Embedded Security

Stefan Nürnberger

Global References

This is a list of all references found in the slides:

 

  1. "98% of all produced processors run in embedded systems"
  2. PIC16F 8 Bit Microcontroller Family Datasheet
  3. AVRdude Project and Source (best use avrdude package from your distribution)
  4. Cross-Platform Hex Editor wxHexEditor
  5. Draw Circuits with EasyEDA
  6. Draw Circuits, PCBs and Breadboard Layouts with Fritzing
  7. Resistor Colour Code Calculator
  8. Paul Kocher, Joshua Jaffe, Benjamin Jun, “Differential Power Analysis”, 
Annual International Cryptology Conference. Springer, Berlin, Heidelberg, 1999

  9. Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
    Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nürnberger, Wenke Lee, Michael Backes.
    24th Annular Symposium on Network and Distributed System Security (NDSS 2017), 2017.

  10. XBox360 Timing Attack http://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack

  11. Genkin, Daniel, Adi Shamir, and Eran Tromer. "RSA key extraction via low-bandwidth acoustic cryptanalysis.Annual Cryptology Conference. Springer, Berlin, Heidelberg, 2014.

  12. Keyboard Electromagnetic Eavesdropper:
    https://www.youtube.com/watch?v=AFWgIAgMtiA

  13. The TEMPEST Program by the NSA (Nowadays also certification against EM eminence)
    https://www.iad.gov/iad/programs/iad-initiatives/tempest.cfm

  14. FYI: TEMPEST can play music https://www.youtube.com/watch?v=VqASS1ZE9R8

  15. Kuhn, Markus G., and Ross J. Anderson. "Soft tempest: Hidden data transmission using electromagnetic emanations." International Workshop on Information Hiding. Springer, Berlin, Heidelberg, 1998.

  16. “Lest we Remeber: Cold Boot Attacks”, J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten., USENIX Security 2008

  17. Automatic Key Finder for AES & RSA
    https://citp.princeton.edu/research/memory/code/

  18. RamCrypt: Kernel-based Address Space Encryption for User-mode Processes. Johannes Götzfried, Tilo Müller, Gabor Drescher, Stefan Nürnberger, Michael Backes. ACM SIGSAC Symposium on Information, Computer and Communications Security (ASIACCS), 2016.

  19. PAM Login util-linux/login-utils/auth.c https://github.com/karelzak/util-linux/blob/master/login-utils/auth.c

  20. ChipWhisperer https://newae.com/tools/chipwhisperer/

  21. “Differential Power Analysis”, Paul Kocher, Joshua Jaffe, Benjamin Jun,
    Annual International Cryptology Conference.
    Springer, Berlin, Heidelberg, 1999

  22. Mordechai Guri, Boris Zadov, Eran Atias,Yuval Elovici, “LED it go”,
    https://cyber.bgu.ac.il//advanced-cyber/system/files/LED-it-GO_0.pdf

  23. Song, Dawn Xiaodong, David A. Wagner, and Xuqing Tian. "Timing analysis of keystrokes and timing attacks on ssh." USENIX Security Symposium. 2001

  24. Cache Side Channels: P. C. Kocher. Timing Attacks on Implementations of DiffeHellman, RSA, DSS, and Other Systems. In: Crypto’96

  25. Micro-Architectural Attacks: PhD Thesis of Daniel Gruss

  26. Intel Performance Analysis Guide (with memory access times)

  27. Intel 32 and 64 Bit Optimization Reference Manual

  28. ASLR on the line: Practical cache attacks on the MMU
    Gras, B., Razavi, K., Bosman, E., Bos, H., & Giuffrida, C. (2017). NDSS (Feb. 2017).

  29. Google Retpoline https://support.google.com/faqs/answer/7625886

  30. Wright, Charles V., et al. "Language identification of encrypted voip traffic: Alejandra y roberto or alice and bob?." USENIX Security Symposium. Vol. 3. 2007.

  31. "Error handling of in-vehicle networks makes them vulnerable."
    Cho, Kyong-Tak, and Kang G. Shin. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2016.

  32. Volkswagen Self-Study Program 238 http://www.volkspage.net/technik/ssp/ssp/SSP_238.pdf

  33. Volkswagen Self-Study Program 269 (http://www.volkspage.net/technik/ssp/ssp/SSP_269_d1.pdf)

  34. VatiCAN Authentication Solution is open source: http://www.automotive-security.net/vatican

  35. Kneib, Marcel, and Christopher Huth. "Scission: Signal characteristic-based sender identification and intrusion detection in automotive networks." Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2018.

  36. Radio Frequency Spectrum from WiseGeek

  37. Practical state recovery attacks against legacy RNG implementations, Shaanan Cohney, Matthew Green, Nadia Heninger https://duhkattack.com/paper.pdf

  38. Rolling Code for Microcontrollers: KEELOQ from Microchip http://ww1.microchip.com/downloads/en/AppNotes/00663C.pdf

  39. Samy Kamkar: “Drive it like you Hacked it” @ DEFCON 23 (https://www.youtube.com/watch?v=UNgvShN4USU )

  40. “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer”. Roel Verdult, Flavio Garcia.
    https://www.cs.bham.ac.uk/~garciaf/publications/Dismantling_Megamos_Crypto.pdf

  41. Key Re-Installation Attack: Forcing Key Reuse in WPA2. Mathy Vanhoef, Frank Piessens.
    https://papers.mathyvanhoef.com/ccs2017.pdf

  42. Undefined Behaviour (C/C++): https://wiki.sei.cmu.edu/confluence/display/c/CC.+Undefined+Behavior

  43. Undefined Behaviour (C/C++): https://wiki.sei.cmu.edu/confluence/display/c/DD.+Unspecified+Behavior

  44. MicroPython for embedded systems 

  45. Microsoft Singularity Operating System source code (written in C# / SPEC#) 

  46. Another C# Operating System: Cosmos

  47. The .net Micro Framework

  48. The Redox OS written in Rust

  49. Cert C Safe Coding Standards

  50. Gieraths, Antje. "Umsetzung der Anforderungen aus der ISO 26262 bei der Entwicklung eines Steuergeräts aus dem Fahrerinformationsbereich.Automotive-Safety & Security 2014(2015).

  51. W. Diffie and M. Hellman. New Directions In Cryptography. In IEEE Transactions on Information Theory, vol. IT-22(6), pages 644–654, November 1976

  52. Key Exchange using elektrical characteristics of CAN:
    Mueller, Andreas, and Timo Lothspeich. "Plug-and-secure communication for CAN." CAN Newsletter (2015)

  53. Intel Developer Guideline for Hardware Randomness

  54. SGX Sides Channels: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-gruss.pdf

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.