SlideShare a Scribd company logo

Tài liệu Keysight_Riscure Introduction.pdf

D
diennt1

Các sản phẩm Keysight

Engineering
1 of 33
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
1 Device Security Introduction
2 2 How many people do you recognize here? Paul Kocher CRI/Rambus Miller & Vakasek IO Active – Jeep Hack Satoshi Nakamoto ? Blockchain/ Bitcoin Edward Snowden NSA Leaks Marc Witteman Founder Riscure Joan Daemen Co-Founder AES Claude Shannon Father of Information Theory and modern Cryptography Adi Shamir The S from RSA and more
3 Privacy How Secure is your mobile phone? Keysight Public Source: https://www.zdnet.com/article/israeli-military-tricked-into-installing-malware-by-hamas-agents-posing-as-women/
4 Trust Can you trust your allies? Source: https://arstechnica.com/tech-policy/2020/02/us-german-intel-owned-swiss-crypto-used-by-dozens-of-countries/ https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ Keysight Public
5 Piracy and copyright infringement Have you ever downloaded games, movies, books, music, ….? Keysight Public The Pirate Bay Popcorn Time Napster
6 Integrity Can we trust technology? Keysight Public Drone exploit Hacking Philips HUE Lamps Smart Card Cloning Mobile Phone screen radiation Aka Tempest Screaming Channels
7 Safety Are current Safety standards good enough for Security? Keysight Public SAFETY ≠ SECURITY Jeep Hack Key fob Tesla hack KIA/Hyundai hacking Toyota RAV4 Outside ODB access Connected Smart Meters
8 Hacking tools Today’s Hardware Hacking is for everyone Keysight Public Flipper Zero USB Rubber Duck O.MG Cables HackRF One Ubertooth Chip Whisperer & Shouter Raspberry PI based D.I.Y.
9 Riscure Security Solutions #RSS We care about Device Security Keysight Public • We care about devices that must be secure in a hostile environment • We serve customers with our security test tools, services, and training • We develop test methods and tooling
10 How do we help our customers? Keysight Public Certification Training Products Break Test Security Analyst Educate Make Riscure Security Solutions Every customer has a different need
11 Certification & Training Keysight Public
12 Core markets Security Certification • Chips • Operating Systems • Devices Automotive • ECU’s • Complete vehicles testing • UN155 Type approval Internet of Things • Consumer • Industrial • Cloud computing Mobile and electronic payment • Mobile applications Keysight Public
13 Key expertise And many more! Chip security • Banking cards, Transport cards and e-Passports • > 200 chipset evaluations Connected devices • Automotive: > 25 customers > 50 projects • IoT: > 600 devices Secure OS (Trusted Execution) • > 100 evaluations for payment, media, automotive and general certification Mobile • > 200 mobile application projects for Payment: Host Card Emulation and mPOS Hardware • Side Channel Analysis (SCA) / Fault Injection (FI) • PQC, Pre-silicon testing, Deep Learning Keysight Public
14 • Certification provides access to the market. • Security testing by an indepent is required, by a scheme controlling this market. • Riscure provides a wealth of accreditions by such schemes. Accreditations Mobile and e-Payments General and Automotive IoT, cloud computing, media And many more! Keysight Public
15 Riscure in Automotive projects completed Source code reviews on chipset and devices. Architecture & design reviews Chip security testing Fault Injection (FI) & Side Channel Analysis (SCA) ECU security evaluation complete vehicles OEMs, Tier 1s & Tier 2s Top-10 semiconductor vendors 25+ 50+ automotive clients Security consultancy UN R155/R156 Type Approval Whole vehicle testing - A new vehicle goes through penetration test. - In-field vehicles are checked periodically Keysight Public
16 Current Customer Engagements Other All six National Automotive Test centers (China)
17 Empower your team with essential security knowledge Academy Secure Coding Chip Design & Security Automotive Security Secure Boot Essential FI Common Criteria Embedded Systems Reverse Engineering Essential SCA Every organization is different. Riscure Security Solutions offers multiple approaches to learning depending on the needs and goals of your team. Training formats • Self-Paced • Expert-led • Open Training Device Security Training Keysight Public
18 Products Keysight Public
19 We give color to hardware security labs Keysight Public SCA SCA
20 Attackers frequently use these side channels 1. Time of computation 2. Power consumption (SPA, DPA) 3. EM radiation (EMA) • Semiconductors use power • Especially when switching, i.e. when working • Resulting power profile is related to work being done • Analyzing power profiles reveals processes & data What is a side channel? An unintended interface that leaks information Keysight Public
21 https://eprint.iacr.org/2022/230.pdf Academic researchers use Keysight (Riscure) equipment to study device vulnerabilities Keysight Public
22 Modular Turnkey solution Side Channel Analysis (SCA) Keysight Public Target Oscilloscope Inspector SCA Software Transceiver icWaves Huracan Failure Analysis XYZ Stage CleanWave Spider Power Tracer for Smartcards Current Probe Current Probe Active EM Probes
23 Logical threshold Power dip while reading data Voltage Time Logical 1 Logical 0 3.3 0.0 1.8 • Semiconductors require environmental parameters to stay within strict bounds, e.g. • Voltage • Frequency • Going briefly out of bounds may lead to a fault, and a software malfunction • Attackers exploit these malfunctions by careful tuning the fault Go outside the specs What is Fault Injection? Keysight Public
24 Modular Turnkey Solution Fault Injection (FI) Inspector FI Software Spider VC Glitcher Clock Glitcher Glitch Amplifier High Power GA EM-FI EM-FI APW Lasers Systems Transceiver icWaves Huracan Keysight Public Target Oscilloscope
25 Inspector PXI security test products The Next generation Embedded Security Testbench Keysight Public
26 Inspector is migrating from standalone hardware to an all-in-one Modular Security Testbench based on Keysight PXIe Flexible / High-Performance / Future Proof Keysight Public Spider icWaves Workstation Transceiver Oscilloscope Huracan
27 Keysight Public Example setup with current Riscure equipment
28 Keysight Public Under development/near future setup with Keysight RSS equipment
29 Side Channel Analysis (SCA) Fault Injection (FI) Automation by Inspector software Keysight Public Acquisition Store/load traces Compression Alignment Statistical analysis Frequency analysis Filtering Chaining Side channel analysis Modular design Functions are modules IDE to create your own
30 Keysight Public Finding leakage at chip design Pre-Silicon Analysis
31 Market leader • Focus on Embedded Security testing products • Dedicated team of hardware and software developers • Strong involvement in industry standard schemes • Secret Weapon • Our own security test lab • Prototype development in the lab • Tools are used in the lab on cutting-edge technology Why our products? Keysight Public
32 +300 clients Worldwide • Semiconductor Manufacturers • Automotive • Forensics • Government agencies • Defense organizations • Academia / Universities • Security Test Labs Our Clients Keysight Public We build hardware and software security test labs for white-box and black-box testing
33 Keysight Public

More Related Content

PDF
Connected Cars: What Could Possibly Go Wrong
OnBoard Security, Inc. - a Qualcomm Company
 
PPTX
No Safety Without Security
Security Innovation
 
PDF
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
PPTX
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
 
PPTX
Application security meetup k8_s security with zero trust_29072021
lior mazor
 
PPTX
Operationalizing Security Intelligence
Splunk
 
PDF
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
Shah Sheikh
 
PPTX
Mobile Commerce: A Security Perspective
Pragati Rai
 
Connected Cars: What Could Possibly Go Wrong
OnBoard Security, Inc. - a Qualcomm Company
 
No Safety Without Security
Security Innovation
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
 
Application security meetup k8_s security with zero trust_29072021
lior mazor
 
Operationalizing Security Intelligence
Splunk
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
Shah Sheikh
 
Mobile Commerce: A Security Perspective
Pragati Rai
 

Similar to Tài liệu Keysight_Riscure Introduction.pdf (20)

PPTX
Connected Cars - Poster Child for the IoT Reality Check
Security Innovation
 
PDF
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
FFRI, Inc.
 
PPTX
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Honeywell
 
PDF
Smart Manufacturing
CSA Group
 
PDF
"Building Security Protections for Robotic Devices", Anastasiia Voitova
Fwdays
 
PDF
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
Shah Sheikh
 
PPS
Stanford Cybersecurity January 2009
Jason Shen
 
PDF
Proving the Security of Low-Level Software Components & TEEs
Ashley Zupkus
 
PDF
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
Kaspersky
 
PPTX
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
Santhosh Kumar
 
PDF
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Kyle Lai
 
PDF
CyberSecurity - UH IEEE Presentation 2015-04
Kyle Lai
 
PDF
2014-12-16 defense news - shutdown the hackers
Shawn Wells
 
PDF
The Internet of Things: We've Got to Chat
Duo Security
 
PPTX
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Aleksandr Timorin
 
PDF
Secure-by-Design Using Hardware and Software Protection for FDA Compliance
ICS
 
PDF
Robust Cyber Security for Power Utilities
Nir Cohen
 
PDF
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
TI Safe
 
PPTX
ATAGTR2017 Security Testing / IoT Testing in Real World
Agile Testing Alliance
 
PPTX
Will future vehicles be secure?
Alan Tatourian
 
Connected Cars - Poster Child for the IoT Reality Check
Security Innovation
 
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
FFRI, Inc.
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Honeywell
 
Smart Manufacturing
CSA Group
 
"Building Security Protections for Robotic Devices", Anastasiia Voitova
Fwdays
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
Shah Sheikh
 
Stanford Cybersecurity January 2009
Jason Shen
 
Proving the Security of Low-Level Software Components & TEEs
Ashley Zupkus
 
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
Kaspersky
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
Santhosh Kumar
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Kyle Lai
 
CyberSecurity - UH IEEE Presentation 2015-04
Kyle Lai
 
2014-12-16 defense news - shutdown the hackers
Shawn Wells
 
The Internet of Things: We've Got to Chat
Duo Security
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Aleksandr Timorin
 
Secure-by-Design Using Hardware and Software Protection for FDA Compliance
ICS
 
Robust Cyber Security for Power Utilities
Nir Cohen
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
TI Safe
 
ATAGTR2017 Security Testing / IoT Testing in Real World
Agile Testing Alliance
 
Will future vehicles be secure?
Alan Tatourian
 
Ad

Recently uploaded (20)

PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
PDF
Well-logging-methods_new................
ZafriFarid
 
DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
PPTX
Artificial Intelligence
dikshendrasarpate2
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PDF
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
Well-logging-methods_new................
ZafriFarid
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 
Artificial Intelligence
dikshendrasarpate2
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PPT on Performance Review to get promotions
prashant593122
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
Ad

