Your SlideShare is downloading. ×
0
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Securing embedded systems (for share)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Securing embedded systems (for share)

1,083

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,083
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • I will be talking about the security of embedded systems Many of the areas will still be of interest to those more interested in PC based systems I know that although I think that this stuff is facinating, some people can find it a bit boring, so I will try to make it as fun as I can, and to that end I shall occasionally share my presentation with monsters, gnomes, and some gorillas … With that in mind I will provide some theme music for the first question of the topic to see where I should pitch the rest of the talk …
  • Of course, in 30 minutes or so I can’t go through everything on embedded security, so I have whittled down the presentation to these core topics
  • Requirements for product security is becoming the norm, not the exception Your devices are used to secure your information, as well as to protect other peoples information from you! Also protect business cases …
  • Perhaps “Better Equipped” is not quite the right term …
  • During the presentation I will be providing real world examples from this system, which we have produced in parts specifically for this presentation Plugs into your PC, and provides security for your GPG / PGP use MUCH more secure than just using GPG on your PC … or is it? Let’s test it to see what vulnerabilities it may have …
  • RSA is basically just plaintext (to the power of) your key (modulo) some key related number The ‘to the power of’ bit, is exponentiation, and most often calculated using an algorithm called ‘square and multiply’ I won’t go into the details of the math, as interesting as that is, but rest assured that it means that processing takes longer for each key bit which is a ‘1’ rather than a ‘0’ Timing attacks can also impact on any compare operations in the device (where the input is compared to a calculated or pre-stored value within the device)memcmp() is generally optimised to return as quickly as possible, which means that it will return quicker for an incorrect input, than for one that is correct But don’t take my word for it … let’s test it!
  • In our test system, memcmp() is used for both passwords (to allow for signing and decryption), and for HMACs (which are used to authenticate software updates) Hooked a CRO up to the output line of our system So when we get the first byte incorrect, the memcmp() returns a this point in time When we get the first byte correct, the time to return increases (by approx 0.5us on this system) Next byte correct, we get a return later again So, by working through all 256 values of each byte, we can brute force an 8 byte password in 2048 tries rather than 18.5 million trillion- So easy, let’s have cookie monster explain as we work through the remaining 6 bytes …
  • Blinding / masking involves changing the input data (plaintext) or key (exponent) during the operation, in such a way the changes can be removed at the end of the calculation to restore the correct ciphertext value Be sure when you are implementing blinding for RSA you are aware of why you are doing it – blinding only the data will protect against side channel analysis Create your own data independent compare procedure First rule of the day – test it, don’t assume
  • Many programmers don’t spend a lot of time thinking about the physical processes which make their programs work Fine most of the time, but this is a problem when it comes to security When I say lots, I mean thousands, millions, even billions Power analysis was first recorded in some recently declassified US government documents, which noted that the russians had installed current monitoring devices into US encrypting typewriters When your system does the same operations, it draws exactly the same current, and emits exactly the same radiation. When processing changes, so does the current draw and emissions Therefore by monitoring the current or EM, you can determine what the device is doing!
