Hardware Root of Mistrust

March 22, 2017 (at 1:30 p.m.) in Attack and Research

We aren't sure whether it's because software hardening has been wildly successful or just deemed a lost cause, but implementation and adoption of hardware-based security devices has picked up in recent years. We now have TPMs in our systems to secure our full disk encryption keys. We carry authentication tokens not only to secure our banking and corporate VPN connections, but also to access everything from cloud services to social networking. We have PCs that implement a secure booting mechanism.

While we've separated these 'trusted' hardware components so that they might be more reliable, we will present 5 scenarios where trusted hardware can be MITM'd, modified, or counterfeited easily. In each case, we've undermined intended security assumptions made by their designers and users. In addition to covering technical details about our modifications and counterfeit designs, we'll explore a few attack scenarios for each. We'll conclude with a few recommendations on how to decide whether or not you should trust your hardware security module of choice.

Joeseph FitzPatrick

Joe (@securelyfitz) is an Instructor and Researcher at https://SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spend the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks on x86 or Embedded Systems, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

Michael Leibowitz

Michael (@r00tkillah) has done hard-time in real-time. An old-school computer engineer by education, he spends his days championing product security for a large semiconductor company. Previously, he developed and tested embedded hardware and software, dicked around with strap-on boot roms, mobile apps, office suites, and written some secure software. On nights and weekends he hacks on electronics, writes Troopers CFPs, and contributes to the NSA Playset.