Fighting Hardware Attacks with Software

can you even hear me when I wear this maybe I should try giving it with the

song I know last year people said they were disappointed I didn't wear it don't want to disappoint my pans this

year

all right so welcome to fighting Hardware attacks with software if you couldn't tell I'm Dr unicorn even little kids walking on the street seem to know my name when I wear this outfit for some reason but uh today I'm going to be going over several different kinds of Hardware based attacks and then talking about how to defend them and even though they're Hardware attacks I'm going to focus on how to defend them with software you might wonder how can you defend against someone blasting your CPU with a laser with software the answer to that is that it's really hard but there's a few tricks that kind of do it but other kinds of attacks are a lot

more malleable at the software Solutions and you'll see that as we go on and finally uh I'm being that most of you you in here probably aren ever going to use any of this information I'm talking about and you're just here because that's you think this kind of stuff is awesome anyone here of that mindset you all right so I I consider myself a side Channel attack hobbyist so I try to find ways you can do things on your own that's going to be what I'm going to go over a bit about how you can try some of these attacks for yourself all right so

okay so ordinarily when we look at an encryption function from an attacker's perspective we think of it as a function of one input of a key maybe Poss I mean a plane text maybe possibly two with a key but in reality when you're an attacker you don't usually have that key so we tuck it away and that black box and consider it to be just part of it however and when the and the output of that function is a cipher text and as attackers our goal is to find a way to be able to transform a cipher text back into a plain text and there's a way you can do that but it involves solving a

really hard puzzle that no one has ever figured out how to solve and so that's however if we happen to have this little key then it's really easy to solve it and problem solved just by that so how do we get that key uh it turns out that so it turns out that this is a actually a really simplified view of AOG graphic function there's actually more inputs and outputs here than you're seeing on this display is the mask yeah I

than so there's actually some unexpected inputs that we can look at as

well oh well so anyway so this is actually what it really looks like in practice you have a whole bunch of different uh

unexpected let using this mic now okay right so there's a whole bunch of unexpected inputs and outputs that you don't really realize when you're just looking at your function in this traditional sense for instance you can uh change the voltage when a CPU is running and that can interfere with its execution and causing it to do things like execute instructions in correctly or skip them and on the output side you have like the power consumption that the process takes while it's running and it's electric Fields magnetic fields the time it takes to run and even audio emissions and temperature changes and memory usage and and all of these unexpected outputs if you're sophisticated enough you can find

ways to exploit them to reveal Secrets like the key that we're after and really all these different things like the magnetic field and such are part of the environment that the processor is running in so you can kind of go back and use those as unexpected inputs to the processor as well because they interact with it all right and so when you look at all of these different unexpected inputs and outputs and exploit them we're able to make any encryption function look like nothing more than a white box OB vication and we can get the key out of it so there's lots of different kinds of Hardware attacks I'm organizing them for my purposes as attacks that exploit our

access to information that we expect to be there but we don't expect someone else to have access to something like that would be sniffing a bus connection between your CPU and memory for instance and then there's also attacks that exploit unexpected inputs those are fault attacks and example is like shooting a laser at a chip to cause the some of the transistors to conduct when they normally wouldn't you can do things like flip bits that way and there's also attacks that Target unexpected outputs those are side Channel attacks and they get most of the attention for a good reason and um you can do cool things like uh recover key strokes from across the room by just listening to the sound of

someone typing and one of my favorite attacks of all time in a classic at that is reconstructing images on a computer monitor from the radiation that it emits or radio waves and here's an example of that process on the left you see what is on a screen and on the right you see what they were able to pick up on the screen from across the room just by recording the electromagnetic radiation of the monitor as it ran okay and if you want to test this effect out for yourself there's a program called Tempest for Eliza that basically turned your computer monitor into a really crappy low grade AM radio station but it's still fun to play with

and it's just some simple Linux program okay so how so how can you stop this particular attack of reconstructing a monitor uh one examples you might think of is to just shove the thing in a faraday cage or maybe you're a bit more sophisticated and have a special glass that Shields your monitor the idea is just to block their your emanations from escaping so they're all contained in there another way is you might decide that you know that your wires can also conduct signals and so you decide to Shield them and filter them so that no one can just tap your power line and be able to get that signal there or you can even go step up and try to full out