  • So, the selection function is absolutely vital It’s a way to differentiate between the many captures of power or EM you have, so that they can be correlated using statistical methods EG; The selection function could be a way to separate the data based on what would happen to a single bit of the input plaintext based on all possible values of only four bits of the key So, once you have a selection function, you separate the captures base on the chosen selection function, and apply your statistical model If you have a good selection function, one of the ways in which you have separated the captures is exactly correct, and will (hopefully) produce a correlation in your statistcal analysis For the other ways in which you have separated the captures, your model is incorrect, and therefore you will not get any correlation Many different selection functions exist, for different algorithms and methods of processing. Be aware that selection functions are not limited to cryptographic algorithms – don’t close the door just to have the attackers come in the window
  • So, enough talking, lets have an example Here we have a capture of the power waveform of AES processing on the GEEK hardware If we take some more samples, say 20, and process it through our selection function, we get the following output You can see that there is a lot of noise here which is caused by the 256 different outputs overlaid on each other, each representing a potential sub-value of the AES key. However, at this stage, there is no real outlying signal which has been correlated As we apply more and more captures to the statistical analysis, we increase the signal for the correct value, and decrease the noise caused by 255 other incorrect values [At 40 captures] Now we are starting to see some information peeking out of the noise floor, and I want to you keep an eye on [Click] this point as we increase the number of captures we are analysing, as we can already see a point which has started coming up out of the noise … [Click - It’s coming up] So, this peak tells us, through our analysis, and part of the AES key for this device is 11 hex. To reveal the whole key, we just have to repeat this process, using the same captures, focusing on different parts of the key. So, with a current probe and some software, we have broken the 128 bit AES encryption of this device after observing only 100 operations. [Click - Accurate timing]
  • Some vulnerabilities require the attacker to have physical access, some do notEven without physical access, an attacker could use malware to brute force password and use the token to sign / decrypt documents The GEEK is better than general purpose GPG on a PC, but it is not 100% secure What happens when these vulnerabilities are exposed, by hackers or academics? Can all of these problems be patched with software updates? What about the external memory? Is this an issue? What legals do you have around guarenteed performance of this device?
  • You need to understand what the threat model of your clients is – this may be as easy as looking at published standards (such as FIPS140-2, or PCI PTS), or it may be more difficult Be aware of the potential issues and make sure you have the resources to test for them Understand the potential impact if you are sacrificing testing for reduced initial development cost and quicker time to market – could this end up costing you more in the long term?If you have spent the time to outline security requirements from the outset, make sure the system meets these before release, many well designed products have failed through lack of ensuring they met their own specs Nothing is perfect, always have a plan B Don’t forget security once the product is released – ongoing maintenance may be required to prevent catastrophic failure (eg non-random K values in DSA signature)
  • Transcript

    • 1. Close the Door!Securing Embedded Systemsv1.1
      Witham Laboratories
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 1
    • 2. Agenda
      Why Embedded Security Matters
      (Theoretical) Example System
      Timing Analysis
      Power and EM Analysis
      Encryption and Key Management
      Software Update Security
      Glitch Attacks
      Summary and Best Practice
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 2
    • 3. Embedded Security Matters
      Processors are everywhere
      Often used to secure your information
      Form the foundation of business cases
      Payment, games, mobile phones, TV/video
      Required to maintain essential assets
      Crypto keys, passwords, firmware/code
      Drive economies (see above!)
      Phones, consoles, pay TV HW; sold at loss
      Profits come from content and lock-in
      Let’s talk economics for a second 
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 3
    • 4. Embedded Security Matters
      Systems development cost increasing
      More people, more equipment, more complexity, more requirements
      How much does a dev resource cost you?
      Hackers have the economic advantage
      Costs more to build than to break
      Time on market >> time to market
      Attacks only ever get cheaper / easier
      Financial gain often not the motivation
      Hackers share info, businesses do not
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 4
    • 5. Embedded Security Matters
      Usually safe to assume hackers are:
      Better equipped
      More knowledgeable
      With greater motivation and resources
      Time to give up?
      Time to invest in security design
      1st step: Understanding the vulnerabilities
      We’ve got an example system to hack 
      ———————More resourceful
      No!
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 5
    • 6. (Theoretical) Example System
      GPG Embedded Encryption Key (‘GEEK’)
      HW token with support for TDES, AES, RSA
      256k flash for code storage, 8GB flash for document storage (both AES encrypted)
      Verifies your GPG password/passphrase
      Keys stored and operated on device
      Firmware can be updated in the field
      Secure system uses HMACs for auth
      Marketed to industry and governments
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 6
    • 7. Timing Analysis
      Timing of RSA modulo exp operations
      RSA most often uses ‘square and multiply’
      Processing of a ‘1’ bit in the key requires more steps than processing a ‘0’ bit
      Therefore takes longer
      ‘Final reduction’ step will also leak information
      Password / (H)MAC verification
      Data dependant timing for compare
      Allows for ‘walking’ through correct values
      Correct guesses take longer to return than incorrect guesses
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 7
    • 8. Timing Analysis - Eg
      Access password and HMAC
      Compared using standard memcmp()
      Work through all values of first byte
      Time to error > when first byte correct
      Once known, repeat for other bytes
      8 byte password in 256 x 8 rather than 256^8
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 8
    • 9. Timing Analysis – Close the Door!
