Summerschool Aachen 2004/Hardware Hacking Presentation
< Summerschool Aachen 2004
Revision as of 03:53, 26 November 2004 by Mario Manno (talk | contribs)
Contents
Presentation Summary
Introduction
- Security by using obscure screws, non public systems
- Security by obscurity
Locks
- LINK MIT Lockpicking Guide
- Keys can be memorized
- Master keys possible because of "spacer pins"
- Lockpicking, types of tools
- picks: spanner, snake
- pull the mechanism directly, evading the lock
- automated equipment, using vibrating pins
- magnetic fields, used against locks which hold their pins with magnets
- High Security Locks, 15 pin positions (slits) in a row, 3 pins at a given position
- Master keys may be "bruteforced" by elevating single pins consecutively, if you have a working single key
- Circular locks defeated by empty pen casing
Tampering - opening things you shouldn't
- LINK presentations from "kingpin" by the l0pht - http://www.grandideastudio.com/portfolio
- glue melts faster than casing
- PAPERS Chrysalis (Steven J. Murdoch)
- logic analyzers (used to watch i.e. 16 wires)
- hardware gets obfuscated on a regular basis
- protection against tempering by adding plastic framing to chips, etc.
- jtag interface to hardware devices for "debugging"
- show supported flash
- re flash
- PAPER Keeping Secrets: Opening the XBOX (Andrew Huang)
- PAPER Low Cost Attacks on Tamper Resistant Devices (Ross Anderson, Markus G. Kuhn)
- PAPER Design Principles for Tamper-Resistant Smartcards (Oliver K)
- Chip layout rendered by 3d microscope imaging
- test circuits protected by fuses, burnt upon delivery
Tempest
- Electromagnetic emanations
- Use tinfold to protect your thoughts whenever possible
- Tempest attacks against svga are not simple
- PAPER Soft Tempest (Ross Anderson, Markus G. Kuhn)
- Tempest for Eliza, plays music on a radio by drawing patterns on a monitor
- Optical Tempest, samples brightness changes in the room, effective
- watch leds to capture bits from data lines, which are connected directly to the led, not working on ethernet
Side Channels
- used on smart cards
- Simple Power Analysis
- Timing Analysis
- Differential Power Analysis
- PAPER Power Analysis Tutorial (Manfred Aigner, Elisabeth Oswald)
- PAPER Physical Side-Channel Attacks on Cryptographic Systems (N.P.Smart)
Fault Injection
- changing power, frequency, temperature, light
- skip unwanted functions/control statements