Overview
Hardware Attacks, Threats, Risks, and Mitigations provides a high-level, comprehensive survey of the state-of-the-art in hardware attacks, threats, and risks. From the system level all the way down to the silicon level, attendees will be exposed to the many attack vectors within the hardware security landscape. Unique hands-on exercises using pen-and-paper will lead into group discussion of the implications, impact, and risk mitigation for each type of attack. Emphasis will be placed on the problem solving and hardware implications, not on in depth hardware setup or exhaustive coding of solutions.
Syllabus
Day 1: Hardware Threats, Top Down
By decomposing the hardware stack, we’ll show how local hardware attacks can result in network software exploits. We’ll step through the layers of hardware. For each layer - System, Board, Component, and Silicon - we’ll have a topical expert present the threat landscape. We will follow each layer discussion with a hands-on opportunity for you to walk through an attack.
- Lecture: Overview and context
- Hands-on Hardware Attacks:
- Lecture: Hardware OSINT + PCB RE
- Lab: Identify hardware components from photos
- Lab: Determine component connections from PCB
- Lecture: Digital signal overview and tools
- Lab: Signal analysis/decoding
- Lecture: Firmware extraction techniques
- Lab: Firmware analysis, filesystem exploration, backdoor detection
- Lecture: Side channels and fault injection
- Lab: Glitching simulation w/ ChipWhisperer
- Lecture: Silicon-level threats/attacks
- Lab: Visual reversing of mask ROM
- Lecture: Survey of current hardware attacks and techniques used
Day 2, AM: Implications of Hardware Vulnerabilities
We’ll review several recent cases of highly visible hardware attacks that contributed to major hacks or breaches. For each case study, you’ll apply your newly gained knowledge of the hardware threat landscape to assess the oversights that enabled the vulnerabilities.
- Lecture: Understanding hardware impact
- Discussions on vulnerabilities:
- Discussion: Analyzing hardware vulnerabilities
- Lecture: Hardware threat modeling and product design constraints
- Discussion: Hardware threat modeling
- Lecture: Equipping a hardware lab
- Discussion: Estimate cost/impact of hardware threats
Day 2, PM: Mitigating Hardware-Related Risks
Finally, we’ll revisit several of our case studies from a different perspective: That of preventing or avoiding it in the future or within your organization. We’ll cover best practices to mitigate hardware vulnerabilities via software countermeasures and secure hardware development process, assessing hardware risk when accepting devices for deployment, and techniques for isolating and containing vulnerable or untrustworthy hardware from the rest of your infrastructure.
- Discussons on Risk and Mitigation
- Lecture: Assessing Risk (30)
- Lecture: Hardware security development lifecycle (SDL)
- Discussion: Hardware SDL
- Lecture: Component/subsystem supply chain and risks
- Lecture: Countermeasures
- Lecture: The luxury of hardware security
- Closing Sermon from PoC || GTFO
Targets
The purpose of this course is to focus on the implications of hardware security. Several pen-and-paper activities will walk through techniques done on hardware, without having to worry about the details of hardware setup and tedium of some complete solutions.
Length
2 days
Audience
Engineering managers, Product managers, Red Team leads, CxO (including CISOs and CTOs), and other executives responsible for or have hardware, mixed system, embedded, or IOT devices developed or deployed within their organization.
Format
50% lecture
30% Lab
20% discussion
- Applied Physical Attacks 1: Embedded and IoT Systems
- Hardware Attacks, Risks, Threats, and Mitigations
- Applied Physical Attacks 4: Hardware Implants
- Hands-on JTAG for Fun and Root Shells!
- Applied Physical Attacks 2: Hardware Pentesting
- Applied Physical Attacks 3: Rapid Prototyping
- Applied Physical Attacks on a Raspberry Pi
- Side Channel Attacks for Hardware N00BZ
- Applied Physical Attacks and Silicon Defenses
- WTFpga
- Applied Physical Attacks on x86 Systems