The Fault Injection attack surface of Secure Boot implementations is determined by the specifics of their design and implementation. Using a generic Secure Boot design we detail multiple vulnerabilities (~10) using examples in source code, disassembly and hardware. We will determine what the impact is of the target's design on its Fault Injection attack surface: from high-level architecture to low-level implementation details. Research originally presented in November 2016 at BlackHat Europe.
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesRiscure
Secure Boot is widely deployed in modern embedded systems and an essential part of the security model. Even when no (easy to exploit) logical vulnerabilities remain, attackers are surprisingly often still able to compromise it using Fault Injection or a so called glitch attack. Many of these vulnerabilities are difficult to spot in the source code and can only be found by manually inspecting the disassembled binary code instruction by instruction.
While the idea to use simulation to identify these vulnerabilities is not new, this talk presents a fault simulator created using existing open-source components and without requiring a detailed model of the underlying hardware. The challenges to simulate real-world targets will be discussed as well as how to overcome most of them.
Fault Injection on Automotive Diagnosis ProtocolsRiscure
In this work we present fault injection as a technique to bypass the security of automotive diagnosis (UDS) protocol implementations that do not contain any logical vulnerabilities. Therefore, they are protected against traditional logical attacks. Our tests proved that it is possible for an attacker to inject faults and bypass the UDS authentication, obtaining access to the internal Flash and SRAM memories of the targets. By analyzing the dumped firmware, the keys and algorithm that protect the UDS have also been extracted, giving full access to the diagnosis services without requiring the use of fault injection techniques.
Originally presented by Riscure's Niek Timmers at the 2018 ESCAR USA conference.
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopSaumil Shah
Learn how to build your own testing and debugging environment for analysing IoT firmware images. Bug hunting in IoT firmware requires access to debugging, instrumentation and reverse engineering tools.
In this workshop, we shall learn how to extract firmware from a few ARM IoT devices, deploy the extracted filesystems on an ARM QEMU environment, and emulate the firmware as close to the original hardware environment as possible. We shall also learn how to intercept and emulate NVRAM access to faithfully reproduce the exact configuration available on the actual device. Participants are required to bring a laptop capable of running VMware Workstation/Fusion/Player. We shall distribute a virtual machine with ARM QEMU along with firmware images extracted on the spot from a few SoHo routers and IP Cameras.
The methodology discussed in this workshop is put together from the author’s own beats. While we use ARM as the base platform, the same methodology can also work for MIPS or other embedded architectures.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Computer and network security aims to preserve the confidentiality, integrity and availability of information systems. It involves protecting computer hardware, software, data and networks from unauthorized access and modification. Common security threats include passive attacks like eavesdropping and traffic analysis, as well as active attacks that can modify communications like message forgery. Effective security controls include encryption, access controls, authentication and availability measures.
The document discusses integrating security testing into the typical iterative development lifecycle through automated software tests at various stages, including unit tests, integration tests, and acceptance tests. It provides examples of using JUnit for unit testing and tools like Cactus, Selenium, and WATIR for integration and acceptance testing to validate valid/invalid inputs and test for vulnerabilities like SQL injection and cross-site scripting.
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesRiscure
Secure Boot is widely deployed in modern embedded systems and an essential part of the security model. Even when no (easy to exploit) logical vulnerabilities remain, attackers are surprisingly often still able to compromise it using Fault Injection or a so called glitch attack. Many of these vulnerabilities are difficult to spot in the source code and can only be found by manually inspecting the disassembled binary code instruction by instruction.
While the idea to use simulation to identify these vulnerabilities is not new, this talk presents a fault simulator created using existing open-source components and without requiring a detailed model of the underlying hardware. The challenges to simulate real-world targets will be discussed as well as how to overcome most of them.
Fault Injection on Automotive Diagnosis ProtocolsRiscure
In this work we present fault injection as a technique to bypass the security of automotive diagnosis (UDS) protocol implementations that do not contain any logical vulnerabilities. Therefore, they are protected against traditional logical attacks. Our tests proved that it is possible for an attacker to inject faults and bypass the UDS authentication, obtaining access to the internal Flash and SRAM memories of the targets. By analyzing the dumped firmware, the keys and algorithm that protect the UDS have also been extracted, giving full access to the diagnosis services without requiring the use of fault injection techniques.
Originally presented by Riscure's Niek Timmers at the 2018 ESCAR USA conference.
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopSaumil Shah
Learn how to build your own testing and debugging environment for analysing IoT firmware images. Bug hunting in IoT firmware requires access to debugging, instrumentation and reverse engineering tools.
In this workshop, we shall learn how to extract firmware from a few ARM IoT devices, deploy the extracted filesystems on an ARM QEMU environment, and emulate the firmware as close to the original hardware environment as possible. We shall also learn how to intercept and emulate NVRAM access to faithfully reproduce the exact configuration available on the actual device. Participants are required to bring a laptop capable of running VMware Workstation/Fusion/Player. We shall distribute a virtual machine with ARM QEMU along with firmware images extracted on the spot from a few SoHo routers and IP Cameras.
The methodology discussed in this workshop is put together from the author’s own beats. While we use ARM as the base platform, the same methodology can also work for MIPS or other embedded architectures.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Computer and network security aims to preserve the confidentiality, integrity and availability of information systems. It involves protecting computer hardware, software, data and networks from unauthorized access and modification. Common security threats include passive attacks like eavesdropping and traffic analysis, as well as active attacks that can modify communications like message forgery. Effective security controls include encryption, access controls, authentication and availability measures.
The document discusses integrating security testing into the typical iterative development lifecycle through automated software tests at various stages, including unit tests, integration tests, and acceptance tests. It provides examples of using JUnit for unit testing and tools like Cactus, Selenium, and WATIR for integration and acceptance testing to validate valid/invalid inputs and test for vulnerabilities like SQL injection and cross-site scripting.
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118Wei Fu
The document discusses Reliability, Availability, and Serviceability (RAS) on ARM64 platforms. It provides an overview of ARM64 RAS architecture including hardware support through the RAS extension and firmware support through the Secure Partition Manager (SPM) and MM Secure Partition. It describes the status of prototypes for firmware first error handling using the APEI protocol and CperLib as well as plans to upstream code to various open source projects.
The document discusses secure boot, trusted boot, and their differences. It provides an overview of standard boot processes, secure boot processes where each step is cryptographically signed, and trusted boot which records measurements to the TPM for later verification. It also proposes a solution for secure boot in 5G plugin units using platform keys, key exchange keys, and allowed/forbidden signature databases.
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...CODE BLUE
ECU software is responsible for various functionality in the vehicle, e.g., engine control and driver assistance systems. Therefore, bugs or vulnerabilities in such systems may have disastrous impacts affecting human life. We consider possible vulnerabilities in ECU software categorized into memory corruption vulnerabilities and non-memory corruption vulnerabilities, and examine attack techniques for such vulnerabilities. Since we did not acquire and reverse-engineer actual ECU software, we first consider in theory how and if attacks are possible under the assumption that there would exist memory corruption vulnerabilities in ECU software. For our investigation, we consider the ECU microcontroller architecture TriCore1797 (TriCore Architecture 1.3.1) from Infineon which exists in a number of ECUs. In contrast to x86 architecture, the return address is not stored on the stack; therefore, we assumed that performing code execution by stack overflow would not be easy. We investigated if it would be possible to perform arbitrary code execution based on approaches from the PC environment and also if other attack approaches could be considered. We considered the following attack approaches:
1) Overwriting a function pointer stored on the stack by performing a buffer overflow to execute code;
2) Overwriting the memory area handling context switching used by TriCore itself to execute code;
3) Overwriting the vector tables used by interrupt and trap functions.
Moreover, using a TriCore evaluation board and software created to perform the experiments, we tested the various attack approaches. We confirmed that several attack approaches are not possible due to security mechanisms provided by the microcontroller or differences in the microcontroller architecture compared to traditional CPUs. However, under certain specific conditions, as a result of performing a buffer overflow attack to overwrite a function pointer, we manage to make the TriCore jump to an address of our choosing and execute the code already stored on that location.
Black Hat USA Arsenal 2023: Abusing Microsoft SQL Server with SQLReconSanjiv Kawa
Video: https://youtu.be/LsYSePobFWA
Conference: Black Hat USA Arsenal 2023
Presentation Title: Abusing Microsoft SQL Server with SQLRecon
Presenter: Sanjiv Kawa
This document summarizes information from a presentation on practical Trusted Platform Module (TPM) programming. It discusses TPM hierarchies, keys, and the problems TPMs help solve such as secure device identification, key generation and storage, device health attestation, and algorithm agility. It provides examples from the resource "A Practical Guide to TPM 2.0" and the TPM simulator tool "tpm2_tools".
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Kuniyasu Suzaki
This document discusses hardware-assisted isolated execution environments (HIEE) and trusted execution environments (TEE) on RISC-V processors. It describes how TEEs are implemented using privileges worlds on ARM TrustZone and Intel SGX. For RISC-V, it summarizes proposals for TEEs including Sanctum, MultiZone, and using seL4 microkernel to implement OP-TEE. It also briefly discusses TEE implementations on FPGAs, GPUs, virtualization, and the IETF's TEE provisioning protocol.
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
In era of cloud computing, security is becoming more and more critical for customers. In existing HW/SW architecture hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel Software Guard Extension (SGX) provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. Intel SGX makes such protection possible through the use of enclave, which is a protected area in userspace application where the code/data cannot be accessed directly by any software from outside. This presentation intends to give you an introduction of Intel SGX technology, including what it is, how it works, and the existing SW stack to enable SGX for customers, followed by introduction of our work to support SGX virtualization in Xen hypervisor, including the high-level design, current status and future plan.
