Presentation is loading. Please wait.

Presentation is loading. Please wait.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.

Published bySkylar Wylde Modified over 9 years ago

Similar presentations

Presentation on theme: "G53SEC 1 Hardware Security The (slightly) more tactile side of security."— Presentation transcript:

1 G53SEC 1 Hardware Security The (slightly) more tactile side of security

2 G53SEC Overview of Today’s Lecture: Hardware vs. Software Security Attacks, Threats and Attackers Security Categories Examples 2

3 G53SEC Hardware Security vs. Security So Far: Different Landscape - Threats - Attackers - Attacks As important as software/network security 3

4 G53SEC Threat Vectors: Interception - Gain access to information without interfering with system Interruption - Prevention of system functionality Modification - Invasive tampering Fabrication - Counterfeiting 4

5 G53SEC Attackers: Class 0 – Script Kiddies Class I – Clever Outsider - Intelligent, limited knowledge of target - Usually through a known weakness Class II – Knowledgeable Insider - High-tech expertise - Advanced tools and instruments Class III – Funded Organisation - Specialists with lots of funding - Most advanced tools and analysis 5

6 G53SEC Attacks: Insider Attack - e.g. Laid-off employee Lunchtime Attack - Performed during a small window of opportunity - e.g. during coffee break Focused Attack - Plenty of time, money and resources 6

7 G53SEC Attacks: Invasive Attacks - e.g. Hardware reverse engineering Semi-invasive Attacks - e.g. Heating Non-Invasive Attacks - e.g. EM radiation observation 7

8 G53SEC Security Categories: Physical Logical Environmental Operational 8

9 G53SEC Physical Security: Tampering “An (physical) interference of a harmful nature” Tamper Mechanisms: Strive to prevent an attempt by an attacker to perform unauthorised physical or electronic action 9

10 G53SEC Tamper Mechanisms: Tamper Resistance - Special materials Tamper Evidence - Visible evidence left behind after tampering Tamper Detection - Hardware is aware of tampering Tamper Response - Countermeasures upon detection 10

11 G53SEC Physical Attacks: Invasive - Direct access to embedded components (e.g. cpu) - Micro probing, reverse engineering, memory readout techniques (e.g. freezing) - Require lot of time, knowledge and resources Semi-invasive (integrated chip cards) - UV lights, x-rays, laser, EM field, heating - Optical fault induction (SRAM illumination) - Low cost, easy reproduction on same target 11

12 G53SEC Physical Attacks: Micro-probing station: 12 Modified Circuit: Source: Cambridge Security Lab

13 G53SEC Logical Security: Access Control Cryptographic Algorithms Cryptographic Protocols 13

14 G53SEC Logical Attacks: Non-Invasive No Physical Damage Monitoring/Eavesdropping - TEMPEST attacks - Side Channel Attacks - Timing Analysis - Power Analysis - Fault Analysis 14

15 G53SEC Logical Attacks: Software Attacks – API - No specialised equipment needed - Very fast Issues: - Integrity of keys - Function parameter checking - Security policy enforcement 15

16 G53SEC Environmental Security: Device itself is the asset Goal – limit attacker’s possibilities by creating layers of hindrance (e.g. access) Administrative controls should be part of security policy 16

17 G53SEC Operational Security: Security risks related to operation of hardware Closely related to last week’s lecture Example: ATMs User’s knowledge of: - Real vs. Fake card reader - Keypad operation - PIN Safeguarding - Latest attacks 17

18 G53SEC Hardware Security Modules: For secure generation and storage of crypto information Often physically tamper resistant Sometimes have H/W cryptographic acceleration Sometimes have special “trusted” peripherals (e.g. card readers, key pads, etc..) Example: Banks - ATMs - Pre-payment electricity meters 18

19 G53SEC Examples: Credit Cards - Magnetic Stripes - Chip & PIN - RFID (Radio Frequency Identification) 19

20 G53SEC Examples: Chip & PIN relay attack: Source: Cambridge Security Lab 20

21 G53SEC Examples: RFID – Radio Frequency Identification Originally developed as the “Barcode of the future” Now used as - Inventory control - Logistics and supply chain management - Physical access cards - Payment - Motorway charges - Gas stations - Small items in shop 21

22 G53SEC Examples: Future: - Embedded in all kinds of devices - From clothing, to all products we buy e.g. Milk that will tell fridge when it is expired Issues: - Privacy - Security – RFID was not designed with security in mind!! 22

23 G53SEC Examples: Susceptible to Power Analysis attacks Can be susceptible to Cloning attacks Susceptible to Relay attacks “Is your cat infected with a computer virus?” 23

24 G53SEC Remember: H/W security as important as other security aspects H/W security devices do not solve security Many attacks exist Many more problems are on the way Because – Security added as an afterthought 24

Download ppt "G53SEC 1 Hardware Security The (slightly) more tactile side of security."

Similar presentations

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Direct Attacks on Computational Devices

Direct Attacks on Computational Devices
HARDWARE INPUT DEVICES ITGS. Strand 3.1 Hardware Input Devices Keyboards Pointing devices: Mice Touch pads Reading tools: Optical mark recognition (OMR)

HARDWARE INPUT DEVICES ITGS. Strand 3.1 Hardware Input Devices Keyboards Pointing devices: Mice Touch pads Reading tools: Optical mark recognition (OMR)
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.

G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Ravi Vasdev 2210259 SEMINAR ON. WHAT ARE EMBEDDED SYSTEMS  THESE ARE SINGLE BOARD COMPUTERS  THESE ARE ELECTRONIC DEVICES THAT INCORPORATE MICROPROCESSORS.

Ravi Vasdev SEMINAR ON. WHAT ARE EMBEDDED SYSTEMS  THESE ARE SINGLE BOARD COMPUTERS  THESE ARE ELECTRONIC DEVICES THAT INCORPORATE MICROPROCESSORS.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
CPE 5002 Network security. Look at the surroundings before you leap.

CPE 5002 Network security. Look at the surroundings before you leap.

Similar presentations

Ads by Google