29 research outputs found
Is Hardware Security Prepared for Unexpected Discoveries?
Hardware Security of semiconductor chips is in high demand these days. Modern electronic devices are expected to have high level of protection against many known attack aimed at the extraction of stored information. This is especially important for devices used in critical areas like automotive, medical, banking and industrial control applications. This leads to a constant arms race between attackers and developers. Usually new attacks are disclosed in a responsible way leaving time for
chip manufacturers and system engineers to develop countermeasures. However, there is always a chance that mitigation technology is not developed in time, or worse, not practical to implement. Are the engineers in semiconductor community prepared for such an outcome? This paper looks at the history of similar discoveries in different areas and gives some results on memory extraction from an old smartcard and approaching highly secure embedded memory – battery-backed SRAM. Finally this paper elaborates on possible discoveries in attacks aimed at stored information. The aim of this paper is to raise awareness of emerging attacks to inspire new mitigation techniques to be developed in appropriate and timely way
Deep dip teardown of tubeless insulin pump
This paper introduces a deep level teardown process of a personal medical device - the OmniPod wireless tubeless insulin pump. This starts with mechanical teardown exposing the engineering solutions used inside the device. Then the electronic part of the device is analysed followed by components identification. Finally, the firmware extraction is performed allowing further analysis of the firmware inside the device as well as real-time debugging. This paper also evaluates the security of the main controller IC of the device. It reveals some weaknesses in the device design process which lead to the possibility of the successful teardown. Should the hardware security of the controller inside the device was well thought through, the teardown process would be far more complicated. This paper demonstrates what the typical teardown process of a personal medical device involves. This knowledge could help in improving the hardware security of sensitive devices
The bumpy road towards iPhone 5c NAND mirroring
This paper is a short summary of a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9. This was achieved by desoldering the NAND Flash chip of a sample phone in order to physically access its connection to the SoC and partially reverse engineering its proprietary bus protocol. The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts. This is the first public demonstration of the working prototype and the real hardware mirroring process for iPhone 5c. Although the process can be improved, it is still a successful proof-of-concept project. Knowledge of the possibility of mirroring will definitely help in designing systems with better protection. Also some reliability issues related to the NAND memory allocation
in iPhone 5c are revealed. Some future research directions are outlined in this paper and several possible countermeasures are suggested. We show that claims that iPhone 5c NAND mirroring was infeasible were ill-advised
Hardware Security Evaluation of MAX 10 FPGA
With the ubiquity of IoT devices there is a growing demand for
confidentiality and integrity of data. Solutions based on reconfigurable logic
(CPLD or FPGA) have certain advantages over ASIC and MCU/SoC alternatives.
Programmable logic devices are ideal for both confidentiality and upgradability
purposes. In this context the hardware security aspects of CPLD/FPGA devices
are paramount. This paper shows preliminary evaluation of hardware security in
Intel MAX 10 devices. These FPGAs are one of the most suitable candidates for
applications demanding extensive features and high level of security. Their
strong and week security aspects are revealed and some recommendations are
suggested to counter possible security vulnerabilities in real designs. This is
a feasibility study paper. Its purpose is to highlight the most vulnerable
areas to attacks aimed at data extraction and reverse engineering. That way
further investigations could be performed on specific areas of concern
Chip and Skim: cloning EMV cards with the pre-play attack
EMV, also known as "Chip and PIN", is the leading system for card payments
worldwide. It is used throughout Europe and much of Asia, and is starting to be
introduced in North America too. Payment cards contain a chip so they can
execute an authentication protocol. This protocol requires point-of-sale (POS)
terminals or ATMs to generate a nonce, called the unpredictable number, for
each transaction to ensure it is fresh. We have discovered that some EMV
implementers have merely used counters, timestamps or home-grown algorithms to
supply this number. This exposes them to a "pre-play" attack which is
indistinguishable from card cloning from the standpoint of the logs available
