Podcast Noise Security Bit # 4 "On hardware security"

In this podcast, we discuss various aspects of security with non-hearsay people familiar with this area of ​​activity. In general, it turned out quite informative issue on this subject. It all starts with a discussion of how to start diving this area from the very beginning and ending with the reversing of the chips. We tried to discuss a large number of areas of hardware security and made a list of all the topics discussed with additional references and other materials for in-depth study.

Participants:
Alexander Matrosov ( @matrosov )
Dmitry Nedospasov ( @nedos)
Oleg Kupreev ( @ 090h )
Alexander Bazhanyuk ( @ABazhaniuk )
Dmitry Oleksyuk ( @d_olex )
')
MP3 file
Podcast official site
Github c show notes



Xbox
Literature: Hacking the Xbox [ pdf ]
WP: XBMC
Xecuter Modchips

TUB - Security in Telecommunications
Chaos Communications Congress

Recon
2013
2014

Vulnerabilities of various systems
WP: EMV
WP: PayTV / Conditional Access

WP: Workflow
WP: Failure Analysis
De gate
WP: Confocal Microscope
WP: Netlist
WP: Registers

Chip types
WP: ASIC
WP: VLSI
Literature: Weste [CMOS VLSI Design
WP: FPGA

Hdl
Verilog
Vhdl
Literature: Verilog vs. HDL - HDL Chip Design

AVR
AVR instruction set
AVR GCC

Simple tulza
DP Bus pirate
Arduino

Embedded Protocols
WP: UART
WP: I2C
WP: SPI

Michael Ossmann ( @michaelossmann )
KS: @mossmann
Daisho
Intdoucing Daisho

Agilent / Keysight / HP
WP: Agilent

Teledyne / LeCroy
Tektronix
Rhode schwarz

PCI Express Protocol Analyzer

Fpga devboards
Xilinx Spartan 6 SP605
Xilinx Virtex 6 ML605
Xilinx Vivado Design Sweet
Xilinx Chipscope Pro
Terasic DE0-nano (Recommended !!!)
Microsemi Igloo 2 Evaluation Kit (Recommended !!!)

Distributors:
Digikey
Mouser
Farnell
Avnet

Kernel development
Xilinx IP
Open cores
Working AES - Avalon AES

Tulzy
DP ATX breakout
FTDI USB / UART
WP: Microchip PIC
Dp cool runner

Glitching ddk
Student ( @rgsilva )
https://github.com/rgsilva/ddk-arm
https://github.com/rgsilva/ddk-fpga

Power anlaysis
Timo Kasper " Milking the Digital Cashcow (29c3) "
Literature: Stefan Mangard, Power Analysis Attacks: Revealing the Secrets of Smart Cards

Microprobing / data manipulation
Report: Chris Tarnovsky ( @semiconduktor ) Inducing Momentary Secure Secure Cards (DEF CON 16)
Article: Sorcer's Apprentice Guide to Fault Attacks
Article: Oliver Kömmerling, Design Principles for Tamper-Resistant Smartcard Processors
Literature: Ross Anderson, Security Engineering - Chapter 16: Physical Tamper Reistance
Article: Poc or GTFO 0x01 - Burning a phone

ISO7816
Die Datenkeke - DDK @DieDatenkrake
Thorsten Schröder ( @ br3t )
WP: SDR
Keykeriki
Nordic Semi
USRP

Parallel computing systems
WP: Parallel Computing
WP: pthread
WP: Pipeline

Chip obfuscation
Obfuscated Gates - SypherMedia International

Hacking Chips
Report: Olivier Thomas ( @reivilo_t ), Hardware Reverse-engineering Tools (REC0N 2013)
Report: Dmitry Nedospasov ( @nedos ), Security of the IC Backside (30c3)
Report: Chris Tarnovsky ( @semiconduktor ), Semiconductor Security Awareness Today and Yesterday (Blackhat 2010)
BBC Panorama - Murdoch's TV Pirates
Literature: Murdoch's Pirates

Baseband / DSP
WP: DSP
WP: Baseband Processor
Ralf-Philipp Weinmann ( @esizkur ), Baseband Exploitation in 2013
Analog devices blackfin
WP: VLIW
WP: Floating Point Unit
WP: Microcode

RF
Habr: Hacker-friendly Software-defined radio
Osmocom RTL SDR
DPS FM
Hackrf
KS: HackRF
HackRF training
BladeRF
Ubertooth one
The Amphour: An Interview with Michael Ossmann
Kicad
Cern kicad

ARM Trustzone
Chris Tarnovsky
Chris has a great two-day training on Toorcon.
Flylogic Blog
Wired: How to Reverse-Engineer a Satellite TV Smart Card
Twitter: @semiconduktor

WP: Electron Microscope

What is needed from the tools and tools in order to begin to delve into the topic in practice?
As for the equipment, I highly recommend watching: EEVBlog
For starters, you can go to the Heckspace

<100 €
DP Bus pirate
Arduino
Breadboard
cheap multimeter
DP ATX Breakout Board

<500 €
Multimeter (Extech, Amprobe, BK Precision)
Logic Analyzer ( Saleae )
Soldering station (with smoldered pins)

<1500 €
Oscilloscope ( Rigol DS2072 )
=> This model was hacked - you can turn on all features in the software with a key generator that is somewhere here
Rework station (hot-air belt station)
FPGA Devboard (Terasic DE0-nano)

<2500 €
Serious Multimeter (Fluke 87V)
second zone station

<5000 €
4-channel oscilloscope
second "gray" multimeter (for example Agilent OLED)

No chapel (equipment for serious people)
LPKF Protomat s63
Ultratec ASAP-1
Teledyne LeCroy 7-Zi
Riscure Laser Station
Karl Suss Probing Station
Karl Suss PH 150
Pico probe
New Wave Research EZLaze
Hamamatsu phemos
FEI FIB