SlideShare uma empresa Scribd logo

Anti-Tampering_Part1.pdf

S
shannlevia123

ccc

Engenharia
1 de 48
Baixar para ler offline
Founded by
Brief Overview of Hardware Anti-Tampering Design . Dr. Kent Chuang 2022 December
Outline . 1. Physical Attacks 2. Anti-tampering Techniques 3. PUF-based RoT Secure Macro Designs 4. Anti-tampering Designs Overview 5. Summary
Outline . 2. Anti-tampering Techniques 3. PUF-based RoT Secure Macro Designs 4. Anti-tampering Designs Overview 5. Summary
page 5 Why Anti-Tampering ? Memory Array BL-decode/SA BG/HV CP WL-decode ctrl NVM Hard Macro Controller APB Slave I/F RTL Wrapper Proprietary Protocol APB Protocol NVM attacks Interface/Controller attacks ◼ NVM arrays are obvious targets for physical attacks ◼ Interface and controller may be attacked to bypass security policies
page 6 Types of Physical Attacks . • Side-channel analysis • Malicious SW/FW • EM fault injection • External pin monitoring or manipulation • … • Laser fault injection • Photoemission microscopy • … • TEM/SEM analysis • Nano probing • Voltage contrast • … No structural changes → Keeps normal function No destructive changes → Keeps normal function Destructive changes → Chip function fails Non-Invasive Attacks Semi-Invasive Attacks Invasive Attacks Attack strength & cost Low High
page 7 For Example . Invasive Attack Non-Invasive Attack Semi-Invasive Attack
page 8 Non-Invasive Attacks . Fault injection from external pins Monitoring through external pins EM fault injection EM probing ◼ Physical change on the attack target is not needed ◼ E.g., external pins, EM waves, malicious software, … ◼ Can be performed using standard equipment ◼ Lowest attack strength and cost
page 9 Side Channel Attacks . ◼ Manipulating input or observing output to exploit vulnerability of cryptographic system V Power Analysis (V, I) Electro-Magnetic Emission Output Input
page 10 Power Analysis . ◼ CMOS logic only consume power when changing states ◼ Power consumption of a particular operation is input dependent ◼ Measuring power reveals the information of chip operations Output Input VDD DV I T1: OFF→ON T2: ON→OFF VDD VSS Input Output Input 0 → 1 T1: ON→OFF T2: OFF→ON VDD VSS Input Output Input 1 → 0
page 11 R + - V Attack platform Power traces Statistical analysis Key guess Find leakage P. Kocher et. al, “Differential power analysis” Side-channel attack using power analysis . ◼ Finding correct keys based on leakage information ◼ Significantly lowering the computation complexity (e.g., from 2256 to 32 x 28) ◼ Countermeasures: masking, TI, low-leakage design, analog filtering, …
page 12 Electromagnetic Analysis . ◼ Electromagnetic (EM) emission from charge transportation ◼ EM emission is dependent to circuit operations ◼ Measuring EM reveals the information of chip operations Si-Substrate M1 M2 X Y I H-field +V -V E-field
page 13 Software-based Physical Attacks . Hammered Affected Sense-Amp. Leakage WL WL BL Charge/ Discharge Row Hammer attack on DRAM N. A. Anagnostopoulos, et al. "Low-temperature data remanence attacks against intrinsic SRAM PUFs." 2018 21st Euromicro Conference on Digital System Design (DSD). IEEE, 2018. ◼ Using malicious software to trigger exploitable physical changes – E.g., injecting faults to DRAM by row hammer attack ◼ Exploiting physical mechanisms to help malicious software bypassing security measures – E.g., using data remanence effects in SRAM to read protected contents Data Remanence attack on SRAM
page 14 Semi-Invasive Attacks . Substrate Substrate Thinned (Grinding/Drilling) Laser Fault Injection InGaAs EMMI ◼ Physical changes are needed, e.g., package removal, substrate thinning ◼ Chip can still function normally after physical changes ◼ Usually requires specialized equipment and proficient attackers ◼ Moderate attack strength and cost
page 15 Decapsulation . Photo Emission (IR, NIR, …) ◼ Remove chip package or drilling holes into it allows closer approach to the chip ◼ Photo emission, reflection or photoelectric effects can be measured
page 16 Backside Laser Injection . Laser photocurrent VDD VSS Laser ◼ Laser pulses are injected into the substrate of the chip ◼ Side-channel leakage may be observed (e.g., Seebeck’s effect) ◼ Faults may be induced due to photoelectric effects Faults V↓
page 17 Invasive Attacks . Substrate Substrate Thinned (Grinding/Drilling) Metal Delayered TEM inspection (cross-section) SEM inspection Nano-probing ◼ Destructive changes are needed, e.g., decapsulation + metal delayering ◼ Chip cannot function normally after sample preparation ◼ Usually requires high-end equipment and expert attackers ◼ Highest attack strength and cost
page 18 Chip Delayering . Removing Upper Metal Exposure of Gate & Contact Exposure of Diffusion
page 19 Reverse Engineering . ◼ Find the design (layout and schematic) through visual inspection on delayered chips ◼ Expose memory locations that stores sensitive data → helps to find the keys using other methods ◼ Metal keys may be exposed through reverse engineering Regeneration of Schematic Layout Photo Layer by Layer
page 20 Micro-probing (Nano-probing) . channel1 1242901 channel2 2422578 ◼ De-cap → De-layer→ Probing – Forcing voltage/current or monitoring ◼ May use FIB (focused ion beam) to open probing window
page 21 Focused Ion Beam (FIB) . ◼ De-cap → De-layer→ Re-wire using FIB – Critical information may be sent to unintended locations CPU Crypto Secure Non-secure NVM CPU Crypto Secure Non-secure NVM 1 Cut + 1 Connection FIB key leak
page 22 Ion m on t ons Passive Voltage Contrast (PVC) Attacks . ◼ Using FIB or SEM to scan through the target metal/semiconductor structure ◼ Secondary electron scattering affected by charge accumulation – Positive voltage prevents electron scattering to the detector ◼ Leakage paths may be found in the resulting image FIB/SEM FIB/SEM Ion m on t ons Frontside scan Backside scan
Outline . 1. Physical Attacks 3. PUF-based RoT Secure Macro Designs 4. Anti-tampering Designs Overview 5. Summary
page 24 Types of Anti-tampering techniques . • Anti-Tamper Seal • Back-to-back packaging • … • Temperature Sensor • Glitch detector • Frequency detector • Active shield • … • Secure layout • Fault detection • Redundancy • Random insertion • … Prevent physical access → Tampering makes chips unfunctional Send alarm flags → System can sense abnormal behaviors Mitigate faults and leakage → FI and SCA become ineffective Package Level Chip Level IP Level All required to achieve the highest security level
page 25 Package Level Anti-Tampering . Decap & Delayer Decap & Grind ◼ Decapsulating packages allows physical access to the frontside/backside of the chips ◼ Need special packaging techniques as countermeasures Wirebond Package Flip-chip Package
page 26 Anti-tamper seal for secure packaging . A B Short circuit → Not Tampered A B A B A B Open circuit → Tampered Decap ◼ E.g., anti-tamper tape connected to tamper detection pins – Tape will be broken if package is opened – Tamper event is detected by checking short/open circuit
page 27 Back-to-back packaging . ◼ Conventional package techniques, especially flip-chip packages, may be accessed from the backside ◼ Solution: stick the backside of two chips together ◼ Need to separate two chips before accessing from the backside Backside Physical Attacks Conventional Flip-Chip Package Back-to-back Package Back Front
page 28 Chip Level Anti-Tampering . Substrate Laser Fault Injection Tamper Detection Shielding Physical Attacks ◼ Implement tamper protection or tamper detection circuits on chip ◼ Helps detecting abnormal behaviors after tamper events M7 M8
page 29 ◼ Detecting tampering events using global or distributed detectors ◼ Global Detectors: detecting tamper events that affect most of the circuits ◼ Distributed Detectors: detecting tamper events on localized fault injection or probing CryptoEngine VoltageGlitch Detector Core Voltage Detector Frequency Detector ClockGlitch Detector Temperature Sensor Anti-Tamper Controller Hardware RootofTrust Distributed Detectors Global Detectors SoC Tamper Detection Circuits .
page 30 IP Level Anti-Tampering Techniques . Output Input VDD DV I Crypto Conventional Crypto Design Output Input VDD DV I Crypto Protected Crypto Design ◼ Make circuit designs intrinsically resilient to attacks – Security by Design ◼ For Soft IP: implemented in RTL design ◼ For Hard IP: implemented in schematic design and layout
page 31 Requirements in Certification Programs . ◼ Many electronic products need to obtain security certificates ◼ Different security levels defined in different certification programs ◼ Higher security level requires better resistance against physical attacks
page 32 Assessing Attacks and Countermeasures . ◼ JIL rating methodology, a commonly used approach – Joint Interpretation Library – “Application of Attack Potential to Smartcards and Similar Devices” – Refinement of the methodology in Common Criteria – Originates from secure IC industry targeting the Smart Card applications – Widely adopted in industries requires high security Factors Identification Exploitation Ratings Ratings Elapsed time < one week (2) < one week (4) Expertise … … Knowledge of the TOE … … Access to TOE … … Equipment … … Open samples/Samples With known secrets … … Total Rating = ?? Requirements for the attack method Attack Rating Range of values TOE Resistant to Attackers with Potential of 0-15 No Rating 16-20 Basic 21-25 Enhanced Basic 26-30 Moderate 31 and above High
page 33 JIL Rating Example . Factors Identification Exploitation Identification: Identify a successful attack method Exploitation: Repeat the identified attack method Elapsed time < one week 2 < one week 4 → Requires less than 1 week (> 3 day) to perform the attack Expertise Expert 5 Expert 4 → Th tt k ’s xp tis to p fo m th tt k Knowledge of the TOE Restricted 2 Public 0 → How much information needed to perform the attack Access to TOE < 10 samples 0 < 10 samples 0 → How many samples needed to complete the attack Equipment Multiple Bespoke 7 Multiple Bespoke 8 → Required level of equipment for performing the attack Open samples/Samples With known secrets Not Required 0 Not Applicable 0 → Number of open samples needed to perform the attack Total Rating 32 Example: Attack potential evaluation against reverse engineering TOE Resistant to Attackers with Potential of High
Outline . 1. Physical Attacks 2. Anti-tampering Techniques 4. Anti-tampering Designs Overview 5. Summary
page 35 Root of Trust Core Processor Crypto Coprocessor DRAM Controller SRAM ROM Main Bus SoC A Root of Trust (RoT) stores and manages the most sensitive digital assets What is a Root of Trust ?
page 36 Device A ▪ How to ensure this key is unique? → Keys need to be securely provisioned ▪ How to ensure this key cannot be stolen? → Keys should be kept in a Root-of-Trust A unique key must be securely stored in the hardware Resilient to attacks Device B Different The Needs of Root of Trust in Silicon .
page 37 NVM Secure Macro . ◼ Need to store keys in the chip ◼ OTP, eFuse, Flash, ROM, … – Designed in analog hard macro – Without standard interface ◼ Need dedicated controller ◼ How to secure the contents? Memory Array BL-decode/SA BG/HV CP WL-decode ctrl NVM Hard Macro Controller APB Slave I/F RTL Wrapper Proprietary Protocol APB Protocol
page 38 Requirements for NVM Secure Macro . ◼ Usability – Support standard interface to system bus – RTL wrapper translate system command to proprietary control signals ◼ Security – Secure control flow and access policy management – Countermeasures against physical attacks Root-of-Trust CPU Crypto Coprocessor SRAM Main Bus SoC HardMacro RTL APB APB
page 39 PUFrt: Hardware Root of Trust . ◼ 3rd party Security Lab certified anti-tampering design ◼ 5-in-1 Secure OTP : OTP + PUF + TRNG + Control logic + Privilege mode PUFrt Secure Sub-system (Cryptos) PUFrt Features / Benefits Secure Storage ▪ Secure OTP ▪ Anti-physical/electrical attack Integrated TRNG ▪ Instant ready 90b in 100us ▪ NIST SP800-90B / 800-22 compliant Inborn PUF (1Kb) ▪ Save costly key injection process ▪ Instant ready without helper Anti-Tamper ▪ The design and entropy will protect macro, operation and interface Dual Interface ▪ Standard APB-s Controller ▪ Privileges to Secure/Non-secure ▪ Customizable to TCM and TileLink PUF TRNG OTP APB 2 PUF-Realm APB 1 CPU Core
