Upload
ritu-gupta
View
226
Download
6
Embed Size (px)
Citation preview
8/19/2019 Grand Embedded Security US04
1/63
Introduction to Embedded Security
Joe Grand
Grand Idea Studio, [email protected]
Black Hat USA 2004 Briefin!
"edne!day, July 2#, $%4&'m ( )%00'm
8/19/2019 Grand Embedded Security US04
2/63
2 © 2004 Grand Idea Studio,Inc.
Aenda
Goals
Security in the Product Lifecycle
Attack and Threat Classifications
Practical esi!n Solutions
8/19/2019 Grand Embedded Security US04
3/63
" © 2004 Grand Idea Studio,Inc.
Goal!
Learn the conce#ts of desi!nin! secure hard$are
%eco&e fa&iliar $ith ty#es of attacks andattackers
'nderstand and acce#t that #ro#erly ile&entedsecurity is e(tre&ely difficult
)ducation *y de&onstration
8/19/2019 Grand Embedded Security US04
4/63
4 © 2004 Grand Idea Studio,Inc.
*i!k A!!e!!ment
+othin! is eer -00 secure / Gien enou!h ti&e, resources, and &otiation, an
attacker can *reak any syste&
Secure your #roduct a!ainst a s#ecific threat / hat needs to *e #rotected
/ hy it is *ein! #rotected
/ ho you are #rotectin! a!ainst 1define the ene&y
8/19/2019 Grand Embedded Security US04
5/63
3 © 2004 Grand Idea Studio,Inc.
*i!k A!!e!!ment 2
8/19/2019 Grand Embedded Security US04
6/63
© 2004 Grand Idea Studio,Inc.
Security in t+e roduct
-eelo'ment /ifecycle )sta*lish a sound security #olicy as the
5foundation5 for desi!n
Treat security as an inte!ral #art of syste& desi!n 6educe risk to an acce#ta*le leel
/ )li&ination of all risk is not cost7effectie
8ini&i9e the syste& ele&ents to *e trusted / 5Put all your e!!s in one *asket5
8/19/2019 Grand Embedded Security US04
7/63
: © 2004 Grand Idea Studio,Inc.
Strie for silicity / The &ore cole( the security, the &ore likely it is
to contain e(#loita*le fla$s Ile&ent layered security
o not ile&ent unnecessary security&echanis&s / )ach &echanis& should su##ort a defined !oal
Security in t+e roduct
-eelo'ment /ifecycle 2
8/19/2019 Grand Embedded Security US04
8/63
; © 2004 Grand Idea Studio,Inc.
Attack y'e!
Insider Attack / Si!nificant #ercenta!e of *reaches
/ 6un7on fraud, dis!runtled eloyees
Lunchti&e Attack / Take #lace durin! a s&all $indo$ of o##ortunity
8/19/2019 Grand Embedded Security US04
9/63
= © 2004 Grand Idea Studio,Inc.
Attacker 1la!!ification
Class I> Cleer ?utsiders / Intelli!ent, *ut hae li&ited kno$led!e of the syste&
/ ?ften try to take adanta!e of an e(istin! $eakness
Class II> @no$led!ea*le Insiders / Su*stantial s#eciali9ed technical e(#erience
/ i!hly so#histicated tools and instru&ents
Class III>
8/19/2019 Grand Embedded Security US04
10/63
-0 © 2004 Grand Idea Studio,Inc.
Attacker 1la!!ification 2
+oBarieseses6elease
infoD
eses+o+o?r!ani9edD
'nkno$n
8/19/2019 Grand Embedded Security US04
11/63
-- © 2004 Grand Idea Studio,Inc.
Attack -ifficulty
escri#tion+a&eLeel
8aor ti&e and effort reJuired. 6esources
aaila*le to fe$ facilities in the $orld.
In La*oratory
i!hly s#eciali9ed tools and e(#ertise asfound in acade&ia or !oern&ent.
S#ecial Tools3
)n!ineers usin! dedicated tools aaila*le
to &ost #eo#le.
