Enclosure-PUF
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Untertitel |
| |
| Serientitel | ||
| Anzahl der Teile | 165 | |
| Autor | ||
| Lizenz | CC-Namensnennung 4.0 International: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/39217 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
| |
| Schlagwörter |
35C3 Refreshing Memories141 / 165
2
5
6
7
8
9
10
11
12
13
15
16
17
22
26
29
30
31
33
37
38
39
40
44
45
48
49
53
54
55
57
59
60
62
65
66
69
70
72
73
74
77
80
82
83
84
85
86
87
89
92
94
100
104
105
106
107
108
111
113
114
115
116
117
119
121
122
123
124
127
132
133
136
139
141
143
144
145
146
148
149
150
154
155
156
157
158
159
160
161
162
163
164
165
00:00
GrundraumFormation <Mathematik>SchlussregelPolstelleZweiMultiplikationsoperatorUnrundheitMetropolitan area networkVorlesung/Konferenz
01:16
Theoretische PhysikComputersicherheitHackerComputersicherheitGrundraumPhysikalisches SystemFluss <Mathematik>Reelle ZahlOvalLesen <Datenverarbeitung>Datenmissbrauch
02:59
ImplementierungTheoretische PhysikComputersicherheitRechnernetzDatenbankDienst <Informatik>ZustandsdichteAuthentifikationPhysikalisches SystemKryptoanalyseSocial Engineering <Sicherheit>QuantencomputerMathematikLeistung <Physik>CachingReverse EngineeringInjektivitätAnalysisDifferentialStatistikImplementierungStatistische PhysikPersonal Area NetworkInternet der DingePhysikalismusInternetworkingSocial Engineering <Sicherheit>MathematikDifferenteAnalysisSchlüsselverwaltungElektromagnetische SchwingungDatenfeldSeitenkanalattackeEinsLeistung <Physik>ChiffrierungFamilie <Mathematik>AlgorithmusMultiplikationsoperatorReverse EngineeringRuhmasseGanze FunktionLASER <Mikrocomputer>Diagramm
04:25
InjektivitätLeistung <Physik>Theoretische PhysikComputersicherheitAnalysisImplementierungCloud ComputingMultiplikationsoperatorChiffrierungLeistung <Physik>AnalysisInjektivitätPotenz <Mathematik>ComputersicherheitPublic-Key-KryptosystemAlgorithmusRechenbuchMultiplikationBitKomplex <Algebra>Modul <Datentyp>OrdnungsreduktionRSA-VerschlüsselungEndliche ModelltheorieVorlesung/Konferenz
05:46
InjektivitätTheoretische PhysikSchießverfahrenGruppoidPhysikalisches SystemNichtlinearer OperatorFokalpunktImplementierungInjektivitätDigitaltechnikPhysikalisches SystemResultanteFahne <Mathematik>MAPExpertensystemHardwareReverse EngineeringWellenpaketComputeranimationVorlesung/Konferenz
06:44
SoftwareHardwareTheoretische PhysikTrojanisches Pferd <Informatik>Reverse EngineeringAtomarität <Informatik>SchlüsselverwaltungElektronische UnterschriftPhysikalisches SystemSoftwareschwachstelleImplementierungHardwareComputersicherheitTrojanisches Pferd <Informatik>Computeranimation
07:41
Theoretische PhysikVektor <Datentyp>Modul <Datentyp>GeradeProgrammierumgebungPhysikalismusMinkowski-MetrikAlgorithmusSichtenkonzeptPrimitive <Informatik>ComputersicherheitPunktMultiplikationsoperatorSoftwareentwicklerKlassische PhysikHackerFlächeninhaltPlastikkarteProzess <Informatik>Physikalisches System
08:41
SystemprogrammierungTheoretische PhysikNotepad-ComputerPhysikalisches SystemInformationMikrocontrollerComputersicherheitElement <Gruppentheorie>Kartesische KoordinatenReelle ZahlFitnessfunktionPunktCASE <Informatik>Lipschitz-StetigkeitNuklearer RaumPlastikkarteProgrammverifikationATMInternet der DingeVorlesung/Konferenz
10:05
Reflektor <Informatik>Theoretische PhysikComputersicherheitMAPBenchmarkProgrammierumgebungPhysikalisches SystemFlächeninhaltExogene VariableEinhüllendeVollständigkeitKonsistenz <Informatik>MAPPhysikalisches SystemEinhüllendeComputersicherheitBenchmarkStandardabweichungNational Institute of Standards and TechnologyGefrierenExogene VariableServerMaterialisation <Physik>KryptologieParametersystemProgrammierumgebungVollständigkeitBimodulIntegralVerdeckungsrechnungSensitivitätsanalyseCASE <Informatik>PhysikalismusHardwareVorlesung/KonferenzBesprechung/InterviewProgramm/QuellcodeJSON
12:10
Theoretische PhysikProgrammierumgebungComputerspielMomentenproblemMereologiePhysikalisches SystemWasserdampftafelVorlesung/KonferenzBesprechung/InterviewComputeranimation
12:58
Finite-Elemente-MethodeTheoretische PhysikReflektor <Informatik>ComputerResultanteEinflussgrößeVorlesung/Konferenz
14:00
Theoretische PhysikNotebook-ComputerÜberlagerung <Mathematik>Vorzeichen <Mathematik>SpezialrechnerElektronische UnterschriftReflektor <Informatik>Auflösung <Mathematik>Digitale PhotographieErschütterungPartikelsystemPublic-Key-KryptosystemInformationsmanagementNotebook-ComputerDigitale PhotographieMAPVorzeichen <Mathematik>Auflösung <Mathematik>CASE <Informatik>ParametersystemOffene MengeOrtsoperatorPhysikalisches SystemComputersicherheitComputeranimation
15:41
Theoretische PhysikDigitaltechnikReflektor <Informatik>AggregatzustandKonstantePhysikalisches SystemInformationPolygonnetzInformationPhysikalisches SystemAggregatzustandComputersicherheitHardwareExogene VariableStrömungsrichtungPolygonnetzSystemplattformBimodulDigitaltechnikBus <Informatik>Temporale LogikEinflussgrößeFlächeninhalt
16:47
MAPTheoretische PhysikStrömungsrichtungSystemprogrammierungMaß <Mathematik>ServerATMModul <Datentyp>BimodulVirtuelle MaschinePhysikalisches SystemGrenzschichtablösungMAPLeistung <Physik>ATMProzess <Informatik>CachingCASE <Informatik>MinimumKonstante
17:44
ComputersicherheitSoftwareHardwareTheoretische PhysikElektronisches WasserzeichenROM <Informatik>Funktion <Mathematik>CodeSystemprogrammierungKlon <Mathematik>Entropie <Informationstheorie>StrömungsrichtungHardwareSoftwarePhysikalisches SystemEntropie <Informationstheorie>SoundverarbeitungRichtungTVD-VerfahrenProdukt <Mathematik>PhysikalismusArithmetisches MittelJSONComputeranimation
18:44
Funktion <Mathematik>Entropie <Informationstheorie>Physikalisches SystemPrognoseverfahrenComputersicherheitExogene VariableTheoretische PhysikUmwandlungsenthalpieFunktionalSoundverarbeitungSimulationHochdruckExogene VariableProgrammierumgebungStochastischer ProzessVirtuelle MaschineKategorie <Mathematik>LeistungsbewertungFokalpunktGüte der AnpassungOrtsoperatorVorhersagbarkeitArithmetisches MittelSoftwareschwachstelleVorlesung/Konferenz
19:55
Reflektor <Informatik>AlgorithmusTermTheoretische PhysikPerspektiveInformationsspeicherungHardwareInformationBeweistheorieEin-AusgabeInformationsspeicherungComputersicherheitBeweistheorieHardwareBlackboxKryptologiePhysikalisches SystemEndliche ModelltheorieZahlensystemFunktion <Mathematik>SpieltheorieAlgorithmusProgramm/Quellcode
21:00
Entropie <Informationstheorie>ComputersicherheitAlgorithmusReflektor <Informatik>HardwareTheoretische PhysikKomponente <Software>RechenwerkSchießverfahrenZufallszahlenDurchmesserDigitaltechnikAuflösung <Mathematik>BenutzerfreundlichkeitComputerschachKanalkapazitätAutorisierung
21:52
Reflektor <Informatik>Theoretische PhysikDurchmesserPerfekte GruppeMAPPolygonnetzFunktionalPhysikalisches SystemMaschinenschreibenFlächeninhaltDifferenteEinhüllendeSoundverarbeitungPhysikalismusWellenlehrePropagatorBesprechung/InterviewComputeranimation
22:54
Elektromagnetische SchwingungWellenlehreSoundverarbeitungVariableSpiegelung <Mathematik>Theoretische PhysikSpektralzerlegung <Physik>Doppler-EffektElektromagnetische SchwingungSoundverarbeitungPropagatorTransmissionskoeffizientMaschinenschreibenSpektralzerlegung <Physik>BitWellenlehreFlächentheorieAntwortfunktionComputeranimation
23:42
Theoretische PhysikAggregatzustandInformationExogene VariableAntwortfunktionKomponente <Software>MultiplikationDatenmodellCharakteristisches PolynomSenderDigitalfilterDifferenzkernPhysikalisches SystemComputersicherheitFrequenzMathematikFormale SemantikEinflussgrößeAggregatzustandEntropie <Informationstheorie>PhasenumwandlungDomain <Netzwerk>Gebäude <Mathematik>DifferenteFunktionalRechter WinkelQuellcodeExogene VariableTransmissionskoeffizientFilter <Stochastik>InformationFitnessfunktionPhysikalismusDrahtloses lokales Netz
24:48
Elektromagnetische SchwingungWellenlehreElektronischer FingerabdruckVariableSoundverarbeitungTheoretische PhysikBimodulKontrollstrukturAlgorithmusFormation <Mathematik>GamecontrollerMereologieMathematikComputersicherheitElektronischer FingerabdruckMechanismus-Design-TheorieSchlüsselverwaltungExogene VariableCASE <Informatik>Physikalisches SystemSchätzfunktionInformationDatenstrukturEntropie <Informationstheorie>SignifikanztestGrößenordnungPhasenumwandlungBimodulMAPAntwortfunktionMateriewelleSpeicherabzugBit
26:36
DatenmodellMaßstabFlächentheorieMultiplikationTheoretische PhysikFrequenzMateriewelleFunktionalMateriewelleAuflösung <Mathematik>SoundverarbeitungFrequenzElektromagnetische SchwingungMereologieProgrammierumgebungPropagatorSchlussregelMathematikMeterRechter WinkelFlächeninhaltObjekt <Kategorie>ThumbnailMinkowski-MetrikComputeranimation
28:00
SensitivitätsanalyseComputersicherheitDatenfeldTheoretische PhysikObjekt <Kategorie>Fresnel-IntegralZeitzoneMathematikFastkörperMateriewelleFormation <Mathematik>Regulator <Mathematik>CASE <Informatik>MeterAuflösung <Mathematik>EinsPunktVorlesung/Konferenz
28:53
AlgorithmusReflektor <Informatik>Konsistenz <Informatik>ProgrammierumgebungTheoretische PhysikDigitaltechnikSchlüsselverwaltungHardwarePhysikalisches SystemProgrammierumgebungSchlüsselverwaltungAlgorithmusBeweistheoriePhysikalismusIntegralBitProgrammverifikationHardwareDifferenteLesen <Datenverarbeitung>SchaltnetzAggregatzustandGerade
30:21
ProgrammierumgebungPhysikalismusComputersicherheitGefrierenBitParametersystemMechanismus-Design-TheorieKryptologieCASE <Informatik>SchlüsselverwaltungFormation <Mathematik>Einplatinen-ComputerMultiplikationsoperatorPhysikalisches SystemDigitaltechnikMAPHardwareVorlesung/Konferenz
31:41
Theoretische PhysikCASE <Informatik>Innerer PunktHardwarePhysikalisches SystemCoprozessorExogene VariableTestbedLeistung <Physik>Konsistenz <Informatik>Exogene VariablePolygonnetzPhysikalisches SystemMechanismus-Design-TheorieATMBootenLeistung <Physik>AlgorithmusElektronischer FingerabdruckRechnernetzComputerQuellcodeEinflussgrößeFormation <Mathematik>TestbedWhiteboardTechnische ZeichnungDiagrammFlussdiagramm
33:04
Theoretische PhysikProfil <Strömung>W3C-StandardEntropie <Informationstheorie>ComputersicherheitDatenstrukturSenderHardwareMereologieLoginBeweistheorieEntropie <Informationstheorie>HardwareTransmissionskoeffizientQuaderJSONVorlesung/KonferenzComputeranimation
33:59
Theoretische PhysikBimodulBandmatrixSimulationProfil <Strömung>ComputerWhiteboardAuflösung <Mathematik>QuaderBeweistheorieBandmatrixWhiteboardFormation <Mathematik>BimodulEinplatinen-ComputerPhysikalisches SystemComputeranimation
35:04
WhiteboardComputerBimodulTheoretische PhysikSimulationProfil <Strömung>BandmatrixQuaderRandomisierungPhysikalisches SystemProfil <Strömung>Vorlesung/Konferenz
36:07
Demo <Programm>Theoretische PhysikZentrische StreckungDatensichtgerätZählenTouchscreenGraphische BenutzeroberflächeDifferenteVorlesung/KonferenzComputeranimation
37:32
Physikalisches SystemMultiplikationsoperator
38:42
HalbleiterspeicherMetrisches SystemAbstandPhysikalisches SystemMathematikVarianzEinflussgrößeGraphische BenutzeroberflächeBesprechung/Interview
40:47
Theoretische PhysikEinflussgrößeStichprobeGeometrische QuantisierungPhysikalisches SystemSchlüsselverwaltungMetrisches SystemGüte der AnpassungLeistungsbewertungOffice-PaketMatrizenrechnungEinflussgrößeBitfehlerhäufigkeitInformationKurvenanpassungZeichenketteMultiplikationsoperatorParametersystemGlobale OptimierungPunktJSONXML
43:12
Theoretische PhysikReflektor <Informatik>SensitivitätsanalyseElektronischer FingerabdruckPhysikalisches SystemPhysikalisches SystemElektronischer FingerabdruckSchlüsselverwaltungPunktMultiplikationsoperatorRandomisierungSensitivitätsanalyseBitEinsEinflussgrößeOrtsoperatorVorlesung/Konferenz
45:25
Theoretische PhysikSensitivitätsanalyseReflektor <Informatik>BitrateFehlermeldungFolge <Mathematik>Strategisches SpielZeitabhängigkeitInformationPhasenumwandlungGeometrische QuantisierungDateiformatSensitivitätsanalyseBitfehlerhäufigkeitInformationEinflussgrößeBitDiagramm
46:28
Vektor <Datentyp>Theoretische PhysikHardwareSystemprogrammierungStandardabweichungVektorraumPhysikalisches SystemMultiplikationsoperatorMaßerweiterungSeitenkanalattackeStandardabweichungComputersicherheitMomentenproblemMAPHardwareLeistung <Physik>Bus <Informatik>EinflussgrößeNatürliche SpracheWeb Site
47:51
Theoretische PhysikRechenwerkGeradeEinfache GenauigkeitInternetworkingProgrammierumgebungKartesische KoordinatenTransportproblemSchaltnetzPhysikalisches SystemCASE <Informatik>ZweiJSONVorlesung/KonferenzBesprechung/Interview
49:13
SteuerwerkCASE <Informatik>PhysikalismusPhysikalisches SystemDreieckDoS-AttackeEinflussgrößeSensitivitätsanalyseKartesische KoordinatenZahlenbereichVorlesung/Konferenz
50:03
ZahlenbereichPhysikalisches SystemInformationsspeicherungRechter WinkelComputersicherheitParametersystemFunktionalProgrammierumgebungSoftwareschwachstellePunktURLSchlüsselverwaltungMUDVorlesung/Konferenz
51:18
RechenwerkTheoretische PhysikKollaboration <Informatik>Physikalisches SystemVektorpotenzialZahlenbereichInformationGeometrische QuantisierungKanalkapazitätJSONVorlesung/Konferenz
52:10
HalbleiterspeicherTheoretische PhysikKanalkapazitätRechenwerkUniformer RaumWechselseitige InformationSchätzfunktionInformationCASE <Informatik>Entropie <Informationstheorie>Geometrische QuantisierungVorwärtsfehlerkorrekturKlassische PhysikNummernsystemDemo <Programm>Vorlesung/KonferenzBesprechung/InterviewDiagrammJSON
53:05
HalbleiterspeicherFaktor <Algebra>ProgrammierumgebungÄhnlichkeitsgeometrieProgrammfehlerElektronischer FingerabdruckVorlesung/KonferenzBesprechung/Interview
53:52
HalbleiterspeicherFrequenzStabilitätstheorie <Logik>InternetworkingE-MailKartesische KoordinatenInformationGravitationAdressraumPhasenumwandlungVorlesung/Konferenz
54:41
RechenwerkTheoretische PhysikHalbleiterspeicherPhysikalismusZahlenbereichSchlüsselverwaltungLaufzeitfehlerProgrammierumgebungBootenPhysikalisches SystemRechenschieberKommunikationsprotokollCoxeter-GruppeCASE <Informatik>AggregatzustandMereologieJSONVorlesung/Konferenz
55:46
HalbleiterspeicherZahlenbereichPersönliche IdentifikationsnummerDemo <Programm>CASE <Informatik>TorsionMAPProgrammierumgebungSchlüsselverwaltungPhysikalisches SystemProzess <Informatik>Produkt <Mathematik>SoftwaretestInternetworkingKartesische KoordinatenVorlesung/Konferenz
58:01
Theoretische PhysikPunktSichtenkonzeptZahlenbereichPhysikalisches SystemComputersicherheitPhysikalismusElektronische PublikationMAPPrototypingDifferenteProfil <Strömung>GruppenoperationPaarvergleichRechenschieberATMIntegralVorlesung/Konferenz
59:24
ZahlenbereichATMStabilitätstheorie <Logik>DifferenteEinfache GenauigkeitPhysikalisches SystemWeb SiteMultiplikationsoperatorElektronischer FingerabdruckEinflussgrößeWeb-SeiteEreignisdatenanalysePRINCE2Vorlesung/Konferenz
01:00:39
HalbleiterspeicherKartesische AbgeschlossenheitVorlesung/KonferenzDiagramm
Transkript: Englisch(automatisch erzeugt)
00:05
Down with the glasses, Lars and Christian.
00:26
All of them work for Espinov of the Ruhr University Bochum. Please welcome them with a huge round of applause.
00:43
Yeah, so thank you very much. Thank you for being here. I'm Christian. The toy one is Lars. Muscle man is David. So yeah, we are coming from Bochum. It's a nice city. It's like two and a half hours away from Leipzig.
01:01
It's very close, more or less. Feisig is a spinoff of the university. We are now like two and a half years old. And this is actually the very first time that we really present insights of our technology. So the research team behind the enclosure path technology is not just V3.
01:21
The major people are also Christoph Pah. He's professor for the chair of embedded security at Ruhr University Bochum. As well as Johannes Tobisch. He's also here, but he's super shy. So he don't want to be unsaid. It's a joke. Three people are enough.
01:41
And ourselves. So you maybe, of course, know Bochum because of the Ruhr University. Specifically because of the horse girls institute for IT security. But you maybe also know Bochum because of Nokia and Oppel. But because we don't have Nokia and Oppel anymore, we also created the Feisig.
02:02
To get all the people. This is not true. It's actually true that we have 26 professors at the HGI. We have more than 100 alumni. And we are one of 15 startups. Where some of them are already no startups anymore. And this is a nice ecosystem for us and for IT security.
02:25
And Bochum there will also be the Max Planck Institute for Cyber Security. And digital privacy, which is pretty nice. We have the European Competent Center for IT Security. We have the Flux Fingers. They are also here. And I guess Bochum is good in publishing real world attacks.
02:44
And real world attacks are also our background. Specifically the real world attacks on embedded systems. And to get an idea of what we are actually doing. When we are not presenting novel technologies like this.
03:02
As I said, implementation attacks for the people who like statistics. Physical unsecure IoT devices are actually the major concern for the IoT. So for the Internet of Things, for all the connected devices. We will have in the near future, which is a real issue.
03:21
However, who likes concrete examples? Of course we have a lot of different attacks. Like mathematical attacks, social engineering. But specifically implementation attacks. And implementation attacks can again be classified in different families.
03:41
Like the active and passive ones. And the passive ones for like side channel attacks. We use just the timing of the algorithms. Electromagnetic emanations or power consumptions. And then maybe some simple analysis or even maybe some statistical analysis. You can easily extract the keys. I will show you some very rough examples later.
04:04
And on the other side we have active attacks. Again the attacker has the device and can maybe inject faults. Maybe with lasers. Maybe with clock glitches, power glitches. Or reverse engineer the entire device. And what is important, these attacks are independent of the algorithms or of the math.
04:24
You can apply them to virtually all ciphers in the field. A little illustration of power or timing analysis.
04:41
Using maybe picoScope or oscilloscope. Or injection faults in the chip. Concrete examples are given here. The credit comes or goes to our chair. To the chair of embedded security. Where my colleagues analyze this kind of attacks like a lot.
05:04
And here you can actually see the calculation of an RSA algorithms. I'm not going into the detail. But they're doing some exponentiations and modular reductions. And to do it more efficient you do reduce the complexity of a multiplication to a squaring if you can.
05:25
And when you do this then you think okay this is nice. Makes it efficient and faster. It's actually a problem when you just take a look on the power consumption. Because you can easily read out the private key. And this is possible when the attacker just has the device.
05:43
And can probe the device. A little bit more expensive attacks are fault injection attacks. Where you shoot with maybe a focus iron beam on the circuit. While the system is actually in operation. And then you create faults.
06:02
And when you compare the results after a faulty operation. You compare it maybe with the correct operation. And then you can also again easily attack such implementations. If you have more interest in this topic. My colleague is also somewhere here.
06:23
Can't see him. He just finished his PhD. So we can call him Dr. Scheinberg. But he's not allowed to call himself Dr. Scheinberg right now. So he's in exactly the stage during the PhD. Anyway. And he's also an expert in doing hardware reverse engineering.
06:46
Where you use acid to open the chip. And then analyze what's inside. Maybe you find weaknesses. Maybe fuses or something you can use to read out keys.
07:01
Or maybe completely reverse engineer the system. Another very interesting attack is the implementation of Trojans. Specifically hardware Trojans into the devices. And here's an example also of a colleague from Buchholmer.
07:21
And he implemented hardware Trojans into a high security USB drive. A high security USB stick. And this is also something we are targeting with the technology we are presenting. So with this knowledge and background. When you are a designer of an embedded system.
07:42
You have to handle it. So this means you have to create systems. Maybe you remember the talk yesterday about smart home hacking. There's a guy that says the company is all the time complaining that it's military-grade security. Maybe they use some primitives like AES or something.
08:01
The military is using as well. But from the physical security point of view. There is actually no military-grade security in the market. Not at all. They are very far away from the stuff the military is actually doing. So however, also in this space like the physical security. We have to go closer into the area of really physically secure the devices.
08:25
And then I would say a classical developer for IoT devices. Will have a very hard time to put all this stuff in the design process. Like developing side-channel resistant algorithms.
08:42
Design a system where you cannot probe data information between two chips. Let's say you have a security element on the device and also a classical microcontroller. And you don't want to manipulate it. Then you have to somehow secure the entire system and not just a single chip.
09:05
So this is a huge problem. And for all these applications, the big question is how to actually protect systems like this from physical attacks. Coming from real IoT devices like smart home systems or alarm systems or something like this.
09:24
Up to financial systems like ATMs or maybe even satellites or other more critical applications. Up to really high security applications. And maybe you remember the vintage verification talk from last year from the CCC.
09:42
From our friends from Princeton University. Actually from the nuclear future labs. They have also some interesting use cases where this technology might be a nice fit. Okay. So at this point, you might be wondering, isn't there anything that exists already that protects our devices against temper?
10:06
And I will give an overview on what exists currently at the market. First of all, four different approaches to guaranteeing temper resilience exist. Being temper resistance in which temper is just made difficult for the attacker.
10:21
Temper evidence where any intrusion attempt must be evident. Going on, temper detection makes sure that a temper is detected and actively reported to the user or owner of a device. And lastly, the highest goal which we are trying to achieve with our solution is temper responsiveness.
10:42
In which countermeasures are automatically engaged once a temper is detected. There is one big standard that at least covers how a temper responsiveness should work in practice. Which is NIST 140-2. And in this standard, four increasing levels of anti-temper security are given.
11:04
And we are trying to reach the highest level which is level 4. And this is required for all highly sensitive environments that the US government has servers or appliances working in. So what does level 4 demand? First of all, any attack must be detected.
11:22
Micro intrusions, environmental attacks where like a deep freeze is conducted. And basically anything that somehow tempers with the physical integrity of the device. Secondly, breaches must zero all CSP. CSP standing for critical security parameters. So your cryptographic materials, your sensitive data, all of this must be deleted in the case of a temper.
11:44
Thirdly, the CSP must be separated from the main system which is something you might already know from red and black systems on hardware protection modules. And lastly, the whole setup must be engulfed in a complete temper detection and response envelope. We will go into detail about that later.
12:02
Sadly, no public benchmarks exist on which attacks are tried out to break around physical temper resistance. So maybe there are some which are classified. We can't access them at the moment though. So coming to temper resilience.
12:21
This is something we will quite commonly see in everyday life. Like the potting of electronic components which is also sometimes done to protect against water damage. Or using totally secure one way screws. I mean there is no way we could get around this, right? Well, we can.
12:42
Obviously, we just need some proprietary tools or a chip away at the electronic potting. So this is not really a solution. However, it just protects against vandalism in public places. It's very cheap and it's widely used. But not what we want for our system. Secondly, there is temper evidence.
13:02
This is something most of you will be familiar with as well. If you try to repair your own phone but you are not allowed to do it. On the upper right hand you can see the typical warranty seals that are used in electronics. So you void your warranty once you remove it. The first real big issue that came up with temper was a main concern.
13:25
Was the Tylenol bottles. I don't know. Does anybody of you know the story behind this? Two or three hands. There was a serial killer in the United States who poisoned these small containers. And as a result they started using these safety seals.
13:44
But same as with the previous approach. Widely used, cheap and ineffective. There is a very nice talk on DEFCON 19 which we highly recommend. Where they go into detail on how to easily circumvent these measures.
14:00
One approach we want to point out because it was mentioned last year. Is shine bright like a glitter nail polish. You can very easily protect your laptop during shipping by just using glitter nail polish. First of all you cover all screw holes of a laptop using stickers. Just off the shelf do what you want stickers.
14:21
And then you cover the rim of the sticker with nail polish. Then you take a high resolution picture of this nail polish. And sign the picture with your private key and upload the photo. So the person receiving the laptop can make another photo and check whether the glitter particles are the same. Quite easy and very effective. However this doesn't guarantee any higher level than temper evidence.
14:45
Coming to temper detection. Now this is the first step where you really need to think about what you're doing. Because having a temper detection means you need some kind of sensor that is able to detect the opening or the tempering of the device.
15:01
You can see on the top is a PCB that has a small photoelectric diode. And as soon as the case is opened and the light shines onto the diode. The system knows that it's been opened and probably tempered with. Several other methods exist as well. Such as switches that just trigger when you open the case and so on.
15:22
The benefit of this is that you don't need complex APIs. You can just have a small switch that can be read out. One way switch and you're done for. And false positives do not destroy the critical security parameters because there's just a notification going out. Maybe the notification might be wrong but that doesn't destroy anything.
15:42
Now that's what we want to achieve. Temper responsiveness. Current solutions are mostly based on meshes that are wrapped around the hardware security module. Because that is where temper is the biggest issue. And if you try to get into the bus lanes of these devices you will destroy that mesh.
16:03
And the capacitance for example of these meshes is different. This can be measured out by a deletion circuit. And that deletion circuit then automatically deletes any information on this device. This is state of the art. This is used by almost all hardware platform modules.
16:21
But there's one big issue or two big issues. First of all you need a battery. If the battery runs out as a last dying breath the system deletes itself. Which is of course not wanted if you just want to store it on a shelf for some months. Secondly you can only protect a very tiny area. Because it's quite hard to engulf a whole system in this mesh due to the need for air and heat spreading.
16:49
So FIPS 140-2 is really hard to obtain. There are only three worldwide modules that fulfill this requirement. And 14 modules have reached this requirement since I think 2005 or something.
17:06
The constant need for power is of course troublesome. And no off the shelf solution currently exists. So you can't get any modules that say hey if you build this into your system you are FIPS 140 level 4 certified.
17:21
This of course makes retrofitting existing machines hard. There are several use cases where it's just desirable to retrofit an old machine. Especially ATMs are highly expensive. Having the vault in the bottom of this ATM where the caches start, moving it, reinstalling something. That's a process you don't want to go through if you want to just plug in a new module that guarantees temper.
17:46
So now coming to where we are at or what we want to achieve. Currently both software and hardware solutions exist that try to verify temper. And our solution which is symbolized by this little red dot tries to go for a new approach that combines hard and software in a clever way.
18:05
While making it easy to redeploy existing devices after being fitted with our solution. Our solution is based on physical disorder. Meaning we want to exploit small effects that are occurring during production.
18:25
Some of you might know that electronic circuits have some small variations that are used to generate or to verify that the system has not been tempered with. And we go into a similar direction. Usually physical disorder is something you don't want.
18:42
You want everything that you produce to be exactly the same. But you'll never be able to due to these microscopic effects that you can see up there. So we're using physically unclonable functions. I'm sure some of you will have heard of them. Could you give me a hand?
19:00
Okay. That's the majority. Nice. So I'll keep it brief. You take a challenge that you throw into some kind of random system and you get a response out. And thus you can build a good old challenge response. We'll focus on just having a weak path. Meaning we have only one challenge and one response. But we are sure that our entropy we have in our physical environment is sufficient.
19:24
The properties are they are very easy to evaluate. But very hard to predict. So you need to be able to conduct an evaluation very quickly. But we're not able to simulate the environment using advanced simulation tools and extract the path response.
19:43
Secondly, they're easy to manufacture but hard to duplicate. So even if you put this thing into a CRT machine and really scan every layer and try to 3D print it or something like that, you won't be able to get the position you need. Now to some mathematical aspects, there exists the notation of algorithmic temper proof.
20:03
Most security goals or most security games that are played in cryptography are based on having mathematical functions that you want to reduce your problem on. And ATP extends this model by saying, okay, but what if we don't have a black box of crypto that we have an input and an output to, but what if we can temper with all of the internals as well.
20:23
And the researchers had three items they wanted to have checked. And then they said, okay, this is algorithmic temper proof. First one, there needs to exist some kind of secure hardware storage in which there is no possible way to read when the system has been tempered with.
20:42
Secondly, the device must be able to self-destroy itself. And thirdly, there must be some kind of hardware that cannot be manipulated by an attacker. It may be read, but it must not be changed.
21:01
And the first criteria has already been fulfilled by some colleagues from Heidelberg that presented on chess in Heidelberg in 2006. They used a small coating that they applied to an integrated circuit. And they were able to apply sensors to the integrated circuit that measure the capacity of the coating.
21:23
So there are 30 of these sensors overall all over the circuit board. And then they shot a small hole using a gallium beam and created a 100 micrometer by 1.5 micrometer hole. And they were able to successfully detect this and have this chip be unusable.
21:45
This is not the resolution we are going for because most solutions we are aware of target the rough military requirement of 300 micrometer hole with a 300 micrometer diameter. This is what we are going to go for as well.