isolation another approach might be to get a Jammer and have it uh try to broadcast the signal at the same frequencies as your monitors using to broadcast these un intentional broadcasts and hopefully that will interfere with an attacker's ability to reconstruct your image but unless your Jammer signal is closely correlated with the signal that your monitor is actually emitting then you can just average over it and reconstruct the image that way so it's not always effective uh a simple approach is just to make sure that if you see anyone with a weird looking antenna walking around that you ask them to leave and and this is a clever thing uh so when you're reconstructing an image of a

monitor you usually will average over several frames in order to get a good clear image but ordinarily your monitor runs in this order from from the top left to bottom right like that but if you randomize the lines that are displayed on the screen then every time it runs uh they'll be averaging a different part of the screen if they just just average over by looking at the time it takes to display an entire image on your screen and that can defeat this attack and you might just consider dumping your CRT monitor because you know it's old and crappy and uses a lot of voltage for that Electron Beam that creats a big leaky signal but it turns

out that your flat screen monitors also are vulnerable to this attack just not quite as bad so so far all these attacks I mean counter measures have one thing in common and that's that they're Hardware based this talk isn't about Hardware counter measures it's about software so how on Earth would you defend against something like this at a software level and that is a question that I didn't even think to ask not too long ago and kind of surprising what the answer is and that's that where so this is an example of an image that your monitor might be displaying with two lines there whenever you have a white pixel then you would then that means

that your Electron Beam would be active and shooting at your screen and the black pixels it wouldn't be doing anything so you wouldn't be using much power there and you can see that it on the bottom they have a graph showing this effect turns out that the signal that the attacker is going to get when they try to pull off this attack is caused mostly by these sharp changes in voltage so one approach that was tried was to uh filter out high frequency changes that we you would display to your screen so it would look something like this I only did the top line here unfortunately so it look kind of odd but you can kind of tell that it is not

quite as sharp now and we look at this in real life and see how it works in practice against an attack you get something like this where the top lines are unfiltered and the bottom lines are more filtered and you can see that this really works at least when they tried it so that counter measure is only applicable to analog based monitors though so for digital monitors the compromising emanations emanate from The Wire going from your video card to your monitor and the signal that gets leaked depends really on exactly how the your ones and zeros flow across the wire so one approach that works with uh countering these kinds of attacks on digital displays is to randomize least

significant bits of your of your display and that won't make a difference when you look at your image with your eyes but it will really mess up your attackers when they try to reconstruct your image so we also have this interesting effect where if you carefully analyze how the wires transmit and represent the the color codes you can create interesting contrasts that don't show up very good when you try to do this attack so uh peering at monitors is fun but it's hardly the only Hardware attack out there a really common basic one is called Simple power analysis and this is where you hook up a like a current meter to your device and watch as it executes

instructions and by looking at that Power Trace you're able to tell what instructions got executed so I'm going to show you an example of using a power a simple power analysis to attack on RSA so for RSA uh we'd usually be interested in acquiring this private decrypting key I have represented as D here and you see on the decryption operation we need to take C to the D power modul n well that brings up an interesting question which is how do you calculate that because that's those are both big numbers so uh one approach is to use this uh square and multiply algorithm it's a pretty straightforward thing to do you represent your exponent in this case

we're going to be looking at our secret key as our exponent and you represent it as a binary string and going from the most significant digit down to the least you would end up performing some oper on it to calculate it and it turns out that the interesting part is that when the exponent bit you're looking at is a one you're going to do a square operation and a multiply operation but when that bit is zero all you're going to do is square it so there's now a dependence so there's now a dependence upon your secret key on what instructions get executed and if like I said we can tell what instructions got executed just by looking at the power

consumption then we should be able to acquire this Secret Key by measuring the power and so here is an example of that my lovely artistic interpretation of what this would look like on a real system uh you can see that some of these are going to look a little skinnier than the others and that's because they're only doing squaring operations which must mean that that bit was a zero and so by doing this you can see how you can get the secret key just by looking at the power consumption so to defend against this a straightforward thing to do be to just add a dummy operation when it's zero to always multiply it won't affect the outcome value but when you're