'nusual Tools4
Technically coetent. Tools aaila*le at
retail couterEelectronic stores.
Co&&on Tools"
8ini&al skills. 'niersally aaila*le tools.Intent2
+o tools or skills needed. Can ha##en *y
accident.
+one-
8/19/2019 Grand Embedded Security US04
12/63
-2 © 2004 Grand Idea Studio,Inc.
roduct Acce!!ibility
Purchase / Attacker o$ns or *uys the #roduct
)aluation
/ Attacker rents or *orro$s the #roduct Actie
/ Product is in actie o#eration, not o$ned *y attacker
6e&ote Access / +o #hysical access to #roduct, attacks launchedre&otely
8/19/2019 Grand Embedded Security US04
13/63
-" © 2004 Grand Idea Studio,Inc.
+reat ector!
Interce#tion 1or )aesdro##in! / Gain access to #rotected infor&ation $ithout
o#enin! the #roduct
Interru#tion 1or
8/19/2019 Grand Embedded Security US04
14/63
-4 © 2004 Grand Idea Studio,Inc.
Attack Goal!
Coetition 1or Clonin! / S#ecific IP theft to !ain &arket#lace adanta!e
Theft7of7Serice
/ ?*tainin! serice for free that nor&ally reJuires 'ser Authentication 1or S#oofin!
/
8/19/2019 Grand Embedded Security US04
15/63
-3 © 2004 Grand Idea Studio,Inc.
ractical -e!in Solution!
)nclosure
Circuit %oard
8/19/2019 Grand Embedded Security US04
16/63
- © 2004 Grand Idea Studio,Inc.
roduct Enclo!ure
Should #reent easy access to #roduct internals
8/19/2019 Grand Embedded Security US04
17/63
-: © 2004 Grand Idea Studio,Inc.
roduct Enclo!ure 2
)(ternal Interfaces
Taer 8echanis&s
)&issions and I&&unity
8/19/2019 Grand Embedded Security US04
18/63
-; © 2004 Grand Idea Studio,Inc.
E3ternal Interface!
'sually a #roductKs lifeline to the outside $orld / 8anufacturin! tests, field #ro!ra&&in!, #eri#heral
connections
/ )(.>
8/19/2019 Grand Embedded Security US04
19/63
-= © 2004 Grand Idea Studio,Inc.
E3ternal Interface! 2
o not sily o*fuscate interface / ill easily *e discoered and e(#loited *y an attacker
/ )(.> Pro#rietary connector ty#es, hidden access doors orholes
6e&oe TAG and dia!nostic functionality ino#erational &odes / %lo$n fuses or cut traces can *e re#aired *y an attacker
Protect a!ainst &alfor&ed, *ad #ackets / Intentionally sent *y attacker to cause fault
8/19/2019 Grand Embedded Security US04
20/63
20 © 2004 Grand Idea Studio,Inc.
E3ternal Interface! )
?nly #u*licly kno$n infor&ation should *e #assed )ncry#t secret or critical coonents
/ If they &ust *e sent at all...
/ )(.> Pal& ?S syste& #ass$ord decodin! M-N ireless interfaces also at risk
/ )(.> ;02.--*, %luetooth
8/19/2019 Grand Embedded Security US04
21/63
2- © 2004 Grand Idea Studio,Inc.
am'er ec+ani!m!
Pri&ary facet of #hysical security for e&*eddedsyste&s
Attets to #reent unauthori9ed #hysical or
electronic action a!ainst the #roduct / 6esistance
/ )idence
/ etection
/ 6es#onse
8/19/2019 Grand Embedded Security US04
22/63
22 © 2004 Grand Idea Studio,Inc.
am'er ec+ani!m! 2
8ost effectiely used in layers Possi*ly *y#assed $ith kno$led!e of ðod
Costs of a successful attack should out$ei!h
#otential re$ards Physical Security Devices for Computer
Subsystems M2N #roides corehensie attacksand counter&easures / )(.> Pro*in!, &achinin!, electrical attacks, #hysical
*arriers, taer eident solutions, sensors, res#onsetechnolo!ies
8/19/2019 Grand Embedded Security US04
23/63
2" © 2004 Grand Idea Studio,Inc.
am'er *e!i!tance
S#eciali9ed &aterials to &ake taerin! &oredifficult / )(.> ardened steel enclosures, locks, ti!ht airflo$
channels
?ften taer eident / Physical chan!es can *e isually o*sered
8/19/2019 Grand Embedded Security US04
24/63
24 © 2004 Grand Idea Studio,Inc.
am'er *e!i!tance 2
Security *itsEone7$ay scre$s / Can still *e *y#assed, *ut raises difficulty oer standard
scre$ or Tor(
)nca#sulation / Coer circuit *oard or critical coonents $ith e#o(y or
urethane coatin!
/ Preents &oisture, dust, corrosion, #ro*in!
/ ifficult, *ut not iossi*le, to re&oe $ith solents orre&el tool 1and $ooden ske$er as a 5*it5
8/19/2019 Grand Embedded Security US04
25/63
23 © 2004 Grand Idea Studio,Inc.
am'er *e!i!tance )
SealedE&olded housin! / 'ltrasonic $eldin! or hi!h7teerature !lue
/ If done #ro#erly, $ill reJuire destruction of deice too#en it
/ Consider serice issues 1if a le!iti&ate user can o#endeice, so can attacker
8/19/2019 Grand Embedded Security US04
26/63
2 © 2004 Grand Idea Studio,Inc.
am'er Eidence
)nsure that there is isi*le eidence left *ehind *ytaerin!
8aor deterrent for &ini&al risk takers
?nly successful if a #rocess is in #lace to check fordefor&ity / If attacker #urchases #roduct, taer eident
&echanis&s $ill not sto# attack
8/19/2019 Grand Embedded Security US04
27/63
2: © 2004 Grand Idea Studio,Inc.
am'er Eidence 2
S#ecial enclosure finishes / %rittle #acka!es, cra9ed alu&inu&, *leedin! #aint
Passie detectors
/ 8ost co&&on> seals, ta#es, !lues Vulnerability of Security Seals M"N e(#lains that
&ost can *e *y#assed $ith ordinary tools / All =4 seals tested $ere defeated
/ )(.> Adhesie ta#e, #lastic, $ire loo#, &etal ca*le, &etalri**on, #assie fi*er o#tic
8/19/2019 Grand Embedded Security US04
28/63
2; © 2004 Grand Idea Studio,Inc.
am'er -etection
)na*le the hard$are deice to *e a$are oftaerin!
S$itches
/ etect the o#enin! of a deice, *reach of security*oundary, or &oe&ent of a coonent
/ )(.> 8icros$itches, &a!netic s$itches, &ercurys$itches, #ressure contacts
8/19/2019 Grand Embedded Security US04
29/63
2= © 2004 Grand Idea Studio,Inc.
am'er -etection 2
Sensors / etect an eniron&ental chan!e, !litch attacks a!ainst
si!nal lines, or #ro*in! ia O7rayEion *ea&
/ )(.> Teerature, radiation, olta!e, #o$er su##ly
8/19/2019 Grand Embedded Security US04
30/63
"0 © 2004 Grand Idea Studio,Inc.
am'er -etection )
Circuitry / S#ecial &aterial $ra##ed around critical circuitry to
create a security #eri&eter
/ etect a #uncture, *reak, or atteted &odification ofthe $ra##er
/ )(.>
8/19/2019 Grand Embedded Security US04
31/63
"- © 2004 Grand Idea Studio,Inc.
am'er *e!'on!e
Counter&easures taken u#on the detection oftaerin! / orks hand7in7hand $ith taer detection
&echanis&s
)rase critical #ortions of &e&ory 159eroi9e5 orre&oe #o$er / Contents not necessarily coletely erased
/ Bolatile &e&ory 1S6A8 and 6A8 retains so&edata $hen #o$er is re&oed M4N
8/19/2019 Grand Embedded Security US04
32/63
"2 © 2004 Grand Idea Studio,Inc.
am'er *e!'on!e 2
Shut do$n or disa*le deice / )(tre&e solution> Physical destruction usin! s&all,
sha#ed e(#losie char!e
Lo!!in! &echanis&s / Proide audit infor&ation for hel# $ith forensicanalysis after an attack
Accidental tri!!ers are unlikely
/ 'ser &ay still need to understand eniron&ental ando#erational conditions
8/19/2019 Grand Embedded Security US04
33/63
"" © 2004 Grand Idea Studio,Inc.
Emi!!ion! and Immunity
All deices !enerate )8I 1e&issions Can *e &onitored and used *y attacker to
deter&ine secret infor&ation
/ )(.> ata on a couter &onitor M3N, cry#to!ra#hickey fro& a s&artcard MN
eices &ay also *e susce#ti*le to 6< or )S1i&&unity / Intentionally inected to cause failure
8/19/2019 Grand Embedded Security US04
34/63
"4 © 2004 Grand Idea Studio,Inc.
Emi!!ion! and Immunity 2
Aside fro& security, )8I e&issionsEi&&unityconditions #art of &any s#ecifications / )(.>
8/19/2019 Grand Embedded Security US04
35/63
"3 © 2004 Grand Idea Studio,Inc.
1ircuit Board
Physical Access to Coonents PC% esi!n and 6outin!
8e&ory eices
Po$er Su##ly Clock and Ti&in!
IE? Port Pro#erties
Cry#to!ra#hic Processors and Al!orith&s
8/19/2019 Grand Embedded Security US04
36/63
" © 2004 Grand Idea Studio,Inc.
+y!ical Acce!! to 1om'onent!
Giin! an attacker easy access to coonentsaids in reerse en!ineerin! of the #roduct
8ake sensitie coonents difficult to access
/ )(.> 8icro#rocessor, 6?8, 6A8, or #ro!ra&&a*lelo!ic
6e&oe identifiers and &arkin!s fro& ICs / @no$n as 5e7&arkin!5 or 5%lack to##in!5
/ 'se stainless steel *rush, s&all sander, &icro7*ead*last, laser etcher, or third #arty
/ IC 8aster, ata Sheet Locator, and Part8iner allo$sanyone to easily find data sheets of coonents
8/19/2019 Grand Embedded Security US04
37/63
": © 2004 Grand Idea Studio,Inc.
+y!ical Acce!! to 1om'onent! 2
'se adanced #acka!in! ty#es / ifficult to #ro*e usin! standard tools
/ )(.> %GA, Chi#7on7%oard 1C?%, Chi#7in7%oard 1CI%
)#o(y enca#sulation on critical areas / Preent #ro*in! and easy re&oal
/ )nsure desired security !oal is achieed
8/19/2019 Grand Embedded Security US04
38/63
"; © 2004 Grand Idea Studio,Inc.
1B -e!in and *outin
6e&oe unnecessary test #oints / 'se filled #ad as o##osed to throu!h7hole, if necessary
?*fuscate trace #aths to #reent easy reerse
en!ineerin! / ide critical traces on inner *oard layers
'se *uried ias $heneer #ossi*le / Connects *et$een t$o or &ore inner layers *ut no
outer layer / Cannot *e seen fro& either side of the *oard
8/19/2019 Grand Embedded Security US04
39/63
"= © 2004 Grand Idea Studio,Inc.
1B -e!in and *outin 2
@ee# traces as short as #ossi*le Pro#erly desi!ned #o$er and !round #lanes
/ 6educes )8I and noise issues
@ee# noisy #o$er su##ly lines fro& sensitie di!italand analo! lines
ifferential lines ali!ned #arallel / )en if located on se#arate layers
8/19/2019 Grand Embedded Security US04
40/63
40 © 2004 Grand Idea Studio,Inc.
Bu! rotection
Address, data, and control *us lines can easily*e #ro*ed / )(.> Ta# *oard used to interce#t data transfer oer
O*o(Ks y#erTrans#ort *us M:N
/ %e a$are of data *ein! transferred across e(#osedandEor accessi*le *uses
8/19/2019 Grand Embedded Security US04
41/63
4- © 2004 Grand Idea Studio,Inc.
emory -eice!
8ost &e&ory is notoriously insecure / Serial ))P6?8s can *e read in7circuit M;N
/ 6A8 deices retain contents after #o$er is re&oed,can also 5*urn in5 M4N
Security fuses and *oot7*lock #rotection / Ile&ent if aaila*le
/ Can *e *y#assed $ith die analysis attacks M=N usin!
PIC-C;4 attack in $hich security *it is re&oed
*y increasin! BCC durin! re#eated $rite accesses
8/19/2019 Grand Embedded Security US04
42/63
42 © 2004 Grand Idea Studio,Inc.
rorammable /oic
In &any cases, IP $ithin PL or
8/19/2019 Grand Embedded Security US04
43/63
4" © 2004 Grand Idea Studio,Inc.
rorammable /oic 2
Protect a!ainst IE? scan attacks / 'sed *y attacker to cycle throu!h all #ossi*le
co&*inations of in#uts to deter&ine out#uts
/ 'se unused #ins on deice to detect #ro*in!o Set to in#ut. If leel chan!e is detected, #erfor& a
counter&easure or res#onse.
Add di!ital 5$ater&arks5 /
8/19/2019 Grand Embedded Security US04
44/63
44 © 2004 Grand Idea Studio,Inc.
o5er Su''ly
efine &ini&u& and &a(i&u& o#eratin! li&its / )(.> Coarators, $atchdo!s, su#erisory circuits
o not rely on end user to su##ly a olta!e $ithin
reco&&ended o#eratin! conditions / Ile&ent linear re!ulator or C7C conerter
Coart&entali9e noisy circuitry / )asier to reduce oerall )8I
/ 'se #ro#er filterin!
/ Po$er su##ly circuitry as #hysically close as #ossi*leto #o$er in#ut
8/19/2019 Grand Embedded Security US04
45/63
43 © 2004 Grand Idea Studio,Inc.
o5er Su''ly 2
Sile Po$er Analysis 1SPA / Attacker directly o*seres #o$er consution
/ Baries *ased on &icro#rocessor o#eration
/ )asy to identify intensie functions 1cry#to!ra#hic
ifferential Po$er Analysis 1PA / Adanced &athe&atical ðods to deter&ine secret
infor&ation on a deice
Power Analysis Attack Countermeasures andTheir Weaknesses M-0N #ro#oses solutions / )(.> +oise !enerator, actieE#assie filterin!, detacha*le
#o$er su##lies, ti&e rando&i9ation
8/19/2019 Grand Embedded Security US04
46/63
4 © 2004 Grand Idea Studio,Inc.
1lock and imin
Attacks rely on chan!in! or &easurin! ti&in!characteristics of the syste&
Actie ti&in! attacks /
Inasie attack> ary clock to induce failure orunintended o#eration
/ 8onitor clock si!nals to detect ariations
/ Ile&ent PLL to reduce clock delay and ske$
Passie ti&in! attacks / +on7inasie &easure&ents of coutation ti&e
/ ifferent tasks take different a&ounts of ti&e
8/19/2019 Grand Embedded Security US04
47/63
4: © 2004 Grand Idea Studio,Inc.
I67 ort ro'ertie!
'nused IE? #ins should *e disa*led or set to fi(edstate / 'se to detect #ro*in! of PL or @ey#ads, *uttons, s$itches, dis#lay
8/19/2019 Grand Embedded Security US04
48/63
4; © 2004 Grand Idea Studio,Inc.
Stren!th of cry#to!ra#hy relies on secrecy of key,not the al!orith&
It is not safe to assu&e that lar!e key si9e $ill!uarantee security
If al!orith& ile&ented iro#erly, can *e*roken or *y#assed *y attacker
/ ithout a secure foundation, een the *estcry#tosyste& can fail
/ Test ile&entations in la*oratory firstQ
1ry'tora'+ic roce!!or! andAlorit+m!
8/19/2019 Grand Embedded Security US04
49/63
4= © 2004 Grand Idea Studio,Inc.
o +?T roll7your7o$n cry#to / Possi*ly the &ost co&&on #ro*le& in en!ineerin!
/ )asily *roken, no &atter $hat you &ay think
/ 'sually ust 5security throu!h o*scurity5
/ )(.> Pal& ?S syste& #ass$ord decodin! M-N, 'S%authentication tokens M;N, i%uttonictionary Attack ulnera*ility M--N
1ry'tora'+ic roce!!or! andAlorit+m! 2
8/19/2019 Grand Embedded Security US04
50/63
30 © 2004 Grand Idea Studio,Inc.
If #ossi*le, &oe cry#to!ra#hic #rocesses out offir&$are and into I%8 4:3;, PCI7O, Phili#s B8S:4:
1ry'tora'+ic roce!!or! andAlorit+m! )
8/19/2019 Grand Embedded Security US04
51/63
3- © 2004 Grand Idea Studio,Inc.
8irm5are
Pro!ra&&in! Practices Storin! Secret Coonents
6un7Ti&e ia!nostics and
8/19/2019 Grand Embedded Security US04
52/63
32 © 2004 Grand Idea Studio,Inc.
rorammin ractice!
Poor #ro!ra&&in!, fla$s, and *u!s can lead tosecurity coro&ises / )(.> %uffer oerflo$s
/ 6ead Secure Coding Principles and Practices M-2N
6e&oe unnecessary functionality and de*u!routines / )(.> Pal& %ackdoor e*u! &ode M-"N
8/19/2019 Grand Embedded Security US04
53/63
3" © 2004 Grand Idea Studio,Inc.
rorammin ractice! 2
6e&oe de*u! sy&*ols and ta*les / As easy as a check*o( or co&&and7line s$itch
'se coiler o#ti&i9ations /
Possi*ly o*fuscate easily identifia*le code se!&ents / Increase code efficiency
8/19/2019 Grand Embedded Security US04
54/63
34 © 2004 Grand Idea Studio,Inc.
Storin Secret 1om'onent!
ifficult to securely and totally erase data fro&6A8 and non7olatile &e&ory M4N / 6e&nants &ay e(ist and *e retriea*le fro& deices
lon! after #o$er is re&oed or &e&ory areas
re$ritten
Li&it the a&ount of ti&e that critical data isstored in the sa&e re!ion of &e&ory /
Can lead to 5*urn in5 / Periodically fli# the stored *its
8/19/2019 Grand Embedded Security US04
55/63
33 © 2004 Grand Idea Studio,Inc.
8ake sure deice is fully o#erational at all ti&es / Periodic syste& checks
/ )(.> Internal $atchdo!, checksu&s of &e&ory
/
8/19/2019 Grand Embedded Security US04
56/63
3 © 2004 Grand Idea Studio,Inc.
8ield rorammability
Is your fir&$are accessi*le to eeryone fro& youre* siteD / Attacker can easily disasse&*le and analy9e
Code si!nin! 1SA or hashes 1SA7-, 83 / 6educe #ossi*ility of loadin! unauthori9ed code
/ ill erify that fir&$are i&a!e has not *een taered$ith
)ncry#t fir&$are i&a!es / Coression routines are not encry#tion
/ Challen!e is in #rotectin! the #riate key
8/19/2019 Grand Embedded Security US04
57/63
3: © 2004 Grand Idea Studio,Inc.
5Security throu!h o*scurity5 does +?T $ork / 8ay #roide a false sense of security
/ ill teorarily discoura!e Class I attackers
)ncode fi(ed data Scra&*le address lines throu!h e(tra lo!ic
6e#lace li*rary functions $ith custo& routines
rite lousy code
Add s#urious and &eanin!less data 15si!naldecoys5
7bfu!cation
8/19/2019 Grand Embedded Security US04
58/63
3; © 2004 Grand Idea Studio,Inc.
1onclu!ion!
eter&ine $hat to #rotect, $hy you are #rotectin!it, and $ho you are #rotectin! a!ainst / +o one solution fits all
%est defense is to &ake the cost of *reakin! thesyste& !reater than the alue of your infor&ation
o not release #roduct $ith a #lan to ile&entsecurity later / It usually neer ha##ens...
8/19/2019 Grand Embedded Security US04
59/63
3= © 2004 Grand Idea Studio,Inc.
1onclu!ion! 2
Think as an attacker $ould %e a$are of latest attack ðodolo!ies trends
As desi!n is in #ro!ress, allocate ti&e to analy9e
and *reak #roduct Learn fro& &istakes
/ Study history and #reious attacks
+othin! is eer -00 secure
8/19/2019 Grand Embedded Security US04
60/63
0 © 2004 Grand Idea Studio,Inc.
*eference!
-. . Grand 1@in!#in, Pal& ?S Pass$ord 6etrieal and ecodin!,U Se#te&*er 2000, www.grandideastudio.com/files/security/mobile/ palm_password_decoding_advisory.txt
2. S.. ein!art, 5Physical Security eices for Couter Su*syste&s> A Surey of Attacks and efenses,KK Workshop on Cryptographic !ardware and "mbeddedSystems, 2000.
". 6.G. ohnston and A.6.). Garcia, 5Bulnera*ility Assess&ent of Security Seals5,#ournal of Security Administration, -==:, www.securitymanagement.com/library/lanl_00418!".pdf
4. P. Gut&ann, 5Secure eletion fro& 8a!netic and Solid7State 8e&ory eices,5 Si$th%S"&'( Security Symposium, -==, www.usenix.org/publications/library/proceedings/sec!"/full_papers/gutmann/index.#tml
8/19/2019 Grand Embedded Security US04
61/63
- © 2004 Grand Idea Studio,Inc.
*eference! 2
-. . an )ck, )lectronic 6adiation fro& Bideo is#lay 'nits> An )aesdro##in! 6iskDUComputers and Security , -=;3, www.jya.com/emr.pdf
2. .6. 6ao and P. 6ohat!i, 5)8Po$erin! Side7Channel Attacks,5 I%8 6esearchCenter, www.researc#.ibm.com/intsec/emf$paper.ps
". A. uan!, 5ackin! the O*o(> An Introduction to 6eerse )n!ineerin!,5 +o StarchPress, 200".
4. . Grand 1@in!#in, 5Attacks on and Counter&easures for 'S% ard$are Tokeneices,KK Proceedings of the )ifth &ordic Workshop on Secure 'T Systems, 2000, www.grandideastudio.com/files/security/to%ens/usb_#ardware_to%en.pdf
3. ?. @V&&erlin! and 8. @uhn, 5esi!n Princi#les for Taer76esistant S&artcard
Processors,5 %S"&'( Workshop on Smartcard Technology , -===, www.cl.cam.ac.u%/&mg%'(/sc!!$tamper.pdf
8/19/2019 Grand Embedded Security US04
62/63
2 © 2004 Grand Idea Studio,Inc.
*eference! )
-. T.S. 8esser!es, 5Po$er Analysis Attack Counter&easures and Their eaknesses,5Communications* "lectromagnetics* Propagation* + Signal Processing Workshop,2000, www.iccip.csl.uiuc.edu/conf/ceps/'000/messerges.pdf
2. . Grand 1@in!#in, 5S-==- 8ulti@ey i%utton ictionary Attack Bulnera*ility,5anuary 200-, www.grandideastudio.com/files/security/to%ens/ds1!!1_ibutton_advisory.txt
". 8.G. Graff and @.6. Ban yk, 5Secure Codin!> Princi#les and Practices,5 ?K6eilly Associates, 200".
4. . Grand 1@in!#in, Pal& ?S Pass$ord Lockout %y#ass,U 8arch 200-, www.grandideastudio.com/files/security/mobile/palm_bac%door_debug_advisory.txt
8/19/2019 Grand Embedded Security US04
63/63
Grand Idea Studio, Inc.
#ttp)//www.grandideastudio.com
+ank!9