to the card-issuing bank, and can be carried out even if it is impossible to
clone a card physically (in the sense of extracting the key material and
loading it into another card). Card cloning is the very type of fraud that EMV
was supposed to prevent. We describe how we detected the vulnerability, a
survey methodology we developed to chart the scope of the weakness, evidence
from ATM and terminal experiments in the field, and our implementation of
proof-of-concept attacks. We found flaws in widely-used ATMs from the largest
manufacturers. We can now explain at least some of the increasing number of
frauds in which victims are refused refunds by banks which claim that EMV cards
cannot be cloned and that a customer involved in a dispute must therefore be
mistaken or complicit. Pre-play attacks may also be carried out by malware in
an ATM or POS terminal, or by a man-in-the-middle between the terminal and the
acquirer. We explore the design and implementation mistakes that enabled the
flaw to evade detection until now: shortcomings of the EMV specification, of
the EMV kernel certification process, of implementation testing, formal
analysis, or monitoring customer complaints. Finally we discuss
countermeasures
Effects of interatomic interaction on cooperative relaxation of two-level atoms
We study effects of direct interatomic interaction on cooperative processes
in atom-photon dynamics. Using a model of two-level atoms with Ising-type
interaction as an example, it is demonstrated that interparticle interaction
combined with atom-field coupling can introduce additional interatomic
correlations acting as a phase synchronizing factor. For the case of weakly
interacting atoms with , where is the interparticle
coupling constant and is the atomic frequency, dynamical regimes of
cooperative relaxation of atoms are analyzed in Born-Markov approximation both
numerically and using the mean field approximation. We show that interparticle
correlations induced by the direct interaction result in inhibition of
incoherent spontaneous decay leading to the regime of collective pulse
relaxation which differs from superradiance in nature. For superradiant
transition, the synchronizing effect of interatomic interaction is found to
manifest itself in enhancement of superradiance. When the interaction is strong
and , one-partice one-photon transitions are excluded and
transition to the regime of multiphoton relaxation occurs. Using a simple model
of two atoms in a high-Q single mode cavity we show that such transition is
accompanied by Rabi oscillations involving many-atom multiphoton states.
Dephasing effect of dipole-dipole interaction and solitonic mechanism of
relaxation are discussed.Comment: 34 pages, 8 figure
Security challenges of small cell as a service in virtualized mobile edge computing environments
Research on next-generation 5G wireless networks is currently attracting a lot of attention in both academia and industry. While 5G development and standardization activities are still at their early stage, it is widely acknowledged that 5G systems are going to extensively rely on dense small cell deployments, which would exploit infrastructure and network functions virtualization (NFV), and push the network intelligence towards network edges by embracing the concept of mobile edge computing (MEC). As security will be a fundamental enabling factor of small cell as a service (SCaaS) in 5G networks, we present the most prominent threats and vulnerabilities against a broad range of targets. As far as the related work is concerned, to the best of our knowledge, this paper is the first to investigate security challenges at the intersection of SCaaS, NFV, and MEC. It is also the first paper that proposes a set of criteria to facilitate a clear and effective taxonomy of security challenges of main elements of 5G networks. Our analysis can serve as a staring point towards the development of appropriate 5G security solutions. These will have crucial effect on legal and regulatory frameworks as well as on decisions of businesses, governments, and end-users
Recommended from our members
The bumpy road towards iPhone 5c NAND mirroring
This paper is a short summary of a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9. This was achieved by desoldering the NAND Flash chip of a sample phone in order to physically access its connection to the SoC and partially reverse engineering its proprietary bus protocol. The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts. This is the first public demonstration of the working prototype and the real hardware mirroring process for iPhone 5c. Although the process can be improved, it is still a successful proof-of-concept project. Knowledge of the possibility of mirroring will definitely help in designing systems with better protection. Also some reliability issues related to the NAND memory allocation
in iPhone 5c are revealed. Some future research directions are outlined in this paper and several possible countermeasures are suggested. We show that claims that iPhone 5c NAND mirroring was infeasible were ill-advised