need for better design and implementation strategies to enhance secure boot guidance for developers. The document also outlines key takeaways for hardening secure boot and improving overall security in embedded systems.Top 10 secure boot mistakes
Top 10 secure boot mistakesJustin Black
油
The document outlines the top 10 secure boot mistakes identified by Job de Haas, a principal security analyst at Riscure, emphasizing that proper implementation of secure boot principles is critical to protect against various security threats. It details frequent mistakes, including verification failures, firmware upgrade flaws, logical bugs, and misuse of cryptographic methods, while providing examples and mitigation strategies for each. The overarching message stresses the importance of understanding the complexities of secure boot to prevent vulnerabilities.US-22-Matrosov-Breaking-Firmware-Trust-From-Pre-EFI.pdf
US-22-Matrosov-Breaking-Firmware-Trust-From-Pre-EFI.pdfAlexYoung899213
油
This document provides an overview of attacking firmware during early boot phases prior to UEFI. The presenters discuss exploiting vulnerabilities in the Pre-EFI (PEI) phase to achieve arbitrary code execution and persistence. Several real-world vulnerabilities are demonstrated, including BRLY-2022-009 which allows overwriting protected memory during S3 resume. Automating bug hunting in the PEI phase is also mentioned. The talk aims to bring attention to the increased attack surface in early boot processes as firmware security defenses evolve.Ht w23
Ht w23SelectedPresentations
油
The document discusses the evolution and operation of exploit kits, focusing on the Blackhole exploit kit. It describes how Blackhole is the most prominent exploit kit, using a rental model and continually incorporating new exploits and evasion techniques. The document outlines Blackhole's infrastructure, success rates, payloads, and the potential for future mobile-focused exploit kits as personal devices become more prevalent targets.Stanford Cybersecurity January 2009
Stanford Cybersecurity January 2009Jason Shen
油
The document discusses cybersecurity challenges and opportunities for hardware-based solutions. It notes that the US is engaged in a "low-intensity" cyber conflict and cannot solely rely on military approaches. Hardware assurance technologies can help address issues like detecting counterfeit chips, ensuring device authenticity, and establishing secure communication channels. Combining on-chip instrumentation, encryption, and GPS could provide next-generation cybersecurity capabilities.Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionmalvvv
油
The document discusses various types of logical attacks on ATMs, including offline malware, online malware, and network attacks. It provides details on specific malware programs that have infected ATMs, such as Jackpotting malware and Ploutus-D. The document also discusses ways to mitigate these attacks, such as encrypting ATM hard disks, locking down the BIOS to restrict booting from removable media, and using network-based authentication for encryption keys.[Hackito2012] Hardware backdooring is practical
[Hackito2012] Hardware backdooring is practicalMoabi.com
油
Jonathan Brossard and Florentin Demetrescu discuss the vulnerabilities of x86 architecture, specifically emphasizing the ease of hardware backdooring via firmware manipulation. They introduce a backdoor, 'Rakshasa,' designed for stealth, persistence, and remote access, showcasing its capabilities to circumvent security measures and remain undetectable. The presentation highlights historical context, current threats, and potential solutions within hardware security.Thesis presentation
Thesis presentationCHIACHE lee
油
The document discusses implementing AES encryption using ARM TrustZone technology. It begins with an introduction to ARM and the need for hardware-based security. It then provides an overview of TrustZone, describing its normal and secure worlds. Details are given on implementing TrustZone on a Zynq 7000, including configuration of secure memory regions. The document also outlines the AES encryption algorithm and its key steps of SubBytes, ShiftRows, MixColumns, and AddRoundKey.FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclavewolfSSL
油
The document discusses FIPS 140-2 validations in secure enclaves, particularly focusing on the wolfSSL and wolfCrypt products within Intel SGX technology. It highlights the advantages of enclave-based validations, such as enhanced security against privileged users and confidentiality of cryptographic processes, while also addressing the challenges in implementing these validations. Additionally, it outlines the validation process and provides insights into the current state and future possibilities of these technologies.Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
油
Chipsec is an open source framework for assessing platform security. It can be used to find vulnerabilities in system firmware like BIOS, UEFI and Mac EFI. Some examples shown include exploiting S3 resume boot script vulnerabilities to gain persistence, attacking hypervisors via SMM pointers, and checking for issues with MMIO BAR registers. The tool can also detect "problems" like unlocked firmware, missing hardware protections, and analyze real-world malware implants targeting firmware like DerStarke and HackingTeam UEFI rootkits.Trusted Computing _plate form_ model.ppt
Trusted Computing _plate form_ model.pptnaghamallella
油
The document discusses Trusted Platform Modules (TPMs), which are chips integrated into platforms that are intended to provide more security. TPMs can securely store encryption keys and perform cryptographic operations to establish trust. They aim to prevent compromise by malicious software. However, TPMs also enable new capabilities for digital rights management and attestation that could potentially be abused by software vendors. While TPMs may increase security for corporations and governments, they reduce user control and privacy.RCS Demo HackingTeam
RCS Demo HackingTeam OWASP Foundation
油
The document describes a remote control system that can monitor computers and mobile devices. It allows logging keystrokes, conversations, files and browsing activity on computers running Windows, Mac OS and mobile devices. The system captures this data and transmits it online or stores it offline for later retrieval. It can also control devices through SMS messages without the user's knowledge. The document outlines the system's architecture, monitoring capabilities, data transmission methods, supported platforms and infection vectors for remotely and locally installing the backdoor software.DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
油
The document discusses vulnerabilities found in common office equipment like printers. It begins with an introduction explaining the researchers' approach of analyzing the security of enterprise printers from various manufacturers through a red teaming methodology. They found printers pose risks as they sit on corporate networks, process sensitive data, and are often assumed to be low risk. The document then covers the large attack surface printers present, including exposed services, firmware, and hardware issues. It describes common flaws found like weak configurations, default credentials, and memory corruption issues. Finally, it provides an example of exploiting a stack buffer overflow vulnerability to achieve remote code execution on a printer.Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Andrew Case
油
This document discusses the importance of memory forensics in cyber investigations, highlighting its ability to recover data that isn't written to disk, which is often crucial for detecting advanced malware and skilled attackers. It contrasts memory forensics with traditional disk forensics and elaborates on the capabilities of the Volatility framework for analyzing memory captures. The presentation emphasizes that modern malware commonly operates solely in memory, making memory forensics essential for effective detection and analysis.Hta w22
Hta w22SelectedPresentations
油
This document discusses memory forensics and the Volatility framework. It begins by distinguishing memory forensics from disk forensics and explaining why memory forensics is needed to analyze skilled attackers and advanced malware that aim to avoid disk artifacts. It then provides an overview of Volatility capabilities for analyzing processes, network connections, code injection techniques, and decrypting software-based encryption keys from memory captures. It emphasizes that memory forensics can recover important evidence that is never written to disk.仍亳亠仍仆仂亠 舒亳于仆仂亠 舒仆亠仆亳亠 亅: 仗舒于仂于亠 舒仗亠从 亳 亠仆仂仍仂亞亳亠从亳亠 亠亠仆亳
仍亳亠仍仆仂亠 舒亳于仆仂亠 舒仆亠仆亳亠 亅: 仗舒于仂于亠 舒仗亠从 亳 亠仆仂仍仂亞亳亠从亳亠 亠亠仆亳SelectedPresentations
油
仂从仄亠仆 仂弍亢亟舒亠 仗舒于仂于亠 亳 亠仆仂仍仂亞亳亠从亳亠 舒仗亠从 于亠仄亠仆亳 从舒从 仗舒舒仄亠舒 亠亟亳仆仂亞仂 仗仂舒仆于舒 亟仂于亠亳 从 仍亠从仂仆仆仄 ム亳亟亳亠从亳 亰仆舒亳仄仄 亟仂从仄亠仆舒仄. 仆仂于仆仂亠 于仆亳仄舒仆亳亠 亟亠仍磳 仗仂于亠从亠 仍亠从仂仆仆仂亶 仗仂亟仗亳亳 (亅) 仂从亳 亰亠仆亳 于亠仄亠仆亳 仗仂亟仗亳舒仆亳 亳 舒仄仂亠仆亳 于仂仗仂仂于 舒亳于亳仂于舒仆亳 仍亠从仂仆仆 亟仂从仄亠仆仂于. 丐舒从亢亠 舒仄舒亳于舒ム 亠弍仂于舒仆亳 从 舒亠仆亳仆仂亳, 亟仂仂于亠仆仂亳 亳 亠仍仂仆仂亳 亟仂从仄亠仆仂于 仂亞仍舒仆仂 亟亠亶于ム亳仄 舒仆亟舒舒仄.丐舒仆亞舒仆亳仆仂亠 仗仂舒仆于仂 亟仂于亠亳. 仂于亠亠仆仆舒 亠 仂仂仆舒.
