We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Tales from Hardware Security Research

8
 Zitieren
 Teilen
 Zugehöriges Material
 Herunterladen
 Bestellen
Logo von Chaos Computer Club e.V.Chaos Computer Club e.V.
 Obermaier, Johannes Schink, Marc

Formale Metadaten

Titel
Tales from Hardware Security Research
Untertitel
From Research over Vulnerability Discovery to Public Disclosure
Serientitel
Anzahl der Teile
102
Autor
Lizenz
CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Almost every microcontroller features firmware readout protection. It aims at securing the code, algorithms, and cryptographic keys against unauthorized access. Despite datasheets are promising strong security, our research shows that this is often far from being true. In this talk we want to shed light onto the "why?" and especially "how?" we approach the security testing of such protection mechanisms. Furthermore, we will talk about our attempts, discussions, and hassles from the vulnerability disclosure process - from successful ones to dead ends. Since several years, we, Johannes and Marc, do practical research in the field of embedded system security at a research institute. In this talk, we want to give an insight into the daily work as hardware security researchers. This ranges from giving recommendations on how to secure systems up to verifying microcontroller security in real environments. However, no practical experience and information on the resilience of common microcontrollers is publicly available - a gap we want to close. Especially when trying to make use of the integrated security features, their effectiveness often collapses quickly due to design weaknesses. Our focus lies on firmware protection mechanisms since they often are the root of security in embedded systems. During our research we were able to circumvent several mechanisms implemented from different manufacturers. In most cases, each attack requires only low-priced equipment, thereby increasing the impact of each weakness and resulting in a severe threat altogether. We will present one of those attacks, which can be performed within minutes, on stage. Due to the severe impact of these results, we immediately informed the manufacturers in a coordinated disclosure process. However, this is often not as simple as expected and maybe even risky. In this talk we will shortly state the chosen approach and will then compare our expectations on coordinated disclosure with the real reactions of the addressed manufacturers - ranging from a friendly discussion, over tricking-into-NDA, up to ghosting. Finally we will give some ideas on how to read between the lines in datasheets. Additionally, we will outline the legal gray area of applied security research in academia.