doing this kind of attack it will make it so that you can't easily distinguish between them and I say easily because there's a whole bunch of different other attacks that can get past this countermeasure one one of them that might want to look into a lot is called differential power analysis and unlike simple power analysis we're going to be looking at a whole bunch of different traces and averaging them together and doing some uh and taking their difference to find where to find some interesting information and the cool thing about this is it not only allows us to tell what instructions got executed but what values those instructions were executing on and so it can defeat things that just

try to rely on the constant execution time so to do a differential power analysis attack we're going to get a whole bunch of different plain texts and have our uh encryption algorithm in this case I'm going to use Des as an example and we're just going to have it encrypt it while we record its power consumption and the resulting Cipher text and then we're going to for every one of those traces we got we're going to try to predict a value an intermediate value in this case it will be one of the bits of L in the very last round of this that's where the Red Dot or the line is there and to do that we're going

to have to guess so in order to calculate that we already have part of the equation which is the green part which is fed into this F function here but there's another part we would need to calculate it turns out that the value of that bit is going to also depend on a round key uh about six bits of it I think and so we can just guess those six bits and calculate what the resulting L would be from our known Cipher text result and what we guess the key to be and so there's only six of them so that's just two to the six guesses per each of these traces that we have to do that's

manageable so when we do that we're going to if we decide that L is going to be zero then we're going to put that Power Trace in one pile and if it's going to be if we decide that L is going to be one we'll put it in a different pile and then we're going to average each of these piles together um and then we're going to take the difference of them if we're right and L if you're right about our guess of the key then when we do this we should see a big spike when we take the difference of them but if we're not right then we're not going to see spite like you see at

the top so one way to try to get around this problem is a technique called masking this is where I was going to originally pull out my mask because I am like I say on my Twitter account rubber mask coner this is kind of my thing but uh this unfortunately is not quite as awesome as that it's an attempt to decorrelate the intermediate values of our function while it's running so that when you do attack like DPA all you're going to get is some value that's is some basically random value that we can't deal anything with so it makes things like our so it can okay so we have here a little diagram of how this masking works

at the top is an ordinary function at the bottom is where it's masked in this case m is going to be just some random number we pull out and then we're going to exor it with X and then we'll feed that result into our our function and do our processing with that but when we're done with it and we're and we're trying to get back to what the value should have been if we didn't use masking we're going to need another function in this case that's C that we have to combine it with that in order to get our end result so you have to when you use masking you have to mask your result

then do all your actual work and then unmask it at the end and that puts limitations on what kind of operations you can do in between without having to switch masking types which there's several different kinds uh so some other counter measures you might try are making it harder to align power traces uh because I said that you had to collect a lot of different Power traces in order for this attack to work so if you make it so that they don't line up then when they average them together they're not getting anything useful so you can Shuffle around the order of operations if it doesn't matter like in multiplication nothing wrong with switching that to

dbac but if you did that for every time you ran it then when they average them together not going to get anything useful and you can also try adding in random dummy functions every now and then or delays to foil aligning them as well so and another strategy is more at the protocol level where you're going to say that you're expecting someone to eventually be able to compromise your system to one of these attacks so you're just going to change the key every now and then hopefully before they're able to get enough traces to pull off an attack and there's lots of different attacks in this fashion like electromagnetic analysis which is where you would look at its electromagnetic

radiation instead of it power consumption but those two are closely related uh but it has some advantages like you can uh focus in on a specific area of the chip to get a stronger signal for that to fills out some of the noise and there are certain instructions that are more noisy electromagnetically than powerwise that you might be able to exploit uh some other things are like higher order DPA which is uses several different areas to counteract masking at once and then there's things like template attacks and that correlation power analysis which I won't get into so uh an interesting thing that happened like in December 2013 is a cool paper where uh isra researchers were able to

crack a gpg RSA key just by having a smartphone sitting next to the laptop as it was running its email program and decrypting emails in the background and it did that within an hour and the way that worked is the your computer will emit noise based on it's power consumption so your power supply unit when it's drawing power will have to uh it changes the vibration of your capacitors and coils and that creates a sound that correlates with your secret keys and you can extract them that way and the patch that gpg released just a little bit after that uh involved a form of masking called blinding and you can see it right here not going to go into it

though but it's but you can actually patch things like this in software and this is just an example of how that looks okay so timing attacks are kind of special because uh for most of these um the question is how Earth would you defend against this attack which is obviously a hardware thing in software but for timing attacks is a little bit different we're asking how would you defend a timing attack with Hardware when it's almost certainly more of a software thing um they're special because unlike the other ones we're not measuring a tangible thing like radiation or sound we're measuring just time and that also means that we can pull these off remotely pretty easily

so all right so here's an example in 2003 where they were able to extract open SSL keys from across a network at the time op SSL didn't use uh timing attack mitigations by default because it was believed that it wasn't important it was only important for things like smart cards that didn't have a whole bunch of stuff going on in the background and so they weren't very noisy but these researchers were able to take advantage of some dependence on the secret key and the timing uh there were two parts of RSA in particular that were vulnerable and that was where they were doing these things called mon g reductions where they had to do an extra one if the value is too

big and another thing where they use a different multiplication algorithm if a and b were the same size as opposed to if they were different and using these kinds of subtleties they able to extract the key and a big part of that was there's a dependence on the number of on the probability that an extra reduction will have to be done depending on the value of your Cipher text that you're choosing to decrypt so you can see here that if you chose your Cipher Tex carefully you can get some information about what Q or p is and those are parts of uh what determine your secret Keys you can get them from just knowing them so some for open SSL

they patch that by just making blinding the default option but some other options they could have explored were to force everything that take an equal amount of time uh that's not something that people like to do very often because it ruins performance it makes it so that every operation always takes the worst possible execution time and that's not necessarily a good thing especially because we still don't use this to sell everywhere because it takes more resources in part so hash attacks are kind of like timing attacks but we're going to take a more active role in the sense so let's say that uh so here you have your C CPU when it always is accessing stuff in

memory but it can't wait a microsc or whatever tiny amount of time it takes to transfer it from Ram to itself so whenever it gets something from memory it stores it in its cache but the problem is the cach only has so much space and so sometimes it will have to evict some of the things it's cached in favor of something it more recently used or expects to need more and so we can exploit this uh to recover a secret key like on a server let's say that you had uh AES something that was running AES in the background running on your server it was privileged user and you were just a regular user so you couldn't

just stump its memory to find the key that way but you still wanted it so you can create a different progress which we'll call your spy process and it will just go there and try to pull a bunch of memory locations and hopefully fill up the cache and then when you're AES program tries to run there's a part in it operation which is like the sbox operation where it's looks up a memory location based upon a value that's derived from the secret key and so in this case it's looking that up right now but your spy process already hogged all the cache so it has to go into memory and pull that value from there sticks it back in the cache

and now when your spy program runs again when it reaches that particular value that needs to access that's in the same cach line it will it won't find it anymore and so it will have to pull it from memory and it's going to be timing every access it does and so when it reaches this particular value that your ases program ran it's going to take a little bit longer and that will tell it that some other program was interfering with its uh execution and it will tell it an idea of what memory region that program was trying to access and if it depends on this in part on the secret key then that is an Avenue where you might be able to

use to determine what the key is so some ways to defend against these cash attacks are to just don't use memory addresses that are derived from Secret values that's not always easier said than done because because it these uh like in AES the table lookup is an optimization for a function so it's just a pre computed function and you could always just try Computing the function on the spot but that would take longer so we'd rather use the lookup table if we can um and you can also store your uh lookup table on somewhere where we won't ever have a problem with it running into your cache but there's not that many places to do that like your CPU registers but

they're often not large enough to store that uh there's also another approach called bit slicing which you kind of process each bit on its own thing but I won't get into that so there's also a Clos related thing called Branch predictions attacks so these days comp processors are heavily pipelined and they don't like it when they have to reload everything thing because they mispredicted a branch so they have a big unit that just tries to predict when a branch will be pick so it can continue loading instructions without interruptions but that process can only store so many different addresses in it so you can do a similar thing where you have your spy process trying

to uh fill up that Branch Target buffer and when your other encryption program runs it will it will cause the buffer to evict some of its addresses and then when your spy process runs again you'll notice the timing difference there and you can do that to break things like our balanced execution tactic the square and multiply always we did for simple power analysis of RSA because that even though each branch would take the same amount of time it would be different branches still right so follow the tack are cool because you get to talk about lasers even though that's just one example but everybody loves lasers for some reason so so some of the things you can do are

to flip bits in memory with lasers for instance or or on a wire uh there's a recent thing that got in the news about accessing adjacent locations in physical memory repeatedly can cause it to leak over into the adjacent memory regions as you can flip bits and RAM just by repeatingly repeatedly accessing memory and they were able to turn that into an actual xblade or to so is it so these kinds of follow attacks aren't just for doing sneaky crypto things you can just hijack systems outright and pop a shell so but that's not to say that there aren't any fancy crypto attacks on there there's a lot of of attacks that rely on measuring differences between an

encryption that goes right and encryption that you tampered with and being able to determine Keys based on analyzing the differences of the results so counter measures for Vault attacks aren't easy to do in software they really are a hardware problem but there are some things that you can do that might kind of help like you can use error correcting codes and I didn't know this before but apparently you can use error correct codes not just to verify things are correct when you store them but also when to make sure that actual operation like addition or something performed correctly not sure how that works though but uh we often often might just be easier to compute something twice and then check

the results to make sure that it got the right answer both times and if it didn't then you would assume that there was a fault attack or something going on and you can take action with about it and a particular good way to do that with encryption is to encrypt something and then try decrypting it after and comparing if you get the original result still so you can also try attacking random number generators there was a neat uh attack where some people were modified the Intel ivu Bridge random number generator by changing the dopant polarity of it which is hard to detect but it would but their attack uh eroded the entropy of the random number

generator significantly and it wasn't detected by standard Randomness tests and they also have to worry about other things like back door random number generator standards so if you want to try defending against your attacks on random number generators you could just try testing them to make sure that the results actually are random and you don't just have to do that at one city you could continuously pull your number generator and and try uh seeing if it's still random continuously but really no tests can prove whether it's random or not at the end of the day and you can also try uh just combining different sources of entropy together just in case one of them fails so that's what a lot of

operating systems do these days because they don't trust Hardware random number of generators because of problem with them so I'm going to skip that okay all right so there's some various other things where you could like sniff your bus or direct memory access attacks those kind of things um one approach to defending against those kinds of attacks is to encrypt your memory so often times we talk about encrypting hard diss but you can also try encrypting memory um that's what um this tool called hair tries to do you might have heard about that a while ago and also treor something similar u a lot of uh a lot of cryptography software is very careful about cleaning up after itself whenever

it's done using the stack so always do what's called stack burning and delete it so that it doesn't doesn't leave any lingering values behind for someone to Snoop on later and an interesting thing is that some memories have a property where if they keep the same value in them for a long time the values can actually burn into them so if you've cut the power on it you can still go in there and figure out what values they had so you have to have something called like a memory saver which that functions like a screen saver but for memory to make sure that it doesn't burn in all right uh and you can also do

besides um attacks exactly so this is a a technique called clock CU finger printing where say you have a bunch of computers that are all the same Mak can model behind some added firewall or whatever and you wanted to try telling them apart well if you send them a whole bunch of if you ask if you keep asking them for the time um it's possible to determine which computer is which because it turns out that every computer's uh internal clock is going to be slightly unique and if you take a whole bunch of time stop me measurements and determine exactly how much faster or slower their clock is compared to your clock uh you'll get

unique results that you can use to determine that this would be the result of two different computers instead of just one and you can use this technique or modified variance of it to like attack to Hidden services at least theoretically in the past so uh to fight against this kind of attack you could just try disabling time stamps that might cause certain network problems but I mean Windows does that and it doesn't seem to kill everything uh you can add random noise to your Tim stamp but that will just require your attacker to take more samples and an more interesting approach is the skew masking which is a which was a project where they made a patch to the links

kernel which I'm showing you in the entirety right here not very big it just gets rid of the three least significant bits of the time stamp so that it can still be useful for things like pause or roundtrip time estimation while not being as useful for fingerprinting so just going over some uh Hardware counter measures that you can use you can one approach is to just suppress any kind of leaking information that's what my Hiding category is here so things like shielding or using filters or making sure you have an instruction set architecture that supports constant time instruction execution and I always forget what that key is for some reason oh special logic Styles uh a particular example is called

balce dual real logic where instead of just having one yre representing a value you have two and they'll be opposite so that if it's a one there'll be so if so that the power consumption will always remain the same because it'll have to be a one and a zero no matter whether it's supposed to represent a one or a zero that makes any sense uh another approach is to just try adding noise to your system so it's harder people to measure it so jamming and the like but that just takes more tries before you can average away the noise and then just stopping people from accessing your systems by using like tamper resistant processor or or making sure that no one can just

Waltz in and poke around your systems uh for software counter measures uh the approaches generally fall into ensuring that your programs run with a constant execution time so that's where our branches code for instance went um and for you can also try inducing noise on measurements in software about shuffling the operations or even doing random delays or dummy operations and also included that would be randomizing outputs like randomizing your time stamp counter every time you start a new TCP connection um and a really good attack I mean a really good tactic is to limit your key exposure so make sure you change your key before someone is able to break into it and get it through one of these

attacks you can also work on uh accepting that you're going to leak lots of information but just realize that there might be ways that you can make the information that you leak not correlated with anything useful that's what the masking is all about and when it comes down to it encryption obus are like that as well and for follow Texs again we just needed to detect errors not necessarily easy to do this in software and the best advice though of all is not to keep a secret in the first place but that's not always applicable but sometimes we forget about that and just store everything to haunt us later so so this talk has a lot about

cryptography in it and Crypto Crypt cryptographers are mathematicians at heart so they always like to do proofs and stuff and you might notice that I've just been talking about attacks and then specific countermeasures to come comat them so this is like just finding an exploit and patching it we're not actually doing any real security engineering here possibly so is there some sort of formal way that we can show that our systems won't be vulnerable to attacks even ones that we don't know about yet and there's definitely people working on that problem several different theories and things you can look at if you're interested in that but I won't talk about them here uh but some

interesting results of that are tools their research grade as far as I know there aren't any real commercial ones but that tried to automatically apply certain counter measures here to your code on areas that You' Market sensitive and you don't necessarily want to always Implement these counter measures and because there's always tradeoffs to be made it's going to cost more money eventually your codee's going to be more complicated so when someone tries to debug it or fix it when there's an error they're not going to have any idea what you're doing and it'll take it more time to run and another thing that's often overlooked is that a lot of these counter measures like masking require

you to use lots of extra random numbers which aren't always in high Supply so uh and a particularly bad thing is that sometimes adding one of these counter measures can inadvertently make it easier to do a different attack so we need to just keep in mind that an encryption algorithm needs to be just as efficient to run as it is inefficient to crack although maybe not quite that severe so a lot of times you might get the impression that these are just theoretical things that don't really matter to the Real Worlds all the time but uh intelligence agencies have been exploiting these side Channel tacks since the days of Cipher machines they might not actually do a whole lot of use

in them in practice but they have capabilities to do it I just read a while go that like the CIA and stuff was trying to do differential power analysis attacks on on Apple's iPhones a bootloader encryption I'm not sure if that's true or not I guess it's part of the black budget Revelation or something um so a while ago it used to be that government would spend billions of dollars shielding everything to Tempest standards and still a big business today and when we try to create new cryptographic standards uh looking at their resistance to side channels to still a major part of the process so we're definitely concerned about that aspect of them because some algorithms are inherently

more secure against uh these kinds of attacks than others so there are several different companies that are just devoted to this particular area of research probably the most famous of them is cryptography research which is where differential power analysis was invented and they hold lots of patents on stuff and some people have said that's a reason why you're not seeing as many uh systems use some of these countermeasures because they're always under patent I'm not sure how true that is but you do see these countermeasures used a lot in things like smart cards or banking cards satellite TV cards things like that where people are concerned about uh people using these attacks on them enough that they're actually going

to take action where you don't see it a whole lot are on consumer devices like your phone but people are currently looking at exploiting those kinds of vulnerabilities on consumer devices with interesting results so uh one countermeasure that you do see all over the place are timing attack kind of measures and that's because they can be done remotely so they're much more likely to be attacked because you don't have to be right next to them so if you want to know if your particular device is protected against Hardware attacks uh you could try testing it yourself but then you need to be an expert in it because I certainly wouldn't know how to test it and I at

least knew enough to put this talk together so it takes a lot of expertise to do that uh so you might just hire someone else to do it but that might cost you too much money so maybe you decide you're just going to hope your manufacturer knows what they're doing uh but a different approach might be to see if it has certifications a lot of government agencies and the like require Hardware to pass certain tests um and even consumer devices like fccc regulations they're not really designed for security but they can at least have some assurance that your thing won't be emitting such a loud signal that you can't watch TV the the fips 140-2 is more of

a certification against tampering attacks and side Channel attacks but there's other things like your secret classified government Tempest standards that even though we don't know what they say are responsible in part for that billions of dollars spent on shielding everything so they must have some interesting things in them there's also a recent itu standard called k84 that deals with Tempest attacks uh mitigations for the general people it's not classified so uh we often think of side Channel tax as a bad thing that we need to just suppress no matter what but but it turns out they can be put to good use every now and then there's a company called PP cyber security which was recently in the news because they

had a thing where they would monitor I think the nearfield un certain electronic devices like You' use in utilities and that would detect an whenever an anomaly happened so it functioned kind of like an antivirus device for embedded systems that wasn't hooked up to the device itself so you did have some malware on it it wouldn't be able to attack your anti- malware process and the on the website they even advertise using this to secure smartphones which I thought was pretty pretty interesting uh you can also use slide Channel like techniques to verify that software hasn't been tampered with so checked your Hardware Trojans and there's several interesting ideas that are kind of related to this I

just think are fascinating like for instance mind reading your brain is just the machine when it comes down to it so it should be vulnerable to all sorts of side Channel attacks as well that's basically what we call Neuroscience today and maybe someday we'll get good at it and we can like do sci-fi like mind reading and it makes you wonder is there any kind of countermeasure for that like you see sometimes in movies people underg go this weird quasi mystical training thing hoping that they can defend themselves against the mind reading device is anything like that even possible um I think the research on using that low frequency noise like an acoustic analysis is pretty fascinating

because it we're looking at low bandwidth signals instead of high ones like we normally would that opens up new possibilities and uh looking at attacking just ordinary devices instead of things that are specifically designed to be used in high security environment is always fun so I like to think of myself as a hobbyist about this because I'm certainly no mathematician or anything like that uh but it's a tough hobby to get into I'll admit that much because it's you might think that you need to spend lots of money on it but it's not really the money it's the knowledge to pull it off I think uh so there's cheap tools out there that you can use like software defined radios to

you do certain Tempest attacks without requiring specialized equipment and you can like there's a bus pirate I put on there but what I really am excited about is this thing called the chip whisper light it's a advertising it to expect it to retail about $180 and you can do some limited amount of differential power analysis attacks and glitching attacks which are related to that with this and there's a Kickstarter going on for it right now if you're interested so um so I'm really interested in getting uh some resources put together to make this kind of thing accessible to ordinary people like me that don't have happen to have a PhD in mathematics and so I just barely bought this website

here I don't really know what I'm going to do with it yet but I want to make it into some sort of resource for actually doing these kinds of Hardware attacks for hobbyists because right now there's not very many good resources for that like there's no like 25 Hardware attacks for the Evil Genius type books out there that'd be really nice to have though so my goal is to kind of make something like that and hopefully next year I can bring some of them to our next version B sides so you can try looking at some of these for yourself so you have any

questions all right thank you for your

attention