Outline . 1. Physical Attacks 2. Anti-tampering Techniques 3. PUF-based RoT Secure Macro Designs 5. Summary
page 41 PUFrt Design Diagram . PUFrt consists of  APB-Client I/F  4*256 UID  TRNG  128*32 Secure OTP  Anti-Tampering Designs Hard Macro in GDS Wide Bus APB Client Digital RTL PUFrt Digital (BUS Protect) X-Decode Driver Y-Decode/SA Analog (BG/Jitters) NeoPUF 2K NeoFuse 4K SACTL CTL Logic High Voltage Charge Pump APB Digital (BUS Protect) ⑭ TRNG/Conditioning TRNG/PUF Health Check Post Masking Random Insertion READ Address Data Shuffler Access Permission Interrupt Status Test Mode Command Fault Injection Protection
page 42 PUFrt TYPES SECURITY FEATURES Invasive Attack 1 Intrinsic Physical Security 2 Voltage Contrast Attack Countermeasures 3 Data Address X-Y Scrambler and IO Shuffler using PUF Semi- Invasive Attack 4 (Optional) Top Metal Shielding 5 Security-oriented IP Layout 6 Active Sense-Amplifier READ Protection 7 Hidden and Obfuscated Data Interface (inside macro) 8 Output Data Fault Detection Non- Invasive Attack 9 Pin Integrity Protection on Mode and Array Selection 10 Word Lock; Non-Accessible Post-Masking (on OTP) 11 Zeroization and Post-Masking (on PUF) 12 Built-in Secure Repair and Test-mode Lock 13 (Optional) Random Dummy Insertion READ 14 PUF Health Check 15 Fault Injection Prevention (Mode/Address/Post-masking) 16 Unified Write Power to Prevent Electrical Analysis 17 Power Detection -VDD/VDDIO Floating Digital RTL Hard Macro in GDS TRNG/UID/OTP Encryption Secure Controller APB Interfacing ctrl BL-decode/SA HV CP WL- decode NeoFuse NeoPUF Secure Bus ROSC Entropy Anti-tampers ▪ Comprehensive IP-level anti-tampering design in Hard Macro and RTL PUFrt: CompleteAnti-Tampering .
page 43 Threat Model Against Design (Green/Blue for hard macro/digital) SEM, FIB, TEM, optical inspection (OBIC/OBIRCH) Intrinsic physical security ① Passive voltage contrast Sharing poly and OD array ② Locate address, delayer and nano probing optical inspection (OBIC/OBIRCH) Top metal shielding, security-oriented IP layout, inter-metal routing ④⑤⑦ Address/IO scrambler, post-masking, random dummy read ③⑩⑪⑬ Power analysis on SA during read Active SA protection during reading ⑥ Fault injection on visible IO or mode select Output Data Fault Detection, Pin Protection, IO-Shuffler, FI prevention ③⑧⑨⑮ Rollback, replay attack and software access Assess Permission and Post-Masking on OTP and PUF ⑩⑪ Secure setting or reserved bit leakage/revise Secure repair and test-mode protection by lock ⑫ Fault injection or glitch protection Output Data Fault Detection, Random dummy read, FI Prevention ⑧⑬⑮ Power analysis on CP or maliciously cut power Unified operating power and power floating detection ⑯⑰ Skip enrolling PUF PUF health check and flag check ⑭ Photon emission inspection Active SA protection during reading ⑥ Address/IO scrambler, post-masking, random dummy read ③⑩⑪⑬ Threat Model List and Countermeasures .
page 44 Digital X-Decode Driver Y-Decode/SA Analog (BG/Jitters) NeoPUF 2K NeoFuse 4K SACTL CTL Logic High Voltage Charge Pump Hard Macro Anti-Tampering Features . APB/CTR Functions Hard Macro in GDS Digital RTL ⑤ ⑯ ⑥ Global Protection: ④⑤⑦ ⑧ ⑨ ⑰ APB Client Wide Bus ①② ③⑩⑪⑫ ⑬⑭⑮ ① Intrinsic Physical Security ② Voltage Contrast Attack Countermeasures ③ Data Address X-Y Scrambler and IO Shuffler using PUF ④ (Optional) Top Metal Shielding ⑤ Security-oriented IP Layout ⑥ Active Sense-Amplifier READ Protection ⑦ Hidden and Obfuscated Data Interface (inside macro) ⑧ Output Data Fault Detection ⑨ Pin Integrity Protection on Mode and Array Selection ⑩ Word Lock; Non-Accessible Post-Masking (on OTP) ⑪ Zeroization and Post-Masking (on PUF) ⑫ Built-in Secure Repair and Test-mode Lock ⑬ (Optional) Random Dummy Insertion READ ⑭ PUF Health Check ⑮ Fault Injection Protection (Mode/Address/Post-masking) ⑯ Unified Write Power to Prevent Electrical Analysis ⑰ Power Detection -VDD/VDDIO Floating
page 45 Digital Anti-Tampering Features . Digital ( BUS Protect ) OTP PUF Entropy Hard Macro ⑧ ⑨ APB Client Wide Bus Digital RTL ①②④ ⑤⑥⑦ ⑯⑰ ⑭ ① Intrinsic Physical Security ② Voltage Contrast Attack Countermeasures ③ Data Address X-Y Scrambler and IO Shuffler using PUF ④ (Optional) Top Metal Shielding ⑤ Security-oriented IP Layout ⑥ Active Sense-Amplifier READ Protection ⑦ Hidden and Obfuscated Data Interface (inside macro) ⑧ Output Data Fault Detection ⑨ Pin Integrity Protection on Mode and Array Selection ⑩ Word Lock; Non-Accessible Post-Masking (on OTP) ⑪ Zeroization and Post-Masking (on PUF) ⑫ Built-in Secure Repair and Test-mode Lock ⑬ (Optional) Random Dummy Insertion READ ⑭ PUF Health Check ⑮ Fault Injection Protection (Mode/Address/Post-masking) ⑯ Unified Write Power to Prevent Electrical Analysis ⑰ Power Detection -VDD/VDDIO Floating APB ⑭ TRNG/Conditioning TRNG/PUF Health Check Interrupt Status Test Mode Command Post Masking Random Insertion READ Address Data Shuffler Access Permission ③ ⑫ ⑬ ⑩ ⑪ Digital ( BUS Protect ) ⑨ Fault Injection Protection ⑮
Outline . 1. Introduction on PUFrt Secure Macro 2. Physical Attacks 3. Anti-tampering Techniques 4. PUFrt Anti-tampering designs
page 47 Summary . ◼ PUFrt is a NVM secure macro that works as a Hardware Root of Trust ◼ NVM secure macro need to be resistant to physical attacks ◼ Various physical attacks need to be considered – Invasive attacks, e.g., TEM, SEM – Semi-invasive attacks, e.g., laser fault injection – Non-invasive attacks, e.g., power analysis ◼ Anti-tampering techniques need to be implemented for against physical attacks – Package level, chip level and IP level solutions ◼ PUFrt is equipped with comprehensive anti-tampering designs – Anti-tampering designs in hard macro – Anti-tampering designs in RTL wrapper
Thank you! More educational materials? Feel free to follow us!

