G53SEC - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

G53SEC

Description:

Credit Cards - Magnetic Stripes - Chip & PIN - RFID (Radio Frequency Identification) ... access cards. Payment - Motorway charges - Gas stations - Small ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 25
Provided by: csNo
Category:
Tags: g53sec | card | credit | gas

less

Transcript and Presenter's Notes

Title: G53SEC


1
G53SEC
Hardware Security The (slightly) more tactile
side of security
1
2
G53SEC
  • Overview of Todays Lecture
  • Hardware vs. Software Security
  • Attacks, Threats and Attackers
  • Security Categories
  • Examples

2
3
G53SEC
  • Hardware Security vs. Security So Far
  • Different Landscape
  • Threats
  • Attackers
  • Attacks
  • As important as software/network security

3
4
G53SEC
  • Threat Vectors
  • Interception
  • - Gain access to information without interfering
    with system
  • Interruption
  • - Prevention of system functionality
  • Modification
  • - Invasive tampering
  • Fabrication
  • - Counterfeiting

4
5
G53SEC
Attackers Class 0 Script Kiddies Class I
Clever Outsider - Intelligent, limited knowledge
of target - Usually through a known
weakness Class II Knowledgeable Insider -
High-tech expertise - Advanced tools and
instruments Class III Funded Organisation -
Specialists with lots of funding - Most advanced
tools and analysis
5
6
G53SEC
  • Attacks
  • Insider Attack
  • - e.g. Laid-off employee
  • Lunchtime Attack
  • - Performed during a small window of opportunity
  • - e.g. during coffee break
  • Focused Attack
  • - Plenty of time, money and resources

6
7
G53SEC
  • Attacks
  • Invasive Attacks
  • - e.g. Hardware reverse engineering
  • Semi-invasive Attacks
  • - e.g. Heating
  • Non-Invasive Attacks
  • - e.g. EM radiation observation

7
8
G53SEC
  • Security Categories
  • Physical
  • Logical
  • Environmental
  • Operational

8
9
G53SEC
  • Physical Security
  • Tampering
  • An (physical) interference of a harmful nature
  • Tamper Mechanisms
  • Strive to prevent an attempt by an attacker to
    perform unauthorised physical or electronic action

9
10
G53SEC
  • Tamper Mechanisms
  • Tamper Resistance
  • - Special materials
  • Tamper Evidence
  • - Visible evidence left behind after tampering
  • Tamper Detection
  • - Hardware is aware of tampering
  • Tamper Response
  • - Countermeasures upon detection

10
11
G53SEC
  • Physical Attacks
  • Invasive
  • - Direct access to embedded components (e.g. cpu)
  • Micro probing, reverse engineering, memory
    readout techniques (e.g. freezing)
  • Require lot of time, knowledge and resources
  • Semi-invasive (integrated chip cards)
  • - UV lights, x-rays, laser, EM field, heating
  • - Optical fault induction (SRAM illumination)
  • - Low cost, easy reproduction on same target

11
12
G53SEC
Physical Attacks Micro-probing station
Modified Circuit Source Cambridge Security
Lab
12
13
G53SEC
  • Logical Security
  • Access Control
  • Cryptographic Algorithms
  • Cryptographic Protocols

13
14
G53SEC
  • Logical Attacks
  • Non-Invasive
  • No Physical Damage
  • Monitoring/Eavesdropping
  • TEMPEST attacks
  • Side Channel Attacks
  • Timing Analysis
  • Power Analysis
  • Fault Analysis

14
15
G53SEC
  • Logical Attacks
  • Software Attacks API
  • No specialised equipment needed
  • Very fast
  • Issues
  • - Integrity of keys
  • - Function parameter checking
  • - Security policy enforcement

15
16
G53SEC
  • Environmental Security
  • Device itself is the asset
  • Goal limit attackers possibilities by
    creating layers of hindrance (e.g. access)
  • Administrative controls should be part of
    security policy

16
17
G53SEC
  • Operational Security
  • Security risks related to operation of hardware
  • Closely related to last weeks lecture
  • Example ATMs
  • Users knowledge of
  • - Real vs. Fake card reader
  • - Keypad operation
  • - PIN Safeguarding
  • - Latest attacks

17
18
G53SEC
  • Hardware Security Modules
  • For secure generation and storage of crypto
    information
  • Often physically tamper resistant
  • Sometimes have H/W cryptographic acceleration
  • Sometimes have special trusted peripherals
  • (e.g. card readers, key pads, etc..)
  • Example Banks
  • ATMs
  • Pre-payment electricity meters

18
19
G53SEC
  • Examples
  • Credit Cards
  • - Magnetic Stripes
  • - Chip PIN
  • - RFID (Radio Frequency Identification)

19
20
G53SEC
Examples Chip PIN relay attack Source
Cambridge Security Lab
20
21
G53SEC
  • Examples
  • RFID Radio Frequency Identification
  • Originally developed as the Barcode of the
    future
  • Now used as
  • - Inventory control
  • - Logistics and supply chain management
  • Physical access cards
  • Payment - Motorway charges
  • - Gas stations
  • - Small items in shop

21
22
G53SEC
Examples Future - Embedded in all kinds of
devices - From clothing, to all products we
buy e.g. Milk that will tell fridge when it is
expired Issues - Privacy - Security RFID
was not designed with security in mind!!
22
23
G53SEC
  • Examples
  • Susceptible to Power Analysis attacks
  • Can be susceptible to Cloning attacks
  • Susceptible to Relay attacks
  • Is your cat infected with a computer virus?

23
24
G53SEC
  • Remember
  • H/W security as important as other security
    aspects
  • H/W security devices do not solve security
  • Many attacks exist
  • Many more problems are on the way
  • Because Security added as an afterthought

24
Write a Comment
User Comments (0)
About PowerShow.com