Its is project based on one of the most interesting and wide topic of Computer Science, named Cyber Security
CONTENT :
1. What is Cyber Security
2. Why Cyber Security is Important
3. Brief History
4. Security Timeline
5. Architecture
6. Cyber Attack Methods
7. Technology for Cyber Secuirty
8. Development in Cyber Security
9. Future Trend in Cyber Security
This document discusses bug bounty programs (BBPs), which reward security researchers for responsibly disclosing software vulnerabilities. It introduces BBPs, noting they save companies money while improving security. Major companies like Google and Facebook run BBPs. The document outlines prerequisites for BBPs like learning security testing techniques. It provides tips for finding vulnerabilities like understanding a site's scope, tools, and avoiding duplicate reports. Common vulnerability types in BBPs include injection flaws and insecure data storage.
Malware Detection Using Machine Learning TechniquesArshadRaja786
Malware viruses can be easily detected using machine learning Techniques such as K-Mean Algorithms, KNN algorithm, Boosted J48 Decision Tree and other Data Mining Techniques. Among them J48 proved to be more effective in detecting computer virus and upcoming networks worms...
This document provides an overview of using Verilog and Xilinx Vivado to design and simulate a simple combinational circuit. It describes setting up Vivado, writing Verilog code for a full adder circuit, synthesizing the code, writing a testbench, running a simulation, and verifying the results in the waveform. The goal is to familiarize users with the typical workflow of a computer-aided design tool for digital circuits.
The document provides an introduction to bug bounty programs for beginners. It outlines some prerequisites like patience and basic security knowledge. It highlights rewards available in bug bounty programs like money and gifts. The document recommends initial approaches like understanding the testing scope and performing reconnaissance on domains and subdomains. It also provides tips on tools for testing like web proxies and Firefox addons. Automated testing on a local web server is discussed along with techniques for bug submission and reporting. A demo of a stored XSS bug in Facebook is presented at the end.
RISC-V & SoC Architectural Exploration for AI and ML AcceleratorsRISC-V International
This document discusses architectural exploration for AI and ML accelerators using simulation tools. It notes that current AI/ML applications require custom hardware configurations to achieve performance goals. The Imperas simulation tools allow analyzing performance on different hardware designs by running software on virtual platforms months before RTL implementation. Imperas provides virtual platforms for heterogeneous systems running full operating systems along with detailed analysis, profiling and debugging tools. It also includes a RISC-V reference model that enables developing custom instructions for architectural exploration of AI/ML accelerators.
SIEM KORELASYON MOTORU DEĞERLENDİRME KRİTERLERİErtugrul Akbas
SIEM ürünlerinin korelasyon yeteneğinin detaylı teknik analizi için kullandığımız parametreler. Bu parametreleri kullanarak bilinen SIEM ürünlerine baktığımız bir İngilizce çalışmamız da mevcut. Rekabet şartları gereği isimleri açıklamamakla beraber, açıklanmasında sıkıntı olmayan verileri bize ulaşan konu ile ilgili kişi ve kuruluşlarla da uygun gördüğümüz ortamda paylaşabiliriz.
Automotive vehicles are increasingly automated and connected to wireless networks, leaving them vulnerable to remote hacking attacks. Security researchers have demonstrated how hackers could potentially access a vehicle's internal computer systems to disable brakes or engine controls from a distance. Recent studies show many modern vehicles built after 2005 are at risk if automakers do not address vulnerabilities in wireless infotainment and connectivity systems that could allow unauthorized remote access and control over critical functions.
Some security experts would tell you that security testing is very different from functional or non-functional software testing. They are wrong. Having worked on both sides, Paco gives 3 specific recommendations for how testers can make significant contributions to the security of their software and applications by making small changes to the way they do their software testing. The first technique has to do with selecting points in the user journey that are ripe for security testing. The second is to leverage some common free tools that enable security tests. The final technique is adjusting old school boundary value testing and equivalence class partitioning to incorporate security tests. The result is a lot of security testing done and issues fixed long before any security specialists arrive.
Key Takeaways:
-Great places in the user journey to inject security tests
- Ways to augment existing test approaches to cover security concerns
- Typical security tools that are free, cheap, and easy for software testers
Unboxing the White-Box: Practical Attacks Against Obfuscated CiphersCristofaro Mune
"Unboxing the White-Box: Practical Attacks Against Obfuscated Ciphers", J. DeHaas, C. Mune, E. Sanfelix - BlackHat EU 2015 presentation,
Assessing the security of WBC implementations is a challenge both for evaluators and for WBC designers, as it often requires a powerful mix of reverse engineering and applied cryptanalysis skills.
In this presentation, we show how attacks typically used to attack hardware cryptosystems can be ported to the white-box settings. We introduce generic yet practical attacks, such as DFA and DCA, on WBC implementations of the TDES and AES ciphers.
Additionally, we analyze the requirements for each attack and discuss potential countermeasures.
Paper available here:
https://www.blackhat.com/docs/eu-15/materials/eu-15-Sanfelix-Unboxing-The-White-Box-Practical-Attacks-Against-Obfuscated-Ciphers-wp.pdf
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118Wei Fu
The document discusses Reliability, Availability, and Serviceability (RAS) on ARM64 platforms. It provides an overview of ARM64 RAS architecture including hardware support through the RAS extension and firmware support through the Secure Partition Manager (SPM) and MM Secure Partition. It describes the status of prototypes for firmware first error handling using the APEI protocol and CperLib as well as plans to upstream code to various open source projects.
The document discusses secure boot, trusted boot, and their differences. It provides an overview of standard boot processes, secure boot processes where each step is cryptographically signed, and trusted boot which records measurements to the TPM for later verification. It also proposes a solution for secure boot in 5G plugin units using platform keys, key exchange keys, and allowed/forbidden signature databases.
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...CODE BLUE
ECU software is responsible for various functionality in the vehicle, e.g., engine control and driver assistance systems. Therefore, bugs or vulnerabilities in such systems may have disastrous impacts affecting human life. We consider possible vulnerabilities in ECU software categorized into memory corruption vulnerabilities and non-memory corruption vulnerabilities, and examine attack techniques for such vulnerabilities. Since we did not acquire and reverse-engineer actual ECU software, we first consider in theory how and if attacks are possible under the assumption that there would exist memory corruption vulnerabilities in ECU software. For our investigation, we consider the ECU microcontroller architecture TriCore1797 (TriCore Architecture 1.3.1) from Infineon which exists in a number of ECUs. In contrast to x86 architecture, the return address is not stored on the stack; therefore, we assumed that performing code execution by stack overflow would not be easy. We investigated if it would be possible to perform arbitrary code execution based on approaches from the PC environment and also if other attack approaches could be considered. We considered the following attack approaches:
1) Overwriting a function pointer stored on the stack by performing a buffer overflow to execute code;
2) Overwriting the memory area handling context switching used by TriCore itself to execute code;
3) Overwriting the vector tables used by interrupt and trap functions.
Moreover, using a TriCore evaluation board and software created to perform the experiments, we tested the various attack approaches. We confirmed that several attack approaches are not possible due to security mechanisms provided by the microcontroller or differences in the microcontroller architecture compared to traditional CPUs. However, under certain specific conditions, as a result of performing a buffer overflow attack to overwrite a function pointer, we manage to make the TriCore jump to an address of our choosing and execute the code already stored on that location.
Black Hat USA Arsenal 2023: Abusing Microsoft SQL Server with SQLReconSanjiv Kawa
Video: https://youtu.be/LsYSePobFWA
Conference: Black Hat USA Arsenal 2023
Presentation Title: Abusing Microsoft SQL Server with SQLRecon
Presenter: Sanjiv Kawa
This document summarizes information from a presentation on practical Trusted Platform Module (TPM) programming. It discusses TPM hierarchies, keys, and the problems TPMs help solve such as secure device identification, key generation and storage, device health attestation, and algorithm agility. It provides examples from the resource "A Practical Guide to TPM 2.0" and the TPM simulator tool "tpm2_tools".
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Kuniyasu Suzaki
This document discusses hardware-assisted isolated execution environments (HIEE) and trusted execution environments (TEE) on RISC-V processors. It describes how TEEs are implemented using privileges worlds on ARM TrustZone and Intel SGX. For RISC-V, it summarizes proposals for TEEs including Sanctum, MultiZone, and using seL4 microkernel to implement OP-TEE. It also briefly discusses TEE implementations on FPGAs, GPUs, virtualization, and the IETF's TEE provisioning protocol.
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
In era of cloud computing, security is becoming more and more critical for customers. In existing HW/SW architecture hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel Software Guard Extension (SGX) provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. Intel SGX makes such protection possible through the use of enclave, which is a protected area in userspace application where the code/data cannot be accessed directly by any software from outside. This presentation intends to give you an introduction of Intel SGX technology, including what it is, how it works, and the existing SW stack to enable SGX for customers, followed by introduction of our work to support SGX virtualization in Xen hypervisor, including the high-level design, current status and future plan.
Its is project based on one of the most interesting and wide topic of Computer Science, named Cyber Security
CONTENT :
1. What is Cyber Security
2. Why Cyber Security is Important
3. Brief History
4. Security Timeline
5. Architecture
6. Cyber Attack Methods
7. Technology for Cyber Secuirty
8. Development in Cyber Security
9. Future Trend in Cyber Security
This document discusses bug bounty programs (BBPs), which reward security researchers for responsibly disclosing software vulnerabilities. It introduces BBPs, noting they save companies money while improving security. Major companies like Google and Facebook run BBPs. The document outlines prerequisites for BBPs like learning security testing techniques. It provides tips for finding vulnerabilities like understanding a site's scope, tools, and avoiding duplicate reports. Common vulnerability types in BBPs include injection flaws and insecure data storage.
Malware Detection Using Machine Learning TechniquesArshadRaja786
Malware viruses can be easily detected using machine learning Techniques such as K-Mean Algorithms, KNN algorithm, Boosted J48 Decision Tree and other Data Mining Techniques. Among them J48 proved to be more effective in detecting computer virus and upcoming networks worms...
This document provides an overview of using Verilog and Xilinx Vivado to design and simulate a simple combinational circuit. It describes setting up Vivado, writing Verilog code for a full adder circuit, synthesizing the code, writing a testbench, running a simulation, and verifying the results in the waveform. The goal is to familiarize users with the typical workflow of a computer-aided design tool for digital circuits.
The document provides an introduction to bug bounty programs for beginners. It outlines some prerequisites like patience and basic security knowledge. It highlights rewards available in bug bounty programs like money and gifts. The document recommends initial approaches like understanding the testing scope and performing reconnaissance on domains and subdomains. It also provides tips on tools for testing like web proxies and Firefox addons. Automated testing on a local web server is discussed along with techniques for bug submission and reporting. A demo of a stored XSS bug in Facebook is presented at the end.
RISC-V & SoC Architectural Exploration for AI and ML AcceleratorsRISC-V International
This document discusses architectural exploration for AI and ML accelerators using simulation tools. It notes that current AI/ML applications require custom hardware configurations to achieve performance goals. The Imperas simulation tools allow analyzing performance on different hardware designs by running software on virtual platforms months before RTL implementation. Imperas provides virtual platforms for heterogeneous systems running full operating systems along with detailed analysis, profiling and debugging tools. It also includes a RISC-V reference model that enables developing custom instructions for architectural exploration of AI/ML accelerators.
SIEM KORELASYON MOTORU DEĞERLENDİRME KRİTERLERİErtugrul Akbas
SIEM ürünlerinin korelasyon yeteneğinin detaylı teknik analizi için kullandığımız parametreler. Bu parametreleri kullanarak bilinen SIEM ürünlerine baktığımız bir İngilizce çalışmamız da mevcut. Rekabet şartları gereği isimleri açıklamamakla beraber, açıklanmasında sıkıntı olmayan verileri bize ulaşan konu ile ilgili kişi ve kuruluşlarla da uygun gördüğümüz ortamda paylaşabiliriz.
Automotive vehicles are increasingly automated and connected to wireless networks, leaving them vulnerable to remote hacking attacks. Security researchers have demonstrated how hackers could potentially access a vehicle's internal computer systems to disable brakes or engine controls from a distance. Recent studies show many modern vehicles built after 2005 are at risk if automakers do not address vulnerabilities in wireless infotainment and connectivity systems that could allow unauthorized remote access and control over critical functions.
Some security experts would tell you that security testing is very different from functional or non-functional software testing. They are wrong. Having worked on both sides, Paco gives 3 specific recommendations for how testers can make significant contributions to the security of their software and applications by making small changes to the way they do their software testing. The first technique has to do with selecting points in the user journey that are ripe for security testing. The second is to leverage some common free tools that enable security tests. The final technique is adjusting old school boundary value testing and equivalence class partitioning to incorporate security tests. The result is a lot of security testing done and issues fixed long before any security specialists arrive.
Key Takeaways:
-Great places in the user journey to inject security tests
- Ways to augment existing test approaches to cover security concerns
- Typical security tools that are free, cheap, and easy for software testers
Unboxing the White-Box: Practical Attacks Against Obfuscated CiphersCristofaro Mune
"Unboxing the White-Box: Practical Attacks Against Obfuscated Ciphers", J. DeHaas, C. Mune, E. Sanfelix - BlackHat EU 2015 presentation,
Assessing the security of WBC implementations is a challenge both for evaluators and for WBC designers, as it often requires a powerful mix of reverse engineering and applied cryptanalysis skills.
In this presentation, we show how attacks typically used to attack hardware cryptosystems can be ported to the white-box settings. We introduce generic yet practical attacks, such as DFA and DCA, on WBC implementations of the TDES and AES ciphers.
Additionally, we analyze the requirements for each attack and discuss potential countermeasures.
Paper available here:
https://www.blackhat.com/docs/eu-15/materials/eu-15-Sanfelix-Unboxing-The-White-Box-Practical-Attacks-Against-Obfuscated-Ciphers-wp.pdf
On codes, machines, and environments: reflections and experiencesVincenzo De Florio
Code explicitly refers to a reference machine and, implicitly, to a set of conditions often called the system model and the fault model.
If one wants to guarantee an agreed-upon quality of service, one needs to either make assumptions about those conditions or adapt to them.
In this lecture I present this problem and a number of solutions, both practical and theoretical, that I have devised in the course of my career.
Although the main accent is on programming languages, here I provide links and references to other approaches that operate at algorithmic- and system-level.
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)Steve Poole
Java is everywhere. According to Oracle it’s on 3 billion devices and counting. We also know that Java is one of the most popular vehicles for delivering malware. But that’s just the plugin right? Well maybe not. Java on the server can be just at risk as the client.
In this talk we’ll cover all aspects of Java Vulnerabilities. We’ll explain why Java has this dubious reputation, what’s being done to address the issues and what you have to do to reduce your exposure. You’ll learn about Java vulnerabilities in general: how they are reported, managed and fixed as well as learning about the specifics of attack vectors and just what a ‘vulnerability’ actually is. With the continuing increase in cybercrime it’s time you knew how to defend your code. With examples and code this talk will help you become more effective in tacking security issues in Java.
[PH-Neutral 0x7db] Exploit Next Generation®Nelson Brito
PH-Neutral lecture about Permutation Oriented Programming (formerly known as Exploit Next Generation® Methodology).
Permutation Oriented Programming is the simplest way to avoid security solution detection and shows the Pattern Matching technology weakness.
This document discusses security testing approaches for the OWASP Top 10 vulnerabilities. It argues that superficial security tests that only examine the user interface provide an illusion of knowledge and security. To fully understand risks, tests need to examine the entire application stack, including the backend, and consider vulnerabilities like security misconfiguration, missing access controls, and use of vulnerable components. Examples are given showing how vulnerabilities can remain undetected if the full scope of the application is not tested, including the code, configurations, dependencies and infrastructure. A holistic approach to security testing that incorporates reverse engineering is advocated to have a realistic understanding of risks.
Java application security the hard way - a workshop for the serious developerSteve Poole
Cybercrime is rising at an alarming rate. As a Java developer you know you need to be better informed about security matters but it’s hard to know where to start. This workshop will help you understand how to improve the security of your application through a series of demonstration hacks and related hands on exercises. Serious though the topic is, this practical session will be fun and will leaving you more informed and better prepared. Start building your security memory muscle here
The Hardcore Stuff I Hack:
This talk is going to give a run through of some of the technical challenges paul and his team have overcome over the years - in as much hardcore detail as possible
Niek Timmers, Riscure B.V.
Cristofaro Mune, Independent Embedded Security Consultant
Fault injection attacks have been historically perceived as high-end attacks not available to most hackers. They used to require expensive tooling and a mysterious mix of skills which resulted them being out of reach for even the most skilled attackers. These days are over as low-cost fault injection tooling is changing the capabilities of the hacking masses at a rapid pace.
Historically, fault injection attacks are used to break cryptographic implementation (e.g. Differential Fault Analysis) or bypassing security checks like performed by a pin verification function. However, nothing prevents them to be used on richer systems like embedded devices or IoT devices. Fault injection attacks can be used to change the intended behavior of hardware and software, due, among the others, to corrupted memory reads and instructions execution.
In this talk we show that fault injection attacks and, more specifically, voltage fault injection, allow escalating privileges from an unprivileged context, in absence of logically exploitable software vulnerabilities. This is demonstrated using practical examples where the control flow of the Linux kernel is influenced in order to gain root privileges. All practical examples are performed on a fully patched Linux operating system, executed by a fast and feature rich System-on-Chip. A live demonstration of Fault Injection is part of the talk.
Threat Modeling is critical for Product Engineering Team. Yet, even in the rare event that it’s performed, its performed without actionable outputs emerging from the exercise. It is relegated to the status of what a “Policy/Best Practice Document”, which it shouldn’t be. I believe that Threat Models are playbooks of Product Security Engineering. I feel that the best way to do threat modeling is to integrate it into the Software Development Lifecycle (SDL). In addition, I believe that Threat Models should produce actionable outputs that can be acted up on by various teams within the organization. To address this lacuna, I have developed “Automaton” - An Open Source “Threat Modeling as Code” framework, that allows product teams to capture User Stories, Abuser Stories, Threat Models and Security Test Cases in YAML Files (like Ansible). With the help of Test Automation Frameworks (in this case, Robot Framework) Automaton allows the product engineering team to not only capture Threat Models as code, but also trigger specific security test cases with tools like OWASP ZAP, BurpSuite, WFuzz, Sublist3r, Nmap and so on. The benefits are three-fold. One - For teams to use Threat Modeling as a first-class citizen(with code). Facilitating Iterative and Updated Threat Models and Security Test Cases, as the product evolves (not a stationary document). Two - For Threat Modeling to become actionable. Product Teams can use this Framework to compose “Recipes” where User Stories (Functionality) leads to Abuser Stories (Threat Profiles) which lead to Threat Models (scenarios), that are used to create Security Test Cases (which kick off certain tools) based on the Recipes written for the Test Cases. Three - This approach leads to a convergence of Threat Modeling and Security Testing, allowing teams to improve both security testing and threat modeling based on results produced through this framework.
This document discusses an approach for automatically searching for software vulnerabilities between different versions of Windows. It describes parsing Windows libraries into a database, checking for signatures of "safe functions", and diffing libraries between versions to find changes that could indicate patched vulnerabilities. A proof of concept tool called DiffRay is demonstrated that implements this approach. The demo finds several potential vulnerability fixes between Windows 7 and 8 libraries.
Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test.
Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation.
Why is Software Testing Important to a business?
Software testing is a process to determine the quality of the software developed by a developer or programmer. It is a methodological study intended to evaluate the quality-related information of the product. Understanding of the important features and advantages of software testing helps businesses in their day-to-day activities.
Testing can be done in two ways, manual testing and automated testing. Manual software testing is done by human testers, who manually check the code and report bugs in it. In case of automated testing, testing is performed by a computer using software such as WinRunner, LoadRunner, etc.
Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test.
Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation.
Why is Software Testing Important to a business?
Software testing is a process to determine the quality of the software developed by a developer or programmer. It is a methodological study intended to evaluate the quality-related information of the product. Understanding of the important features and advantages of software testing helps businesses in their day-to-day activities.
Testing can be done in two ways, manual testing and automated testing. Manual software testing is done by human testers, who manually check the code and report bugs in it. In case of automated testing, testing is performed by a computer using software such as WinRunner, LoadRunner, etc.
Sean McBride of Critical Intelligence goes into some real world examples of success and failure in ICS Vulnerability Analysis. Viewers should be aware there may be a bit of bias to point out shortcomings since this is what Critical Intelligence does for a living, but loyal blog readers and anyone with insight knows the ICS-CERT Alerts and Advisories rarely provide worthwhile analysis.
If you are looking for ICS vulnerability statistical data the first nine slides have very useful charts. The remainder of the presentation goes through some typical and important failures by ICS-CERT and vendor CERTs.
Quality of software code for a given product shipped effectively translates not only to its functional quality but as well to its non functional aspects say security. Many of the issues in code can be addressed much before they reach SCM.
The Ember.js Framework - Everything You Need To KnowAll Things Open
All Things Open 2014 - Day 2
Thursday, October 23rd, 2014
Yehuda Katz
Founder of Tilde
Front Dev 1
The Ember.js Framework - Everything You Need To Know
Using Analyzers to Resolve Security Problemskiansahafi
in this presentation i took a project and used an analyzer(e.g. SonarQube) to detect the security issues with it and reported a the result and after resolving most of those problems i used the same analyzer to get another report and in the process showed how to use such analyzers to detect security issues in the web applications
Thursday night is fine with us know what time we should go and if you are approached to make sure you get the best for the wonderful and soon they were going on the top management across
Similar to Bypassing Secure Boot using Fault Injection (20)
Secure boot is under constant attack and therefore bypassed on embedded devices used across industries. Whether bypassed using software vulnerabilities or using hardware attacks like fault injection as we and others have previously shown. Secure boot is paramount for secure embedded devices as it prevents malicious actors from obtaining persistent runtime control. In this talk, we present our vision on secure boot design for embedded devices by means of clear, concrete, practical and easy-to-follow recommendations. We leverage our decade-long experience analyzing and bypassing secure boot implementations of embedded devices used by different industries. We understand, in order to be realistic, we need to consider secure boot's functional requirements, engineering costs, and other non-security related requirements. Where possible, we use practical examples that are easy to follow and implement. To keep it fun, we will have a fault injection demonstration live on stage where we bypass secure boot on a fast and feature-rich chip. The audience will be able to follow up on the discussed topics with two white papers which will be released after our talk.
Riscure Assurance for Premium Content at a glanceRiscure
An overview of Riscure Assurance for Premium Content: a specialized security evaluation program by Riscure, tailored to the needs of the content protection industry.
Lowering the bar: deep learning for side-channel analysisRiscure
Deep learning can help automate the signal analysis process in power side channel analysis. We show how typical signal processing problems such as noise reduction and re-alignment are automatically solved by the deep learning network. We show we can break a lightly protected AES, an AES implementation with masking countermeasures and a protected ECC implementation. These experiments indicate that where previously side channel analysis had a large dependency on the skills of the human, first steps are being developed that bring down the attacker skill required for such attacks using Deep Learning automation.
Efficient Reverse Engineering of Automotive FirmwareRiscure
The firmware executed by components found in a car provide a starting point for adversaries to obtain confidential information and discover potential vulnerabilities. However, the process of reverse engineering a specific component is typically considered a complex and time-consuming task. In this paper we discuss several techniques which we used to significantly increase the efficiency of reverse engineering the firmware of an instrument cluster.
Riscure is a global company specializing in hardware security evaluations through side channel analysis, fault injection, and other testing methods. They have over 90 experts across offices in the Netherlands, United States, and China. Riscure helps clients in various industries like payments, IoT, and smart cards improve the security of their products and obtain necessary certifications.
Marc Witteman discusses practical differential fault analysis (DFA) on the AES encryption algorithm. He summarizes that prior DFA work using single faults is impractical due to unknown fault parameters. Witteman's approach uses multiple faults injected over a short period, selecting those matching a fault model. Key space is reduced through voting and exclusion of candidates using 24-50 faults. The remaining key bits can then be brute forced rapidly. This "single-minute DFA" replaces less practical "single-fault DFA" methods and enables fast extraction of AES keys.
This document discusses Java Card security. It begins with an overview of Java Card and its benefits, including being interoperable, secure, supporting multiple applications, and being dynamically updatable. It then covers Java Card applet lifecycles, concepts like verification, loading, firewalls and atomicity, compares Java Card to Java, analyzes risks like denial of service and privacy invasion, demonstrates attacks like using Trojan code and firewall type confusion, and concludes that while threats exist, security measures can counteract them and Java Card security is attainable.
The document discusses how to secure electronic passports. It outlines passport threats like forgery and look-alike fraud. It then summarizes available protection mechanisms under ICAO standards, including storing certificates and biometrics on chips. It analyzes security challenges for inspection terminals and accessing personal data. It concludes that while electronic passports improve forgery protection, look-alike fraud remains an issue without reliable biometrics, and contactless chips introduce privacy concerns.
How multi-fault injection breaks the security of smart cardsRiscure
At RSA Conference 2010 Riscure's Marc Witteman presented an essential overview of fault injection attacks theory and showed a number of practical attacks at hardware using FI.
This presentation provides an overview of attack methods used against chips and highlights the importance of better security in a modern IoT infrastructure. Originally presented by Riscure's Marc Witteman at GLSVLSI symposium in May 2016.
An overview of threats and mitigations for mobile payment industry by Riscure's Marc Witteman. This presentation highlights the benefits of security evaluations for mobile payment applications.
Controlling PC on ARM using Fault InjectionRiscure
The slides from the presentation by Riscure's Niek Timmers, Albert Spruyt and Marc Whitteman. The paper describes an ARM specific fault injection attack strategy for exploiting embedded systems where externally controlled data is loaded in the program counter (PC) register of the processor.
Defeating RSA Multiply-Always and Message Blinding CountermeasuresRiscure
This document discusses a new side channel attack called cross correlation that can defeat RSA implementations. It works by analyzing power traces from an RSA device executing signatures to reveal the private exponent. The attack preprocessing compresses and reveals modular operations in traces. It then uses cross correlation analysis to observe operand sharing between operations, allowing retrieval of the full private key. Countermeasures like exponent blinding and randomizing the operation order can prevent this attack.
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3Data Hops
Free A4 downloadable and printable Cyber Security, Social Engineering Safety and security Training Posters . Promote security awareness in the home or workplace. Lock them Out From training providers datahops.com
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Building Production Ready Search Pipelines with Spark and Milvus
Bypassing Secure Boot using Fault Injection
1. Bypassing Secure Boot using Fault Injection
Niek Timmers
timmers@riscure.com
(@tieknimmers)
Albert Spruyt
spruyt@riscure.com
November 4, 2016
2. What are the contents of this talk?
Keywords – fault injection, secure boot, bypasses, mitigations,
practicalities, best practices, demo(s) ...
3. Who are we?
Albert & Niek
• (Senior) Security Analysts at Riscure
• Security testing of different products and technologies
Riscure
• Services (Security Test Lab)
• Hardware / Software / Crypto
• Embedded systems / Smart cards
• Tools
• Side channel analysis (passive)
• Fault injection (active)
• Offices
• Delft, The Netherlands / San Francisco, USA
Combining services and tools for fun and profit!
4. Who are we?
Albert & Niek
• (Senior) Security Analysts at Riscure
• Security testing of different products and technologies
Riscure
• Services (Security Test Lab)
• Hardware / Software / Crypto
• Embedded systems / Smart cards
• Tools
• Side channel analysis (passive)
• Fault injection (active)
• Offices
• Delft, The Netherlands / San Francisco, USA
Combining services and tools for fun and profit!
5. Who are we?
Albert & Niek
• (Senior) Security Analysts at Riscure
• Security testing of different products and technologies
Riscure
• Services (Security Test Lab)
• Hardware / Software / Crypto
• Embedded systems / Smart cards
• Tools
• Side channel analysis (passive)
• Fault injection (active)
• Offices
• Delft, The Netherlands / San Francisco, USA
Combining services and tools for fun and profit!
6. Fault Injection – A definition...
”Introducing faults in a target to alter its intended behavior.”
...
if( key_is_correct ) <-- Glitch here!
{
open_door();
}
else
{
keep_door_closed();
}
...
How can we introduce these faults?
7. Fault Injection – A definition...
”Introducing faults in a target to alter its intended behavior.”
...
if( key_is_correct ) <-- Glitch here!
{
open_door();
}
else
{
keep_door_closed();
}
...
How can we introduce these faults?
8. Fault Injection – A definition...
”Introducing faults in a target to alter its intended behavior.”
...
if( key_is_correct ) <-- Glitch here!
{
open_door();
}
else
{
keep_door_closed();
}
...
How can we introduce these faults?
9. Fault Injection – A definition...
”Introducing faults in a target to alter its intended behavior.”
...
if( key_is_correct ) <-- Glitch here!
{
open_door();
}
else
{
keep_door_closed();
}
...
How can we introduce these faults?
10. Fault injection techniques1
clock voltage e-magnetic laser
Remark
• All techniques introduce faults externally
1
The Sorcerers Apprentice Guide to Fault Attacks. – Bar-El et al., 2004
11. Fault injection techniques1
clock voltage e-magnetic laser
Remark
• All techniques introduce faults externally
1
The Sorcerers Apprentice Guide to Fault Attacks. – Bar-El et al., 2004
12. Voltage fault injection
• Pull the voltage down at the right moment
• Not ’too soft’ ; Not ’too hard’
Source: http://www.limited-entropy.com/fault-injection-techniques/
13. Fault models
Faults that affect hardware
• Registers
• Buses
Faults that affect hardware that does software2 3 4
• Instruction corruption
• Data corruption
The true fault model is hard to predict or prove!