Tài liệu Keysight_Riscure Introduction.pdf

  • 2. 2 2 How many people do you recognize here? Paul Kocher CRI/Rambus Miller & Vakasek IO Active – Jeep Hack Satoshi Nakamoto ? Blockchain/ Bitcoin Edward Snowden NSA Leaks Marc Witteman Founder Riscure Joan Daemen Co-Founder AES Claude Shannon Father of Information Theory and modern Cryptography Adi Shamir The S from RSA and more
  • 3. 3 Privacy How Secure is your mobile phone? Keysight Public Source: https://www.zdnet.com/article/israeli-military-tricked-into-installing-malware-by-hamas-agents-posing-as-women/
  • 4. 4 Trust Can you trust your allies? Source: https://arstechnica.com/tech-policy/2020/02/us-german-intel-owned-swiss-crypto-used-by-dozens-of-countries/ https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ Keysight Public
  • 5. 5 Piracy and copyright infringement Have you ever downloaded games, movies, books, music, ….? Keysight Public The Pirate Bay Popcorn Time Napster
  • 6. 6 Integrity Can we trust technology? Keysight Public Drone exploit Hacking Philips HUE Lamps Smart Card Cloning Mobile Phone screen radiation Aka Tempest Screaming Channels
  • 7. 7 Safety Are current Safety standards good enough for Security? Keysight Public SAFETY ≠ SECURITY Jeep Hack Key fob Tesla hack KIA/Hyundai hacking Toyota RAV4 Outside ODB access Connected Smart Meters
  • 8. 8 Hacking tools Today’s Hardware Hacking is for everyone Keysight Public Flipper Zero USB Rubber Duck O.MG Cables HackRF One Ubertooth Chip Whisperer & Shouter Raspberry PI based D.I.Y.
  • 9. 9 Riscure Security Solutions #RSS We care about Device Security Keysight Public • We care about devices that must be secure in a hostile environment • We serve customers with our security test tools, services, and training • We develop test methods and tooling
  • 10. 10 How do we help our customers? Keysight Public Certification Training Products Break Test Security Analyst Educate Make Riscure Security Solutions Every customer has a different need
  • 12. 12 Core markets Security Certification • Chips • Operating Systems • Devices Automotive • ECU’s • Complete vehicles testing • UN155 Type approval Internet of Things • Consumer • Industrial • Cloud computing Mobile and electronic payment • Mobile applications Keysight Public
  • 13. 13 Key expertise And many more! Chip security • Banking cards, Transport cards and e-Passports • > 200 chipset evaluations Connected devices • Automotive: > 25 customers > 50 projects • IoT: > 600 devices Secure OS (Trusted Execution) • > 100 evaluations for payment, media, automotive and general certification Mobile • > 200 mobile application projects for Payment: Host Card Emulation and mPOS Hardware • Side Channel Analysis (SCA) / Fault Injection (FI) • PQC, Pre-silicon testing, Deep Learning Keysight Public
  • 14. 14 • Certification provides access to the market. • Security testing by an indepent is required, by a scheme controlling this market. • Riscure provides a wealth of accreditions by such schemes. Accreditations Mobile and e-Payments General and Automotive IoT, cloud computing, media And many more! Keysight Public
  • 15. 15 Riscure in Automotive projects completed Source code reviews on chipset and devices. Architecture & design reviews Chip security testing Fault Injection (FI) & Side Channel Analysis (SCA) ECU security evaluation complete vehicles OEMs, Tier 1s & Tier 2s Top-10 semiconductor vendors 25+ 50+ automotive clients Security consultancy UN R155/R156 Type Approval Whole vehicle testing - A new vehicle goes through penetration test. - In-field vehicles are checked periodically Keysight Public
  • 16. 16 Current Customer Engagements Other All six National Automotive Test centers (China)
  • 17. 17 Empower your team with essential security knowledge Academy Secure Coding Chip Design & Security Automotive Security Secure Boot Essential FI Common Criteria Embedded Systems Reverse Engineering Essential SCA Every organization is different. Riscure Security Solutions offers multiple approaches to learning depending on the needs and goals of your team. Training formats • Self-Paced • Expert-led • Open Training Device Security Training Keysight Public
  • 19. 19 We give color to hardware security labs Keysight Public SCA SCA
  • 20. 20 Attackers frequently use these side channels 1. Time of computation 2. Power consumption (SPA, DPA) 3. EM radiation (EMA) • Semiconductors use power • Especially when switching, i.e. when working • Resulting power profile is related to work being done • Analyzing power profiles reveals processes & data What is a side channel? An unintended interface that leaks information Keysight Public
  • 21. 21 https://eprint.iacr.org/2022/230.pdf Academic researchers use Keysight (Riscure) equipment to study device vulnerabilities Keysight Public
  • 22. 22 Modular Turnkey solution Side Channel Analysis (SCA) Keysight Public Target Oscilloscope Inspector SCA Software Transceiver icWaves Huracan Failure Analysis XYZ Stage CleanWave Spider Power Tracer for Smartcards Current Probe Current Probe Active EM Probes
  • 23. 23 Logical threshold Power dip while reading data Voltage Time Logical 1 Logical 0 3.3 0.0 1.8 • Semiconductors require environmental parameters to stay within strict bounds, e.g. • Voltage • Frequency • Going briefly out of bounds may lead to a fault, and a software malfunction • Attackers exploit these malfunctions by careful tuning the fault Go outside the specs What is Fault Injection? Keysight Public
  • 24. 24 Modular Turnkey Solution Fault Injection (FI) Inspector FI Software Spider VC Glitcher Clock Glitcher Glitch Amplifier High Power GA EM-FI EM-FI APW Lasers Systems Transceiver icWaves Huracan Keysight Public Target Oscilloscope
  • 25. 25 Inspector PXI security test products The Next generation Embedded Security Testbench Keysight Public
  • 26. 26 Inspector is migrating from standalone hardware to an all-in-one Modular Security Testbench based on Keysight PXIe Flexible / High-Performance / Future Proof Keysight Public Spider icWaves Workstation Transceiver Oscilloscope Huracan
  • 27. 27 Keysight Public Example setup with current Riscure equipment
  • 28. 28 Keysight Public Under development/near future setup with Keysight RSS equipment
  • 29. 29 Side Channel Analysis (SCA) Fault Injection (FI) Automation by Inspector software Keysight Public Acquisition Store/load traces Compression Alignment Statistical analysis Frequency analysis Filtering Chaining Side channel analysis Modular design Functions are modules IDE to create your own
  • 30. 30 Keysight Public Finding leakage at chip design Pre-Silicon Analysis
  • 31. 31 Market leader • Focus on Embedded Security testing products • Dedicated team of hardware and software developers • Strong involvement in industry standard schemes • Secret Weapon • Our own security test lab • Prototype development in the lab • Tools are used in the lab on cutting-edge technology Why our products? Keysight Public
  • 32. 32 +300 clients Worldwide • Semiconductor Manufacturers • Automotive • Forensics • Government agencies • Defense organizations • Academia / Universities • Security Test Labs Our Clients Keysight Public We build hardware and software security test labs for white-box and black-box testing