Been really busy, but the nice thing is that means i have lots of stuff in the pipeline. I'm attending the ECRYPT Summer School: Challenges in Security Engineering 2012, FDTC 2012 and CHES 2012. If you're attending any of those as well, make sure to find me and say hello.
ReCON was amazing. Thanks to everyone who came up and complemented my talk. I'm glad it was received so well. And a huge thanks to people who came up and gave me recommendations in terms of recommended literature etc. I've never had an opportunity to chat with so many talented hardware hackers.
Anyone who wants to apply some image analysis or machine learning to the images should drop me a line via the contact form or grab my email here. This is something, which I have absolutely no time to do myself and where I'm sure someone else can do it much better.
Considering I was getting so much feedback asking for my slides, I caved. They're now available here. Also, you can read the paper here. There wasn't a good way to export the slides with the videos/animations so. I will however be releasing the videos/animations on this blog when I get some time to do that. I'm probably going to make it into a mini series on the blog. Currently I'm considering putting them up in YouTube, but feel free to send me feedback on how you feel about that.
There was a lot of interesting research at ReCON, but in terms of hardware security research there were only 2 talks other that I could classify as "hardware". Specifically, Travis Goodspeed and Sergey Bratus presented their research into school bus crashes, specifically the magic school bus that is USB. The talk was fairly entertaining and the simplicity of the hardware design really impressed me. The new project is called the Facedancer, which is Travis' way of finding fellow Dune nerds. Basically it's just a goodfet with a dedicated, hardware SPI to USB interface. Such a design allows your to easily write device drivers in python on your PC. Very simple, very impressive. I'll be building a couple this week, just for fun, with the Protomat, so I might also upload those videos when I get a chance.
The only other hardware related talk was Ralf's research into hacking/debugging basebands. If you're just getting into the topic then this was a by nice introduction. He covered some best practices and introduced some advanced possibilities to do baseband debugging including interfaces, which you might be able to find on base bands to do hardware debugging. All in all it looks like a topic where there is still a lot of work to be done and is clearly a very interesting research area. Ralf promised to present more stuff at Blackhat since U.S. Airways broke the demo that he had in his bags. So look out for that too!
I got the opportunity to present our recent research on emission image analysis at IEEE HOST this year. I ended up receiving the best student presentation award for my talk at the conference, for which I would like to thank all of the conference organizers. For me this was completely unexpected, but, for whatever its worth, attendees told me in subsequent conversations that I was the only one who didn't do a 30 minute lecture - and that's what I like to hear.
HOST is a fairly short two day conference, but definitely worth looking at if you work in the area of HW security research. It is one of the few conferences which really does focus on hardware security. HOST has been collocated with DAC for at least two years now. This is notable if you do IC design since you get to go yell at the vendors (Mentor, Cadence...) that cause you to spend hours in front of your computer screen tearing your hair out. Some would call this closure.
So at HOST, we presented our research about how emission images can be used to identify points of interest on the chip. A couple of years back, Sergey Skorobogatov pioneered some of these techniques and demonstrated them for a programmpable PIC microcontroller. In this work, we demonstrate how these techniques can be used to essentially fully reverse engineer the IC. By executing different subroutines on the IC and computing difference images between two or more images one can quickly and easily identify relevant registers on the IC. This is something which is extremely useful for subsequent attacks, like laser fault injection. Also it can reveal static memory contents and other important information about the program running on the chip.
We will be releasing some of the images and "videos" or "time lapses" very soon, so stay tuned. I will also be presenting some of this work at ReCON and going into more detail about how this can be abused on real chips. So check me out there! Also you can take a look at the paper here.
I felt I should mention a couple of works that stood out in my mind that readers might want to consider taking a look at.
UNM presented their research "Bit String Analysis of Physical Unclonable Functions based on Resistance Variations in Metals and Transistors". They were able to generate almost obscene amounts of bits with a clever PUF scheme in which they perform measurements across metal wires of the IC. This is possible because of how simple the read out circuitry is. All in all, an interesting alternative to the SRAM based PUFs, which were common for other implementations presented at the conference. However, this approach doesn't seem like one which can be easily included in a standard cell design, but the sheer amount of bits generated per IC are nevertheless very impressive.
My colleague and buddy, Clemems Helfmeier, from the Semiconductor Devices research group at TU Berlin presented his implementation of a FIB sensor. The work, entitled "On Charge Sensors for FIB Attack Detection", describes how an antenna can be used to detect FIB navigation. Subsequently the charge can be stored in a floating gate, which can provide this information to the IC during the next power-up. Since the antenna gathers enough charge solely from the ion beam during navigation, the device does not have to be powered to detect the navigation of the FIB.
Verayo also had a very nice presentation about their ongoing PUF research entitled, "Performance Metrics and Empirical Results of a PUF Cryptographic Key Generation ASIC". Their implementations could be synthesized in standard cells, which of course is particularly important in a fabless world. This research received the best student paper award.
There was a great panel discussion, which opened up my eyes to the issue of counterfeit parts in today's global supply chain. The panel highlighted the breadth of counterfeits in US supply chains. The panel also provided concrete examples of functional counterfeits, counterfeits with older die revisions, refurbished parts and lower specced parts. As the panel pointed out, die markings on modern counterfeits can be so good that they can even fool the manufacturer. The panel also highlighted how this continues to be an unresolved issue for the industry. Besides visual inspection and comprehensive electrical tests there is very little that can be done efficiently within the supply chain. Not to mention that the the underlying assumption was that you can not test more than a couple of devices per lot. In any case, a very intriguing topic and one in which there is still a lot of opportunity to come up with better solutions.
And here's a couple of links to stories that I came across, which I wasn't completely familiar with before the conference.
After many years of not doing any blog posts at all, I decided it's time to start a blog again. Especially looking at how well the blogs of some of my colleagues are doing and how much good feedback they get from their blogs.
And for us in the hardware security industry, what a week it has been! Specifically, the big story was the research of Sergey Skorobogatov, which claimed to be evidence of a backdoor in a military FPGA. These claims subsequently came under fire from the community at large. I'm not one to pass off any judgement and I'm especially going to refrain from commenting until I see his talk in person at CHES this year. However, I will recommend readers take a look at this Erratasec post and check out this week's Risky Business Podcast episode with special guest Peter Gutmann.
This weekend I'll be attending and presenting our on-going research on photonic emission analysis at the IEEE Symposium on Hardware Oriented Security and Trust, HOST 2012. Also, I'll be flying out to Montreal to attend and present at ReCON.
Dmitry Nedospasov
Sergey posted a response on his website. Also, Microsemi commented on the research as well.