We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Tales from Hardware Security Research

8
 Cite
 Share
 Related Material
 Download
 Purchase
Logo of Chaos Computer Club e.V.Chaos Computer Club e.V.
 Obermaier, Johannes Schink, Marc

Formal Metadata

Title
Tales from Hardware Security Research
Subtitle
From Research over Vulnerability Discovery to Public Disclosure
Title of Series
Number of Parts
102
Author
License
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Almost every microcontroller features firmware readout protection. It aims at securing the code, algorithms, and cryptographic keys against unauthorized access. Despite datasheets are promising strong security, our research shows that this is often far from being true. In this talk we want to shed light onto the "why?" and especially "how?" we approach the security testing of such protection mechanisms. Furthermore, we will talk about our attempts, discussions, and hassles from the vulnerability disclosure process - from successful ones to dead ends. Since several years, we, Johannes and Marc, do practical research in the field of embedded system security at a research institute. In this talk, we want to give an insight into the daily work as hardware security researchers. This ranges from giving recommendations on how to secure systems up to verifying microcontroller security in real environments. However, no practical experience and information on the resilience of common microcontrollers is publicly available - a gap we want to close. Especially when trying to make use of the integrated security features, their effectiveness often collapses quickly due to design weaknesses. Our focus lies on firmware protection mechanisms since they often are the root of security in embedded systems. During our research we were able to circumvent several mechanisms implemented from different manufacturers. In most cases, each attack requires only low-priced equipment, thereby increasing the impact of each weakness and resulting in a severe threat altogether. We will present one of those attacks, which can be performed within minutes, on stage. Due to the severe impact of these results, we immediately informed the manufacturers in a coordinated disclosure process. However, this is often not as simple as expected and maybe even risky. In this talk we will shortly state the chosen approach and will then compare our expectations on coordinated disclosure with the real reactions of the addressed manufacturers - ranging from a friendly discussion, over tricking-into-NDA, up to ghosting. Finally we will give some ideas on how to read between the lines in datasheets. Additionally, we will outline the legal gray area of applied security research in academia.