On the susceptibility of Texas Instruments SimpleLink platform microcontrollers to non-invasive physical attacks

We investigate the susceptibility of the Texas Instruments SimpleLink platform microcontrollers to non-invasive physical attacks. We extracted the ROM bootloader of these microcontrollers and then analysed it using static analysis augmented with information obtained through emulation. We demonstrate a voltage fault injection attack targeting the ROM bootloader that allows to enable debug access on a previously locked microcontroller within seconds. Information provided by Texas Instruments reveals that one of our voltage fault injection attacks abuses functionality that is left over from the integrated circuit manufacturing process. The demonstrated physical attack allows an adversary to extract the firmware (i.e. intellectual property) and to bypass secure boot. Additionally, we mount side-channel attacks and differential fault analysis attacks on the hardware AES co-processor. To demonstrate the practical applicability of these attacks we extract the firmware from a Tesla Model 3 key fob. This paper describes a case study covering Texas Instruments SimpleLink microcontrollers. Similar attack techniques can be, and have been, applied to microcontrollers from other manufacturers. The goal of our work is to document our analysis methodology and to ensure that system designers are aware of these vulnerabilities. They will then be able to take these into account during the product design phase. All identified vulnerabilities were responsibly disclosed

Differential Power Analysis Resistant Hardware Implementation Of The Rsa Cryptosystem

Tez (Yüksek Lisans) -- İstanbul Teknik Üniversitesi, Fen Bilimleri Enstitüsü, 2007Thesis (M.Sc.) -- İstanbul Technical University, Institute of Science and Technology, 2007Bu çalışmada, RSA kripto sistemi donanımsal olarak gerçeklenmiş ve daha sonra bir Yan-Kanal Analizi çeşidi olan Diferansiyel Güç Analizi (DGA) ile yapılacak saldırılara karşı dayanıklı hale getirilmiştir. RSA kripto sisteminde şifreleme ve şifre çözmede modüler üs alma işlemi yapılır: M^E(mod N). Bu çalışmadaki RSA kripto sisteminde, Xilinx Sahada Programlanabilir Kapı Dizisi (FPGA) donanım olarak kullanılmıştır. Modüler üs alma işlemi, art arda çarpmalar ile yapılır. Bu gerçeklemede kullanılan Montgomery modüler çarpıcı, Elde Saklamalı Toplayıcılar ile gerçeklenmiştir. Saldırgan, Güç Analizi yaparak kripto sistemin gizli anahtarını ele geçirebilir. Bu tezde ilk gerçekleştirilen RSA devresi DGA’ya karşı korumasızdır. XCV1000E üzerinde gerçeklendiğinde, 81,06 MHz maksimum saat frekansı, 104,85 Kb/s işlem hacmi ve 4,88 ms toplam üs alma süresine sahip olduğu ve 9037 dilimlik alan kapladığı görülmüştür. Itoh ve diğ. tarafından önerilen Rastgele Tablolu Pencere Yöntemi (RT-WM) algoritması ile RSA şifreleme algoritmasına getirilen değişiklik, algoritmik karşı durma yöntemlerinden biridir ve donanım üzerinde gerçeklenmemiştir. Yapılan ikinci gerçeklemede, ilk gerçeklemenin üzerine bu algoritmanın getirdiği değişiklikler uygulanmıştır. RT-WM’nin donanım gerçeklemesi, 512-bit anahtar uzunluğu, 2-bit pencere genişliği ve 3-bitlik bir rastgele sayı kullanarak, XCV1000E üzerinde yapıldığında, 66,66 MHz maksimum saat frekansı, 84,42 Kb/s işlem hacmi ve 6,06 ms toplam üs alma süresine sahip olduğu ve XCV1000E içinde hazır bulunan blok SelectRAM yapısının kullanılmasıyla birlikte 10986 dilimlik alan kapladığı görülmüştür. Korumalı gerçekleme, korumasız ile karşılaştırıldığında, toplam sürenin %24,2 arttığı, işlem hacminin de %19,5 azaldığı görülmektedir.In this study, RSA cryptosystem was implemented on hardware and afterwards it was modified to be resistant against Differential Power Analysis (DPA) attacks, which are a type of Side-Channel Analysis Attacks. The encryption and decryption in an RSA cryptosystem is modular exponentiation. In this study, Xilinx Field Programmable Gate Array (FPGA) devices have been used as hardware. Modular exponentiation is realized with sequential multiplications. The Montgomery modular multiplier in this implementation has been realized with Carry-Save Adders. By doing a Power Analysis, the attacker can extract the secret key of the cryptosystem. In this thesis, the primarily implemented RSA circuit is unprotected against DPA attacks. Implemented on XCV1000E, it has 81,06 MHz maximum clock frequency, 104,85 Kb/s of throughput, and 4,88 ms of total exponentiation time, occupying an area of 9037 slices. The modification to the RSA encryption algorithm that comes with the Randomized Table Window Method (RT-WM), proposed by Itoh et al., is one of the algorithmic countermeasures against DPA and has not been implemented on hardware. Realized using 512-bit key length, 2-bit window length, and, a 3-bit random number, on XCV1000E, the RT-WM hardware implementation resulted in 66,66 MHz maximum clock frequency, 84,42 Kb/s of throughput, and 6,06 ms of total exponentiation time and occupied an area of 10986 slices with the use of the built-in block SelectRAM structure inside XCV1000E. When comparing the protected implementation with the unprotected, it can be seen that the total time has increased by 24,2% while the throughput has decreased 19,5%.Yüksek LisansM.Sc

