Details

About the talk

It is common sense that any critical components security must be validated before any breaches appear in the field. Cyber-security is an entire field of expertise and knowledge that aims at protecting the big amount of data that our modern society is constantly generating.

Presentation from the talk

In that context, practices such as bug bounties and red team analysis are now widely accepted in the security world… and especially in the software security world. But when it comes to hardware and more particularly to the Integrated Circuits that run all the embedded code, the situation is quite different and chip vendors are not always willing to have hackers look at designs they basically can not patch. In this context, secure chips were assumed over the years to be a guarantee for code and data secure storage.

On the other hand, in their attempt to keep our data secret, chip makers have added protections to their solutions, making the Law Enforcement Agencies’ (LEA) criminal investigations more difficult.

While facing the same technical difficulties than pirates, the governmental entities often do not have as much success as the bad guys, precisely because they do not share this «pirate mindset».

In such a context, red team services have raised in the last decade in the hardware field so as to access those critical data and to evaluate the stored firmwares. Indeed, in practice, there is an important need for offensive research in the field of Integrated Circuit for various applications.

Those are often strategic as they can relate to potential backdoors that could have been added to the circuitry during its manufacturing process. Reverse-Engineering is also useful to recover hardware and / or software functionalities from obsolete devices in order to minimize the cost of replacing critical devices which internal architectures are unknown.

On top of that, thanks to IC RE, extracting data from encrypted and protected devices can help police around the world to fight against terrorism and child pornography for example. Of course, OEM and integrators who protect their assets with a secure element or an authentication chip want to make sure the extra money is worth it. This talk aims at showing how hardware offensive security represents a tailored answer to both the developers of secure solutions and the parties willing to extract data from highly protected devices.

Cyber-security is an entire field of expertise and knowledge that aims at protecting the big amount of data that our modern society is constantly generating. In that context, practices such as bug bounties and red team analysis are now widely accepted in the security world… and especially in the software security world. But when it comes to hardware and more particularly to the Integrated Circuits that run all the embedded code, the situation is quite different and chip vendors are not always willing to have hackers look at designs they basically can not patch. In this context, secure chips were assumed over the years to be a guarantee for code and data secure storage.

On the other hand, in their attempt to keep our data secret, chip makers have added protections to their solutions, making the Law Enforcement Agencies’ (LEA) criminal investigations more difficult.

While facing the same technical difficulties than pirates, the governmental entities often do not have as much success as the bad guys, precisely because they do not share this «pirate mindset».

In such a context, red team services have raised in the last decade in the hardware field so as to access those critical data and to evaluate the stored firmwares. Indeed, in practice, there is an important need for offensive research in the field of Integrated Circuit for various applications.

Those are often strategic as they can relate to potential backdoors that could have been added to the circuitry during its manufacturing process. Reverse-Engineering is also useful to recover hardware and / or software functionalities from obsolete devices in order to minimize the cost of replacing critical devices which internal architectures are unknown.

On top of that, thanks to IC RE, extracting data from encrypted and protected devices can help police around the world to fight against terrorism and child pornography for example. Of course, OEM and integrators who protect their assets with a secure element or an authentication chip want to make sure the extra money is worth it. This talk aims at showing how hardware offensive security represents a tailored answer to both the developers of secure solutions and the parties willing to extract data from highly protected devices.

Olivier Thomas

Olivier Thomas

Founder and CTO at Texplained SARL

Oliver THOMAS studied Electrical Engineering (EE) and subsequently worked for a major semiconductor manufacturer designing analog circuits. Then, Olivier began to work in the field of Integrated Circuit (IC) security as the head of one of the world’s leading IC Analysis Labs. The lab primarily focused on securing future generation devices as well as developing countermeasures for current generation devices to combat piracy and counterfeiting. During this time Olivier helped develop many new and novel techniques for semi- and fully-invasive IC analysis.

He has an extensive background in all the Failure Analysis techniques and equipment necessary for accessing vulnerable logic on a target device. Combined with his experience as an IC design engineer, Olivier continues to develop techniques for automating the analysis process. These techniques are not only applicable to lower-complexity devices such as smartcards, which are the traditional targets for IC analysis, but they are applicable to modern semiconductor devices with millions of gates, such as modern System-on-Chips (SoCs). Olivier is the author of ARES (Automated Reverse Engineering Software), a software toolchain for the efficient analysis of designs of independent of their logical size.

He is the founder and CTO at Texplained SARL.