2
Fault Model Analysis of Laser-Induced Faults in SRAM Memory Cells – Roscian et. al., 2015
3
High Precision Fault Injections on the Instruction Cache of ARMv7-M Architectures – Riviere et al., 2015
4
Formal verification of a software countermeasure against instruction skip attacks – Moro et. al., 2014
14. Fault models
Faults that affect hardware
• Registers
• Buses
Faults that affect hardware that does software2 3 4
• Instruction corruption
• Data corruption
The true fault model is hard to predict or prove!
2
Fault Model Analysis of Laser-Induced Faults in SRAM Memory Cells – Roscian et. al., 2015
3
High Precision Fault Injections on the Instruction Cache of ARMv7-M Architectures – Riviere et al., 2015
4
Formal verification of a software countermeasure against instruction skip attacks – Moro et. al., 2014
15. Fault models
Faults that affect hardware
• Registers
• Buses
Faults that affect hardware that does software2 3 4
• Instruction corruption
• Data corruption
The true fault model is hard to predict or prove!
2
Fault Model Analysis of Laser-Induced Faults in SRAM Memory Cells – Roscian et. al., 2015
3
High Precision Fault Injections on the Instruction Cache of ARMv7-M Architectures – Riviere et al., 2015
4
Formal verification of a software countermeasure against instruction skip attacks – Moro et. al., 2014
16. Fault models
Faults that affect hardware
• Registers
• Buses
Faults that affect hardware that does software2 3 4
• Instruction corruption
• Data corruption
The true fault model is hard to predict or prove!
2
Fault Model Analysis of Laser-Induced Faults in SRAM Memory Cells – Roscian et. al., 2015
3
High Precision Fault Injections on the Instruction Cache of ARMv7-M Architectures – Riviere et al., 2015
4
Formal verification of a software countermeasure against instruction skip attacks – Moro et. al., 2014
17. Fault Models – ”Our” choice ...
When presented with code: instruction corruption.
Simple (MIPS)
addi $t1, $t1, 8 00100001001010010000000000001000
addi $t1, $t1, 0 00100001001010010000000000000000
Complex (ARM)
ldr w1, [sp, #0x8] 10111001010000000000101111100001
str w7, [sp, #0x20] 10111001000000000010001111100111
Remarks
• Limited control over which bit(s) will be corrupted
• May or may not be the true fault model
• Other fault model behavior covered
18. Fault Models – ”Our” choice ...
When presented with code: instruction corruption.
Simple (MIPS)
addi $t1, $t1, 8 00100001001010010000000000001000
addi $t1, $t1, 0 00100001001010010000000000000000
Complex (ARM)
ldr w1, [sp, #0x8] 10111001010000000000101111100001
str w7, [sp, #0x20] 10111001000000000010001111100111
Remarks
• Limited control over which bit(s) will be corrupted
• May or may not be the true fault model
• Other fault model behavior covered
19. Fault Models – ”Our” choice ...
When presented with code: instruction corruption.
Simple (MIPS)
addi $t1, $t1, 8 00100001001010010000000000001000
addi $t1, $t1, 0 00100001001010010000000000000000
Complex (ARM)
ldr w1, [sp, #0x8] 10111001010000000000101111100001
str w7, [sp, #0x20] 10111001000000000010001111100111
Remarks
• Limited control over which bit(s) will be corrupted
• May or may not be the true fault model
• Other fault model behavior covered
20. Fault Models – ”Our” choice ...
When presented with code: instruction corruption.
Simple (MIPS)
addi $t1, $t1, 8 00100001001010010000000000001000
addi $t1, $t1, 0 00100001001010010000000000000000
Complex (ARM)
ldr w1, [sp, #0x8] 10111001010000000000101111100001
str w7, [sp, #0x20] 10111001000000000010001111100111
Remarks
• Limited control over which bit(s) will be corrupted
• May or may not be the true fault model
• Other fault model behavior covered
21. Fault Models – ”Our” choice ...
When presented with code: instruction corruption.
Simple (MIPS)
addi $t1, $t1, 8 00100001001010010000000000001000
addi $t1, $t1, 0 00100001001010010000000000000000
Complex (ARM)
ldr w1, [sp, #0x8] 10111001010000000000101111100001
str w7, [sp, #0x20] 10111001000000000010001111100111
Remarks
• Limited control over which bit(s) will be corrupted
• May or may not be the true fault model
• Other fault model behavior covered
22. Fault Models – ”Our” choice ...
When presented with code: instruction corruption.
Simple (MIPS)
addi $t1, $t1, 8 00100001001010010000000000001000
addi $t1, $t1, 0 00100001001010010000000000000000
Complex (ARM)
ldr w1, [sp, #0x8] 10111001010000000000101111100001
str w7, [sp, #0x20] 10111001000000000010001111100111
Remarks
• Limited control over which bit(s) will be corrupted
• May or may not be the true fault model
• Other fault model behavior covered
23. Fault Models – ”Our” choice ...
When presented with code: instruction corruption.
Simple (MIPS)
addi $t1, $t1, 8 00100001001010010000000000001000
addi $t1, $t1, 0 00100001001010010000000000000000
Complex (ARM)
ldr w1, [sp, #0x8] 10111001010000000000101111100001
str w7, [sp, #0x20] 10111001000000000010001111100111
Remarks
• Limited control over which bit(s) will be corrupted
• May or may not be the true fault model
• Other fault model behavior covered
24. Why is there Secure Boot?
Remarks
• Integrity and confidentiality of flash contents are not assured!
• A mechanism is required for this assurance: secure boot
25. Why is there Secure Boot?
Remarks
• Integrity and confidentiality of flash contents are not assured!
• A mechanism is required for this assurance: secure boot
26. Why is there Secure Boot?
Remarks
• Integrity and confidentiality of flash contents are not assured!
• A mechanism is required for this assurance: secure boot
27. Why is there Secure Boot?
Remarks
• Integrity and confidentiality of flash contents are not assured!
• A mechanism is required for this assurance: secure boot
28. Why is there Secure Boot?
Remarks
• Integrity and confidentiality of flash contents are not assured!
• A mechanism is required for this assurance: secure boot
29. Secure Boot – Generic Design
• Assures integrity (and confidentiality) of flash contents
• The chain of trust is similar to PKI5 found in browsers
• One root of trust composed of immutable code and key
5
Public Key Infrastructure
30. Secure Boot – Generic Design
• Assures integrity (and confidentiality) of flash contents
• The chain of trust is similar to PKI5 found in browsers
• One root of trust composed of immutable code and key
5
Public Key Infrastructure
31. Secure Boot – Generic Design
• Assures integrity (and confidentiality) of flash contents
• The chain of trust is similar to PKI5 found in browsers
• One root of trust composed of immutable code and key
5
Public Key Infrastructure
32. Secure Boot – Generic Design
• Assures integrity (and confidentiality) of flash contents
• The chain of trust is similar to PKI5 found in browsers
• One root of trust composed of immutable code and key
5
Public Key Infrastructure
33. Secure Boot – In reality ...
Source: http://community.arm.com/docs/DOC-9306
34. Secure Boot – In reality ...
Source: http://community.arm.com/docs/DOC-9306
35. Why use a hardware attack?
”Logical issues exist in secure boot implementations!!?”
Bootloader vulnerabilities
• S5L8920 (iPhone)6
• Amlogic S9057
However
• Small code base results in a small logical attack surface
• Implementations without vulnerabililties likely exist
Other attack(s) must be used when not logically flawed!
6
https://www.theiphonewiki.com/wiki/0x24000_Segment_Overflow
7
http://www.fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
36. Why use a hardware attack?
”Logical issues exist in secure boot implementations!!?”
Bootloader vulnerabilities
• S5L8920 (iPhone)6
• Amlogic S9057
However
• Small code base results in a small logical attack surface
• Implementations without vulnerabililties likely exist
Other attack(s) must be used when not logically flawed!
6
https://www.theiphonewiki.com/wiki/0x24000_Segment_Overflow
7
http://www.fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
37. Why use a hardware attack?
”Logical issues exist in secure boot implementations!!?”
Bootloader vulnerabilities
• S5L8920 (iPhone)6
• Amlogic S9057
However
• Small code base results in a small logical attack surface
• Implementations without vulnerabililties likely exist
Other attack(s) must be used when not logically flawed!
6
https://www.theiphonewiki.com/wiki/0x24000_Segment_Overflow
7
http://www.fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
38. Why use a hardware attack?
”Logical issues exist in secure boot implementations!!?”
Bootloader vulnerabilities
• S5L8920 (iPhone)6
• Amlogic S9057
However
• Small code base results in a small logical attack surface
• Implementations without vulnerabililties likely exist
Other attack(s) must be used when not logically flawed!
6
https://www.theiphonewiki.com/wiki/0x24000_Segment_Overflow
7
http://www.fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
39. Why use a hardware attack?
”Logical issues exist in secure boot implementations!!?”
Bootloader vulnerabilities
• S5L8920 (iPhone)6
• Amlogic S9057
However
• Small code base results in a small logical attack surface
• Implementations without vulnerabililties likely exist
Other attack(s) must be used when not logically flawed!
6
https://www.theiphonewiki.com/wiki/0x24000_Segment_Overflow
7
http://www.fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
40. Why use a hardware attack?
”Logical issues exist in secure boot implementations!!?”
Bootloader vulnerabilities
• S5L8920 (iPhone)6
• Amlogic S9057
However
• Small code base results in a small logical attack surface
• Implementations without vulnerabililties likely exist
Other attack(s) must be used when not logically flawed!
