G53SEC 1 Hardware Security The (slightly) more tactile side of security.

Slides:



Advertisements
Similar presentations
Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Advertisements

Crime and Security in the Networked Economy Part 4.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
Direct Attacks on Computational Devices
HARDWARE INPUT DEVICES ITGS. Strand 3.1 Hardware Input Devices Keyboards Pointing devices: Mice Touch pads Reading tools: Optical mark recognition (OMR)
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Ravi Vasdev SEMINAR ON. WHAT ARE EMBEDDED SYSTEMS  THESE ARE SINGLE BOARD COMPUTERS  THESE ARE ELECTRONIC DEVICES THAT INCORPORATE MICROPROCESSORS.
Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
CPE 5002 Network security. Look at the surroundings before you leap.
CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.
CIS700: Hardware Support for Security Professor Milo Martin
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Network Security PHILADELPHIA UNIVERSITY Ahmad Alghoul Module 1 Introduction: To Information & Security  Modified by :Ahmad Al Ghoul  Philadelphia.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
Computer Main Parts.
Introduction Definition of information security Importance of information security Survey Results-Bank account information Protecting your bank accounts.
IWD2243 Wireless & Mobile Security
Smart Cards By Simon Siu and Russell Doyle Overview Size of a credit card Small embedded computer chip – Memory cards – Processor cards – Electronic.
G53SEC Computer Security Introduction to G53SEC 1.
Chapter 4.  Can technology alone provide the best security for your organization?
What does “secure” mean? Protecting Valuables
Cullen College of Engineering RFID-Based Solutions for Piping Technology Piping Tech & UH July, 2007.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Security in Computer System 491 CS-G(172) By Manesh T
ECE Lecture 1 Security Services.
1 UCR Hardware Security Primitives with focus on PUFs Slide credit: Srini Devedas and others.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Smart card security Nora Dabbous Security Technologies Department.
Smart Card Technology & Features
1 Hardware Security AbdelRahman abu_absah Teacher: Dr. Sanaa al_sayegh.
Network security Network security. Look at the surroundings before you leap.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
Information Security What is Information Security?
G53SEC 1 Reference Monitors Enforcement of Access Control.
Possible Testing Solutions and Associated Costs
By Brian Sutherland and Chou Peter Hoang
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Chap1: Is there a Security Problem in Computing?.
Graciela Saunders.  Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy 
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Computer Security By Duncan Hall.
Introduction Architecture Hardware Software Application Security Logical Attack Physical Attack Side channel Attack.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
CONTACTLESS SMART CARD Betty Yu. What is contactless smart card? A contactless smart card is a contactless MHz credential whose dimensions are credit-card.
Embedded system security
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Introduction What would our society be like now if we did not have ATm’s? Not able to access money when we urgently want it. You will have to go to the.
CS 450/650 Fundamentals of Integrated Computer Security
Computer security Computer security means protecting our computer system and the information they contain againts unwanted access, damage,destruction or.
Protect Your Hardware from Hacking and Theft
Presentation transcript:

G53SEC 1 Hardware Security The (slightly) more tactile side of security

G53SEC Overview of Today’s Lecture: Hardware vs. Software Security Attacks, Threats and Attackers Security Categories Examples 2

G53SEC Hardware Security vs. Security So Far: Different Landscape - Threats - Attackers - Attacks As important as software/network security 3

G53SEC Threat Vectors: Interception - Gain access to information without interfering with system Interruption - Prevention of system functionality Modification - Invasive tampering Fabrication - Counterfeiting 4

G53SEC Attackers: Class 0 – Script Kiddies Class I – Clever Outsider - Intelligent, limited knowledge of target - Usually through a known weakness Class II – Knowledgeable Insider - High-tech expertise - Advanced tools and instruments Class III – Funded Organisation - Specialists with lots of funding - Most advanced tools and analysis 5

G53SEC Attacks: Insider Attack - e.g. Laid-off employee Lunchtime Attack - Performed during a small window of opportunity - e.g. during coffee break Focused Attack - Plenty of time, money and resources 6

G53SEC Attacks: Invasive Attacks - e.g. Hardware reverse engineering Semi-invasive Attacks - e.g. Heating Non-Invasive Attacks - e.g. EM radiation observation 7

G53SEC Security Categories: Physical Logical Environmental Operational 8

G53SEC Physical Security: Tampering “An (physical) interference of a harmful nature” Tamper Mechanisms: Strive to prevent an attempt by an attacker to perform unauthorised physical or electronic action 9

G53SEC Tamper Mechanisms: Tamper Resistance - Special materials Tamper Evidence - Visible evidence left behind after tampering Tamper Detection - Hardware is aware of tampering Tamper Response - Countermeasures upon detection 10

G53SEC Physical Attacks: Invasive - Direct access to embedded components (e.g. cpu) - Micro probing, reverse engineering, memory readout techniques (e.g. freezing) - Require lot of time, knowledge and resources Semi-invasive (integrated chip cards) - UV lights, x-rays, laser, EM field, heating - Optical fault induction (SRAM illumination) - Low cost, easy reproduction on same target 11

G53SEC Physical Attacks: Micro-probing station: 12 Modified Circuit: Source: Cambridge Security Lab

G53SEC Logical Security: Access Control Cryptographic Algorithms Cryptographic Protocols 13

G53SEC Logical Attacks: Non-Invasive No Physical Damage Monitoring/Eavesdropping - TEMPEST attacks - Side Channel Attacks - Timing Analysis - Power Analysis - Fault Analysis 14

G53SEC Logical Attacks: Software Attacks – API - No specialised equipment needed - Very fast Issues: - Integrity of keys - Function parameter checking - Security policy enforcement 15

G53SEC Environmental Security: Device itself is the asset Goal – limit attacker’s possibilities by creating layers of hindrance (e.g. access) Administrative controls should be part of security policy 16

G53SEC Operational Security: Security risks related to operation of hardware Closely related to last week’s lecture Example: ATMs User’s knowledge of: - Real vs. Fake card reader - Keypad operation - PIN Safeguarding - Latest attacks 17

G53SEC Hardware Security Modules: For secure generation and storage of crypto information Often physically tamper resistant Sometimes have H/W cryptographic acceleration Sometimes have special “trusted” peripherals (e.g. card readers, key pads, etc..) Example: Banks - ATMs - Pre-payment electricity meters 18

G53SEC Examples: Credit Cards - Magnetic Stripes - Chip & PIN - RFID (Radio Frequency Identification) 19

G53SEC Examples: Chip & PIN relay attack: Source: Cambridge Security Lab 20

G53SEC Examples: RFID – Radio Frequency Identification Originally developed as the “Barcode of the future” Now used as - Inventory control - Logistics and supply chain management - Physical access cards - Payment - Motorway charges - Gas stations - Small items in shop 21

G53SEC Examples: Future: - Embedded in all kinds of devices - From clothing, to all products we buy e.g. Milk that will tell fridge when it is expired Issues: - Privacy - Security – RFID was not designed with security in mind!! 22

G53SEC Examples: Susceptible to Power Analysis attacks Can be susceptible to Cloning attacks Susceptible to Relay attacks “Is your cat infected with a computer virus?” 23

G53SEC Remember: H/W security as important as other security aspects H/W security devices do not solve security Many attacks exist Many more problems are on the way Because – Security added as an afterthought 24

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.