      Blinding of RSA operations
      Changes the actual values processed
      Therefore information gained through timing is not correlated to the data / key
      Data independent compare operations
      Ensure run time is same for all inputs
      Best implementation can depend on your processor / compiler … but try;
      XOR or bytewise compare across all bytes
      AND / OR results together to form return value
      AND TEST IT!!!
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 9
    • 10. Power and EM Analysis
      Every transistor is doing you damage …
      Embedded devices = lots of transistors
      Draw more current when switching states
      Transmitting data, performing computations
      Processing is deterministic & repeatable
      Each device & operation has a unique power / EM ‘signature’
      Different when any processed bits are different
      Encryption processing depends on data & key
      Therefore, emissions leak secret info!
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 10
    • 11. Power and EM Analysis
      Selection function is vital
      Method to differentiate captures based on a finite number of possible secret values
      Eg Value of 1 bit based on part of key
      Work through all possible secret values
      Apply statistic analysis to the datasets
      Eg separate into captures where bit=1 or bit=0
      Incorrect assumptions = no correlation
      Correct assumptions = correlation
      Decreased noise, increased signal
      Selection fns exist for AES,DES,RSA,ECC, …
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 11
    • 12. Power and EM Analysis - Eg
      GEEK AES power analysis
      Depends on accurate timing alignment
      Frequency domain or Integration analysis can compensate for poor alignment
      Still have to know roughly where crypto is
      AES Subkey = 0x11
      - 100 samples
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 12
    • 13. Power and EM Analysis – Close the Door!
      Random delays or round structure
      Frequency / windowed analysis may work
      Blinding or masking
      Requires higher order analysis
      Time / function limits on crypto
      Depends on level of side channel leakage
      Design to minimise use of secret data
      Unique key per operation
      Key management!!
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 13
    • 14. Encryption & Key Management
      Epic fail for many systems
      Use bad (non-standard) crypto algorithms
      Use good (standard) algorithms badly
      Good design, poor management
      One key to rule them all!
      (and in the darkness bind them)
      The algorithms are the easy part
      RSA, ECC, TDES, AES
      Don’t think proprietary / secret is better!
      The key is the secret!
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      , Serpent
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 14
    • 15. Encryption - Eg
      GPG password in external flash memory
      Encrypted with AES ECB
      Location of password can be determined
      Lots of other blocks have same value
      Probably 0x00 or 0xFF before encryption (depends)
      Swap with password location -> password now known!
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      0x696275c0eb3d6e6b8ceabaea4e279589
      0xc2ff88de46aa82335d0182dc597e413e
      0x19537682cfc5f228881c91712d0ac051

      0x0da873169c2ee2d80a706eabeab638da
      0x0da873169c2ee2d80a706eabeab638da
      0x0da873169c2ee2d80a706eabeab638da

      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 15
    • 16. Encryption – Eg
      (8GB)
      Encryption key ‘hidden’ in flash
      Cannot be visually / statistically differentiated from encrypted memory
      Location is random for each device
      Key location can be easily brute-forced
      8 x 1024 x 1024 x 1024 = 8,589,934,592
      Run through all possible 32 byte key values
      Decrypt known plaintext (eg unused flash)
      1us per AES operation = all keys tried in ~ 8590 seconds (less than 2 ½ hours)
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 16
    • 17. Encryption – Close the Door!
      Use your algorithms wisely
      Approved modes of operation (ISO, NIST)
      Industry standard padding (PKCS)
      Understand limitations to the algorithm / mode of operation
      Encryption ≠ authentication (usually)
      Beware dictionary / frequency analysis
      Beware transposition of encrypted data
      Understand your need for encryption
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 17
    • 18. Encryption – Close the Door!