Recomendados

Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 
SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices,...
SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices,...SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices,...
SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices,...SBA Research
 
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...a001
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul ComerfordPROFIBUS and PROFINET InternationaI - PI UK
 
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]Alex Pruden
 
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013Ira Feldman
 
MIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityMIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityCharles Guillemet
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
 

Recomendados

Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 
SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices,...
SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices,...SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices,...
SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices,...SBA Research
 
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...a001
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul ComerfordPROFIBUS and PROFINET InternationaI - PI UK
 
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]Alex Pruden
 
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013Ira Feldman
 
MIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityMIT Bitcoin Expo 2018 - Hardware Wallets Security
MIT Bitcoin Expo 2018 - Hardware Wallets SecurityCharles Guillemet
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Jonathan Cran
 
Get your Lost Data Back Now - Understanding Data Recovery
Get your Lost Data Back Now - Understanding Data RecoveryGet your Lost Data Back Now - Understanding Data Recovery
Get your Lost Data Back Now - Understanding Data RecoveryArthur King
 
Senzations’15: Secure Internet of Things
Senzations’15: Secure Internet of ThingsSenzations’15: Secure Internet of Things
Senzations’15: Secure Internet of ThingsSenZations Summer School
 
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...Khaled El Emam
 
Designing and implementing malicious processors
Designing and implementing malicious processorsDesigning and implementing malicious processors
Designing and implementing malicious processorsNebyueAwoke
 
Test versus security @ IEEE Concept
Test versus security @ IEEE ConceptTest versus security @ IEEE Concept
Test versus security @ IEEE Conceptkodela3
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdfParasPatel967737
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdfKalsoomTahir2
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdfParvezAhmed59842
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.pptEllenSutiyem
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPace IT at Edmonds Community College
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
 
Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...eSAT Publishing House
 
Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...eSAT Journals
 
Stanford Cybersecurity January 2009
Stanford Cybersecurity January 2009Stanford Cybersecurity January 2009
Stanford Cybersecurity January 2009Jason Shen
 
Cyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz AcademyCyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz Academyananthakrishnansblit
 
Cyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiCyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiamallblitz0
 
Microgrid Protection: Challenges and Solution
Microgrid Protection: Challenges and Solution Microgrid Protection: Challenges and Solution
Microgrid Protection: Challenges and SolutionSiksha 'O' Anusandhan (Deemed to be University )
 
ch00-1-introduction.pdf
ch00-1-introduction.pdfch00-1-introduction.pdf
ch00-1-introduction.pdfshannlevia123
 
Chapter 5(Appendix).pdf
Chapter 5(Appendix).pdfChapter 5(Appendix).pdf
Chapter 5(Appendix).pdfshannlevia123
 

Mais conteúdo relacionado

Semelhante a Anti-Tampering_Part1.pdf

ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Jonathan Cran
 
Get your Lost Data Back Now - Understanding Data Recovery
Get your Lost Data Back Now - Understanding Data RecoveryGet your Lost Data Back Now - Understanding Data Recovery
Get your Lost Data Back Now - Understanding Data RecoveryArthur King
 
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...Khaled El Emam
 
Designing and implementing malicious processors
Designing and implementing malicious processorsDesigning and implementing malicious processors
Designing and implementing malicious processorsNebyueAwoke
 
Test versus security @ IEEE Concept
Test versus security @ IEEE ConceptTest versus security @ IEEE Concept
Test versus security @ IEEE Conceptkodela3
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
 
Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...eSAT Publishing House
 
Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...eSAT Journals
 
Stanford Cybersecurity January 2009
Stanford Cybersecurity January 2009Stanford Cybersecurity January 2009
Stanford Cybersecurity January 2009Jason Shen
 
Cyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz AcademyCyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz Academyananthakrishnansblit
 
Cyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiCyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiamallblitz0
 

Semelhante a Anti-Tampering_Part1.pdf (20)

ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction
 
Get your Lost Data Back Now - Understanding Data Recovery
Get your Lost Data Back Now - Understanding Data RecoveryGet your Lost Data Back Now - Understanding Data Recovery
Get your Lost Data Back Now - Understanding Data Recovery
 
Senzations’15: Secure Internet of Things
Senzations’15: Secure Internet of ThingsSenzations’15: Secure Internet of Things
Senzations’15: Secure Internet of Things
 
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...
 
