Tech Talk: Hardware Security’s Hierarchy of Attacks

  • Date  Time
  • Speaker
  • Location

Galois is pleased to host the following tech talk.
These talks are open to the interested public–please join us!
(There is no need to pre-register for the talk.)

title:
Hardware Security’s Hierarchy of Attacks

speaker:
Joe FitzPatrick

time:
Tuesday, 30 April 2013, 10:30am.

location:

Galois Inc.

421 SW 6th Ave. Suite 300,

Portland, OR, USA

(3rd floor of the Commonwealth building)

abstract:

Generally, there is a very low barrier to entry when it comes to
software or network-based attacks due to the fact that actual costs are
minimal and most resources are readily available. This does mean that
it’s generally much easier to attack the software of a system than the
hardware, but unfortunately that also leads to overconfidence in, as
well as misplaced trust in hardware.

There is a clear ‘hierarchy of attacks’ in the hardware world. There are
costs, often significant, involved in acquiring your hardware ‘target’
which might be damaged or destroyed in the process. There are a number
of useful tools that cost anywhere from a few dollars to a few million
dollars. I’ll give a couple examples of what’s possible within budgets
of $100, $10,000, and $1,000,000. I’ll point out how many capabilities
are much more accessible than most assume, and how vulnerable to
sub-$100 attacks most of our ‘secure’ hardware really is.

bio:

Joe FitzPatrick is an independent hardware security consultant and trainer.
He spent 8 years validating and debugging desktop and server CPUs,
including hardware penetration testing and security validation training for
functional validators worldwide. He is currently developing a week-long
hands-on workshop focused on low cost hardware security attacks.