[Cryptech Tech] hardware attack vector #xx4

manning bill bmanning at isi.edu
Tue Feb 25 10:47:06 UTC 2014


might be problematic if one assumes your FPGA from a random fab is by default, -clean-…
then there are a whole raft of FPGA problems as well, but I think I am covering known paths.
Good Luck - this will be a fun ride.

/bill
Neca eos omnes.  Deus suos agnoscet.

On 25February2014Tuesday, at 1:50, Joachim Strömbergson <joachim at secworks.se> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Aloha!
> 
> manning bill wrote:
>> This might be in your library already…
> 
> Yes, but good of you pointing it out anywat. It is really one of those
> things that only good measurements on physical devices (extracting huge
> amounts of entropy data and test it with dieharder for example) will be
> able to detect.
> 
> There are also some attempts at probing these kinds of attacks. But they
> are probably out of scope for most Cryptech implementators:
> http://eprint.iacr.org/2013/579
> 
> This article also shows how stealhy selection of cells or even change in
> cell geometry creates differences in supply draw that can be detected
> and used as side-channel attacks.
> 
> Scary stuff indeed. We need to list these kinds of problems and be able
> to state what we can protect against, detect etc.
> 
> Thanks!
> 
> - -- 
> Med vänlig hälsning, Yours
> 
> Joachim Strömbergson - Alltid i harmonisk svängning.
> ========================================================================
> Joachim Strömbergson          Secworks AB          joachim at secworks.se
> ========================================================================
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQIcBAEBCAAGBQJTDGdoAAoJEF3cfFQkIuyNb+gP+wUVP677siYyOVa/rylsNRwO
> GvYHc7gCYqqGvgikhJsL98vo9ws/ww8ErT8+P/J7kNOmfmzOEWTb7GL7ngVKa0AP
> U/Nm0hejsAocPlMthBkGHbysERRe7k1QFzaqbqcT7EQ12evxsJeynewyjLgVQm57
> v8RZ2ybWy8L0FxcDroFp0i8oRb9NFmzt4vZ3bdQaI4tfACe9GrYIxTDQZm2g4jjg
> +psOtvi9RhUfTavAtMNqkbx8mlAk3YLQAtQ0FZ81+bUL5lwtFhyxfpwOPxEX3KoR
> pggac7xYKyDo5eQmtNHkO0Aa69OcCgHnlZZHJqBmFtCQDn3Bytl/lW7tecUqB/Y2
> WLO/9jbImhP9THtR/lC1MtvlZRjRSRIl5D2WuM811/2AqGHKemw2PsNipWXB+f/B
> TzUnjOeMuBbhNOXlv/tYm6bJCL/i/T1RhoVker+BkKs71Q44Q2NB9uFAJWKGt5Bk
> +DY/wtl/v+jyP5fzFUKwnsnJPKcaJkXjKeu+QK2yVON/HfVF15GV1sNaPInTe8jg
> xzaff92rO2Xw9YzVYOqbjnk8oncmKtmhMkW0Gg5/KN8zkKN239V00B/SNzAU/g1I
> mUsaYn5FRlbcqWmKFbo8b9TSYypfBu4FU3eWdtemqW8zq+DZvEVfh2Dr5KlOScdZ
> HmmId5QN43Cbd+ur6dr8
> =gv5L
> -----END PGP SIGNATURE-----




More information about the Tech mailing list