22:02
So now we're coming to our key idea that Christian will present. Okay, perfect. So I guess we learned already a lot. We learned the concerns, the problems. We learned the state-of-the-art solutions. We learned that really wrapping a system in a mesh which can actually detect 300 micrometer holes
22:25
is kind of a goal we want to achieve. And this fifth standard 142 level 4 tells us that we have to do this as a complete envelope around the system. And right now this is only possible for kind of PCBs but not for really entire systems.
22:43
And the idea we are using here coming actually from a completely different area but touches like the concept of physical unclonable functions. So what we are using are actually electromagnetic waves, specifically the propagation effects of waves
23:02
when they touch surfaces in between the transmitter and the receiver and vice versa actually. So these physical effects are very complicated. So there are complex effects like classical, maybe well-known effects like reflection, deflection, absorption, scattering, refraction
23:24
and also some nonlinear effects. And later I will show you maybe a little bit more about these details. But this is the idea. And actually the channel can now be characterized by something called channel impulse response.
23:44
So here you have an example, someone is sending this function s from t and e from t is the function the receiver will receive. And the channel is h from t and this is characterized by exactly the change of the signal.
24:02
And this is the source of entropy which extracts entropy coming from this physical disorder. And we are using channel state information is pretty much or contains pretty much the same information just in a different way.
24:20
It's actually represented in the frequency domain and is in a specific semantic that it fits very well for equalizers and filters, specifically on the receiver side but for modern system also on the transmitter side.
24:43
So we are using now this technology called wireless physical layer security and apply it in an enclosure. So this means we use electromagnetic waves and send them from inside of an enclosure, in the enclosure, in the environment and estimate a fingerprint, so the channel impulse response
25:04
at one or maybe several different antennas. And here we have an example how such a fingerprint looks like just for the magnitude. There are also phase information but we keep this out maybe for simplicity.
25:20
This enclosure can be in this case for example an ECU, so a control module of a car but it can actually be more or less everything. So we did this for ATMs and for a couple of other systems we are actually not allowed to talk about but we can do this also for very more complex structures even if they are moving parts and even if they are temperature changed then it will get more complicated
25:43
but we skipped this just to give you an idea how it actually works. And then a very important part of the algorithm is that we use this enclosure fingerprint to generate a cryptographically usable key with a security level of let's say 128 bit based on a statistic test and or entropy estimator.
26:10
So this is a general idea. And if someone tries to temper the system by maybe drilling a small hole in the case he will automatically destroy the key.
26:22
And maybe a small spoiler here, this is already the self-destruction mechanism David was talking about. So this is a core idea. And now the question is what kind of wavelengths we use. So we use electromagnetic waves.
26:41
You maybe know that depending on the wavelengths you get kind of a bigger or higher resolution as high as the frequency is and as small as the wavelength is and then you can get actually more information out of the environment. So propagation effects are also a function of the wavelengths and there are even more complicated parts but this is I guess like the good basics you have to understand.
27:04
So which of the frequencies are well suited for us? So there's of course a very wide frequency range from very low like 3 kilohertz up to terahertz technology and even up to light frequency space.
27:23
However we are using actually frequencies in the area between 300 megahertz and 60 gigahertz. So we have a wavelength of about 1 meter to let's say up to 1 centimeter. So now the major question is why is this working? We actually know this kind of the rule of thumb
27:42
that changes of electromagnetic wave propagations are somehow related to an object size with the size of the wavelengths. And even if we use 30 gigahertz we have a size of 1 centimeter and then maybe only 1 centimeter change we can achieve.
28:02
So what is the idea here? Why is this actually working? So it's working because we are manipulating the antennas in the way that we extend the near field of the antennas and in this case we can actually go from the wavelength dependency down to a thousandth of a wavelength dependency.
28:21
And when we use let's say just ISM bands which are the only ones we are actually allowed to use due to the regulation we come for example for 433 megahertz from 70 centimeters down to 0.7 millimeter resolution. And when we use 5 gigahertz we can even go down to 6 micrometer resolution.
28:48
And this is good. So what can we do now? So we can actually now achieve an algorithmic temper proof. Why? Because we generate a key, so the blue key here from the inside
29:02
and this key can only be recovered from the inside and when the integrity of this enclosure has not been violated. So if nobody changed something from this. And then we can actually achieve the goal of read proof hardware
29:24
because the key is not stored digitally. The key is the environment and the physics. If you change the physics you destroy the key and therefore you also have the feature of self destruction. And now you can use the key to encrypt stored data
29:40
which are integrity protected in the device and in this nice combination you achieve an algorithmic temper proof. And the interesting features here are actually it's a little bit more complicated but you don't have digital keys anymore stored in the device.
30:01
Of course we have to make a difference if the device is offline and goes in the online state, then it extracts a key of the environment and when the system is online and does some kind of self verification there's another different algorithm working so we have to be a little bit more
30:23
we have to apply a little bit more complex mechanisms here but at the end of the day we don't have to store digital keys. We have to take care of course when in the online case the system gets attacked the key gets erased very fast from the RAM and then we of course have to think about freezing attacks
30:41
and stuff like this. However at the end we can actually somehow achieve the goal. Due to the mechanisms themselves we also don't need a battery for deleting or erasing or zeroization circuit
31:02
because the data, the cryptographic security parameters are all the time encrypted on the device. If the attacker opens the device he can find encrypted data encrypted with the key he already destroyed because he changed the physics of the environment and that's it. And we can show.
31:21
Last we'll show you a very nice demonstration we just prepared for the C3 where we can actually retrofit a very standard hardware in this case a single board computer using very cheap enclosures. So maybe a high level overview for a system
31:45
maybe you have a host system maybe the computer in an ATM and you connect to the secure board or maybe even to the TPM of the source system our Fisac test bed which consists a radio
32:04
with at least two antennas we estimate the channel between sender and receiver and vice versa and to extract a response like the path response and then an algorithm or a mechanism to extract the key out of this fingerprint.
32:22
And this is the thing we need to add to the system of course sometimes we need to add also some kind of sealing or enclosing material around the system this can be aluminium foil but this can also be some kind of small meshes like copper meshes for example which fulfil better air conditioning capabilities
32:44
stuff like this and then a challenge is how to actually securely bring power and data communication inside the system passing the enclosure material.
33:06
So like Christian said now I'm going to show how we can build a log course proof of concept and we brought a demonstrator here so we're leaving the theoretical part mostly
33:22
and going to something more practice. First of all we're going to use physical disorder like mentioned before for generating some enclosure and what we also need is radio enabled commodity hardware with at least two transmitters
33:41
but there also can be more. And as mentioned before we use aluminium foil we have here and we use this cool box it's a lunch box where you can put in noodles or something. So the first proof of concept demonstrator
34:03
is using a Raspberry Pi so it has connected two narrowband radios which are sending in 868 MHz with 2 MHz bandwidth and as enclosure we use smaller one of these boxes
34:24
and aluminium foil but the problem is that the resolution is not so high so we build another one so the demonstrator we bought here. Therefore we use an APU single board computer which is serving our protection module
34:42
it's equipped with antennas, four so we have a 2x2 spatial system NAMO system so it brings us 14 MHz bandwidth at 5.5 GHz so there's more resolution. We're just using for the enclosure these lunch boxes.
35:05
Switching the camera please. So this is our APU here are the antennas four of them and the cool stuff. So we put the APU inside the box
35:23
placing the antenna somewhere and putting in some more enclosure randomness with this aluminium foil putting it just over the system and closing the box with this.
35:43
So we switch to the demonstrator.
36:08
We need to change the screens. Sorry.
36:29
Sorry. Okay. So let's start with the demonstration. So first of all we have three GUIs
36:42
for different demonstrations. Okay. I don't get it. Of course very handy.
37:20
Okay. Okay. Let's try this. So the first GUI is just showing a 3D modulation of what the four spatial channels actually are measuring. So that's how it looks like. Yeah. You can even really fancy move it.
37:44
So you see if we don't doing anything to the system it's relative constant and it's really typical looking yeah for a whole time. So but what if we open the device? When we open the device we see there's happening very much
38:02
and if this we put this away so many thing happens. It doesn't look like before again. And if we put it back here we still see it's not the same like before. So we destroyed the enclosure
38:23
the way how it was before. So this is a very primitive attack. Well we can of course think about an attacker which is more clever. We brought this Angry Birds with us. It's our little needles
38:40
with a tiny angry bird on it. Yeah camera switch maybe. Yeah this one. It's very evil. So this is camera switch again please. This needle is or this bird is very angry and wants to probe maybe some
39:01
buses in our system and wants to go into our system. So we show what happens or how it looks like when this happens. So we have another demonstrator
39:24
which is which is showing or which is using some metrics so we can not just monitor it with our so the changes are persistent and visible.
39:42
Okay. So first of all we are generating some reference values you are seeing now. This shown is the cleaning distance. Maybe some of you know this metric.
40:02
And now we are just comparing all measures which are coming from now on with the first measures. So we see there is a little variance we are measuring. But it's more or less very reliable. So but what if this angry needle comes okay
40:23
inside? There are huge changes in the system. So even if I pull this Angry Birds again off the systems are persistent. It's very good. Visible.
40:42
Okay. So then we have a third GUI which is also showing this in a good evaluation system so how we can generate a key of this because these were just some metrics where you can look at it visually. And now we gonna
41:02
generate a key. First of all we are generating a reference value. Then valid values. So you see the system works. And then we perform a tag again and measure again. the clue idea is now that we
41:23
can generate from the reference and and develop measurement the same key. Yeah that didn't work. It's okay. Yeah. So we see
41:41
when we measure in the beginning we get different or we get a bit error rate from the relevant measurement by 22 percent and a tag bit error rate by 47 percent. Then we are doing some information reconciliation where we used not the optimal
42:02
parameters so we corrected the bit error rate to at 9 percent and after this the strings are hashed into another value so when the information reconciliation doesn't really work well
42:21
so we don't get a bit error rate by 0.0 of course we go to a bit error rate by nearly 0.5 yeah 0.5 well we can optimize this more and more over time so you see the curves above where the white I think is the
42:43
reference measurement we have and the green one is the relevant measurement so they are very similar and the red one is the measurement after the attack so the characteristic really changes a lot and with more parameter optimization
43:02
it is possible to generate a key perfectly yeah
43:36
we are innocent I swear okay it does
43:47
okay so there are some pictures if the demonstrators wouldn't have worked so I skip them and we go to the key extraction how this works and what are the design requirements
44:01
for fingerprints we have three design requirements for fingerprints first of all the key quality the key quality is very important because if we generate a fingerprint where every values are just zeros or ones there isn't really a randomness and if this isn't achieved
44:22
well it's not so good because we want at least 120 it was yeah 128 bits of randomness to be extracted
44:41
the second point which is important is the reliability so if we measure and measure and measure over time we don't want that the system generates different keys so we always want to get the same key generated because when we destroy our own key
45:01
with a false positive that's very bad the last point which is important is sensitivity so we want to detect even the smallest to detect even the smallest attacks and if our system gives us a very good key
45:21
the whole time but doesn't detect any attacks that's very bad yeah so this is reliability versus tempera sensitivity reliability means when we measure again and again we get a very low bit error rate and when an attack is
45:41
happened we just get a very high so this wouldn't get corrected by information reconciliation what we're actually doing is we have a reference measurement we have valid measurements they get quantized
46:02
and after this we do information reconciliation the goal is of course that after this information reconciliation we have the same value in our valid measurement and our reference measurement because after this step the values are hashed
46:21
and so even one wrong bit would lead to a bit error rate by 50% or nearly 50% so I skip this for because time I think so summary we learned three three things first of all
46:41
that physical access enables major attack vectors therefore bus probing which the evil bird should demonstrate and of course some things like side channel attacks power measurement and stuff next thing is that there are
47:01
no system level tempo protection for community hardware existing at the moment on the market so especially no things which are working without battery and the last thing we did was presenting a solution we call enclosure path
47:20
that is based on standard hardware so it's very very cheap and eon we can deploy this on many systems so there aren't new systems to be created
47:40
we can extend IC security and PCB security and it fulfills the ATP criterias so thank you very much
48:01
are there any questions if you do have a question please line up on the microphones if you have a question on the internet just ask on the internet it's fine I think we have one online question single there are two questions okay okay
48:21
there are two questions from the internet the first one is what kind of enclosures are stable enough over a long time and in changing environments for this approach sorry could you repeat that what kind of enclosures are stable enough over a long time and in changing environments for this approach yeah this is a very good question so the reliability
48:41
is actually it's quite dependent on the application so this really depends on the environment if it's an aluminium case it's a case of steel made of steel it's a combination in which environment is it installed do we need to secure the system during transportation
49:00
or just after it gets installed so it's really application dependent the answer is extremely application dependent there's no clear answer second question how difficult is to distinguish between attack and just bumping on the case of the device
49:20
