Security is one of the new categories we track and it is keeping SemiWiki very busy. Security in itself, as a result of the FBI vs Apple comedy routine, but also security across the EDA, IP, ARM, Mobile, IoT, and Automotive categories.
And that is the reason why I am in full support of a cyber security day at the EDPS Symposiumin Monterey next week. There are seats available so register now using the SemiWiki-EDPS2016promo code for a $50 savings. I hope to see you there!
SECURITY ON SEMIWIKI
First let’s take a look at the speakers because really this workshop is all about spending quality time with industry experts:
Cmdr. Chris Eagle, Naval Postgraduate School
Chris is a Senior Lecturer of Computer Science at the Naval Postgraduate School (NPS) in Monterey, CA., A computer engineer/scientist for 30 years, his research interests include computer network operations, computer forensics and reverse/anti-reverse engineering, in which he is a world leader in the field. He has been a speaker at conferences such as Black Hat, CodeCon, Shmoocon, and Defcon and is the author of “The IDA Pro Book”.
In his spare time he is an inveterate CTF player and has twice won the prestigious capture the flag competition at Defcon. He is currently building the competition infrastructure for DARPA’s Cyber Grand Challenge.
Jasper vanWoudenberg, CTO, Riscure North America
As CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America’s technical activities.
Jasper’s interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master’s degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security.
Jasper has spoken at many security conferences including BlackHat trainings, Intel Security Conference, RSA, EDSC, BSides, ICMC, Infiltrate, has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, has reviewed papers for CHES and JC(rypto)EN, and has given invited talks at Stanford, GMU and the University of Amsterdam.
Peter Ateshian, Faculty Associate Research Naval Postgraduate School (NPS)
NPS EXPERIENCE: Research: C(sP3) diamond on Silicon wafer technology for InP/GaN devices LBL/NPS/SP3 RSNS 0.18u CMOS folded A/D 8bit converter design NPS/ONR MMALV Real-time speech recognition using aural canal ARM System on Chip (SoC)
Veteran of Silicon Valley California for 25 years in Electronic Design Automation (EDA/CAD), Integrated Circuit designer in VLSI/ULSI Mixed Signal systems. AMD K9 processor RET (resolution enhancement technology) with Calibre DFM (design for manufacture) suite of Physical verification tools. Intel ICG multiple network processor products taken to production after integrating EDRAM (embedded DRAM) IP cores. SoC designs with Conexant Systems, MindSpeed and Skyworks using ARM7 and ARM9 cores. Seven SPARC processor designs over eight years at Sun Microsystems including the first MCM quad processor MP systems. Behavioral and Logic Synthesis EDA/CAD designs for ASIC and FPGA/CPLD clients (Apple, Hitachi, Silicon Graphics, Cisco Systems).Static Mixed and multi mode timing analysis for Full custom digital design cleints (SUN, Fujitsu, AT&T, Texas Instruments, HMSI). DSP Cyclotomic and Switched Capacitor Filter designs for digital and sampled analog signal processing integrated circuits for telecommunications clients (Plantronics, Reticon, Ford Microelectronics/Visteon, Siemens, Phlips Research Labs/Signetics).
Breaking into embedded devices: Fault Injection (FI) and Side channel analysis (SCA)
Secure boot, trusted execution environments and many other security mechanisms depend on the security of the underlying hardware. What if we can break the actual hardware? And what if that’s EASIER than breaking the software? Side channel analysis and fault injection are techniques to break various security mechanisms, allowing an attack to load arbitrary firmware code and discover secrets such as cryptographic keys and PINs from cryptographic hardware. Schemes such as EMVco, GlobalPlatform TEE and some Common Criteria PP’s require testing against these attacks. They were first (publicly) discovered on smart cards in response to the major platforms becoming highly resistant against ‘software’ attacks. Now that this type of security is becoming more widely understood and implemented on most embedded systems, attackers are also moving into the field of hardware attacks. These workshops provide an understanding of the possibilities and impact of these techniques and explains how you can design to protect against them. Besides the necessary theory, we demonstrate these attacks real-time, for instance, we break a symmetric key algorithm through real time power analysis and skip a PIN verification.
Real men have fabs!