6
https://www.theiphonewiki.com/wiki/0x24000_Segment_Overflow
7
http://www.fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
41. Why use a hardware attack?
”Logical issues exist in secure boot implementations!!?”
Bootloader vulnerabilities
• S5L8920 (iPhone)6
• Amlogic S9057
However
• Small code base results in a small logical attack surface
• Implementations without vulnerabililties likely exist
Other attack(s) must be used when not logically flawed!
6
https://www.theiphonewiki.com/wiki/0x24000_Segment_Overflow
7
http://www.fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
42. Why (not) fault injection on secure boot?
Cons
• Invasive
• Physical access
• Expensive
Pros
• No logical vulnerability required
• Typical targets not properly protected
Especially relevant when assets are not available after boot!
43. Why (not) fault injection on secure boot?
Cons
• Invasive
• Physical access
• Expensive
Pros
• No logical vulnerability required
• Typical targets not properly protected
Especially relevant when assets are not available after boot!
44. Why (not) fault injection on secure boot?
Cons
• Invasive
• Physical access
• Expensive
Pros
• No logical vulnerability required
• Typical targets not properly protected
Especially relevant when assets are not available after boot!
45. Why (not) fault injection on secure boot?
Cons
• Invasive
• Physical access
• Expensive
Pros
• No logical vulnerability required
• Typical targets not properly protected
Especially relevant when assets are not available after boot!
51. Fault Injection – Tooling
Micah posted a very nice video using the ChipWhisperer-Lite9
By NewAE Technology Inc.10
9
https://www.youtube.com/watch?v=TeCQatNcF20
10
https://wiki.newae.com/CW1173_ChipWhisperer-Lite
52. Fault Injection – Tooling
Micah posted a very nice video using the ChipWhisperer-Lite9
By NewAE Technology Inc.10
9
https://www.youtube.com/watch?v=TeCQatNcF20
10
https://wiki.newae.com/CW1173_ChipWhisperer-Lite
56. Characterization – Test application11
asm volatile
(
...
"add r1, r1, #1;"
"add r1, r1, #1;"
< repeat > <-- glitch here
"add r1, r1, #1;"
"add r1, r1, #1;"
...
);
Remarks
• Full control over the target
• Increasing a counter using ADD instructions
• Send counter back using the serial interface
11
Implemented as an U-Boot command
62. DEMO 1
PARAMETER SEARCH
Glitch parameters
• Randomize glitch delay within the attack window
• Randomize the glitch voltage
• Randomize the glitch length
63. DEMO 1
PARAMETER SEARCH
Glitch parameters
• Randomize glitch delay within the attack window
• Randomize the glitch voltage
• Randomize the glitch length
64. DEMO 1
PARAMETER SEARCH
Glitch parameters
• Randomize glitch delay within the attack window
• Randomize the glitch voltage
• Randomize the glitch length
65. DEMO 1
PARAMETER SEARCH
Glitch parameters
• Randomize glitch delay within the attack window
• Randomize the glitch voltage
• Randomize the glitch length
66. That was the introduction ...
... let’s bypass secure boot: The Classics!
67. That was the introduction ...
... let’s bypass secure boot: The Classics!
68. Classic Bypass 00: Hash comparison
• Applicable to all secure boot implementations
• Bypass of authentication
if( memcmp( p, hash, hashlen ) != 0 )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
p += hashlen;
if( p != end )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
return( 0 );
Source: https://tls.mbed.org/
69. Classic Bypass 00: Hash comparison
• Applicable to all secure boot implementations
• Bypass of authentication
if( memcmp( p, hash, hashlen ) != 0 )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
p += hashlen;
if( p != end )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
return( 0 );
Source: https://tls.mbed.org/
70. Classic Bypass 00: Hash comparison
• Applicable to all secure boot implementations
• Bypass of authentication
if( memcmp( p, hash, hashlen ) != 0 )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
p += hashlen;
if( p != end )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
return( 0 );
Source: https://tls.mbed.org/
71. Classic Bypass 00: Hash comparison
Multiple locations bypass the check with a single fault!
72. Classic Bypass 00: Hash comparison
Multiple locations bypass the check with a single fault!
73. Classic Bypass 00: Hash comparison
Multiple locations bypass the check with a single fault!
74. Classic Bypass 00: Hash comparison
Multiple locations bypass the check with a single fault!
75. Classic Bypass 00: Hash comparison
Multiple locations bypass the check with a single fault!
76. Classic Bypass 01: Signature check call
/* glitch here */
if(mbedtls_pk_verify(&k, SHA256, h, hs, s, ss)) {
/* do not boot up the image */
no_boot();
} else {
/* boot up the image */
boot();
}
Remarks
• Bypasses can happen on all levels
• Inside functions, inside the calling functions, etc.
77. Classic Bypass 01: Signature check call
/* glitch here */
if(mbedtls_pk_verify(&k, SHA256, h, hs, s, ss)) {
/* do not boot up the image */
no_boot();
} else {
/* boot up the image */
boot();
}
Remarks
• Bypasses can happen on all levels
• Inside functions, inside the calling functions, etc.
78. Classic Bypass 01: Signature check call
/* glitch here */
if(mbedtls_pk_verify(&k, SHA256, h, hs, s, ss)) {
/* do not boot up the image */
no_boot();
} else {
/* boot up the image */
boot();
}
Remarks
• Bypasses can happen on all levels
• Inside functions, inside the calling functions, etc.
79. Classic Bypass 02: Infinite loop
• What to do when the signature verification fails?
• Enter an infinite loop!
/* glitch here */
if(mbedtls_pk_verify(&k, SHA256, h, hs, s, ss)) {
/* do not boot up the image */
while(1);
} else {
/* boot up the image */
boot();
}
80. Classic Bypass 02: Infinite loop
• What to do when the signature verification fails?
• Enter an infinite loop!
/* glitch here */
if(mbedtls_pk_verify(&k, SHA256, h, hs, s, ss)) {
/* do not boot up the image */
while(1);
} else {
/* boot up the image */
boot();
}
81. Classic Bypass 02: Infinite loop
• What to do when the signature verification fails?
• Enter an infinite loop!
/* glitch here */
if(mbedtls_pk_verify(&k, SHA256, h, hs, s, ss)) {
/* do not boot up the image */
while(1);
} else {
/* boot up the image */
boot();
}
82. Classic Bypass 02: Infinite loop
• What to do when the signature verification fails?
• Enter an infinite loop!
/* glitch here */
if(mbedtls_pk_verify(&k, SHA256, h, hs, s, ss)) {
/* do not boot up the image */
while(1);
} else {
/* boot up the image */
boot();
}
83. Classic Bypass 02: Infinite loop
Remarks
• Timing is not an issue!
• Classic smart card attack 12
• Better to reset or wipe keys
12
https://en.wikipedia.org/wiki/Unlooper
84. Classic Bypass 02: Infinite loop
Remarks
• Timing is not an issue!
• Classic smart card attack 12
• Better to reset or wipe keys
12
https://en.wikipedia.org/wiki/Unlooper
85. Classic Bypass 02: Infinite loop
Remarks
• Timing is not an issue!
• Classic smart card attack 12
• Better to reset or wipe keys
12
https://en.wikipedia.org/wiki/Unlooper
86. Classic Bypass 02: Infinite loop
Remarks
• Timing is not an issue!
• Classic smart card attack 12
• Better to reset or wipe keys
12
https://en.wikipedia.org/wiki/Unlooper
87. Classic Bypass 02: Infinite loop
Remarks
• Timing is not an issue!
• Classic smart card attack 12
• Better to reset or wipe keys
12
https://en.wikipedia.org/wiki/Unlooper
88. Classic Bypass 03: Secure boot enable
• Secure boot often enabled/disabled based on OTP13 bit
• No secure boot during development; secure boot in the field
• Typically just after the CPU comes out of reset
13
One-Time-Programmable memory
89. Fault Injection – Mitigations
Hardware countermeasures 14 15
• Detect the glitch or fault
Software countermeasures 16
• Lower the probability of a successful fault
• Do not address the root cause
You can lower the probability but not rule it out!
14
The Sorcerers Apprentice Guide to Fault Attacks – Bar-El et al., 2004
15
The Fault Attack Jungle - A Classification Model to Guide You – Verbauwhede et al., 2011
16
Secure Application Programming in the Presence of Side Channel Attacks – Witteman
90. Fault Injection – Mitigations
Hardware countermeasures 14 15
• Detect the glitch or fault
Software countermeasures 16
• Lower the probability of a successful fault
• Do not address the root cause
You can lower the probability but not rule it out!
14
The Sorcerers Apprentice Guide to Fault Attacks – Bar-El et al., 2004
15
The Fault Attack Jungle - A Classification Model to Guide You – Verbauwhede et al., 2011
16
Secure Application Programming in the Presence of Side Channel Attacks – Witteman
91. Fault Injection – Mitigations
Hardware countermeasures 14 15
• Detect the glitch or fault
Software countermeasures 16
• Lower the probability of a successful fault
• Do not address the root cause
You can lower the probability but not rule it out!
14
The Sorcerers Apprentice Guide to Fault Attacks – Bar-El et al., 2004
15
The Fault Attack Jungle - A Classification Model to Guide You – Verbauwhede et al., 2011
16
Secure Application Programming in the Presence of Side Channel Attacks – Witteman
92. Fault Injection – Mitigations
Hardware countermeasures 14 15
• Detect the glitch or fault
Software countermeasures 16
• Lower the probability of a successful fault
• Do not address the root cause
You can lower the probability but not rule it out!
14
The Sorcerers Apprentice Guide to Fault Attacks – Bar-El et al., 2004
15
The Fault Attack Jungle - A Classification Model to Guide You – Verbauwhede et al., 2011
16
Secure Application Programming in the Presence of Side Channel Attacks – Witteman
93. Fault Injection – Mitigations
Hardware countermeasures 14 15
• Detect the glitch or fault
Software countermeasures 16
• Lower the probability of a successful fault
• Do not address the root cause
You can lower the probability but not rule it out!
