Hardware Root of Mistrust

Presented at TROOPERS17 (2017), March 22, 2017, 1:30 p.m. (Unknown duration)

We aren't sure whether it's because software hardening has been wildly successful or just deemed a lost cause, but implementation and adoption of hardware-based security devices has picked up in recent years. We now have TPMs in our systems to secure our full disk encryption keys. We carry authentication tokens not only to secure our banking and corporate VPN connections, but also to access everything from cloud services to social networking. We have PCs that implement a secure booting mechanism.

While we've separated these ‘trusted' hardware components so that they might be more reliable, we will present 5 scenarios where trusted hardware can be MITM'd, modified, or counterfeited easily. In each case, we've undermined intended security assumptions made by their designers and users. In addition to covering technical details about our modifications and counterfeit designs, we'll explore a few attack scenarios for each. We'll conclude with a few recommendations on how to decide whether or not you should trust your hardware security module of choice.

Presenters:

• Michael Leibowitz / @r00tkillah   as Michael Leibowitz
  Michael (@r00tkillah) has done hard-time in real-time. An old-school computer engineer by education, he spends his days championing product security for a large semiconductor company. Previously, he developed and tested embedded hardware and software, dicked around with strap-on boot roms, mobile apps, office suites, and written some secure software. On nights and weekends he hacks on electronics, writes Troopers CFPs, and contributes to the NSA Playset.
• Joe FitzPatrick / @securelyfitz   as Joe FitzPatrick
  Joe (@securelyfitz) is an Instructor and Researcher at https://SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spend the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks on x86 or Embedded Systems, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

Links:

• https://troopers.de/troopers17/talks/751-hardware-root-of-mistrust/
• https://infocon.org/cons/TROOPERS/TROOPERS 2017/Hardware Root of Mistrust Joseph FitzPatrick Michael Leibowitz.mp4

Similar Presentations:

• Black Hat Europe 2018 / A Measured Response to a Grain of Rice
• DEF CON 25 (2017) / Secure Tokin' and Doobiekeys: How to roll your own counterfeit hardware security devices
• DEF CON 12 (2004) / Advanced Hardware Hacking: Designs and Attacks of Secure Hardware