丐舒仆亞舒仆亳仆仂亠 仗仂舒仆于仂 亟仂于亠亳. 仂于亠亠仆仆舒 亠 仂仂仆舒.SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 仂亞舒仆亳亰舒亳 舒仆亞舒仆亳仆仂亞仂 仗仂舒仆于舒 亟仂于亠亳 亟仍 亳仆仂仄舒亳仂仆仆仂亞仂 于亰舒亳仄仂亟亠亶于亳 于 于舒亰亳亶从仂仄 从仂仆仂仄亳亠从仂仄 仂ミ経, 于从仍ム舒 仗舒于仂于亠, 仂亞舒仆亳亰舒亳仂仆仆亠 亳 亠仆亳亠从亳亠 舒仗亠从. 仆仂于仆仂亠 于仆亳仄舒仆亳亠 亟亠仍磳 仂弍亠仗亠亠仆亳 弍亠亰仂仗舒仆仂亳 亳 仍亠亞亳亳仄仆仂亳 仍亠从仂仆仆 亟仂从仄亠仆仂于 亳 亳仂于 仗仂亟仗亳亠亶, 舒 舒从亢亠 于仆亠亟亠仆亳 亠亟亳仆仂亶 亳仆舒从 亟仍 仂弍仄亠仆舒 亟舒仆仆仄亳 仄亠亢亟 亞仂亟舒于舒仄亳-仍亠仆舒仄亳. 丐舒从亢亠 仗亠亟舒于仍亠仆 舒仗 亠舒仍亳亰舒亳亳 舒亠亞亳亳 舒亰于亳亳 仂亞仂 仗仂舒仆于舒 亟仂 2023 亞仂亟舒.More Related Content
Similar to Hta t17 (20)
Stu t19 a
Stu t19 aSelectedPresentations
油
This document summarizes key cyber warfare attacks and what can be learned from them. It discusses the Stuxnet worm targeting Iran's nuclear facilities, the Flame and Red October spyware platforms, and shared techniques like using stolen certificates and numerous zero-day exploits to remain undetected. It's noted that air-gapping is insufficient, logical flaws are hard to fix, and privilege escalation will be a continued threat. Strong encryption, SSL pinning, and focusing on local security are recommended over network-based detection. Fully automated attacks may soon compete with nation-states as trust breaks down in the new landscape.Spo2 w22
Spo2 w22SelectedPresentations
油
The document discusses the potential for mass mobile device compromises through exploit kits. It outlines how exploit kits currently work on desktop computers and how their methods could translate to mobile. Mobile devices are increasingly popular and contain sensitive user information, making them attractive targets. Exploit kits already identify mobile clients and mobile malware exists, so the remaining barrier is connecting these threats through mobile-specific exploits. With profiling of mobile platforms, targeted mobile exploits could efficiently compromise users on a large scale similar to existing desktop attacks.Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSoumitra Bhattacharyya
油
The document discusses security trends over time for various technologies and the need for security in embedded devices. It notes that early computer viruses in the 1980s and 1990s aimed to cause damage, while more recent threats in the 2000s and beyond increasingly target financial gain. The document outlines some design challenges for security in embedded devices, including limited resources, physical accessibility, and the need for simple yet robust solutions. It emphasizes that security needs to be considered early in product design.Mbs r33 b
Mbs r33 bSelectedPresentations
油
This document summarizes different types of mobile encryption and common issues. It discusses five types of mobile encryption including SSL, disk encryption, keychain, app encryption, and containers. It then describes examples of problems with SSL implementation and proxying, issues cracking Android and iOS encryption, weaknesses in keychain storage, and common app encryption failures like hard-coded keys. The document provides recommendations to properly implement strong encryption, avoid storing sensitive data on devices, and follow best practices.Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
油
This document provides an overview of trusted computing concepts including:
- Defining security and how it can be violated through hardware and software flaws
- Explaining key terms like trust, trustworthy, and trusted computing
- Describing major trusted computing components like the endorsement key, sealed storage, remote attestation, and direct anonymous attestation
- Discussing issues around privacy, anonymity, and digital rights management in trusted computing systemsBlue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...Cristofaro Mune
油
The presentation discusses the vulnerabilities and challenges of secure boot on embedded devices, highlighting various attack methods, including fault injection and hardware modifications. It emphasizes the need for better design and implementation strategies to enhance secure boot guidance for developers. The document also outlines key takeaways for hardening secure boot and improving overall security in embedded systems.Top 10 secure boot mistakes
Top 10 secure boot mistakesJustin Black
油
The document outlines the top 10 secure boot mistakes identified by Job de Haas, a principal security analyst at Riscure, emphasizing that proper implementation of secure boot principles is critical to protect against various security threats. It details frequent mistakes, including verification failures, firmware upgrade flaws, logical bugs, and misuse of cryptographic methods, while providing examples and mitigation strategies for each. The overarching message stresses the importance of understanding the complexities of secure boot to prevent vulnerabilities.US-22-Matrosov-Breaking-Firmware-Trust-From-Pre-EFI.pdf
US-22-Matrosov-Breaking-Firmware-Trust-From-Pre-EFI.pdfAlexYoung899213
油
This document provides an overview of attacking firmware during early boot phases prior to UEFI. The presenters discuss exploiting vulnerabilities in the Pre-EFI (PEI) phase to achieve arbitrary code execution and persistence. Several real-world vulnerabilities are demonstrated, including BRLY-2022-009 which allows overwriting protected memory during S3 resume. Automating bug hunting in the PEI phase is also mentioned. The talk aims to bring attention to the increased attack surface in early boot processes as firmware security defenses evolve.Ht w23
Ht w23SelectedPresentations
油
The document discusses the evolution and operation of exploit kits, focusing on the Blackhole exploit kit. It describes how Blackhole is the most prominent exploit kit, using a rental model and continually incorporating new exploits and evasion techniques. The document outlines Blackhole's infrastructure, success rates, payloads, and the potential for future mobile-focused exploit kits as personal devices become more prevalent targets.Stanford Cybersecurity January 2009
Stanford Cybersecurity January 2009Jason Shen
油
The document discusses cybersecurity challenges and opportunities for hardware-based solutions. It notes that the US is engaged in a "low-intensity" cyber conflict and cannot solely rely on military approaches. Hardware assurance technologies can help address issues like detecting counterfeit chips, ensuring device authenticity, and establishing secure communication channels. Combining on-chip instrumentation, encryption, and GPS could provide next-generation cybersecurity capabilities.Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionmalvvv
油