      Use suitable mode of operation
      Beware ECB or stream cipher modes (where contents change / may be known)
      Unique key per device, and per use
      Don’t use memory encryption key for encrypting system secrets
      Beware cryptographic errors
      May indicate an attack (see glitching!)
      Protect key storage
      Obfuscation at a minimum
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 18
    • 19. Glitching
      Every transistor is doing you damage …
      Each instruction switches many transistors
      Usually all synchronised with a ‘clock’
      No two transistors are the same
      Different locations, tolerances, I/O factors
      A glitch forces some transistors to (not)operate when they shouldn’t
      Can be applied many different ways
      Power, clock signal, EM, light
      Changes operation of only a few transistors
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 19
    • 20. Glitching - Eg
      HMAC fails, system sits in tight loop
      Code executed on ‘good’ HMAC follows the machine code for the loop
      If(HMACisOK(image))!=1)
      {while(1)};
      ExecuteNewlyDownloadedCode();
      Glitch the clock, power, EM
      Some transistors don’t work properly
      Jump in test/while fails, or PC increments
      Hello ‘ExecuteNewlyDownloadedCode()’ !
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 20
    • 21. Glitching – Close the Door!
      Check for function entry before exit
      Confirm crypto OK before output
      Eg perform twice, or encrypt then decrypt
      Use watchdog(s)
      Beware frequent watchdog activation
      Remember glitching produces ‘impossible’ processor operations!
      Code for errors which cannot happen
      Beware compiler optimisation
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 21
    • 22. Software Updates
      Most systems will accept SW updates
      Remote and/or local, part replacement
      Avoid common authentication secrets
      Remember encryption ≠ authentication
      Be aware of local interfaces
      JTAG, ICE, ROM bootloader
      Disabled by SW, but maybe re-enabled …
      Ensure what you authenticate is what you execute!
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 22
    • 23. Software Updates - Eg
      Software written to flash before auth
      Code only executed if auth passes
      Unauth’d code stays in flash
      Execute through glitch, code exploit
      Software auth’d with RSA signature
      Bug in ASN.1 parsing allows stack overflow
      Expected as ASCII, uses strcmp() rather than memcmp(), terminates at nulls
      System wide symmetric key for auth
      Key exposed on one device …
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 23
    • 24. Software Updates – Close the Door!
      Authenticate what you want to execute
      Execute what you authenticate
      What prevents changes after auth?
      Beware parsing functions
      Do you authenticate before or after?
      What are the impacts of both options?
      Does the parse change / remove any data?
      Can the parse be exploited / compromised?
      Overflow / null exit / assumed data positions, etc
      Avoid system wide secrets
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 24
    • 25. Theoretical Example Summary
      Many different vulnerabilities
      External flash exploitable even with AES
      Password checking could be bypassed
      Keys exposed through side channels
      Software update function insecure
      Is that important?
      Home user ≠ industry ≠ government
      Still more secure than encrypting on a PC
      What are your threat profile / compliance reqs?
      What’s the fix: Patch? Product recall?
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Depends …
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 25
    • 26. Summary
      Understand your risk and threat profile
      Depends on the market and product
      Build testing into your time/cost budget
      Greater threat -> greater dev time/cost
      Ensure product meets the security specs
      No implementation is perfect
      Plan for ifwhen vulnerabilities are found
      Remember product life-cycle security
      Key management, code signing, etc
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 26
    • 27. Questions?
      For further information please contact
      Andrew Jamieson
      Technical Manager
      Witham Laboratories
      Email: andrew.jamieson@withamlabs.com
      Phone: +61 3 9846 2751
      Witham Laboratories
      1/842 High Street
      East Kew 3102
      Melbourne
      Australia
      Ph: +61 3 9846 2751
      Fax: +61 3 9857 0350
      Rambla de Catalunya
      38, 8 planta
      08007 Barcelona
      Spain
      Ph: +34 93 184 27 88
      Email: lab@withamlabs.com
      PCI PTS PCI PIN PCI DSS PA-DSS
      Witham Laboratories
      Building Confidence in Payment Systems
      Slide No. 27

    ×