security failures in secure devices
play

Security Failures In Secure Devices Black Hat Europe March 27, 2008 - PowerPoint PPT Presentation

Apr 12, 2024 •261 likes •811 views

March 27, 2008 Security Failures In Secure Devices Black Hat Europe March 27, 2008 Christopher Tarnovsky Flylogic Engineering, LLC. chris@flylogic.net www.flylogic.net March 27, 2008 Who am I? Last 10 years with NDS

  1. March 27, 2008 Security Failures In Secure Devices Black Hat Europe – March 27, 2008 Christopher Tarnovsky Flylogic Engineering, LLC. chris@flylogic.net – www.flylogic.net

  2. March 27, 2008 Who am I? • Last 10 years with NDS – Anti-piracy effort – IC design – Software engineer – Reverse-engineer expert – One patent, one pending

  3. March 27, 2008 Purpose of this briefing? • Awareness • Understanding • Improve

  4. March 27, 2008 How are failures found? • Decapsulation of the substrate • Microscopy • Invasive probing • Electrical glitches • Optical glitches

  5. March 27, 2008 Decapsulation • Hot Plate • Acetone • Fuming Nitric Acid • Fuming Sulfuric Acid • Tweezers • Dropper

  6. March 27, 2008 Typical Decap Session

  7. March 27, 2008 Microscopy • Use of brightfield optical microscopes • Zeiss Axiotron (I/II): – Good for general imaging to plan attack • Mitutoyo FS-[50-70]: – Good to use for execution of an attack

  8. March 27, 2008 Invasive Probing • Physical connection to substrate • Use low-capacitance buffered driver • Tri-stated buffer is desired- • Allow eavesdropping • Overdrive the signal on an event (a trigger)

  9. March 27, 2008 Probing: Typical bus action (listening) YELLOW : Databus signal GREEN : Clock PURPLE : Reset BLUE : Trigger

  10. March 27, 2008 Overdriving last slides databus with a logic ‘0’ YELLOW : Databus signal GREEN : Clock PURPLE : Reset BLUE : Trigger

  11. March 27, 2008 Electrical Glitches • Lower input voltage • Increase clock frequency Q: Desired result? A: Lengthen propagation delay!!!

  12. March 27, 2008 Optical Glitches • Triggered pulses of light • Hope for latching of something other than, “good” (e.g. dptr change)

  13. March 27, 2008 Most devices claim some type of security • Cryptographic Memories • Smartcard MCU’s • Off-the-shelf (OTS) MCU’s

  14. March 27, 2008 Cryptographic Memories • Atmel “CryptoMemory” • Microchip “Keeloq”

  15. March 27, 2008 Atmel CryptoMemory • Two common dies available- 350nm and 500nm • Fuses determine which family member Below: 500nm die (e.g. AT88SC0204) Below: 350nm die (e.g. AT88SC25616C)

  16. March 27, 2008 Atmel CryptoMemory Claims • Master (Write7) password is only readable once it has been presented. • There is a try limit and once it reaches zero, the part is forever locked from changes to its configuration memory. • OTP Fuses protect the configuration memory.

  17. March 27, 2008 Write7 Password • Address bus attack allows read back of the Write7 password in the clear. • Databus attack allows read back of Write7 password after 64 samples have been taken.

  18. March 27, 2008 ?OTP? Fuse Protection • Fuses are “resettable” to an unprogrammed state via UV light. • Watch out for “booby-trap” fuse! If set, part will no longer communicate. Below: 500nm FUSE – Output in RED Below: 350nm FUSE – Output in GREEN

  19. March 27, 2008 More CryptoMemory issues • Contents contained in “user memory” is stored in the clear (a commonly found problem). • Exposure of the fuses to UV allows reset allowing changes to config memory if write7 password is known.

  20. March 27, 2008 User Memory stored in the clear • Configuration memory “rules” determine if readout of an area requires Crypto. • A successful attack means: – Reset “OTP Perm” fuse to a ‘1’. – Learn Write7 password. – Apply Write7 password and clear Crypto requirements. – Readout memory in the CLEAR !!!!

  21. March 27, 2008 Microchip Keeloq [HCS201..362] • Used around the globe in products such as: – Keyless entry on vehicles – Garage door openers (Genie) – Identity tokens – Burglar alarms

  22. March 27, 2008 Some are ASICs • Devices such as HCS201, 300, and 362 are ASICs designed as small state-machines with micro-coded ROM for behavior Below: HCS201 Below: HCS362

  23. March 27, 2008 And some are not!!! • Products such as HCS512-515 are actually PIC MCU’s with EEPROM!! Below: Ford keyless entry remote is actually 14-Pin PIC MCU bonded out as an 8 pin SOIC part. EEPROM is self-contained on the substrate.

  24. March 27, 2008 HCSxxx simple to extract secrets • Programming documentation claims device will auto- erase previous secrets. • Only then can you program new secrets. • Verification of newly programmed secrets can only be done ONCE.

  25. March 27, 2008 What if bulk-erase didn’t occur? • Microchip forgot something. How about checking if the memory really erased itself! • The theory behind this is too: – Mess up bulk-erase – Send in static 00’s or FF’s (201 or 362?) – Read back original data that was NOT erased!!!!!

  26. March 27, 2008 Motorola SC27/28 Smartcard MCU • Used heavily in GSM (SC28 mostly) • 6805 Core • 12.8 KB Masked ROM, 240 Bytes SRAM, 8 KB of EEPROM • Nothing special inside- – Sit on bus anywhere inside and you can see what’s going on. – Bus ordering was: cpu_latch[7:0] = dbus[7,6,5,4,3,2,1,0]; – Glitchable: Optically and Electrically

  27. March 27, 2008 Motorola SC49 Smartcard MCU • Tried out in GSM SIM cards sometime in late 90’s • 6805 Core • Hardware Cryptographic engine • 11.3KB Masked ROM, 512 Bytes of SRAM, 4 KB of EEPROM • Scrambled databus to confuse an attacker – Operands remain the same – Instructions needed be bit swapped – An eavesdropper needs to understand the core implementation.

  28. March 27, 2008 Scrambling the bus? Why? • Typical areas of probing are – Memory bus drivers. – Data bus itself where lines are organized in proper CPU bus width. – Bus lines are 99.9% of the time in order (0..7 or 7..0) and rarely swapped around! – Swapping the outputs of the memory is too easy to spot.

  29. March 27, 2008 Implementation: Scrambled Bus • As show in the photo below. Databus runs across the picture and is laid out from top to bottom as D7-D0. • As shown by the red dots, connections into the instruction latches swap the lines to the properly decoded state for a 6805. • Bit swap order is: cpu_latch[7:0] = dbus[6,2,4,1,0,7,3,5]; • Databus continues into the ALU to the right like other 6805’s.

  30. March 27, 2008 Infineon SLE66C160S/SLE66C320S • Found to be used in- – GSM SIM cards (32 KB version) – Gemplus GEMSAFE (16 KB w/Crypto) • Infineon quick spec states: – Security optimized layout and layout scrambling – Irreversible Lock - Out of test mode – Non standard dedicated Smart Card CPU–Core – Above statements taken from Infineon “Short Product Info., 10.01, SLE 66C160S” (Page 3)

  31. March 27, 2008 Infineon SLE66 “S” Die Image Below: Uncommented 100x image Below: Commented 100x image

  32. March 27, 2008 Infineon SLE66 “S” ROM • ROM Databus output and Address input latches. • Lower 8 bits of Address is multiplexed (shared) with Databus. • No scrambling on ROM outputs nor address inputs!!

  33. March 27, 2008 Infineon SLE66 “S” Main Databus • “Security optimized layout and layout scrambling” • ? Where ? We got here from the ROM outputs…

  34. March 27, 2008 Infineon SLE66 “S” Core Databus • Below the horizontal solid red line is the CLEAR databus. • Ordering of the bits is 0,1,2,3,4,5,6,7 and any encryption of the fetch has been decrypted by the MED above out of view. Below: Short red stripes represent clear databus bits 0..7

  35. March 27, 2008 Infineon SLE66CX322P • Found in GSM SIM cards • 32 KB EEPROM • Advanced Crypto Engine (ACE)

  36. March 27, 2008 Infineon SLE66 “P” Secure? • 4 conductor “active” mesh as top metal • Began in 220nm 3+1 metal process

  37. March 27, 2008 Infineon SLE66 “P” Databus • Below the horizontal solid red line is the CLEAR databus. • Ordering of the bits is 0,1,2,3,4,5,6,7. • Opcode must be decrypted at this state in time!

  38. March 27, 2008 ST Series Smartcards • ST16CF54: Crypto engine, 4 KB EEP • ST16SF4x: No Crypto, 1-16 KB EEP • ST19CF68: Crypto engine, 8 KB EEP • ST19AF08: 20 pin SOIC, 8 KB EEP • Enhanced 6805 MCU • Pioneer of the “Mesh” principle

  39. March 27, 2008 ST Mesh's 1 st gen: • Ground plane with holes (checker-board pattern) » Opening is okay without device knowing • Generations 2-4 are all “Serpentine” active sense with ground fingers 2 nd gen: • Mesh break results in stopped CPU » Active sense is tied to VDD of the device 3 rd gen: • Mesh break results in BULK erase of EEPROM » Active sense is tied to VDD of the device 4 th gen: • Mesh break results in BULK erase of EEPROM » Active sense is a circuit now coming from opposite side of the device.

  40. March 27, 2008 ST Mesh Images Gen 1 – 4 Meshes

  41. March 27, 2008 ST16XYZ Series • Crypto engine available on ST16CF54A/B • 1/2/4/8/16 KB EEPROM • Customizable access rules aka firewall • Filtered clock

  42. March 27, 2008 ST19XYZ Die Images • Began in 600nm 2+1 metal process • 10-12 MHz internal frequency (VDD dependent)

  43. March 27, 2008 ST19XYZ Series • Has anything really changed? • No better than the older ST16 series

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Failures In Secure Devices Black Hat DC February 21, 2008 Christopher Tarnovsky

Security Failures In Secure Devices Black Hat DC February 21, 2008 Christopher Tarnovsky

February 21, 2008 Security Failures In Secure Devices Black Hat DC February 21, 2008 Christopher Tarnovsky Flylogic Engineering, LLC. chris@flylogic.net www.flylogic.net February 21, 2008 Who am I? Last 10 years with NDS

586 views • 54 slides
IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE

IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE

LECTURE IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE Program Runtime Attacks Wireless Security Side Channels CONNECTED DEVICES Thread Intelligence Secure Group Communication

1.04k views • 6 slides
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Math ematiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1

1.72k views • 143 slides
Secure Logic Styles ECRYPT II summer school on Design and Security of Cryptographic Algorithms

Secure Logic Styles ECRYPT II summer school on Design and Security of Cryptographic Algorithms

Embedded Security Group Secure Logic Styles ECRYPT II summer school on Design and Security of Cryptographic Algorithms and Devices 1. June 2011 Amir Moradi Embedded Security Group Agenda Power Consumption Characteristics of CMOS Circuits

387 views • 24 slides
Continuing to secure the Internet of Things Connected embedded devices Everything in our

Continuing to secure the Internet of Things Connected embedded devices Everything in our

Safety & Security for the Connected World Continuing to secure the Internet of Things Connected embedded devices Everything in our embedded world is becoming connected to The Internet Other connected devices Personal devices

248 views • 11 slides
CONFIDENTIAL 1 How to Secure Devices in a Smart City IoT devices in a Zero-Trust manufacturing

CONFIDENTIAL 1 How to Secure Devices in a Smart City IoT devices in a Zero-Trust manufacturing

CONFIDENTIAL 1 How to Secure Devices in a Smart City IoT devices in a Zero-Trust manufacturing and operational environment. CONFIDENTIAL 2 IoT market Gartner predicts: 20.4 billion connected things by 2020 7.4 billion of these are

330 views • 8 slides
Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman

Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman

Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh Byzantine failures are real

477 views • 30 slides
Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

SSL 1 Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication: basic, digest often supplemented by cookies access control via network addresses multi-layered: SHTTP (secure HTTP) = just

713 views • 32 slides
Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction Cunsheng Cunsheng Ding Ding HKUST, Hong Kong, CHI NA HKUST, Hong Kong, CHI NA Secure Elect ronic Transact ions An applicat ion-layer secur it y

483 views • 24 slides
Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator shall establish procedures for analyzing accidents and failures, including the selection of samples of the failed facility or equipment for

948 views • 55 slides
Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Chapter 8 Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security Devices Routers

291 views • 7 slides
Quest(-V): A Secure and Predictable System for Smart IoT Devices Richard West richwest@cs.bu.edu

Quest(-V): A Secure and Predictable System for Smart IoT Devices Richard West richwest@cs.bu.edu

Quest(-V): A Secure and Predictable System for Smart IoT Devices Richard West richwest@cs.bu.edu Computer Science Emerging Smart Devices Need an OS Multiple cores GPIOs PWM Virtualization support Integrated Graphics

547 views • 52 slides
Security Summer 2013 Cornell University 1 Today How does the OS provide security?

Security Summer 2013 Cornell University 1 Today How does the OS provide security?

CS 4410 Operating Systems Security Summer 2013 Cornell University 1 Today How does the OS provide security? Secure System Security Violations Security Measures Threats User Authentication Protection 2 Secure

381 views • 14 slides
Principles for Secure Software Following these doesnt guarantee security But they touch

Principles for Secure Software Following these doesnt guarantee security But they touch

Principles for Secure Software Following these doesnt guarantee security But they touch on the most commonly seen security problems Thinking about them is likely to lead to more secure code Lecture 13 Page 1 CS 236 Online 1.

439 views • 22 slides
SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE)

SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE)

SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE) Act of 2019 (H.R. 1994) Introduced in the House March 29, 2019 Passed House Ways & Means Committee April 2, 2019 Passed House

354 views • 12 slides
A Lightweight Secure Cyber Foraging Infrastructure for Resource-Constrained Devices Sachin Goyal

A Lightweight Secure Cyber Foraging Infrastructure for Resource-Constrained Devices Sachin Goyal

A Lightweight Secure Cyber Foraging Infrastructure for Resource-Constrained Devices Sachin Goyal and John Carter School of Computing University of Utah 1 Todays Computing Environments Small, embedded, mobile devices Ubiquitous

245 views • 22 slides
Sheared colloids and emulsions studied with confocal microscopy Eric R. Weeks Emory University

Sheared colloids and emulsions studied with confocal microscopy Eric R. Weeks Emory University

Sheared colloids and emulsions studied with confocal microscopy Eric R. Weeks Emory University (Physics) * Dandan Chen * Joaquim Clara Rahola Denis Semwogerere In collaboration with: Victor Breedveld (Georgia Tech) Jun Sato

730 views • 52 slides
Holographic Characterization of Protein Aggregates Size, morphology and differentiation one

Holographic Characterization of Protein Aggregates Size, morphology and differentiation one

Holographic Characterization of Protein Aggregates Size, morphology and differentiation one particle at a time (and fast) D. G. Grier, C. Wang, X. Zhong, & M. D. Ward New York University D. B. Ruffner & L. A. Philips Spheryx, Inc

1.02k views • 29 slides
Directives EMEA guidelines ICH guidelines European Pharmacopoeia Cell

Directives EMEA guidelines ICH guidelines European Pharmacopoeia Cell

Directives EMEA guidelines ICH guidelines European Pharmacopoeia Cell expansion from one vial of MCB Cells infected with one vial of MVSS. Incubation until full CPE is observed Cells harvested, sampled for

876 views • 31 slides
THE SEMIMICROSCOPIC DESCRIPTION OF THE SIMPLEST PHOTONUCLEAR REACTIONS WITH GIANT DIPOLE

THE SEMIMICROSCOPIC DESCRIPTION OF THE SIMPLEST PHOTONUCLEAR REACTIONS WITH GIANT DIPOLE

THE SEMIMICROSCOPIC DESCRIPTION OF THE SIMPLEST PHOTONUCLEAR REACTIONS WITH GIANT DIPOLE RESONANCE EXCITATION B.A.Tulupov 1 , M.H.Urin 2 1 Institute for Nuclear Research RAS, Moscow, Russia 2 National Research Nuclear University MEPhI,

292 views • 6 slides
0D, 1D, and 2D Structures Clusters, Nanowires, Graphene CINT/JAIST '09 Suneel Kodambaka

0D, 1D, and 2D Structures Clusters, Nanowires, Graphene CINT/JAIST '09 Suneel Kodambaka

In situ Microscopy Studies of Materials Science Materials Science & Engineering 0D, 1D, and 2D Structures Clusters, Nanowires, Graphene CINT/JAIST '09 Suneel Kodambaka Department of Materials Science & Engineering University of

237 views • 11 slides
FAME Master Functionalized Advanced Materials and Engineering FAME partner presentation TU

FAME Master Functionalized Advanced Materials and Engineering FAME partner presentation TU

FAME Master Functionalized Advanced Materials and Engineering FAME partner presentation TU Darmstadt February 2019 http://www.fame-master.com Darmstadt - Germany Rhein Main Region Darmstadt Known as Materials Valley

241 views • 22 slides
Selektive Neutralitt und Effizienz der Evolution Was wir aus Evolutionsexperimenten lernen

Selektive Neutralitt und Effizienz der Evolution Was wir aus Evolutionsexperimenten lernen

Selektive Neutralitt und Effizienz der Evolution Was wir aus Evolutionsexperimenten lernen knnen Peter Schuster Institut fr Theoretische Chemie und Molekulare Strukturbiologie der Universitt Wien Seminar des Naturhistorischen Museums

810 views • 80 slides
Active Tremor Compensation in Handheld Instrument for Microsurgery Wei Tech Ang School of

Active Tremor Compensation in Handheld Instrument for Microsurgery Wei Tech Ang School of

Active Tremor Compensation in Handheld Instrument for Microsurgery Wei Tech Ang School of Mechanical & Aerospace Engineering Nanyang Technological University Singapore wtang@ntu.edu.sg 1 Contributors Cameron N. Riviere Wei Tech

888 views • 86 slides

More recommend