The document discusses various types of logical attacks on ATMs, including offline malware, online malware, and network attacks. It provides details on specific malware programs that have infected ATMs, such as Jackpotting malware and Ploutus-D. The document also discusses ways to mitigate these attacks, such as encrypting ATM hard disks, locking down the BIOS to restrict booting from removable media, and using network-based authentication for encryption keys.[Hackito2012] Hardware backdooring is practical
[Hackito2012] Hardware backdooring is practicalMoabi.com
油
Jonathan Brossard and Florentin Demetrescu discuss the vulnerabilities of x86 architecture, specifically emphasizing the ease of hardware backdooring via firmware manipulation. They introduce a backdoor, 'Rakshasa,' designed for stealth, persistence, and remote access, showcasing its capabilities to circumvent security measures and remain undetectable. The presentation highlights historical context, current threats, and potential solutions within hardware security.Thesis presentation
Thesis presentationCHIACHE lee
油
The document discusses implementing AES encryption using ARM TrustZone technology. It begins with an introduction to ARM and the need for hardware-based security. It then provides an overview of TrustZone, describing its normal and secure worlds. Details are given on implementing TrustZone on a Zynq 7000, including configuration of secure memory regions. The document also outlines the AES encryption algorithm and its key steps of SubBytes, ShiftRows, MixColumns, and AddRoundKey.FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclavewolfSSL
油
The document discusses FIPS 140-2 validations in secure enclaves, particularly focusing on the wolfSSL and wolfCrypt products within Intel SGX technology. It highlights the advantages of enclave-based validations, such as enhanced security against privileged users and confidentiality of cryptographic processes, while also addressing the challenges in implementing these validations. Additionally, it outlines the validation process and provides insights into the current state and future possibilities of these technologies.Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
油
Chipsec is an open source framework for assessing platform security. It can be used to find vulnerabilities in system firmware like BIOS, UEFI and Mac EFI. Some examples shown include exploiting S3 resume boot script vulnerabilities to gain persistence, attacking hypervisors via SMM pointers, and checking for issues with MMIO BAR registers. The tool can also detect "problems" like unlocked firmware, missing hardware protections, and analyze real-world malware implants targeting firmware like DerStarke and HackingTeam UEFI rootkits.Trusted Computing _plate form_ model.ppt
Trusted Computing _plate form_ model.pptnaghamallella
油
The document discusses Trusted Platform Modules (TPMs), which are chips integrated into platforms that are intended to provide more security. TPMs can securely store encryption keys and perform cryptographic operations to establish trust. They aim to prevent compromise by malicious software. However, TPMs also enable new capabilities for digital rights management and attestation that could potentially be abused by software vendors. While TPMs may increase security for corporations and governments, they reduce user control and privacy.RCS Demo HackingTeam
RCS Demo HackingTeam OWASP Foundation
油
The document describes a remote control system that can monitor computers and mobile devices. It allows logging keystrokes, conversations, files and browsing activity on computers running Windows, Mac OS and mobile devices. The system captures this data and transmits it online or stores it offline for later retrieval. It can also control devices through SMS messages without the user's knowledge. The document outlines the system's architecture, monitoring capabilities, data transmission methods, supported platforms and infection vectors for remotely and locally installing the backdoor software.DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
油
The document discusses vulnerabilities found in common office equipment like printers. It begins with an introduction explaining the researchers' approach of analyzing the security of enterprise printers from various manufacturers through a red teaming methodology. They found printers pose risks as they sit on corporate networks, process sensitive data, and are often assumed to be low risk. The document then covers the large attack surface printers present, including exposed services, firmware, and hardware issues. It describes common flaws found like weak configurations, default credentials, and memory corruption issues. Finally, it provides an example of exploiting a stack buffer overflow vulnerability to achieve remote code execution on a printer.Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...
Memory Forensics: Defeating Disk Encryption, Skilled Attackers, and Advanced ...Andrew Case
油
This document discusses the importance of memory forensics in cyber investigations, highlighting its ability to recover data that isn't written to disk, which is often crucial for detecting advanced malware and skilled attackers. It contrasts memory forensics with traditional disk forensics and elaborates on the capabilities of the Volatility framework for analyzing memory captures. The presentation emphasizes that modern malware commonly operates solely in memory, making memory forensics essential for effective detection and analysis.Hta w22
Hta w22SelectedPresentations
油
This document discusses memory forensics and the Volatility framework. It begins by distinguishing memory forensics from disk forensics and explaining why memory forensics is needed to analyze skilled attackers and advanced malware that aim to avoid disk artifacts. It then provides an overview of Volatility capabilities for analyzing processes, network connections, code injection techniques, and decrypting software-based encryption keys from memory captures. It emphasizes that memory forensics can recover important evidence that is never written to disk.More from SelectedPresentations (20)
仍亳亠仍仆仂亠 舒亳于仆仂亠 舒仆亠仆亳亠 亅: 仗舒于仂于亠 舒仗亠从 亳 亠仆仂仍仂亞亳亠从亳亠 亠亠仆亳
仍亳亠仍仆仂亠 舒亳于仆仂亠 舒仆亠仆亳亠 亅: 仗舒于仂于亠 舒仗亠从 亳 亠仆仂仍仂亞亳亠从亳亠 亠亠仆亳SelectedPresentations
油
仂从仄亠仆 仂弍亢亟舒亠 仗舒于仂于亠 亳 亠仆仂仍仂亞亳亠从亳亠 舒仗亠从 于亠仄亠仆亳 从舒从 仗舒舒仄亠舒 亠亟亳仆仂亞仂 仗仂舒仆于舒 亟仂于亠亳 从 仍亠从仂仆仆仄 ム亳亟亳亠从亳 亰仆舒亳仄仄 亟仂从仄亠仆舒仄. 仆仂于仆仂亠 于仆亳仄舒仆亳亠 亟亠仍磳 仗仂于亠从亠 仍亠从仂仆仆仂亶 仗仂亟仗亳亳 (亅) 仂从亳 亰亠仆亳 于亠仄亠仆亳 仗仂亟仗亳舒仆亳 亳 舒仄仂亠仆亳 于仂仗仂仂于 舒亳于亳仂于舒仆亳 仍亠从仂仆仆 亟仂从仄亠仆仂于. 丐舒从亢亠 舒仄舒亳于舒ム 亠弍仂于舒仆亳 从 舒亠仆亳仆仂亳, 亟仂仂于亠仆仂亳 亳 亠仍仂仆仂亳 亟仂从仄亠仆仂于 仂亞仍舒仆仂 亟亠亶于ム亳仄 舒仆亟舒舒仄.丐舒仆亞舒仆亳仆仂亠 仗仂舒仆于仂 亟仂于亠亳. 仂于亠亠仆仆舒 亠 仂仂仆舒.
丐舒仆亞舒仆亳仆仂亠 仗仂舒仆于仂 亟仂于亠亳. 仂于亠亠仆仆舒 亠 仂仂仆舒.SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 仂亞舒仆亳亰舒亳 舒仆亞舒仆亳仆仂亞仂 仗仂舒仆于舒 亟仂于亠亳 亟仍 亳仆仂仄舒亳仂仆仆仂亞仂 于亰舒亳仄仂亟亠亶于亳 于 于舒亰亳亶从仂仄 从仂仆仂仄亳亠从仂仄 仂ミ経, 于从仍ム舒 仗舒于仂于亠, 仂亞舒仆亳亰舒亳仂仆仆亠 亳 亠仆亳亠从亳亠 舒仗亠从. 仆仂于仆仂亠 于仆亳仄舒仆亳亠 亟亠仍磳 仂弍亠仗亠亠仆亳 弍亠亰仂仗舒仆仂亳 亳 仍亠亞亳亳仄仆仂亳 仍亠从仂仆仆 亟仂从仄亠仆仂于 亳 亳仂于 仗仂亟仗亳亠亶, 舒 舒从亢亠 于仆亠亟亠仆亳 亠亟亳仆仂亶 亳仆舒从 亟仍 仂弍仄亠仆舒 亟舒仆仆仄亳 仄亠亢亟 亞仂亟舒于舒仄亳-仍亠仆舒仄亳. 丐舒从亢亠 仗亠亟舒于仍亠仆 舒仗 亠舒仍亳亰舒亳亳 舒亠亞亳亳 舒亰于亳亳 仂亞仂 仗仂舒仆于舒 亟仂 2023 亞仂亟舒.舒亳舒仆 亠舒仍亳亰舒亳亳 舒舒从 亠亠亰 仄仂弍亳仍仆亠 仂亶于舒
舒亳舒仆 亠舒仍亳亰舒亳亳 舒舒从 亠亠亰 仄仂弍亳仍仆亠 仂亶于舒SelectedPresentations
油
仂从仄亠仆 舒仄舒亳于舒亠 舒亰于亳亳亠 舒舒从 仆舒 仄仂弍亳仍仆亠 仂亶于舒, 于从仍ム舒 亠仆舒亳亳 亞仂亰 亳 亠从仂仄亠仆亟舒亳亳 仗仂 亰舒亳亠, 舒从亳亠 从舒从 亳仗仂仍亰仂于舒仆亳亠 舒仆亳于亳仂于 亳 MDM. 于仂, 亠仄 丼舒亶从亳仆, 仂弍亢亟舒亠 仗仂弍仍亠仄 弍亠亰仂仗舒仆仂亳, 于磶舒仆仆亠 舒仆亠仆亳亠仄 亟舒仆仆 于 仂从仂仄 于亳亟亠 亳 舒仆仂于从仂亶 于亠亟仂仆仂仆仂亞仂 . 丐舒从亢亠 仗仂亟仆亳仄舒亠 于仂仗仂 仂弍 仂仗舒仆仂, 于仂亰仆亳从舒ム亳 仗亳 仗仂亟从仍ム亠仆亳亳 仂亶于 从 从仂仗仂舒亳于仆仂亶 亠亳.仂于亠 亠仆仂仍仂亞亳亠从亳亠 于仂亰仄仂亢仆仂亳 亳 弍亠亰仂仗舒仆仂 仄仂弍亳仍仆 亠亠仆亳亶
仂于亠 亠仆仂仍仂亞亳亠从亳亠 于仂亰仄仂亢仆仂亳 亳 弍亠亰仂仗舒仆仂 仄仂弍亳仍仆 亠亠仆亳亶SelectedPresentations
油
仂从仄亠仆 仂于亠舒亠 仆仂于亠 亠仆仂仍仂亞亳亠从亳亠 于仂亰仄仂亢仆仂亳 亳 于仂仗仂 弍亠亰仂仗舒仆仂亳 仄仂弍亳仍仆 亠亠仆亳亶, 于从仍ム舒 仄仂弍亳仍仆亶 弍舒仆从亳仆亞, 亳亞 亳 亳仆亠仆亠 于亠亠亶. 仆 仗仂亟亠从亳于舒亠 舒亳亶 亳仆亠亠 弍舒仆从仂于 从 弍亠亰仂仗舒仆仂亳 仄仂弍亳仍仆 仗亳仍仂亢亠仆亳亶 亳 从舒亰于舒亠 仆舒 仗仂弍仍亠仄 磶于亳仄仂礆亳 于 仗仂亠亠 舒亰舒弍仂从亳. 亰舒从仍ム亠仆亳亠 仂仄亠舒亠, 仂 仄仂弍亳仍仆亠 仗亳仍仂亢亠仆亳 舒仆仂于 于亠 弍仂仍亠亠 舒仗仂舒仆亠仆仆仄亳, 亳 于舒亢仆仂 弍亠亰仂仗舒仆仂亳 舒仂 仂仂亰仆舒亠 仂仍从仂 仗仂仍亠 亳仆亳亟亠仆仂于.丕仗舒于仍亠仆亳亠 弍亠亰仂仗舒仆仂 仄仂弍亳仍仆 仂亶于
丕仗舒于仍亠仆亳亠 弍亠亰仂仗舒仆仂 仄仂弍亳仍仆 仂亶于SelectedPresentations
油
仂从仄亠仆 舒仄舒亳于舒亠 亠仄 仗舒于仍亠仆亳 弍亠亰仂仗舒仆仂 仄仂弍亳仍仆 仂亶于, 仂仆仂于仆仂亠 于仆亳仄舒仆亳亠 亟亠仍磳 从仂仆亠仗亳亳 BYOD (Bring Your Own Device) 亳 亠亠 仗仂仍亠亟于亳礆 亟仍 弍亳亰仆亠舒. 仆仂于仆亠 于仂仗仂 从舒舒ム 仗亠亳仄亠于 亳 亳从仂于 亳仗仂仍亰仂于舒仆亳 仍亳仆 仂亶于 仆舒 舒弍仂亠, 于从仍ム舒 弍亠亰仂仗舒仆仂 亟舒仆仆 亳 于仂亰仄仂亢仆仂 亠亠从. 丕从舒亰舒仆 于舒亢仆亠 舒仗亠从 亠舒仍亳亰舒亳亳 仗仂仍亳亳从亳 弍亠亰仂仗舒仆仂亳 亳 仆亠仂弍仂亟亳仄仂亳 从仂仄仗仂仄亳舒 仄亠亢亟 亳仆亠亠舒仄亳 从仂仄仗舒仆亳亳 亳 仂亟仆亳从仂于.弌仂于亠仄亠仆仆亠 亠仆仂仍仂亞亳亳 从仂仆仂仍 亳 亰舒亳 仄仂弍亳仍仆 仂亶于, 亠仆亟亠仆亳亳 仆从舒...
