KEYNOTE: On Hardware Hacking and Turtles

Presented at ToorCon San Diego 2021, Oct. 13, 2021, 10 a.m. (50 minutes).

Hardware hacking is usually associated with soldering irons and wires, with the PCB being the primary attack surface. In reality, it's turtles all the way down: the deeper you dig, the more opportunities for attack emerge. I'll give a whirlwind tour of the incredibly diverse field of hardware hacking, including how transistors emit light and leak secrets, how to simulate hardware faults, and how you may spend most of your time dealing with software. I'll discuss how some attacks need a professional lab, but many can be done on a limited budget. This talk should allow anyone with a general technical background to walk away with an insight into what all this "hardware hacking" can mean.

.


Presenters:

  • Jasper van Woudenberg
    Jasper (@jzvw) currently is CTO for Riscure North America and half of the authors of the "Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks". He works with Riscure's San Francisco based team to improve embedded device security through innovation. As CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America's technical and innovation activities. Jasper's interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master's degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security. At Riscure, Jasper's expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America's pentesting teams and has a special interest in combining AI with security research. Jasper's eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision and academic publications. Jasper has spoken at many security conferences including BlackHat briefings and trainings, Intel Security Conference, RWC, RSA, EDSC, BSides SF, Shakacon, ICMC, Infiltrate, has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, has reviewed papers for CHES and JC(rypto)EN, and has given invited talks at Stanford, NPS, GMU and the University of Amsterdam. Specialties: embedded security, side channel analysis, fault injection, binary code analysis, security evaluations of {mobile phones, smart cards, set-top-boxes}, network penetration testing, code reviews.

Links:

Similar Presentations: