Details

About the talk

This talk presents an overview of all things that can go wrong when developers attempt to implement a chain of trust also called ‘secure boot’. This talk focused on the general application in IoT, pay-tv, automotive, gaming, and mobile devices. On both sides of the fence secure boot is a vital mechanism to understand. Starting out from design mistakes, we look at crypto problems, logical and debug problems and move towards side channel problems such as timing attacks and fault injection. Covered challenges to implementing a secure boot will be illustrated with either public examples or the presenter’s experiences.

Presentation from the talk
Jasper van Woudenberg

Jasper van Woudenberg

CTO, Riscure - North America

Jasper (@jzvw) currently is CTO for Riscure North America, working with the SF based team to improve embedded device security.
As CTO of Riscure North America, Jasper is a principal security analyst and ultimately responsible for Riscure North America’s technical activities. Jasper’s interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master’s degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security. At Riscure, Jasper’s expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America’s pentesting teams and has a special interest in combining AI with security research. Jasper’s eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision, and academic publications. Jasper has spoken at many security conferences including BlackHat briefings and training, Intel Security Conference, RWC, RSA, EDSC, BSides SF, Shakacon, ICMC, Infiltrate, and Hardwear.io and has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West, East}, ARM TechCon, has reviewed papers for CHES and JC(rypto)EN, and has given invited talks at Stanford, NPS, GMU and the University of Amsterdam.