Designing and implementing malicious processors
Designing and implementing malicious processorsDesigning and implementing malicious processors
Designing and implementing malicious processors
 
Test versus security @ IEEE Concept
Test versus security @ IEEE ConceptTest versus security @ IEEE Concept
Test versus security @ IEEE Concept
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security Issues
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
 
Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...
 
Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...Design and implementation of secured scan based attacks on ic’s by using on c...
Design and implementation of secured scan based attacks on ic’s by using on c...
 
Stanford Cybersecurity January 2009
Stanford Cybersecurity January 2009Stanford Cybersecurity January 2009
Stanford Cybersecurity January 2009
 
Cyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz AcademyCyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz Academy
 
Cyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiCyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochi
 
Microgrid Protection: Challenges and Solution
Microgrid Protection: Challenges and Solution Microgrid Protection: Challenges and Solution
Microgrid Protection: Challenges and Solution
 

Mais de shannlevia123

ch00-1-introduction.pdf
ch00-1-introduction.pdfch00-1-introduction.pdf
ch00-1-introduction.pdfshannlevia123
 
Chapter 5(Appendix).pdf
Chapter 5(Appendix).pdfChapter 5(Appendix).pdf
Chapter 5(Appendix).pdfshannlevia123
 
lec08_computation_of_DFT.pdf
lec08_computation_of_DFT.pdflec08_computation_of_DFT.pdf
lec08_computation_of_DFT.pdfshannlevia123
 
Ch2_Discrete time signal and systems.pdf
Ch2_Discrete time signal and systems.pdfCh2_Discrete time signal and systems.pdf
Ch2_Discrete time signal and systems.pdfshannlevia123
 

Mais de shannlevia123 (12)

ch00-1-introduction.pdf
ch00-1-introduction.pdfch00-1-introduction.pdf
ch00-1-introduction.pdf
 
Chapter 5(Appendix).pdf
Chapter 5(Appendix).pdfChapter 5(Appendix).pdf
Chapter 5(Appendix).pdf
 
Prob - Syllabus.pdf
Prob - Syllabus.pdfProb - Syllabus.pdf
Prob - Syllabus.pdf
 
PUF_lecture4.pdf
PUF_lecture4.pdfPUF_lecture4.pdf
PUF_lecture4.pdf
 
lec08_computation_of_DFT.pdf
lec08_computation_of_DFT.pdflec08_computation_of_DFT.pdf
lec08_computation_of_DFT.pdf
 
lec07_DFT.pdf
lec07_DFT.pdflec07_DFT.pdf
lec07_DFT.pdf
 
PUF_lecture3.pdf
PUF_lecture3.pdfPUF_lecture3.pdf
PUF_lecture3.pdf
 
PUF_lecture2.pdf
PUF_lecture2.pdfPUF_lecture2.pdf
PUF_lecture2.pdf
 
PUF_lecture1.pdf
PUF_lecture1.pdfPUF_lecture1.pdf
PUF_lecture1.pdf
 
control00.pdf
control00.pdfcontrol00.pdf
control00.pdf
 
Ch2_Discrete time signal and systems.pdf
Ch2_Discrete time signal and systems.pdfCh2_Discrete time signal and systems.pdf
Ch2_Discrete time signal and systems.pdf
 
Ch3_Z-transform.pdf
Ch3_Z-transform.pdfCh3_Z-transform.pdf
Ch3_Z-transform.pdf
 

Último

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.Kamal Acharya
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...soginsider
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayEpec Engineered Technologies
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...tanu pandey
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringmulugeta48
 

Último (20)