弌仂于亠仄亠仆仆亠 亠仆仂仍仂亞亳亳 从仂仆仂仍 亳 亰舒亳 仄仂弍亳仍仆 仂亶于, 亠仆亟亠仆亳亳 仆从舒...SelectedPresentations
油
仂从仄亠仆 仂弍亢亟舒亠 仂于亠仄亠仆仆亠 亞仂亰 亳 亠仆亟亠仆亳亳 于 从仂仗仂舒亳于仆仂亶 仄仂弍亳仍仆仂亶 弍亠亰仂仗舒仆仂亳, 舒从亠仆亳 于仆亳仄舒仆亳亠 仆舒 于舒亢仆仂亳 仗舒于仍亠仆亳 仄仂弍亳仍仆仄亳 仂亶于舒仄亳 (MDM) 亳 舒仄从舒 BYOD/CYOD. 仆 仗仂亟亠从亳于舒亠 仆亠仂弍仂亟亳仄仂 亟仂亳亢亠仆亳 弍舒仍舒仆舒 仄亠亢亟 弍亠亰仂仗舒仆仂 亟舒仆仆 亳 亟仂弍于仂仄 亟仍 仂亟仆亳从仂于. 亟仂从仄亠仆亠 舒从亢亠 舒仄舒亳于舒ム 亠仆仂仍仂亞亳亳 于亳舒仍亳亰舒亳亳 亳 从仂仆亠亶仆亠亳亰舒亳亳 从舒从 亠亟于舒 仗仂于亠仆亳 亰舒亳 仄仂弍亳仍仆 仂亶于.舒亟仂于仂亠 舒亞亠仆于仂 仂舒仍亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳
舒亟仂于仂亠 舒亞亠仆于仂 仂舒仍亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 亞仂亰 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳, 亳仂亟亳亠 仂 仗亠仂仆舒仍舒, 于从仍ム舒 仄仂亟亳亳从舒亳, 亳亠仆亳亠 亳 仆亳仂亢亠仆亳亠 亳仆仂仄舒亳亳. 丐舒从亢亠 舒仄舒亳于舒ム 亳从亳, 于磶舒仆仆亠 仗舒于仍亠仆亳亠仄 仗亠仂仆舒仍仂仄, 亳 仗仂亟亠从亳于舒亠 于舒亢仆仂 亠仆仂仍仂亞亳亠从仂亶 弍亠亰仂仗舒仆仂亳 亳 仄亠仂亟仂于 仆亳亢亠仆亳 亳 亳从仂于. 丕仗仂仄亳仆舒ム 仆仂仄舒亳于仆亠 亟仂从仄亠仆, 从舒舒ム亳亠 亰舒亳 从仂仄仄亠亠从仂亶 舒亶仆 亳 亳仗仂仍亰仂于舒仆亳亠 亠仆仂仍仂亞亳亶 亟仍 仄仂仆亳仂亳仆亞舒 舒从亳于仆仂亳 仂亟仆亳从仂于.仆仂于仆仂亠 仂亟亠亢舒仆亳亠 仗仂亠亳仂仆舒仍仆仂亞仂 舒仆亟舒舒 束弌仗亠亳舒仍亳 仗仂 弍亠亰仂仗舒仆仂亳 亳...
仆仂于仆仂亠 仂亟亠亢舒仆亳亠 仗仂亠亳仂仆舒仍仆仂亞仂 舒仆亟舒舒 束弌仗亠亳舒仍亳 仗仂 弍亠亰仂仗舒仆仂亳 亳...SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 仗仂亠亳仂仆舒仍仆 亟亠亠仍仆仂 仗亠亳舒仍亳舒 仗仂 弍亠亰仂仗舒仆仂亳 亳仆仂仄舒亳仂仆仆 亠仆仂仍仂亞亳亶, 于从仍ム舒 舒亰舒弍仂从, 于仆亠亟亠仆亳亠 亳 仗舒于仍亠仆亳亠 亳亠仄舒仄亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳. 丕从舒亰舒仆 仂仆仂于仆亠 亟仂于亠 仆从亳亳, 于磶舒仆仆亠 从仗仍舒舒亳亠亶, 舒亟仄亳仆亳亳仂于舒仆亳亠仄 亳 仗仂亠从亳仂于舒仆亳亠仄 亠亟于 亰舒亳 亳仆仂仄舒亳亳 于 从仂仄仗ム亠仆 亳亠仄舒 亳 亠, 舒 舒从亢亠 仆亠仂弍仂亟亳仄亠 仂于仆亳 从于舒仍亳亳从舒亳亳. 仆仂于仆舒 亠仍 仂亶 亟亠亠仍仆仂亳 亰舒从仍ム舒亠 于 仂弍亠仗亠亠仆亳亳 亰舒亳 亳仆仂仄舒亳亳 仂 亞仂亰 于 仍仂于亳 仗仂仂礌仆仂 仄亠仆ム亠亞仂 亳仂于仂亞仂 仂从亢亠仆亳.仆仂于仆仂亠 仂亟亠亢舒仆亳亠 仗仂亠亳仂仆舒仍仆仂亞仂 舒仆亟舒舒 束弌仗亠亳舒仍亳 仗仂 弍亠亰仂仗舒仆仂亳 舒...
仆仂于仆仂亠 仂亟亠亢舒仆亳亠 仗仂亠亳仂仆舒仍仆仂亞仂 舒仆亟舒舒 束弌仗亠亳舒仍亳 仗仂 弍亠亰仂仗舒仆仂亳 舒...SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 仗仂亠亳 仗亠亳舒仍亳舒 仗仂 亰舒亳亠 亳仆仂仄舒亳亳 于 舒于仂仄舒亳亰亳仂于舒仆仆 亳亠仄舒, 于从仍ム舒 仂仆仂于仆亠 亟仂于亠 仆从亳亳, 舒从亳亠 从舒从 仂弍亠仗亠亠仆亳亠 弍亠亰仂仗舒仆仂亳, 舒亰舒弍仂从舒 亳 亠舒仍亳亰舒亳 仗仂亠从仂于 仗仂 亰舒亳亠 亳仆仂仄舒亳亳, 舒 舒从亢亠 从仂仆仂仍 亰舒亳亠仆仆仂亳. 丕从舒亰于舒ム 仂于仆亳 从于舒仍亳亳从舒亳亳 亳 亠弍仂于舒仆亳 从 亰仆舒仆亳礆 亳 仄亠仆亳礆 亟仍 于仗仂仍仆亠仆亳 亳 仆从亳亶. 仆仂于仆舒 亠仍 亟亠亠仍仆仂亳 亰舒从仍ム舒亠 于 仂弍亠仗亠亠仆亳亳 弍亠亰仂仗舒仆仂亳 亳仆仂仄舒亳亳 于 仍仂于亳 亞仂亰 于 亳仆仂仄舒亳仂仆仆仂亶 亠亠.仆仂于仆仂亠 仂亟亠亢舒仆亳亠 仗仂亠亳仂仆舒仍仆仂亞仂 舒仆亟舒舒 束弌仗亠亳舒仍亳 仗仂 亠仆亳亠从仂亶 亰舒...
仆仂于仆仂亠 仂亟亠亢舒仆亳亠 仗仂亠亳仂仆舒仍仆仂亞仂 舒仆亟舒舒 束弌仗亠亳舒仍亳 仗仂 亠仆亳亠从仂亶 亰舒...SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 仗仂亠亳仂仆舒仍仆亶 舒仆亟舒 仗亠亳舒仍亳仂于 仗仂 亠仆亳亠从仂亶 亰舒亳亠 亳仆仂仄舒亳亳, 于从仍ム舒 仍亳亠仆亰亳仂于舒仆亳亠, 于亳亟 舒弍仂 亳 亠弍仂于舒仆亳 从 从于舒仍亳亳从舒亳亳. 丕于亠亢亟亠仆 从舒亠亞仂亳亳 仗亠亳舒仍亳仂于, 亳 仂弍磶舒仆仆仂亳 亳 从于舒仍亳亳从舒亳仂仆仆亠 仂于仆亳 亟仍 亰舒亳 从仂仆亳亟亠仆亳舒仍仆仂亶 亳仆仂仄舒亳亳. 仆仂于仆亠 亠仍亳 舒仆亟舒舒 仆舒仗舒于仍亠仆 仆舒 仗亠亟仂于舒亠仆亳亠 亠亠从 亳仆仂仄舒亳亳 亳 仆亠舒仆从亳仂仆亳仂于舒仆仆仂亞仂 亟仂仗舒.仆仂于仆仂亠 仂亟亠亢舒仆亳亠 仗仂亠亳仂仆舒仍仆仂亞仂 舒仆亟舒舒 束弌仗亠亳舒仍亳 仗仂 弍亠亰仂仗舒仆仂亳 ...
仆仂于仆仂亠 仂亟亠亢舒仆亳亠 仗仂亠亳仂仆舒仍仆仂亞仂 舒仆亟舒舒 束弌仗亠亳舒仍亳 仗仂 弍亠亰仂仗舒仆仂亳 ...SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 仗仂亠亳仂仆舒仍仆亶 舒仆亟舒 亟仍 仗亠亳舒仍亳仂于 仗仂 弍亠亰仂仗舒仆仂亳 亠仍亠从仂仄仄仆亳从舒亳仂仆仆 亳亠仄 亳 亠亠亶, 于从仍ム舒 仗舒于亳仍舒 舒亰舒弍仂从亳 亳 仗亳仄亠仆亠仆亳 舒仆亟舒仂于, 舒 舒从亢亠 仂于仆亳 从于舒仍亳亳从舒亳亶. 仆仂于仆舒 亠仍 仂弍仂亰仆舒亠仆舒 从舒从 仂弍亠仗亠亠仆亳亠 亰舒亳 亳仆仂仄舒亳仂仆仆 亠仂于 于 仍仂于亳 亞仂亰 弍亠亰仂仗舒仆仂亳. 丕从舒亰舒仆 从仍ム亠于亠 亟仂于亠 仆从亳亳 亳 亠弍仂于舒仆亳 从 从于舒仍亳亳从舒亳亳 仗亠亳舒仍亳仂于 于 亟舒仆仆仂亶 仂弍仍舒亳. 仗仂亠亳仂仆舒仍仆 舒仆亟舒舒 仗仂 亞仗仗亠 亰舒仆亳亶 (仗仂亠亳亶) 束弌仗亠亳舒仍亳 于 仂弍...
仗仂亠亳仂仆舒仍仆 舒仆亟舒舒 仗仂 亞仗仗亠 亰舒仆亳亶 (仗仂亠亳亶) 束弌仗亠亳舒仍亳 于 仂弍...SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 仗仂亠亳仂仆舒仍仆亠 舒仆亟舒 于 仂弍仍舒亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳, 于从仍ム舒 从 亳 仆从亳亳 亟舒仆仆 舒仆亟舒仂于. 仆 仂亟亠亢亳 仗亠亠亠仆 仗仂亠亳亶, 仄亠仂亟仂于 舒亰舒弍仂从亳 舒仆亟舒仂于 亳 仆仂仄舒亳于仆仂-仗舒于仂于 弍舒亰, 仆亠仂弍仂亟亳仄 亟仍 亳 仂亰亟舒仆亳. 丐舒从亢亠 仗亠亟舒于仍亠仆 从于舒仍亳亳从舒亳仂仆仆亠 仂于仆亳 亳 亠弍仂于舒仆亳 从 舒亰仍亳仆仄 仗亠亳舒仍亳舒仄 于 仂亶 仂弍仍舒亳.舒仗亳 舒从亳于仆仂亳 仗仂仍亰仂于舒亠仍亠亶 亳仆亠仍仍亠从舒仍仆仄 舒仆舒仍亳亰仂仄 亟舒仆仆
舒仗亳 舒从亳于仆仂亳 仗仂仍亰仂于舒亠仍亠亶 亳仆亠仍仍亠从舒仍仆仄 舒仆舒仍亳亰仂仄 亟舒仆仆SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 亳从亳 亠从亳 亟舒仆仆, 于磶舒仆仆亠 仗仂于亠亟亠仆亳亠仄 仗仂仍亰仂于舒亠仍亠亶 亳 舒亟仄亳仆亳舒仂舒仄亳, 仂仄亠舒, 仂 84% 亠亠从 仗仂亳仂亟亳 亠亠亰 舒亟仄亳仆从亳亠 亠仆亠 亰舒仗亳亳. 丕从舒亰舒仆 仗亳仄亠 仗仂亠 亟舒仆仆 亳 于舒亢仆仂 仂弍仍ミ莞黍出狐 亠亞仍仂仆 亠弍仂于舒仆亳亶. 仆仂于仆仂亠 于仆亳仄舒仆亳亠 亟亠仍磳 仆亠仂弍仂亟亳仄仂亳 仄仂仆亳仂亳仆亞舒 舒从亳于仆仂亳 仗仂仍亰仂于舒亠仍亠亶 亳 仗舒于仍亠仆亳 亳从舒仄亳 于 弍亳亰仆亠-仗仂亠舒.仄仗仂仂亰舒仄亠亠仆亳亠 于 亳亠仄舒 弍舒仆从仂于. 舒从亳亠从亳亠 舒仗亠从 仗亠亠仂亟舒 仆舒 仂亳...
仄仗仂仂亰舒仄亠亠仆亳亠 于 亳亠仄舒 弍舒仆从仂于. 舒从亳亠从亳亠 舒仗亠从 仗亠亠仂亟舒 仆舒 仂亳...SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 亳仄仗仂仂亰舒仄亠亠仆亳亠 于 亳亠仄舒 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳 弍舒仆从仂于, 舒从亠仆亳 于仆亳仄舒仆亳亠 仆舒 仗亠亠仂亟亠 仆舒 仂亳亶从亳亠 亠亠仆亳 于 仂弍仍舒亳 PKI. 舒仄舒亳于舒ム 仗亠亳仄亠于舒 亳 仆亠亟仂舒从亳 舒亰仍亳仆 仄亠仂亟仂于 舒亠仆亳亳从舒亳亳, 舒 舒从亢亠 仗仂弍仍亠仄 亳 亠亠仆亳, 于磶舒仆仆亠 亳仗仂仍亰仂于舒仆亳亠仄 PKI 亟仍 仗舒于仍亠仆亳 亟仂仗仂仄. 从仍ム舒亠 亳仆仂仄舒亳 仂 仗亠亳仄亠于舒 仂亳亶从仂亶 仗仂亟从亳亳 亳 仗仂亞舒仄仄仆仂亞仂 仂弍亠仗亠亠仆亳 亟仍 仂弍亠仗亠亠仆亳 弍亠亰仂仗舒仆仂亳 亳仆仂仄舒亳仂仆仆 亳亠仄.弍亠仗亠亠仆亳亠 亰舒亳 亳仆仂仄舒亳亳 仆舒 舒亟亳 亢亳亰仆亠仆仆仂亞仂 亳从仍舒 弌
弍亠仗亠亠仆亳亠 亰舒亳 亳仆仂仄舒亳亳 仆舒 舒亟亳 亢亳亰仆亠仆仆仂亞仂 亳从仍舒 弌SelectedPresentations
油
仂从仄亠仆 仂弍亢亟舒亠 于舒亢仆仂 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳 仆舒 于亠 舒仗舒 亢亳亰仆亠仆仆仂亞仂 亳从仍舒 亳仆仂仄舒亳仂仆仆 亳亠仄, 仗仂亟亠从亳于舒, 仂 弍亠亰仂仗舒仆仂 仂 仆亠 仂仍从仂 仂弍磶舒仆仆仂 仍亢弍 , 仆仂 亳 于舒亢仆亶 仍亠仄亠仆 弍亳亰仆亠-仗仂亠仂于. 仆仂于仆仂亠 于仆亳仄舒仆亳亠 亟亠仍磳 仆亠仂弍仂亟亳仄仂亳 仂弍仍ミ莞黍出狐 亠弍仂于舒仆亳亶 弍亠亰仂仗舒仆仂亳 仆舒 舒亟亳 舒亰舒弍仂从亳, 亠亳仂于舒仆亳, 从仗仍舒舒亳亳 亳 于于仂亟舒 亳亰 从仗仍舒舒亳亳, 舒 舒从亢亠 于亰舒亳仄仂亟亠亶于亳 仍亢弍 仂仂于亠于ム亳仄亳 仗仂亟舒亰亟亠仍亠仆亳礆亳. 亟仂从仄亠仆亠 舒从亢亠 仗亠亠亳仍亠仆 从仍ム亠于亠 舒仗亠从 仂亠仆从亳 亰舒磦仂从 仆舒 舒于仂仄舒亳亰舒亳 亠仂仄 亳从仂于 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳.仂从仄亠仆, 从舒从 亠亟于仂 亰舒亳: 从舒从 仂仆仂于舒 仂弍亠仗亠亠仆亳
仂从仄亠仆, 从舒从 亠亟于仂 亰舒亳: 从舒从 仂仆仂于舒 仂弍亠仗亠亠仆亳 SelectedPresentations
油
仂从仄亠仆 仂仗亳于舒亠 仍亞亳 从仂仄仗舒仆亳亳 Arinteg 于 仂弍仍舒亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳, 于从仍ム舒 从仂仆舒仍亳仆亞, 舒亰舒弍仂从 仂亞舒仆亳亰舒亳仂仆仆仂-舒仗仂磲亳亠仍仆仂亶 亟仂从仄亠仆舒亳亳 亳 仗仂亠从亳仂于舒仆亳亠 亳亠仄 弍亠亰仂仗舒仆仂亳 亳仆仂仄舒亳亳. 仆仂于仆仂亠 于仆亳仄舒仆亳亠 亟亠仍磳 亰舒亟舒舒仄, 于磶舒仆仆仄 仂弍亠仗亠亠仆亳亠仄 亠仍仂仆仂亳, 亟仂仗仆仂亳 亳 从仂仆亳亟亠仆亳舒仍仆仂亳 亳仆仂仄舒亳亳, 舒 舒从亢亠 仂弍仍ミ莞黍出狐 亠亞仍仂仆 亠弍仂于舒仆亳亶. Arinteg 仗仂亟亠从亳于舒亠 于舒亢仆仂 亰舒亳 亳仆仂仄舒亳亳 于 仍仂于亳 从亳亰亳舒 亳 仆亠仂弍仂亟亳仄仂亳 仗仂于亠仆仆仂亞仂 于仆亳仄舒仆亳 从 亳仆亳亟亠仆舒仄 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳.丼亠亞仂 仆亠 于舒舒亠 于 仂于亠仄亠仆仆 ids 亟仍 亰舒亳 弍舒仆从仂于从亳 仗亳仍仂亢亠仆亳亶
丼亠亞仂 仆亠 于舒舒亠 于 仂于亠仄亠仆仆 ids 亟仍 亰舒亳 弍舒仆从仂于从亳 仗亳仍仂亢亠仆亳亶SelectedPresentations
油
仂从仄亠仆 仗仂于亠仆 仂于亠仄亠仆仆仄 于仂仗仂舒仄 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳 于 仂亳亳, 仂仂弍亠仆仆仂 于 从仂仆亠从亠 亰舒亳 弍舒仆从仂于从亳 仗亳仍仂亢亠仆亳亶. 舒仄舒亳于舒ム 仄亠仂亟 仂弍仆舒亢亠仆亳 舒舒从, 舒从亳亠 从舒从 从仍舒亠仆亶 舒仆舒仍亳亰 亳 舒亰仍亳仆亠 仗仂亟仂亟 从 舒仆舒仍亳亰 舒亳从舒, 于从仍ム舒 DPI 亳 AppFW. 弍亢亟舒ム 亠从亳亠 仗仂弍仍亠仄 舒亟亳亳仂仆仆仄亳 亳亠仄舒仄亳 仂弍仆舒亢亠仆亳 于仂亢亠仆亳亶, 仆亠仂弍仂亟亳仄仂 舒仆舒仍亳亰舒 仄仂弍亳仍仆 仂亶于 亳 仄舒舒弍亳亠仄仂 亳亠仄 弍亠亰仂仗舒仆仂亳.弍 舒亳亳 束損 于 舒亰舒弍仂从亠 仗仂亠亳仂仆舒仍仆 舒仆亟舒仂于 于 仂弍仍舒亳 亳仆仂...
弍 舒亳亳 束損 于 舒亰舒弍仂从亠 仗仂亠亳仂仆舒仍仆 舒仆亟舒仂于 于 仂弍仍舒亳 亳仆仂...SelectedPresentations
油
仂从仄亠仆 舒仄舒亳于舒亠 舒亳亠 束損 于 舒亰舒弍仂从亠 仗仂亠亳仂仆舒仍仆 舒仆亟舒仂于 于 仂弍仍舒亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳 舒从亠仆仂仄 仆舒 仂仂于亠于亳亠 亠弍仂于舒仆亳礆 亞仂亟舒于亠仆仆仂亞仂 亠亞仍亳仂于舒仆亳. 弍亢亟舒ム 从仍ム亠于亠 仆舒仗舒于仍亠仆亳, 于从仍ム舒 仆亠仂弍仂亟亳仄仂 从仗亠亳亰 仗仂亠亳仂仆舒仍仆仂亞仂 仂仂弍亠于舒 亳 舒亳亠 弍亳亰仆亠舒 于 仂仄亳仂于舒仆亳亳 舒仆亟舒仂于. 仆仂于仆亠 亰舒亟舒亳 束損 于磶舒仆 舒亰舒弍仂从仂亶 亳 仗仂于亠从仂亶 仗仂亠从仂于 舒仆亟舒仂于, 舒 舒从亢亠 仂仗亠亟亠仍亠仆亳亠仄 仗亠亠仆 亟仂仍亢仆仂亠亶 仗亠亳舒仍亳仂于 于 仂弍仍舒亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳.亠仆从舒 仂仂礌亳, 仄亠 仂仄亳仂于舒仆亳 亳仆亟亳亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳 仂...
