

#### Memory and Programmable Logic

- most memory is insecure

   can be read with standard device programmer
- difficult to securely and totally erase data from RAM and non-volatile memory
  - remnants may exist and be retrievable from devices long after power is removed
    - e.g., P. Gutmann, "Secure deletion from magnetic and solid-state memory devices," *Sixth USENIX Security Symposium*, 1996
       e.g. cold boot attacks



### Memory and Programmable Logic (2)

- SRAM-based FPGAs most vulnerable to attack
   must load configuration from external memory
  - bit stream can be monitored to retrieve data
- protect against I/O scan attacks

   attacker cycles through all combinations of inputs to
   determine outputs
  - use unused pins to detect probing
- limit the amount of time that critical data is stored in the same region of memory
  - periodically flip the stored bits













- symmetric cryptography
  - device authentication
  - secure boot with hash value
  - secure boot with MAC algorithm
  - secure update/data authentication with MAC algorithm
- + public key cryptography
- secure boot with digital signature
- secure update/data authentication with digital signature
- + hardware RNG
  - key generation and cryptographic protocols















#### Software update

- growing importance: apps, O/S, firmware (FPGA), processor microcode
- use secure update
- only allow newer versions to be loaded into product (so attacker can not make revert to old versions with known security flaws)
- sensitive software should perhaps not be released in clear on a web page (could be disassembled and analyzed by attacker)
  - example: firmware for satellite encryption



• smart card































### Smart card: discussion

- smart card: simple system that is easy to secure (welldefined perimeter and interface)
  - secure O/S and file system
  - access control, counters
  - currently no longer very simple
     how to talk securely to a smart or
- how to talk securely to a smart card: secure channel problem – how does the user transfer a PIN to the smart card?
- how does the user know which data is submitted to the smart card to be signed?
  how does the user know whether the smart card reports an error?
- how does the user know whether the small card reports an error
   highly efficient cryptographic coprocessor
  - not always accessible to the programmer
  - communication on standard I/O is very slow long tradition for physical protection
  - power and clock are external which makes a smart card more vulnerable
- Secure hardware • it is great to have secure hardware • but how do you authenticate who/what can talk to it? • one really needs a secure device including secure I/O TLS TLS Ceci n'est pas un HSM