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 

Anti-Tampering_Part1.pdf

  • 2. Brief Overview of Hardware Anti-Tampering Design . Dr. Kent Chuang 2022 December
  • 3. Outline . 1. Physical Attacks 2. Anti-tampering Techniques 3. PUF-based RoT Secure Macro Designs 4. Anti-tampering Designs Overview 5. Summary
  • 4. Outline . 2. Anti-tampering Techniques 3. PUF-based RoT Secure Macro Designs 4. Anti-tampering Designs Overview 5. Summary
  • 5. page 5 Why Anti-Tampering ? Memory Array BL-decode/SA BG/HV CP WL-decode ctrl NVM Hard Macro Controller APB Slave I/F RTL Wrapper Proprietary Protocol APB Protocol NVM attacks Interface/Controller attacks ◼ NVM arrays are obvious targets for physical attacks ◼ Interface and controller may be attacked to bypass security policies
  • 6. page 6 Types of Physical Attacks . • Side-channel analysis • Malicious SW/FW • EM fault injection • External pin monitoring or manipulation • … • Laser fault injection • Photoemission microscopy • … • TEM/SEM analysis • Nano probing • Voltage contrast • … No structural changes → Keeps normal function No destructive changes → Keeps normal function Destructive changes → Chip function fails Non-Invasive Attacks Semi-Invasive Attacks Invasive Attacks Attack strength & cost Low High
  • 7. page 7 For Example . Invasive Attack Non-Invasive Attack Semi-Invasive Attack
  • 8. page 8 Non-Invasive Attacks . Fault injection from external pins Monitoring through external pins EM fault injection EM probing ◼ Physical change on the attack target is not needed ◼ E.g., external pins, EM waves, malicious software, … ◼ Can be performed using standard equipment ◼ Lowest attack strength and cost
  • 9. page 9 Side Channel Attacks . ◼ Manipulating input or observing output to exploit vulnerability of cryptographic system V Power Analysis (V, I) Electro-Magnetic Emission Output Input
  • 10. page 10 Power Analysis . ◼ CMOS logic only consume power when changing states ◼ Power consumption of a particular operation is input dependent ◼ Measuring power reveals the information of chip operations Output Input VDD DV I T1: OFF→ON T2: ON→OFF VDD VSS Input Output Input 0 → 1 T1: ON→OFF T2: OFF→ON VDD VSS Input Output Input 1 → 0
  • 11. page 11 R + - V Attack platform Power traces Statistical analysis Key guess Find leakage P. Kocher et. al, “Differential power analysis” Side-channel attack using power analysis . ◼ Finding correct keys based on leakage information ◼ Significantly lowering the computation complexity (e.g., from 2256 to 32 x 28) ◼ Countermeasures: masking, TI, low-leakage design, analog filtering, …
  • 12. page 12 Electromagnetic Analysis . ◼ Electromagnetic (EM) emission from charge transportation ◼ EM emission is dependent to circuit operations ◼ Measuring EM reveals the information of chip operations Si-Substrate M1 M2 X Y I H-field +V -V E-field
  • 13. page 13 Software-based Physical Attacks . Hammered Affected Sense-Amp. Leakage WL WL BL Charge/ Discharge Row Hammer attack on DRAM N. A. Anagnostopoulos, et al. "Low-temperature data remanence attacks against intrinsic SRAM PUFs." 2018 21st Euromicro Conference on Digital System Design (DSD). IEEE, 2018. ◼ Using malicious software to trigger exploitable physical changes – E.g., injecting faults to DRAM by row hammer attack ◼ Exploiting physical mechanisms to help malicious software bypassing security measures – E.g., using data remanence effects in SRAM to read protected contents Data Remanence attack on SRAM
  • 14. page 14 Semi-Invasive Attacks . Substrate Substrate Thinned (Grinding/Drilling) Laser Fault Injection InGaAs EMMI ◼ Physical changes are needed, e.g., package removal, substrate thinning ◼ Chip can still function normally after physical changes ◼ Usually requires specialized equipment and proficient attackers ◼ Moderate attack strength and cost
  • 15. page 15 Decapsulation . Photo Emission (IR, NIR, …) ◼ Remove chip package or drilling holes into it allows closer approach to the chip ◼ Photo emission, reflection or photoelectric effects can be measured
  • 16. page 16 Backside Laser Injection . Laser photocurrent VDD VSS Laser ◼ Laser pulses are injected into the substrate of the chip ◼ Side-channel leakage may be observed (e.g., Seebeck’s effect) ◼ Faults may be induced due to photoelectric effects Faults V↓
  • 17. page 17 Invasive Attacks . Substrate Substrate Thinned (Grinding/Drilling) Metal Delayered TEM inspection (cross-section) SEM inspection Nano-probing ◼ Destructive changes are needed, e.g., decapsulation + metal delayering ◼ Chip cannot function normally after sample preparation ◼ Usually requires high-end equipment and expert attackers ◼ Highest attack strength and cost
  • 18. page 18 Chip Delayering . Removing Upper Metal Exposure of Gate & Contact Exposure of Diffusion
  • 19. page 19 Reverse Engineering . ◼ Find the design (layout and schematic) through visual inspection on delayered chips ◼ Expose memory locations that stores sensitive data → helps to find the keys using other methods ◼ Metal keys may be exposed through reverse engineering Regeneration of Schematic Layout Photo Layer by Layer
  • 20. page 20 Micro-probing (Nano-probing) . channel1 1242901 channel2 2422578 ◼ De-cap → De-layer→ Probing – Forcing voltage/current or monitoring ◼ May use FIB (focused ion beam) to open probing window
  • 21. page 21 Focused Ion Beam (FIB) . ◼ De-cap → De-layer→ Re-wire using FIB – Critical information may be sent to unintended locations CPU Crypto Secure Non-secure NVM CPU Crypto Secure Non-secure NVM 1 Cut + 1 Connection FIB key leak
  • 22. page 22 Ion m on t ons Passive Voltage Contrast (PVC) Attacks . ◼ Using FIB or SEM to scan through the target metal/semiconductor structure ◼ Secondary electron scattering affected by charge accumulation – Positive voltage prevents electron scattering to the detector ◼ Leakage paths may be found in the resulting image FIB/SEM FIB/SEM Ion m on t ons Frontside scan Backside scan
  • 23. Outline . 1. Physical Attacks 3. PUF-based RoT Secure Macro Designs 4. Anti-tampering Designs Overview 5. Summary