14
The Sorcerers Apprentice Guide to Fault Attacks – Bar-El et al., 2004
15
The Fault Attack Jungle - A Classification Model to Guide You – Verbauwhede et al., 2011
16
Secure Application Programming in the Presence of Side Channel Attacks – Witteman
94. Fault Injection – Mitigations
Hardware countermeasures 14 15
• Detect the glitch or fault
Software countermeasures 16
• Lower the probability of a successful fault
• Do not address the root cause
You can lower the probability but not rule it out!
14
The Sorcerers Apprentice Guide to Fault Attacks – Bar-El et al., 2004
15
The Fault Attack Jungle - A Classification Model to Guide You – Verbauwhede et al., 2011
16
Secure Application Programming in the Presence of Side Channel Attacks – Witteman
95. Compiler optimizations
Why?
• ROM memory size is limited
• Compiler optimizations decrease code size
Compiler optimizes out intended code!
96. Compiler optimizations
Why?
• ROM memory size is limited
• Compiler optimizations decrease code size
Compiler optimizes out intended code!
97. Compiler optimizations
Why?
• ROM memory size is limited
• Compiler optimizations decrease code size
Compiler optimizes out intended code!
98. Compiler ’optimization’ – Double check
Example of a double check
unsigned int compare(char * input, int len)
{
if(memcmp(password, input, len) == 0) <-- 1st
{
if(memcmp(password, input, len) == 0) <-- 2nd
{
return TRUE;
}
}
return FALSE;
}
101. Compiler ’optimizations’ – Best practices
• Your compiler is smarter than you
• Use ’volatile’ to prevent compiler problems
• Read the output of the compiler!
102. Compiler ’optimizations’ – Best practices
• Your compiler is smarter than you
• Use ’volatile’ to prevent compiler problems
• Read the output of the compiler!
103. Compiler ’optimizations’ – Best practices
• Your compiler is smarter than you
• Use ’volatile’ to prevent compiler problems
• Read the output of the compiler!
104. Compiler ’optimizations’ – Best practices
• Your compiler is smarter than you
• Use ’volatile’ to prevent compiler problems
• Read the output of the compiler!
105. Compiler ’optimization’ – Pointer setup
Example of a double check using ’volatile’
int checkSecureBoot( ){
volatile int * otp_secure_boot = OTP_SECURE_BOOT;
if( (*otp_secure_boot >> 7) & 0x1 ){ <-- 1st
return 0;
}else{
if( (*otp_secure_boot >> 7) & 0x1 ){ <-- 2nd
return 0;
}else{
return 1;
}
}
}
108. Combined Attacks
Those were the classics and their mitigations ..
... the attack surface is larger!17
17
All attacks have been performed successfully on multiple targets!
109. Combined Attacks
Those were the classics and their mitigations ..
... the attack surface is larger!17
17
All attacks have been performed successfully on multiple targets!
110. Combined attack – Copy
• Introducing logical vulnerabilities using fault injection
• Build your own buffer overflow!
• Easy approach: change memcpy the size argument
Before corruption
memcpy(dst, src, 0x1000);
After corruption
memcpy(dst, src, 0xCEE5);
Remark
• Works when dedicated hardware is used
(e.g. DMA18 engines)
18
Direct Memory Access
111. Combined attack – Copy
• Introducing logical vulnerabilities using fault injection
• Build your own buffer overflow!
• Easy approach: change memcpy the size argument
Before corruption
memcpy(dst, src, 0x1000);
After corruption
memcpy(dst, src, 0xCEE5);
Remark
• Works when dedicated hardware is used
(e.g. DMA18 engines)
18
Direct Memory Access
112. Combined attack – Copy
• Introducing logical vulnerabilities using fault injection
• Build your own buffer overflow!
• Easy approach: change memcpy the size argument
Before corruption
memcpy(dst, src, 0x1000);
After corruption
memcpy(dst, src, 0xCEE5);
Remark
• Works when dedicated hardware is used
(e.g. DMA18 engines)
18
Direct Memory Access
113. Combined attack – Copy
• Introducing logical vulnerabilities using fault injection
• Build your own buffer overflow!
• Easy approach: change memcpy the size argument
Before corruption
memcpy(dst, src, 0x1000);
After corruption
memcpy(dst, src, 0xCEE5);
Remark
• Works when dedicated hardware is used
(e.g. DMA18 engines)
18
Direct Memory Access
114. Combined attack – Copy
• Introducing logical vulnerabilities using fault injection
• Build your own buffer overflow!
• Easy approach: change memcpy the size argument
Before corruption
memcpy(dst, src, 0x1000);
After corruption
memcpy(dst, src, 0xCEE5);
Remark
• Works when dedicated hardware is used
(e.g. DMA18 engines)
18
Direct Memory Access
115. Combined attack – Copy
Remark
• Targetting the copy function arguments
116. Combined attack – Copy
Remark
• Targetting the copy function arguments
117. Combined attack – Copy
Remark
• Targetting the copy function arguments
118. Combined attack – Copy
Remark
• Targetting the copy function arguments
119. Combined attack – Copy
Remark
• Targetting the copy function arguments
120. Combined attack – Copy
Remark
• Targetting the copy function arguments
121. Combined attack - Controlling PC on ARM20
• Exploits an ARM32 characteristic
• PC19 register is directly accessible by most instructions
Multi-word copy
LDMIA r1!, {r3 - r10}
STMIA r0!, {r3 - r10}
Controlling PC using LDMIA
LDMIA r1!,{r3-r10} 11101000101100010000011111111000
LDMIA r1!,{r3-r10,PC} 11101000101100011000011111111000
• Variations possible on other architectures; code dependent
19
Program Counter
20
Controlling PC on ARM using Fault Injection – Timmers et al., 2016
122. Combined attack - Controlling PC on ARM20
• Exploits an ARM32 characteristic
• PC19 register is directly accessible by most instructions
Multi-word copy
LDMIA r1!, {r3 - r10}
STMIA r0!, {r3 - r10}
Controlling PC using LDMIA
LDMIA r1!,{r3-r10} 11101000101100010000011111111000
LDMIA r1!,{r3-r10,PC} 11101000101100011000011111111000
• Variations possible on other architectures; code dependent
19
Program Counter
20
Controlling PC on ARM using Fault Injection – Timmers et al., 2016
123. Combined attack - Controlling PC on ARM20
• Exploits an ARM32 characteristic
• PC19 register is directly accessible by most instructions
Multi-word copy
LDMIA r1!, {r3 - r10}
STMIA r0!, {r3 - r10}
Controlling PC using LDMIA
LDMIA r1!,{r3-r10} 11101000101100010000011111111000
LDMIA r1!,{r3-r10,PC} 11101000101100011000011111111000
• Variations possible on other architectures; code dependent
19
Program Counter
20
Controlling PC on ARM using Fault Injection – Timmers et al., 2016
124. Combined attack - Controlling PC on ARM20
• Exploits an ARM32 characteristic
• PC19 register is directly accessible by most instructions
Multi-word copy
LDMIA r1!, {r3 - r10}
STMIA r0!, {r3 - r10}
Controlling PC using LDMIA
LDMIA r1!,{r3-r10} 11101000101100010000011111111000
LDMIA r1!,{r3-r10,PC} 11101000101100011000011111111000
• Variations possible on other architectures; code dependent
19
Program Counter
20
Controlling PC on ARM using Fault Injection – Timmers et al., 2016
125. Combined attack - Controlling PC on ARM
Remark
• Targetting the copy function arguments
126. Combined attack - Controlling PC on ARM
Remark
• Targetting the copy function arguments
127. Combined attack - Controlling PC on ARM
Remark
• Targetting the copy function arguments
128. Combined attacks - Wild jungle jump21
• Start glitching while/after loading
the image but before decryption
• Lots of ’magic’ pointers around,
which point close to the code
• Get them from: stack, register,
memory
• The more magic pointers, the
higher the probability
21
Proving the wild jungle jump – Gratchoff, 2015
129. Combined attacks - Wild jungle jump21
• Start glitching while/after loading
the image but before decryption
• Lots of ’magic’ pointers around,
which point close to the code
• Get them from: stack, register,
memory
• The more magic pointers, the
higher the probability
21
Proving the wild jungle jump – Gratchoff, 2015
130. Combined attacks - Wild jungle jump21
• Start glitching while/after loading
the image but before decryption
• Lots of ’magic’ pointers around,
which point close to the code
• Get them from: stack, register,
memory
• The more magic pointers, the
higher the probability
21
Proving the wild jungle jump – Gratchoff, 2015
131. Combined attacks - Wild jungle jump21
• Start glitching while/after loading
the image but before decryption
• Lots of ’magic’ pointers around,
which point close to the code
• Get them from: stack, register,
memory
• The more magic pointers, the
higher the probability
21
Proving the wild jungle jump – Gratchoff, 2015
132. Combined attacks - Wild jungle jump21
• Start glitching while/after loading
the image but before decryption
• Lots of ’magic’ pointers around,
which point close to the code
• Get them from: stack, register,
memory
• The more magic pointers, the
higher the probability
21
Proving the wild jungle jump – Gratchoff, 2015
133. Combined attack(s) – Summary
• Bypass of both authentication and decryption
• Typically little software exploitation mitigation during boot
• Fault injection mitigations in software may not be effective
134. Combined attack(s) – Summary
• Bypass of both authentication and decryption
• Typically little software exploitation mitigation during boot
• Fault injection mitigations in software may not be effective
135. Combined attack(s) – Summary
• Bypass of both authentication and decryption
• Typically little software exploitation mitigation during boot
• Fault injection mitigations in software may not be effective
136. Combined attack(s) – Summary
• Bypass of both authentication and decryption
• Typically little software exploitation mitigation during boot
• Fault injection mitigations in software may not be effective
137. There are some practicalities ...
... which we must overcome!
