[Cryptech Tech] 32c3 Hardware-Trojaner in Security-Chips

Peter Stuge peter at stuge.se
Sun Dec 27 04:02:26 UTC 2015


Randy Bush wrote:
> this talk is a late for me to be able to struggle through understanding
> deutsch, but it would be nice if a german speaker could listen and
> summarize
> 
> https://events.ccc.de/congress/2015/Fahrplan/events/7146.html

Talks in German are translated to English (and vice versa) in real
time by the volunteer translator team, sometimes with more preparation,
sometimes with less. Translations may vary in quality but usually
provide a good understanding of what is being said.

The video streaming at https://streaming.media.ccc.de/ should offer
streams with translated audio. Recommend VLC or KODI with this plugin
https://github.com/cccc/plugin.video.media-ccc-de for playback, most
web browsers are still not able to do video very well.

If no translated stream is available then you can also sign up and
create a SIP extension at https://eventphone.de/guru2/signup and use any
SIP client to dial the translation stream extension for Hall 2 at 8012.


The description reads:

A trip to the dark side

Hidden access to security chips, known as backdoors, present a
significant threat to the security of personal information in many
common applications. The presenters go into detail about how
"institutions" can try to obtain hidden access to security hardware.
Examples range from simple changes in firmware over circuit
modifications in fabrication masks to special technologies whose
function as a backdoor is nearly impossible to detect even during
certification.

At the same time it is shown how anyone participating in development,
production and usage can help nip backdoors in the bud, with a special
focus on recognizing particular technologies which although praised as
security features also strongly support a use as hardware trojans and
thus are especially challenging.

The moral-ethical aspect is also covered: Who and what can bring
vendors to implement, accept, approve of, support or even
independently initiate backdoors? When is it malice, ignorance
and when stupidity?

The presentation shows which preventative measures can be taken
against this threat on every level and how to effectively verify the
absence of any backdoors.

The authors look back at over 25 years of private and nearly 20 years
of professional experience in the area of smart card attacks.
Following their very first smart card presentations and workshops
1991-93 at the CCC congresses they now tie in to their overview
"25 years of smart card attacks" at 30C3.


Today 2015-12-27 at 16:00 CET (UTC+1) in Hall 2.


//Peter


More information about the Tech mailing list