  • 24. page 24 Types of Anti-tampering techniques . • Anti-Tamper Seal • Back-to-back packaging • … • Temperature Sensor • Glitch detector • Frequency detector • Active shield • … • Secure layout • Fault detection • Redundancy • Random insertion • … Prevent physical access → Tampering makes chips unfunctional Send alarm flags → System can sense abnormal behaviors Mitigate faults and leakage → FI and SCA become ineffective Package Level Chip Level IP Level All required to achieve the highest security level
  • 25. page 25 Package Level Anti-Tampering . Decap & Delayer Decap & Grind ◼ Decapsulating packages allows physical access to the frontside/backside of the chips ◼ Need special packaging techniques as countermeasures Wirebond Package Flip-chip Package
  • 26. page 26 Anti-tamper seal for secure packaging . A B Short circuit → Not Tampered A B A B A B Open circuit → Tampered Decap ◼ E.g., anti-tamper tape connected to tamper detection pins – Tape will be broken if package is opened – Tamper event is detected by checking short/open circuit
  • 27. page 27 Back-to-back packaging . ◼ Conventional package techniques, especially flip-chip packages, may be accessed from the backside ◼ Solution: stick the backside of two chips together ◼ Need to separate two chips before accessing from the backside Backside Physical Attacks Conventional Flip-Chip Package Back-to-back Package Back Front
  • 28. page 28 Chip Level Anti-Tampering . Substrate Laser Fault Injection Tamper Detection Shielding Physical Attacks ◼ Implement tamper protection or tamper detection circuits on chip ◼ Helps detecting abnormal behaviors after tamper events M7 M8
  • 29. page 29 ◼ Detecting tampering events using global or distributed detectors ◼ Global Detectors: detecting tamper events that affect most of the circuits ◼ Distributed Detectors: detecting tamper events on localized fault injection or probing CryptoEngine VoltageGlitch Detector Core Voltage Detector Frequency Detector ClockGlitch Detector Temperature Sensor Anti-Tamper Controller Hardware RootofTrust Distributed Detectors Global Detectors SoC Tamper Detection Circuits .
  • 30. page 30 IP Level Anti-Tampering Techniques . Output Input VDD DV I Crypto Conventional Crypto Design Output Input VDD DV I Crypto Protected Crypto Design ◼ Make circuit designs intrinsically resilient to attacks – Security by Design ◼ For Soft IP: implemented in RTL design ◼ For Hard IP: implemented in schematic design and layout
  • 31. page 31 Requirements in Certification Programs . ◼ Many electronic products need to obtain security certificates ◼ Different security levels defined in different certification programs ◼ Higher security level requires better resistance against physical attacks
  • 32. page 32 Assessing Attacks and Countermeasures . ◼ JIL rating methodology, a commonly used approach – Joint Interpretation Library – “Application of Attack Potential to Smartcards and Similar Devices” – Refinement of the methodology in Common Criteria – Originates from secure IC industry targeting the Smart Card applications – Widely adopted in industries requires high security Factors Identification Exploitation Ratings Ratings Elapsed time < one week (2) < one week (4) Expertise … … Knowledge of the TOE … … Access to TOE … … Equipment … … Open samples/Samples With known secrets … … Total Rating = ?? Requirements for the attack method Attack Rating Range of values TOE Resistant to Attackers with Potential of 0-15 No Rating 16-20 Basic 21-25 Enhanced Basic 26-30 Moderate 31 and above High
  • 33. page 33 JIL Rating Example . Factors Identification Exploitation Identification: Identify a successful attack method Exploitation: Repeat the identified attack method Elapsed time < one week 2 < one week 4 → Requires less than 1 week (> 3 day) to perform the attack Expertise Expert 5 Expert 4 → Th tt k ’s xp tis to p fo m th tt k Knowledge of the TOE Restricted 2 Public 0 → How much information needed to perform the attack Access to TOE < 10 samples 0 < 10 samples 0 → How many samples needed to complete the attack Equipment Multiple Bespoke 7 Multiple Bespoke 8 → Required level of equipment for performing the attack Open samples/Samples With known secrets Not Required 0 Not Applicable 0 → Number of open samples needed to perform the attack Total Rating 32 Example: Attack potential evaluation against reverse engineering TOE Resistant to Attackers with Potential of High
  • 34. Outline . 1. Physical Attacks 2. Anti-tampering Techniques 4. Anti-tampering Designs Overview 5. Summary
  • 35. page 35 Root of Trust Core Processor Crypto Coprocessor DRAM Controller SRAM ROM Main Bus SoC A Root of Trust (RoT) stores and manages the most sensitive digital assets What is a Root of Trust ?
  • 36. page 36 Device A ▪ How to ensure this key is unique? → Keys need to be securely provisioned ▪ How to ensure this key cannot be stolen? → Keys should be kept in a Root-of-Trust A unique key must be securely stored in the hardware Resilient to attacks Device B Different The Needs of Root of Trust in Silicon .
  • 37. page 37 NVM Secure Macro . ◼ Need to store keys in the chip ◼ OTP, eFuse, Flash, ROM, … – Designed in analog hard macro – Without standard interface ◼ Need dedicated controller ◼ How to secure the contents? Memory Array BL-decode/SA BG/HV CP WL-decode ctrl NVM Hard Macro Controller APB Slave I/F RTL Wrapper Proprietary Protocol APB Protocol
  • 38. page 38 Requirements for NVM Secure Macro . ◼ Usability – Support standard interface to system bus – RTL wrapper translate system command to proprietary control signals ◼ Security – Secure control flow and access policy management – Countermeasures against physical attacks Root-of-Trust CPU Crypto Coprocessor SRAM Main Bus SoC HardMacro RTL APB APB
  • 39. page 39 PUFrt: Hardware Root of Trust . ◼ 3rd party Security Lab certified anti-tampering design ◼ 5-in-1 Secure OTP : OTP + PUF + TRNG + Control logic + Privilege mode PUFrt Secure Sub-system (Cryptos) PUFrt Features / Benefits Secure Storage ▪ Secure OTP ▪ Anti-physical/electrical attack Integrated TRNG ▪ Instant ready 90b in 100us ▪ NIST SP800-90B / 800-22 compliant Inborn PUF (1Kb) ▪ Save costly key injection process ▪ Instant ready without helper Anti-Tamper ▪ The design and entropy will protect macro, operation and interface Dual Interface ▪ Standard APB-s Controller ▪ Privileges to Secure/Non-secure ▪ Customizable to TCM and TileLink PUF TRNG OTP APB 2 PUF-Realm APB 1 CPU Core