亠仆从舒 仂仂礌亳, 仄亠 仂仄亳仂于舒仆亳 亳仆亟亳亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳 仂...SelectedPresentations
油
仂从仄亠仆 仗仂于亠仆 仂亠仆从亠 仂仂礌亳 亳 仄亠舒仄 仗仂 仂仄亳仂于舒仆亳 亳仆亟亳亳 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳 于 仂亳亳, 于从仍ム舒 从仍ム亠于亠 仆舒仗舒于仍亠仆亳, 舒从亳亠 从舒从 弍亠亰仂仗舒仆仂 亳仆仂仄舒亳仂仆仆 亳亠仄 亳 亰舒亳 亞仂亟舒于亠仆仆仂亶 舒亶仆. 仗亳于舒ム 亞仂亰 亟仍 仂亠亠于亠仆仆仂亶 亳仆亟亳亳, 于从仍ム舒 亠仆仂仍仂亞亳亠从 亰舒于亳亳仄仂 亳 仆亠仂弍仂亟亳仄仂 亠从亳于仆仂亶 亠亞仍亳亳, 舒 舒从亢亠 仗亠亟仍舒亞舒ム 仄亠 亟仍 亳仄仍亳仂于舒仆亳 舒亰于亳亳 亳 仗仂亟亟亠亢从亳 仂亳亶从亳 从仂仄仗舒仆亳亶 于 亟舒仆仆仂亶 亠亠. 丐舒从亢亠 舒仄舒亳于舒ム 仗仂从舒亰舒亠仍亳 亳 舒亳亳从舒, 从舒舒ム亳亠 弍ミ莞勤却舒 仆舒 亳仆仂仄舒亳仂仆仆 弍亠亰仂仗舒仆仂 亳 亳仍仂 仗仂亳亰于仂亟亳亠仍亠亶 亠亟于 亰舒亳 亳仆仂仄舒亳亳.弍 亞仂亰舒 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳, 舒从舒仍仆 亟仍 舒亰舒弍仂亳从舒 弌
弍 亞仂亰舒 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳, 舒从舒仍仆 亟仍 舒亰舒弍仂亳从舒 弌SelectedPresentations
油
仂从仄亠仆 仂于亠舒亠 舒从舒仍仆亠 亞仂亰 亳仆仂仄舒亳仂仆仆仂亶 弍亠亰仂仗舒仆仂亳 亟仍 舒亰舒弍仂亳从仂于 亳亠仄 亰舒亳 亳仆仂仄舒亳亳, 于从仍ム舒 磶于亳仄仂亳 仂弍仍舒仆 亠仆仂仍仂亞亳亶 亳 仗仂弍仍亠仄 仂弍舒弍仂从仂亶 磶于亳仄仂亠亶. 弍亢亟舒ム 亳从亳, 于磶舒仆仆亠 亳仆仆仂于舒亳礆亳 亳 舒亰于仂仄 于 从于舒仍亳亳从舒亳亳 仗亠亳舒仍亳仂于, 舒 舒从亢亠 于舒亢仆仂 弍亠亰仂仗舒仆仂亶 舒亰舒弍仂从亳 亳 舒仆亟舒亳亰舒亳亳. 亟亠仍ム 仗仂弍仍亠仄 于亰舒亳仄仂亟亠亶于亳 仗仂舒于亳从舒仄亳 亳 仆亠仂弍仂亟亳仄仂 仗仂于亠仆亳 仂于亠亟仂仄仍亠仆仆仂亳 仂 弍亠亰仂仗舒仆仂亳 于 仂舒仍亳.Ad
Hta t17
- 1. Session ID: Session Classification: Jasper van Woudenberg Riscure HTA-T17 Advanced EmbeddedSystems UnderFire Fault Injection on SecureBoot
- 2. Many more mod chips available 1 search away Example: Xbox 360 glitch chip
- 3. Embedded devices and attacker goals
- 4. How are devices protected? Protect input Only authorized code Protect output
- 5. Hardware root of trust
- 7. CPU starts executing ROM Immutable, programmed during manufacturing Trust starts here (root) ROM loads patches Verifies digital signature! ROM loads OS Verifies digital signature! OS includes Card manager Any applets that are installed are first digitally verified Result: all code on platform verified Example typical JavaCard smart card
- 8. (simplified) Primary Boot Loader in ROM Device Boot Loader (flash) Secondary Boot Loader (flash) Realtime Executive (flash) Hboot (flash) Linux / Android (flash) http://tjworld.net/wiki/Android/HTC/Vision/BootProcess Example HTCVision
- 9. CPU loads UEFI firmware (verification?) Driver and Boot application signature verification Using (forbidden) signature database, (updated by KEK (updated by PK)) (Measure components into TPM) When Secure boot enabled, require signed UEFI OS OS verifies drivers, boots (many applications also digitally signed) Example PC with UEFI secure boot
- 10. Model appropriate? Protect input Only authorized code Protect output
- 11. Fault injection
- 12. Spike/dip supply voltage Long: reset (boring) Short: corruption (interesting) Voltage FI Threshold of read value A power dip at the moment of reading a memory cell
- 13. Introduce malformed clock Spikes or dips cause temporary extra cycle Instruction / data corruption Clock FI
- 14. EM: Introduce a current intro a circuit Affect RNG EM injection
- 15. Photons are absorbed by electrons in silicon Absorbed photons increase electron energy Increasing the semiconductor conductivity Can produce temporary faults Optical injection
- 16. Data corruption Changing verification key Address line pulling Execute / verify different memory Instruction skipping Flip branches http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor- was-hacked/ http://www.free60.org/Reset_Glitch_Hack Fault injection effects
- 17. Address line attack Execute Check sig Execute
- 18. Vi pin.c Branching example (C)
- 20. Successful fault requires many parameters to be tuned correctly Know (or guess) from design, source, experience Temporary fault allows reset & retry Scan over parameter ranges Finding injection parameters
- 22. Root of trust depends on binary decision physical access could circumvent signature verification Depending on technology, can be Highly repeatable Cheaply exploitable FI as threat to hardware root of trust
- 23. Countermeasures
- 24. Multiple checking sensitive results Branchless algorithms Random wait loops Usually risk based because of (computational) cost Countermeasuressoftware
- 25. Active and passive shielding Supply voltage monitoring, buffering Temperature sensors Internal clock (unstable) Optical sensors on die Image: flylogic.net Countermeasureshardware
- 26. Main CPU instructs crypto core to execute crypto n times Checks result is the same Fault crypto core in same way - > difficult Fault crypto core AND attack result check on main CPU -> two locations! Multiarea checks
- 27. Success rate exponentially decreases with attempts, e.g. Forcing an attacker to require multiple faults makes attacking exponentially harder
- 28. Future / wrapup
- 29. Model appropriate? Protect input Only authorized code Protect output Code Protect authorized code
- 30. Logical: 1992 (introduction GSM SIM cards) Physical: 1994 SCA: 1997 FI: 1999 (power) Attack timeline Logical: forever SCA: 2004 (payment terminals) Physical: 2006 (STBs, Riscure) FI: 2008 (PCB address line manipulation)
- 31. Physical/SCA/FI attacks about 9 years later on embedded than on smart cards Logical attacks are getting harder.. .. FI is becoming relevant (and systems are being broken) Attacker economics
- 32. Improved logical (software) security, combined with attacker economics leads to hardware attacks As seen in the smart card industry As we are seeing in the embedded market (STB, mobile) (as we will see in the PC market?) Hardware root of trust creates protection against simple injection of unauthorized code Not physical attacks! Conclusions
- 33. The security of a hardware root of trust depends on the countermeasures implemented Secure systems use both hardware and software countermeasures We discussed FI, also consider SCA, logical, physical Conclusions
- 34. Chip(set) manufacturers: Build chips with hardware root of trust an countermeasures Test and improve! What next?
- 35. Device developers: If you are not implementing software verification, go do that first Choose hardware with a hardware root of trust, and hardware countermeasures Enable software and hardware countermeasures in your system Test and improve! What next?
- 36. Questions?