Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protect Your Hardware from Hacking and Theft

Published byOswin Pitts Modified over 6 years ago

Similar presentations

Presentation on theme: "Protect Your Hardware from Hacking and Theft"— Presentation transcript:

1 Protect Your Hardware from Hacking and Theft
Class 4: Protecting Your System in the Field 11/13/2013 Warren Miller

2 This Week’s Agenda 11/10/14 Stealing and Hacking Your Design- Easy 11/11/14 How Do You Implement Secure Hardware? 11/12/14 Secure Devices- An Overview 11/13/14 Protecting Your System in the Field 11/14/14 An Example Design- in Detail

3 Course Description Your IP… Easy to steal... Must protect it…
This course provides a practical and implementation oriented follow-on to a previous class, given in Dec 2013, that introduced many high level security concepts. You CAN protect your design from reverse engineering or theft.

4 Class Description Once your hardware is deployed it is a target
Directly by “invasive” probing Via network based attacks Protecting your hardware requires Additional layers of protection More complex algorithms and techniques. This class will help you better understand and defend against modern threats to Your fielded system Once your hardware is deployed it is a target- either directly by “invasive” probing of the actual board or via network based attacks. Protecting your hardware from these threats requires additional levels of protection and more complex algorithms and techniques. Luckily manufacturers provide simplifying features and capabilities that can be used to protect field deployed systems.

5 Today’s Topics Protecting Your System in the Field
Hardware Level Attacks Remote Attacks Updates Configuration/Program Bit Streams Boot Code Attacks Sensitive Data Prepare for Tomorrows Class on Your Designs

6 Example Networked System
FPGA and MCU Network Connectivity Service and Control Process Control Sensors, Relays, Indicators Remote Update FPGA Configuration Boot Block Application Data

7 Invasive Attacks Device Hardware Attacks Board Level Attacks
De-cap and Probe JTAG, Testing Interfaces Operation Observations Side Channel and DPA Attacks Timing, Power, EM radiation, etc Board Level Attacks Lifting Traces Disconnect Subsystems System Testing

8 Remote/Network Attacks
Remote Attacks Control Interfaces JTAG, Testing Interfaces Operation Observations and Interference Network Attacks Denial of Service Remote Updates Root Kit Attacks

9 Root of Trust Known secure starting point
Provides services to extend trust to other parts of the system Security keys and algorithms are protected Can be implemented in an FPGA, Standard product, MCU, etc. FPGA used as a Root of Trust NVM, encrypted bitstream Security keys Security services

10 Remote Updates Encrypt update files Authorize update files
Protect from ‘back-rev’ attacks, use golden design Updates by model number, all units, individual unit, etc Protect from alternate update paths (JTAG, SPI)

11 Secure Boot Implementation
Immutable boot loader Via Root of Trust Validate each Phase Extend security to application code

12 Secure Boot Details 12

13 Secure Boot Reference Design
SmartFusion2 Starter Kit as a root of trust Target Processor to boot securely WhiteboxCRYPTO™ Key Protection algorithm GUI to Run the Design SmartFusion2 on the bottom Target processor on top 13

14 Advanced Security Features
Features to Protect Security Keys DPA Protection Memory Segmentation Encrypted Keys, PUF-based Keys Rotating/Session Keys Features to Protect the Design Tamper Detection Lock-bits, Passwords Zeroization 14

15 SmartFusion2 Security Model
15

16 Additional Resources Security Blog, Schneier on Security: Department of Homeland Security- Federal Network Resilience SIA Report on Counterfeiting Microsemi Security Web Site (Source of much of todays content) Coursera Cryptography Courses: (Search for Cryptography) Digi-Key TechZone Article Library: MCUs , Securing MCU Designs, 11/06/2013

17 This Week’s Agenda 11/10/14 Stealing and Hacking Your Design- Easy 11/11/14 How Do You Implement Secure Hardware? 11/12/14 Secure Devices- An Overview 11/13/14 Protecting Your System in the Field 11/14/14 Example Designs- in Detail

Download ppt "Protect Your Hardware from Hacking and Theft"

Similar presentations

Slides created by: Professor Ian G. Harris Method of Attack, Physical Access Attacker has physical possession of the device  Many devices are small and.

Slides created by: Professor Ian G. Harris Method of Attack, Physical Access Attacker has physical possession of the device  Many devices are small and.
COURSE: COMPUTER PLATFORMS

COURSE: COMPUTER PLATFORMS
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Programmable Logic- How do they do that? 1/16/2015 Warren Miller Class 5: Software Tools and More 1.

Programmable Logic- How do they do that? 1/16/2015 Warren Miller Class 5: Software Tools and More 1.
Premduth Vidyanandan & Adrian Hernandez

Premduth Vidyanandan & Adrian Hernandez
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Cyber crime & Security Prepared by : Rughani Zarana.

Cyber crime & Security Prepared by : Rughani Zarana.
IPv6 Network Assessor 111 © 2005 Cisco Systems, Inc. All rights reserved. Susan Shareshian Solutions Manager, Cisco Systems, Inc.

IPv6 Network Assessor 111 © 2005 Cisco Systems, Inc. All rights reserved. Susan Shareshian Solutions Manager, Cisco Systems, Inc.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Flow of presentation:  Kind of attacks on embedded systems.  Most relevant security threats faced by NOC.  Solutions/ways suggested so far to deal.

Flow of presentation:  Kind of attacks on embedded systems.  Most relevant security threats faced by NOC.  Solutions/ways suggested so far to deal.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.

A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.

Similar presentations

Ads by Google