  • 40. Outline . 1. Physical Attacks 2. Anti-tampering Techniques 3. PUF-based RoT Secure Macro Designs 5. Summary
  • 41. page 41 PUFrt Design Diagram . PUFrt consists of  APB-Client I/F  4*256 UID  TRNG  128*32 Secure OTP  Anti-Tampering Designs Hard Macro in GDS Wide Bus APB Client Digital RTL PUFrt Digital (BUS Protect) X-Decode Driver Y-Decode/SA Analog (BG/Jitters) NeoPUF 2K NeoFuse 4K SACTL CTL Logic High Voltage Charge Pump APB Digital (BUS Protect) ⑭ TRNG/Conditioning TRNG/PUF Health Check Post Masking Random Insertion READ Address Data Shuffler Access Permission Interrupt Status Test Mode Command Fault Injection Protection
  • 42. page 42 PUFrt TYPES SECURITY FEATURES Invasive Attack 1 Intrinsic Physical Security 2 Voltage Contrast Attack Countermeasures 3 Data Address X-Y Scrambler and IO Shuffler using PUF Semi- Invasive Attack 4 (Optional) Top Metal Shielding 5 Security-oriented IP Layout 6 Active Sense-Amplifier READ Protection 7 Hidden and Obfuscated Data Interface (inside macro) 8 Output Data Fault Detection Non- Invasive Attack 9 Pin Integrity Protection on Mode and Array Selection 10 Word Lock; Non-Accessible Post-Masking (on OTP) 11 Zeroization and Post-Masking (on PUF) 12 Built-in Secure Repair and Test-mode Lock 13 (Optional) Random Dummy Insertion READ 14 PUF Health Check 15 Fault Injection Prevention (Mode/Address/Post-masking) 16 Unified Write Power to Prevent Electrical Analysis 17 Power Detection -VDD/VDDIO Floating Digital RTL Hard Macro in GDS TRNG/UID/OTP Encryption Secure Controller APB Interfacing ctrl BL-decode/SA HV CP WL- decode NeoFuse NeoPUF Secure Bus ROSC Entropy Anti-tampers ▪ Comprehensive IP-level anti-tampering design in Hard Macro and RTL PUFrt: CompleteAnti-Tampering .
  • 43. page 43 Threat Model Against Design (Green/Blue for hard macro/digital) SEM, FIB, TEM, optical inspection (OBIC/OBIRCH) Intrinsic physical security ① Passive voltage contrast Sharing poly and OD array ② Locate address, delayer and nano probing optical inspection (OBIC/OBIRCH) Top metal shielding, security-oriented IP layout, inter-metal routing ④⑤⑦ Address/IO scrambler, post-masking, random dummy read ③⑩⑪⑬ Power analysis on SA during read Active SA protection during reading ⑥ Fault injection on visible IO or mode select Output Data Fault Detection, Pin Protection, IO-Shuffler, FI prevention ③⑧⑨⑮ Rollback, replay attack and software access Assess Permission and Post-Masking on OTP and PUF ⑩⑪ Secure setting or reserved bit leakage/revise Secure repair and test-mode protection by lock ⑫ Fault injection or glitch protection Output Data Fault Detection, Random dummy read, FI Prevention ⑧⑬⑮ Power analysis on CP or maliciously cut power Unified operating power and power floating detection ⑯⑰ Skip enrolling PUF PUF health check and flag check ⑭ Photon emission inspection Active SA protection during reading ⑥ Address/IO scrambler, post-masking, random dummy read ③⑩⑪⑬ Threat Model List and Countermeasures .
  • 44. page 44 Digital X-Decode Driver Y-Decode/SA Analog (BG/Jitters) NeoPUF 2K NeoFuse 4K SACTL CTL Logic High Voltage Charge Pump Hard Macro Anti-Tampering Features . APB/CTR Functions Hard Macro in GDS Digital RTL ⑤ ⑯ ⑥ Global Protection: ④⑤⑦ ⑧ ⑨ ⑰ APB Client Wide Bus ①② ③⑩⑪⑫ ⑬⑭⑮ ① Intrinsic Physical Security ② Voltage Contrast Attack Countermeasures ③ Data Address X-Y Scrambler and IO Shuffler using PUF ④ (Optional) Top Metal Shielding ⑤ Security-oriented IP Layout ⑥ Active Sense-Amplifier READ Protection ⑦ Hidden and Obfuscated Data Interface (inside macro) ⑧ Output Data Fault Detection ⑨ Pin Integrity Protection on Mode and Array Selection ⑩ Word Lock; Non-Accessible Post-Masking (on OTP) ⑪ Zeroization and Post-Masking (on PUF) ⑫ Built-in Secure Repair and Test-mode Lock ⑬ (Optional) Random Dummy Insertion READ ⑭ PUF Health Check ⑮ Fault Injection Protection (Mode/Address/Post-masking) ⑯ Unified Write Power to Prevent Electrical Analysis ⑰ Power Detection -VDD/VDDIO Floating
  • 45. page 45 Digital Anti-Tampering Features . Digital ( BUS Protect ) OTP PUF Entropy Hard Macro ⑧ ⑨ APB Client Wide Bus Digital RTL ①②④ ⑤⑥⑦ ⑯⑰ ⑭ ① Intrinsic Physical Security ② Voltage Contrast Attack Countermeasures ③ Data Address X-Y Scrambler and IO Shuffler using PUF ④ (Optional) Top Metal Shielding ⑤ Security-oriented IP Layout ⑥ Active Sense-Amplifier READ Protection ⑦ Hidden and Obfuscated Data Interface (inside macro) ⑧ Output Data Fault Detection ⑨ Pin Integrity Protection on Mode and Array Selection ⑩ Word Lock; Non-Accessible Post-Masking (on OTP) ⑪ Zeroization and Post-Masking (on PUF) ⑫ Built-in Secure Repair and Test-mode Lock ⑬ (Optional) Random Dummy Insertion READ ⑭ PUF Health Check ⑮ Fault Injection Protection (Mode/Address/Post-masking) ⑯ Unified Write Power to Prevent Electrical Analysis ⑰ Power Detection -VDD/VDDIO Floating APB ⑭ TRNG/Conditioning TRNG/PUF Health Check Interrupt Status Test Mode Command Post Masking Random Insertion READ Address Data Shuffler Access Permission ③ ⑫ ⑬ ⑩ ⑪ Digital ( BUS Protect ) ⑨ Fault Injection Protection ⑮
  • 46. Outline . 1. Introduction on PUFrt Secure Macro 2. Physical Attacks 3. Anti-tampering Techniques 4. PUFrt Anti-tampering designs
  • 47. page 47 Summary . ◼ PUFrt is a NVM secure macro that works as a Hardware Root of Trust ◼ NVM secure macro need to be resistant to physical attacks ◼ Various physical attacks need to be considered – Invasive attacks, e.g., TEM, SEM – Semi-invasive attacks, e.g., laser fault injection – Non-invasive attacks, e.g., power analysis ◼ Anti-tampering techniques need to be implemented for against physical attacks – Package level, chip level and IP level solutions ◼ PUFrt is equipped with comprehensive anti-tampering designs – Anti-tampering designs in hard macro – Anti-tampering designs in RTL wrapper
  • 48. Thank you! More educational materials? Feel free to follow us!