Compromising emissions from a high speed cryptographic embedded system

Specific hardware implementations of cryptographic algorithms have been subject to a number of “side channel” attacks of late. A side channel is any information bearing emission that results from the physical implementation of a cryptographic algorithm. Smartcard realisations have been shown to be particularly vulnerable to these attacks. Other more complex embedded cryptographic systems may also be vulnerable, and each new design needs to be tested. The vulnerability of a recently developed high speed cryptographic accelerator is examined. The purpose of this examination is not only to verify the integrity of the device, but also to allow its designers to make a determination of its level of conformance with any standard that they may wish to comply with. A number of attacks were reviewed initially and two were chosen for examination and implementation - Power Analysis and Electromagnetic Analysis. These particular attacks appeared to offer the greatest threat to this particular system. Experimental techniques were devised to implement these attacks and a simulation and micrcontroller emulation were setup to ensure these techniques were sound. Each experimental setup was successful in attacking the simulated data and the micrcontroller circuit. The significance of this was twofold in that it verified the integrity of the setup and proved that a real threat existed. However, the attacks on the cryptographic accelerator failed in all cases to reveal any significant information. Although this is considered a positive result, it does not prove the integrity of the device as it may be possible for an adversary with more resources to successfully attack the board. It does however increase the level of confidence in this particular product and acts as a stepping stone towards conformance of cryptographic standards. The experimental procedures developed can also be used by designers wishing to test the vulnerability of their own products to these attacks

Securing Software as a Service Model of Cloud Computing: Issues and Solutions.

ABSTRAC

Stream ciphers for secure display

In any situation where private, proprietary or highly confidential material is being dealt with, the need to consider aspects of data security has grown ever more important. It is usual to secure such data from its source, over networks and on to the intended recipient. However, data security considerations typically stop at the recipient's processor, leaving connections to a display transmitting raw data which is increasingly in a digital format and of value to an adversary. With a progression to wireless display technologies the prominence of this vulnerability is set to rise, making the implementation of 'secure display' increasingly desirable. Secure display takes aspects of data security right to the display panel itself, potentially minimising the cost, component count and thickness of the final product. Recent developments in display technologies should help make this integration possible. However, the processing of large quantities of time-sensitive data presents a significant challenge in such resource constrained environments. Efficient high- throughput decryption is a crucial aspect of the implementation of secure display and one for which the widely used and well understood block cipher may not be best suited. Stream ciphers present a promising alternative and a number of strong candidate algorithms potentially offer the hardware speed and efficiency required. In the past, similar stream ciphers have suffered from algorithmic vulnerabilities. Although these new-generation designs have done much to respond to this concern, the relatively short 80-bit key lengths of some proposed hardware candidates, when combined with ever-advancing computational power, leads to the thesis identifying exhaustive search of key space as a potential attack vector. To determine the value of protection afforded by such short key lengths a unique hardware key search engine for stream ciphers is developed that makes use of an appropriate data element to improve search efficiency. The simulations from this system indicate that the proposed key lengths may be insufficient for applications where data is of long-term or high value. It is suggested that for the concept of secure display to be accepted, a longer key length should be used

Big Data for Traffic Estimation and Prediction: A Survey of Data and Tools

Big data has been used widely in many areas including the transportation industry. Using various data sources, traffic states can be well estimated and further predicted for improving the overall operation efficiency. Combined with this trend, this study presents an up-to-date survey of open data and big data tools used for traffic estimation and prediction. Different data types are categorized and the off-the-shelf tools are introduced. To further promote the use of big data for traffic estimation and prediction tasks, challenges and future directions are given for future studies

A Survey on Wireless Sensor Network Security

Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes is also very likely in real-life deployment scenarios. Due to resource constraints in the sensor nodes, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs. Security in sensor networks is, therefore, a particularly challenging task. This paper discusses the current state of the art in security mechanisms for WSNs. Various types of attacks are discussed and their countermeasures presented. A brief discussion on the future direction of research in WSN security is also included.Comment: 24 pages, 4 figures, 2 table

Secure HfO2 based charge trap EEPROM with lifetime and data retention time modeling

Trusted computing is currently the most promising security strategy for cyber physical systems. Trusted computing platform relies on securely stored encryption keys in the on-board memory. However, research and actual cases have shown the vulnerability of the on-board memory to physical cryptographic attacks. This work proposed an embedded secure EEPROM architecture employing charge trap transistor to improve the security of storage means in the trusted computing platform. The charge trap transistor is CMOS compatible with high dielectric constant material as gate oxide which can trap carriers. The process compatibility allows the secure information containing memory to be embedded with the CPU. This eliminates the eavesdropping and optical observation. This effort presents the secure EEPROM cell, its high voltage programming control structure and an interface architecture for command and data communication between the EEPROM and CPU. The interface architecture is an ASIC based design that exclusively for the secure EEPROM. The on-board programming capability enables adjustment of programming voltages and accommodates EEPROM threshold variation due to PVT to optimize lifetime. In addition to the functional circuitry, this work presents the first model of lifetime and data retention time tradeoff for this new type of EEPROM. This model builds the bridge between desired data retention time and lifetime while producing the corresponding programming time and voltage