Doing Bad Things to 'Good' Security Appliances

Presented at DEF CON 21 (2013), Aug. 3, 2013, 2:30 p.m. (50 minutes).

The problem with security appliances is verifying that they are as good as the marketing has lead you to believe. You need to spend lots of money to buy a unit, or figure out how to obtain it another way; we chose eBay. We now have a hardened, encrypted, AES 256 tape storage unit and a mission, break it every way possible! We're going to dive into the finer points of the pain required to actually evaluate and disassemble a harden security appliance. We'll be delving into such fun topics as epoxy melting, de-soldering, ROM chip reading, FGPA configuration recreation, Verilog decoding, recovering the various key strands that keep the device/data secure, and any other topics we end up straying into.

Presenters:

• Mark Carey / Phorkus - Chief Scientist, Peak Security   as Phorkus (Mark Carey)
• Rob Bathurst / Evilrob - That Guy   as Evilrob (Rob Bathurst)
  Evilrob (Rob Bathurst) is a Security and Network Engineer with over 12 years of experience with large multi-national network architecture and security engineering. His focus is on network security architecture, tool development, and high-assurance device reverse engineering. Rob has published multiple internal corporate and government whitepapers across multiple security domains, written a book on Hacking OS X, and is currently working on his Master's Degree at the University of Oxford.

Links:

• https://defcon.org/html/defcon-21/dc-21-speakers.html#Phorkus
• https://infocon.org/cons/DEF CON/DEF CON 21/DEF CON 21 video and slides/DEF CON 21 - Phorkus and Evilrob - Doing Bad Things to 'Good' Security Appliances - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=KlV3_HaBpbs

Similar Presentations:

• Black Hat USA 2013 / Methodologies of Hacking Embedded Security Appliances
• TROOPERS18 (2018) / Security Appliances Internals