that's a good question this is probably the easiest way to denial of service the system you can just pump on it yeah and this is it's again the same problem then for HSM you can drop an HSM and try to use it afterwards the most
49:41
case is not possible anymore so this is again something where we have to parameterize this triangle I mean key quality is nothing we can really change this is given by the physics and the measurement system but the sensitivity and reliability is something we have to agree on kind of a compromise and this is also dependent
50:01
on the application thanks microphone number one your question hi thanks for the talk I have a question is it possible to have some kind of back door planted into this kind of system some kind I mean like some kind of hole so you can just plug some there we thought
50:20
about this for a moment because if you have a false positive and you destroy your critical security parameters of course this terrible and what we thought about was that we could we initialized the system in a secure environment and it might be possible you can code it to have a function where you can extract
50:40
the legitimate key right of the start and store it in a somewhere safe location so yeah you can back it up if that's the question but having a typical back door that enables us yeah we can just apply some kind of temper that will go undetected that's not something we ever built
51:01
yeah sorry the question is can you have excuse me one question yeah not a back door itself but maybe some kind of weak point some later someone else can do this kind of probe and extract your keys afterwards so you got nope not that we
51:20
know that we planned to do so no I mean I mean we are also very open to search for collaboration specifically for partners to try to attack the system I mean as I said my shy colleague Johannes he's doing nothing else and trying to attack the system and until
51:41
now we didn't found any potential useful attack yeah but I mean of course we could add back doors but this is nothing we will do alright microphone number two your question hi Christian nice work just few questions how do you calculate the secrecy capacity for the
52:00
entropy and what do you use for quantization information reconciliation all our secrets from the company are asked so mutual information is estimated by a k-nearest neighbour mutual information estimator and then we subtract just mutual
52:21
information by potential attack from the mutual information between so x is the reference and y is the legitimate case y z is attack and this is how we calculate the capacity and as I said we use a k-nearest neighbour entropy
52:41
estimator which is also so if you so all your questions yeah answered in my dissertation for quantization we use equal distributed quantization scheme and for information reconciliation we use a fuzzy extractor based on classical error correction codes yeah with a good parameterization
53:01
which doesn't work in the demo but yeah good question thank you yeah can you do converse like I have ordered a thousand chips from a factory can I show that they're actually equal and not contain any hidden
53:20
bug so this is a question where we really like people who are sponsoring our work by sending us one thousand chips and then we can figure this out what we did do however is we evaluated 100 different environments that were all equally constructed we can talk
53:40
about this in more detail later on but we did evaluate 100 different environments that were only slightly different and no two fingerprints were even similar signal angel any more questions from the net two other questions from the internet the first one the method requires a precise clock
54:00
for frequency stability is there any mitigation to compensate for high gravity applications I didn't really understand it sorry can you repeat it the method requires a precise clock for frequency stability is there any mitigation to compensate for high quality applications
54:20
yeah so yeah I mean this is one of the biggest problems we we need to solve we can talk about this topic offline yeah so if you want to know how to maybe correct face information or stuff like this you can write an email we just we we have this email address
54:41
35 C 3 at Physic D and then we can maybe talk about this this offline microphone number two hi thanks for the great work actually what you presented here was only detection of problems at boot not in the
55:00
runtime so actually I can boot the system open it and probably for the for the keys please state your question so what do you have any any counter attacks yes yeah I mean this is a good comment and this is something I
55:21
I mean I said at one slide maybe you remember that there are two protocols one protocol when you were coming from the offline to the online case and then one protocol which evaluates the environment during runtime which is not part of this presentation I think to answer this
55:40
question properly it makes also sense to talk about this maybe offline if it's okay yeah my from number one your question so in your pin demo what have you done to make sure that the camper trigger is actually based on the presence of the hole or the pin or probe or so on rather than
56:01
deformation of the entire case we can't actually so when you do some torsion of the case you will destroy the key so depending on the decoupled systems where maybe influences from the outside are
56:21
not changing the enclosure inside so I would say very nice are you sure that you've actually measured the presence of a hole rather than deformation of the case in your tests so in this demo I'm not sure yeah but in our lab environment I'm pretty sure because
56:40
we fixed everything and everything is fixed but yeah hello angel question from the internet how can I trust the system that during production the physical key was not extracted by the manufacturer as it is not changeable by the owner of
57:00
the system yeah this is a very good question and it's not a question we can actually answer with this technology in general I mean we can think about solutions trustworthiness by the manufacturers but we could also think about something like the initialization of the system is not done in the manufacturing
57:20
process but afterwards or maybe partly somehow but this is I would say this is a general problem for manufacturing there's one solution we thought about and that is that the system comes delivered in an uninitialized stage and
57:41
then you as the end user yeah you did it you put something in that wasn't in there before and there are several things you could think about like metal meshes that you as a user as final user just insert and pick yourself so this is something the manufacturer cannot guess
58:01
thanks microphone number two how does this system compare to the one published by from my point of view or as I understood it just measures the integrity of foil that is wrapped around instead of the whole
58:22
like physical sizes that seems more reliable to me how does your system compare with that so maybe you saw the reference in our slides so Vincent Imla and his group was in our reference so as we said the difference is the PCB level and the system
58:40
level so when you wrap a foil around an entire system and this I mean the prototype system was like this big you will have huge problems I mean when you think about an ATM to put foil around it it will be very complicated
59:00
so I think this is the biggest differences between like PCB or chip level security and system level security is basically what we do but it's still comparable so you mean it's difficult to foil around a large system yes exactly and then
59:20
heat problems and stuff like this microphone number two again I think you were first thank you for me it seems like this is really really even more than temperature sensitive how temperature yeah I would think it would change a lot so if you're wrapping a whole ATM
59:40
that does get warm someone bumps against it it seems like you're gonna have your data removed like every single day yeah so Johannes is like nothing because this is kind of his current so yeah I mean temperature stability must be given somehow we can extract fingerprints for different temperatures we have
01:00:01
We have a resolution of about one degree. So when we change the temperature of one degree, we kind of have to reinitialize the system. We have to take care that this is given. We can do this in the initialization phase, but this is something important. And we did a lot of measurements with cooling chambers to do exactly this, yeah.
01:00:25
I mean, when you reinitialize the system for the different temperatures, you achieve the reliability, yeah. Okay, thank you. By the way, you're missing a site on page 21, sorry. Thank you very much. All right, we're out of time for this talk.
01:00:43
Are you guys still around for further questions? Yeah. In the building, I mean. Okay, cool. If you, well, first of all, thank you.