physical security attacks and defenses for computing
play

Physical Security Attacks and Defenses for Computing Systems - PDF document

Sep 27, 2023 •245 likes •334 views

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY Physical Security Attacks &

  1. Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY

  2. Physical Security Attacks & Defenses Outline • Definition • Attacks • Defenses • Standards Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 2 (561) 392-6100 Secure Systems and Smart Cards c1shw@us.ibm.com

  3. Physical Security Attacks & Defenses Definition: Physical Security, A barrier placed around a computing system to deter unauthorized physical access to that computing system. In the event of an attack, there should be a low probability of success; and a high probability of the attack being detected either during the attack, or subsequent to penetration. Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 3 (561) 392-6100 Secure Systems and Smart Cards c1shw@us.ibm.com

  4. Physical Security Attacks & Defenses Attacks • Low Tech • Theft • Mis-use • High Tech • Machining • Mechanical • Water • Laser • Chemical • Shaped Charge • Probes • Passive/Active • Mechanical • Energy • E-beam/Ion Beam • X-Ray • IR Laser • Energy • Imprinting • Temperature • Voltage • Radiation • Disruption • Tempest • EM Emanations • Power/Current Profile Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 4 (561) 392-6100 Secure Systems and Smart Cards c1shw@us.ibm.com

  5. Physical Security Attacks & Defenses Defenses (High & Low Tech) • Tamper Resistance • Guards • Weight, Size, Material • Complexity • Inaccessibility • Chip Coatings • Substrates • Tamper Evidence • Holographic Seals • ‘Bleeding’ Paint • Crazed Materials • Tamper Detection • Membranes • Metallic • Organic • Other • Sensors • Temperature • Radiation • Voltage • Tamper Response • Zeroization Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 5 (561) 392-6100 Secure Systems and Smart Cards c1shw@us.ibm.com

  6. Physical Security Attacks & Defenses The Operating Envelope The range of all conditions that are required for correct operation of all components. Note: For Tamper Responding systems that use erasure as a means of protecting secret data, correct operation includes the ability to guarantee the removal of memory contents when desired. • Voltage • Temperature • Radiation Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 6 (561) 392-6100 Secure Systems and Smart Cards c1shw@us.ibm.com

  7. Physical Security Attacks & Defenses Standards • Not Many! • In commercial sector • FIPS 140-1 • Seems to be the emerging commercial standard • Reasonable, but needs updating now • ANSI 9.66 • Had been different than FIPS 140-1 • Probably will not be in the future • TNO (Delft Holland) • Not really a standard, an Authority • ITSEC • Not Really Focused on Hardware • Common Criteria • Not Really Focused on Hardware Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 7 (561) 392-6100 Secure Systems and Smart Cards c1shw@us.ibm.com

  8. Physical Security Attacks & Defenses An Example of a Physically Secure Coprocessor Metal Shield Tamper Detecting Membrane Crypto Card Inner Cover Potting Shielded Base Card Flexible Data/Power Cable Steve H. Weingart IBM T. J. Watson Research Center, Hawthorne, NY Page 8 (561) 392-6100 Secure Systems and Smart Cards c1shw@us.ibm.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft Research, Silicon Valley and Reykjavk University, Iceland An example of a real-world attack Exploits a vulnerability in the GDI+ rendering of

1.26k views • 113 slides
Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced

Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced

Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced Security Topics Name: Soteris Constantinou Instructor: Dr. Elias Athanasopoulos Authors: Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart

1.65k views • 81 slides
Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography. Security. Falko Strenzke 2020 For evaluation purposes only Please do not distribute August 4, 2020 Dr. Falko Strenzke Attacks and Defenses For

531 views • 30 slides
Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1 Lecture Overview 1. Advanced MATE attacks models tools & techniques 2. Protected code comprehension processes 3. Advanced MATE defenses 4.

1.79k views • 114 slides
Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article

Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article

Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article Jean-Philippe Aumasson, Designing and attacking Kudelski Security (NAGRA) port scan detection tools by Solar Designer (Alexander D. J. Bernstein,

1.83k views • 164 slides
CSCI 8260 S16 Computer Network Attacks and Defenses Overview of research topics in computer

CSCI 8260 S16 Computer Network Attacks and Defenses Overview of research topics in computer

CSCI 8260 S16 Computer Network Attacks and Defenses Overview of research topics in computer and network security Instructor: Prof. Roberto Perdisci Fundamental Components l Confidentiality l concealment/secrecy of information often

642 views • 37 slides
CS 134: Operating Systems Security (continued) 1 / 23 Overview CS34 Overview 2012-12-10

CS 134: Operating Systems Security (continued) 1 / 23 Overview CS34 Overview 2012-12-10

CS34 2012-12-10 CS 134: Operating Systems Security (continued) CS 134: Operating Systems Security (continued) 1 / 23 Overview CS34 Overview 2012-12-10 Attacks Overview Defenses Attacks Defenses 2 / 23 Attacks Defense Rule #1

684 views • 29 slides
Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security Side Channel Attacks Arnaud Tisserand Fault Injection Attacks CNRS, Lab-STICC laboratory CRiSIS 2017, Dinard, France Protections Examples

266 views • 15 slides
Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks

Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks

Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks Devendra Shelar and Saurabh Amin Massachusetts Institute of Technology INFORMS November 15 th , 2016 Vulnerable Electricity Networks: Key issues Two

391 views • 7 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide content (Vern Paxson) Misleading users Browser assumes that clicks and keystrokes = clear indication of what the user wants to do Constitutes

567 views • 24 slides
15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico Kolter (this lecture) and Ariel Procaccia Carnegie Mellon University Spring 2018 Portions base upon joint work with Eric Wong 1 Outline Adverarial

710 views • 39 slides
Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems

Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems

Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems Matthias Schulz, Adrian Loch, Matthias Hollick Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems Matthias

607 views • 22 slides
Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

658 views • 44 slides
Buffer Overflow Attacks & Defenses Slides are borrowed from Franziska Roesner @UW and Dawn

Buffer Overflow Attacks & Defenses Slides are borrowed from Franziska Roesner @UW and Dawn

Buffer Overflow Attacks & Defenses Slides are borrowed from Franziska Roesner @UW and Dawn Song @Berkeley Linux (32-bit) process memory layout -0xFFFFFFFF Reserved for Kernal -0xC0000000 user stack %esp shared libraries -0x40000000

994 views • 85 slides
Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science & Engineering The Ohio State University Userland TEEs on Commodity Processors Application VM VM

154 views • 14 slides
Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor

Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor

Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor Attack and Countermeasures Jiachen Sun 1 Yulong Cao 1 , Qi Alfred Chen 2 , and Z. Morley Mao 1 1 2 Autonomous Vehicle (AV) Perception

525 views • 38 slides
Identifying an accurate metric for football efficiency Tim Chou Football Coach Introduction:

Identifying an accurate metric for football efficiency Tim Chou Football Coach Introduction:

Identifying an accurate metric for football efficiency Tim Chou Football Coach Introduction: Whats the problem? Defense industry Stuck doing business the same way we did in the 80s Coaching football Running the same drills

526 views • 20 slides
READ AND REACT OFFENSE WHAT ITS NOT Not motion offense Motion offense is good if you

READ AND REACT OFFENSE WHAT ITS NOT Not motion offense Motion offense is good if you

READ AND REACT OFFENSE WHAT ITS NOT Not motion offense Motion offense is good if you have 5 intelligent great multi-dimensional players Most offenses are predicated on a certain type of player. Its also not an offense set

1.2k views • 87 slides
CSCI 1650: Software Security and Exploitation Introduction Vasileios (Vasilis) Kemerlis

CSCI 1650: Software Security and Exploitation Introduction Vasileios (Vasilis) Kemerlis

CSCI 1650: Software Security and Exploitation Introduction Vasileios (Vasilis) Kemerlis September 09, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 1650 Fall 20 1 / 6 Course Overview (1/2)

238 views • 19 slides
Sicherheitslcken in der knstlichen Intelligenz Konrad Rieck, TU Braunschweig Keynote

Sicherheitslcken in der knstlichen Intelligenz Konrad Rieck, TU Braunschweig Keynote

Sicherheitslcken in der knstlichen Intelligenz Konrad Rieck, TU Braunschweig Keynote 1oth German OWASP Day 2018 The AI Hype Hype around artificial intelligence and deep learning Amazing progress of

357 views • 32 slides
QP and Dissertation Dont Freak Out, Just Be Prepared What is the QP? It is your Research

QP and Dissertation Dont Freak Out, Just Be Prepared What is the QP? It is your Research

QP and Dissertation Dont Freak Out, Just Be Prepared What is the QP? It is your Research Proposal Work with your chair to determine the structure of your QP First 3 Chapters 25-50 page proposal Elements of the QP Introduction Literature

288 views • 16 slides
HESTIA: High-level and Extensible System for Training and Infrastructure risk Assessment Ananth

HESTIA: High-level and Extensible System for Training and Infrastructure risk Assessment Ananth

HESTIA: High-level and Extensible System for Training and Infrastructure risk Assessment Ananth A. Jillepalli, University of Idaho cred-c.org | 1 Introduction Transition Transition of Industrial Control Systems (ICS) into Cyber

389 views • 22 slides
A Map for Security Science Fred B. Schneider* Department of Computer Science Cornell University

A Map for Security Science Fred B. Schneider* Department of Computer Science Cornell University

A Map for Security Science Fred B. Schneider* Department of Computer Science Cornell University Ithaca, New York 14853 U.S.A. *Funded by AFOSR, NICECAP, NSF (TRUST STC), and Microsoft. Maps = Features + Relations Features Land mass

748 views • 38 slides

More recommend