138. There are some practicalities ...
... which we must overcome!
139. Secure Boot – Demo Design
Remark
• Stage 2 is invalided by changing the printed string
• Stage 1 enters an infinite loop when the signature is invalid
140. Secure Boot – Demo Design
Remark
• Stage 2 is invalided by changing the printed string
• Stage 1 enters an infinite loop when the signature is invalid
141. Secure Boot – Demo Design
Remark
• Stage 2 is invalided by changing the printed string
• Stage 1 enters an infinite loop when the signature is invalid
142. When to glitch?
• Not possible to use a signal originating from target
• Only reference point is power-on reset moment
• Use side-channels to obtain more information
• Compare behavior between valid image and an invalid image
143. When to glitch?
• Not possible to use a signal originating from target
• Only reference point is power-on reset moment
• Use side-channels to obtain more information
• Compare behavior between valid image and an invalid image
144. When to glitch?
• Not possible to use a signal originating from target
• Only reference point is power-on reset moment
• Use side-channels to obtain more information
• Compare behavior between valid image and an invalid image
145. When to glitch?
• Not possible to use a signal originating from target
• Only reference point is power-on reset moment
• Use side-channels to obtain more information
• Compare behavior between valid image and an invalid image
146. When to glitch?
• Not possible to use a signal originating from target
• Only reference point is power-on reset moment
• Use side-channels to obtain more information
• Compare behavior between valid image and an invalid image
147. When to glitch?
• Not possible to use a signal originating from target
• Only reference point is power-on reset moment
• Use side-channels to obtain more information
• Compare behavior between valid image and an invalid image
148. When to glitch?
• Not possible to use a signal originating from target
• Only reference point is power-on reset moment
• Use side-channels to obtain more information
• Compare behavior between valid image and an invalid image
149. Boot profiling – Reset
Valid image
Invalid image
Remark
• No difference between a valid and invalid image
• Attack window spreads across the entire trace (˜400 ms)
150. Boot profiling – Reset
Valid image
Invalid image
Remark
• No difference between a valid and invalid image
• Attack window spreads across the entire trace (˜400 ms)
151. Boot profiling – Reset
Valid image
Invalid image
Remark
• No difference between a valid and invalid image
• Attack window spreads across the entire trace (˜400 ms)
152. Boot profiling – Flash activity
Valid image
Invalid image
Remarks
• Flash activity 3 not present for the invalid image
• Attack window between flash activity 2 and 3 (˜10 ms)
153. Boot profiling – Flash activity
Valid image
Invalid image
Remarks
• Flash activity 3 not present for the invalid image
• Attack window between flash activity 2 and 3 (˜10 ms)
154. Boot profiling – Flash activity
Valid image
Invalid image
Remarks
• Flash activity 3 not present for the invalid image
• Attack window between flash activity 2 and 3 (˜10 ms)
155. Boot profiling – Power consumption
Remark
• Measuring electromagnetic emissions using a probe22
22
https://www.langer-emv.de/en/product/rf-passive-30-mhz-3-ghz/35/
rf1-set-near-field-probes-30-mhz-up-to-3-ghz/270
156. Boot profiling – Power consumption
Remark
• Measuring electromagnetic emissions using a probe22
22
https://www.langer-emv.de/en/product/rf-passive-30-mhz-3-ghz/35/
rf1-set-near-field-probes-30-mhz-up-to-3-ghz/270
157. Boot profiling – Power consumption
Valid image
Invalid image
Remarks
• Significant difference in the electromagnetic emissions
• Attack window reduced significantly (< 1 ms)
• Power profile at black arrow is flat: infinite loop
158. Boot profiling – Power consumption
Valid image
Invalid image
Remarks
• Significant difference in the electromagnetic emissions
• Attack window reduced significantly (< 1 ms)
• Power profile at black arrow is flat: infinite loop
159. Boot profiling – Power consumption
Valid image
Invalid image
Remarks
• Significant difference in the electromagnetic emissions
• Attack window reduced significantly (< 1 ms)
• Power profile at black arrow is flat: infinite loop
160. Boot profiling – Power consumption
Valid image
Invalid image
Remarks
• Significant difference in the electromagnetic emissions
• Attack window reduced significantly (< 1 ms)
• Power profile at black arrow is flat: infinite loop
161. Boot profiling – Power consumption
Valid image
Invalid image
Remarks
• Significant difference in the electromagnetic emissions
• Attack window reduced significantly (< 1 ms)
• Power profile at black arrow is flat: infinite loop
165. How to minimize jitter during boot?
• Power-on reset is too early
• Use a signal close to the ’glitch moment’
Remark
• Using flash activity 2 as a trigger to minimize jitter
166. How to minimize jitter during boot?
• Power-on reset is too early
• Use a signal close to the ’glitch moment’
Remark
• Using flash activity 2 as a trigger to minimize jitter
167. How to minimize jitter during boot?
• Power-on reset is too early
• Use a signal close to the ’glitch moment’
Remark
• Using flash activity 2 as a trigger to minimize jitter
168. How to minimize jitter during boot?
• Power-on reset is too early
• Use a signal close to the ’glitch moment’
Remark
• Using flash activity 2 as a trigger to minimize jitter
169. How to minimize jitter during boot?
• Power-on reset is too early
• Use a signal close to the ’glitch moment’
Remark
• Using flash activity 2 as a trigger to minimize jitter
170. Glitch Timing – Power consumption
Remarks
• Jitter minimized using flash activity as a trigger
171. Glitch Timing – Power consumption
Remarks
• Jitter minimized using flash activity as a trigger
172. DEMO 2
BYPASSING SECURE BOOT
Glitch parameter search
• Fixed the glitch delay to 300 ms
• Fixed the glitch voltage to -2 V
• Randomize the glitch length
173. DEMO 2
BYPASSING SECURE BOOT
Glitch parameter search
• Fixed the glitch delay to 300 ms
• Fixed the glitch voltage to -2 V
• Randomize the glitch length
174. DEMO 2
BYPASSING SECURE BOOT
Glitch parameter search
• Fixed the glitch delay to 300 ms
• Fixed the glitch voltage to -2 V
• Randomize the glitch length
175. DEMO 2
BYPASSING SECURE BOOT
Glitch parameter search
• Fixed the glitch delay to 300 ms
• Fixed the glitch voltage to -2 V
• Randomize the glitch length
177. Secure Boot – Manufacturer Best practices
Minimize attack surface
• Authenticate all code and data
• Limit functionality in ROM code
• Disable memory when not required
Lower the probability
• Implement fault injection countermeasures
• Implement software exploitation mitigations
Robustness can only be determined using testing!
178. Secure Boot – Manufacturer Best practices
Minimize attack surface
• Authenticate all code and data
• Limit functionality in ROM code
• Disable memory when not required
Lower the probability
• Implement fault injection countermeasures
• Implement software exploitation mitigations
Robustness can only be determined using testing!
179. Secure Boot – Manufacturer Best practices
Minimize attack surface
• Authenticate all code and data
• Limit functionality in ROM code
• Disable memory when not required
Lower the probability
• Implement fault injection countermeasures
• Implement software exploitation mitigations
Robustness can only be determined using testing!
180. Secure Boot – Manufacturer Best practices
Minimize attack surface
• Authenticate all code and data
• Limit functionality in ROM code
• Disable memory when not required
Lower the probability
• Implement fault injection countermeasures
• Implement software exploitation mitigations
Robustness can only be determined using testing!
181. Secure Boot – Manufacturer Best practices
Minimize attack surface
• Authenticate all code and data
• Limit functionality in ROM code
• Disable memory when not required
Lower the probability
• Implement fault injection countermeasures
• Implement software exploitation mitigations
Robustness can only be determined using testing!
182. Secure Boot – Manufacturer Best practices
Minimize attack surface
• Authenticate all code and data
• Limit functionality in ROM code
• Disable memory when not required
Lower the probability
• Implement fault injection countermeasures
• Implement software exploitation mitigations
Robustness can only be determined using testing!
183. Secure Boot – Manufacturer Best practices
Minimize attack surface
• Authenticate all code and data
• Limit functionality in ROM code
• Disable memory when not required
Lower the probability
• Implement fault injection countermeasures
• Implement software exploitation mitigations
Robustness can only be determined using testing!
184. Secure Boot – Manufacturer Best practices
Minimize attack surface
• Authenticate all code and data
• Limit functionality in ROM code
• Disable memory when not required
Lower the probability
• Implement fault injection countermeasures
• Implement software exploitation mitigations
Robustness can only be determined using testing!
185. Secure Boot – Manufacturer Best practices
Minimize attack surface
• Authenticate all code and data
• Limit functionality in ROM code
• Disable memory when not required
Lower the probability
• Implement fault injection countermeasures
• Implement software exploitation mitigations
Robustness can only be determined using testing!
186. Conclusion / Sound Bytes
• Today’s standard technology not resistant to fault attacks
• Implementers of secure boot should address fault risks
• Hardware fault injection countermeasures are needed
• Fault injection testing provides assurance on product security
187. Conclusion / Sound Bytes
• Today’s standard technology not resistant to fault attacks
• Implementers of secure boot should address fault risks
• Hardware fault injection countermeasures are needed
• Fault injection testing provides assurance on product security
188. Conclusion / Sound Bytes
• Today’s standard technology not resistant to fault attacks
• Implementers of secure boot should address fault risks
• Hardware fault injection countermeasures are needed
• Fault injection testing provides assurance on product security
189. Conclusion / Sound Bytes
• Today’s standard technology not resistant to fault attacks
• Implementers of secure boot should address fault risks
• Hardware fault injection countermeasures are needed
• Fault injection testing provides assurance on product security
190. Conclusion / Sound Bytes
• Today’s standard technology not resistant to fault attacks
• Implementers of secure boot should address fault risks
• Hardware fault injection countermeasures are needed
• Fault injection testing provides assurance on product security