Riscure Hybrid Workshop 2020 – Embedded Security via Webcasting & Offline

Welcome to the two (2) day,  13th Annual Hybrid Riscure workshop on September 3 & 4th 2020. The event is will focus on topics relevant to embedded security. The delivery of the event will be webcast live to the public via registered attendees only and will have a private by invite only offline workshop (max 20 participants). A sneak peak of confirmed presentations can be seen below:

08.30: Reception 

09.00 – 09.10: Opening remarks

09.15 – 10.05:  What’s Hot & What’s Happened – Learn from our CEO, Marc Witteman his thoughts on recent market developments and gives an insight on his expectations of trends that have a chance to become a mainstream in the near future.

10.15 – 12.00: Offensive Security – Decrypting state of the art smartphones by attacking Trusted Execution Environment (TEE) – Riscure’s analyst Federico & Martijn will share their research on a state of the art smart phone.  They influenced the hardware protection component through a software attack which broke the TEE application.  This allowed them to gain access to the Hardware protection component through the Kernel for  modifying the hardware integrity, ultimately for removing security features. The team then used this exploit to decrypt the user information on the phone.

12.00 – 12.45: Lunch 

12.50 – 13.35: Laser Fault Injections – In this talk, Fred de Beer  will discuss the various aspects of Laser Fault Injection attacks. We will explain on the effects of a laser fault injection attack, discuss the various laser sources and when to choose which one and give an overview of all options Riscure has with regard to the products available.

13.45 – 14.30: Inspector releases  – In 2020, Inspector version 2020.1 is already released, Inspector 2020.2 will be available soon and towards the end of the year yet another Inspector release is planned. During this session Erwin in ‘t Veld  will cover the highlights of both releases, show short demonstrations and give guidance on how to start using them. We will also share what is in the upcoming release and some roadmap topics for 2021.

14.40 – 15.20: Fault Injection on a Modern Chip – Two of our former colleagues and well known researchers Niek Timmers & Cristofaro Mune will present their latest material on how to attack a modern chip with state of the art fault injection technologies.

15.30 – 16.00: Riscure hardware update – During 2020, Riscure will introduce several new upgrades for the hardware tools that enable side channel analysis or fault injection. In this session we will cover all new developments and discuss their practical use cases

16.10 – 17.10: Reverse engineering neural networks: ” The Hard(ware) Way” – Aydin Aysu, NCSU, will give a presentation how Intellectual Property (IP) theft is a major concern for machine learning (ML) driven cyberinfrastructure. Indeed, IP ownership is the key driver of the lucrative Machine-Learning-as-a-Service and neural network edge-device markets, which are estimated to worth annually $35B by 2025. Revealing ML models furthermore weakens the security and safety of ML-based systems. This talk will highlight a new threat for reverse-engineering ML models—one that exploits hardware vulnerabilities. Specifically, we will explore how the power consumption of a device can be exploited to reverse engineer an entire NN model. We will then discuss our work on building effective countermeasures. This work extends the physical side-channel analysis framework beyond cryptography for the first time and proposes the first hardware inference engine for power side-channel protection.

Day 2: 

08.45 Reception 

09.15 – 10.05: Research @ Riscure – Lots of goodies on pre-silicon, automated evaluation tooling, etc..

10.15 – 11.05: True Code – Latest development for Software Security – Rolf van Gent will present on a new software tool developed by Riscure and our customers,  that aims to improve efficiency and  prevents hacks on embedded systems. True code was created for delivering secure code by automating vulnerability identification and mitigation processes. True Code enables natural collaboration between security evaluators and the development team to discover vulnerabilities early in development and resolve issues with better efficiency.

11.15 – 12.00: Fault Injection topic: Influencing the program counters on a RISC-V chip – Riscure’s analyst, Praveen Kumar Vadnala

12.00 – 12.45: Lunch 

12.50 – 13.35: Rambus Session 

13.45 – 14.30: Fault Injection Topic: Breaking secure boot on an IoT chip 

15.25 – 15.55: TBD 

16.05 – 17.05: Electronic Design Automation to Detect and Mitigate Side Channel Leakage Patrick Schaumont, WPI

17.10: Closing 

If you would like to join us online, please fill out the registration form here: https://www.riscure.com/riscure-workshop/ . We will get in touch with you with agenda updates and information on how to connect. Registered attendees will be able to attend all or select presentations, and the recording will also be available after the event.

If you would like to attend this event in person and able to arrange travel to Delft, The Netherlands, please get in touch directly with Justin Black black@riscure.com. The offline event is by invite only.

Hope to see you there or Online!

Kind regards, Justin