Protecting Data In-Use from Firmware and Physical Attacks

Presented at Black Hat USA 2014, Aug. 6, 2014, 2:50 p.m. (25 minutes)

Recent revelations of the NSA ANT program illustrated the many well-known and low-cost physical and firmware attacks that can compromise data in-use and system integrity. These attacks have become more concerning as more computing infrastructure runs outside an organization's physical control. This talk will review several such attacks, including SMM bootkits, "cold booting," and malicious devices. We'll discuss several existing tools and technologies that can mitigate these risk such as Trusted Execution Technology (TXT) and memory encryption technologies. We will also discuss how upcoming technologies such as Software Guard Extensions (SGX), Enhanced Privacy ID (EPID), and TPM 2.0 can help protect against firmware and physical threats.

Presenters:

  • Steve Weis - PrivateCore
    Steve Weis is CTO and Co-Founder of PrivateCore and is an expert in information security and cryptography. Steve was previously a technical director at AppDirect and a senior engineer at Google, where he created the KeyCzar cryptographic library and Google's two-step verification. Steve has a PhD from MIT with a focus on cryptography, authentication, and privacy-enhancing technology.

Links:

Similar Presentations: