The ChipWhisperer At Defcon

We’ve seen [Colin]’s entry to The Hackaday Prize before. After seeing his lightning talk at Defcon, we had to get an interview with him going over the intricacies of this very impressive piece of hardware.

The ChipWhisperer is a security and research platform for embedded devices that exploits the fact that all security measures must run on real hardware. If you glitch a clock when a microcontroller is processing an instruction, there’s a good probability something will go wrong. If you’re very good at what you do, you can simply route around the code that makes up the important bits of a security system. Power analysis is another trick up the ChipWhisperer’s sleeve, analyzing the power consumption of a microcontroller when it’s running a bit of code to glean a little information on the keys required to access the system. It’s black magic and dark arts, but it does work, and it’s a real threat to embedded security that hasn’t had an open source toolset before now.

Before our interview, [Colin] did a few short and sweet demos of the ChipWhisperer. They were extraordinarily simple demos; glitching the clock when a microcontroller was iterating through nested loops resulted in what can only be described as ‘counter weirdness’. More advanced applications of the ChipWhisperer can supposedly break perfectly implemented security, something we’re sure [Colin] is saving for a followup video.

You can check out [Colin]’s 2-minute video for his Hackaday Prize entry below.

24 thoughts on “The ChipWhisperer At Defcon

        1. I don’t think Mooltipass needs this. After all, if an attacker has physical access there are easier ways to steal information.

          But as a thought exercise, there could be multiple data and clock buses all being used with the actual data being moved between them randomly. Internally the bus being used for each transfer is known, but externally it would not be apparent.

      1. I’m not sure you understand security. Your pretty much saying if two people are talking and one person decides to say jibberish during segments of real information, that someone listening wouldn’t know it, plus wouldn’t know what makes sense and what doesn’t. There are only so many ways to talk, and all humans talk that same, make a sound, listen to a sound, which only allows for a specific amount of syntax, computers are the same, except way less sophisticated, and never change. The only your advice would do is, prevent script kiddies from access, waste a day of a real reverse engineer, or just plain cause headaches, nightmares, bugs, and crashes for the developing engineers.

      1. F… If you can’t figure out how to be helpful and kind, you probably don’t deserve to talk. Same logic right?

        Mike…. To make one you need to go to this io page, get the board schematics, or eagle files, send them to a board manufacteur, then buy the discrete chips from a supply store, and populate the board. How boring and shitty life would be if you had to be perfect and know everything about something before you could try it? Sounds anti-hacker to me.

    1. I don’t think that would help much either. It’s not difficult to breakdown potting material. I believe the answer is don’t let your secure hardware into the wild. Barring that, well…

      1. Potting is better than nothing, but a real tamper sensor hooked up to a tamper response circuit that removes sensitive information from the device is better. Generally speaking, effective tamper sensors are cost-prohibitive for all but the most sensitive applications (i.e. high-end HSMs for key management, military-grade crypto devices and sensitive mission systems).

        for an example of the kind of thing I’m talking about, check here:

        http://www.gore.com/MungoBlobs/536/871/d3_brochure.pdf

        1. There’s also a low-end solution that can be deployed on the cheap. I’ve seen a “maze” printed circuit on kapton that was then attached to the inside of a plastic box that covered the sensitive part of the circuit. It was nowhere near as sophisticated as the Gore product you linked, but it would detect simple attempts to drill, cut, or remove the box, or even short the traces of the maze (there were multiple independent circuit loops running through the maze.) This was accompanied by a functionally similar maze embedded in one of the middle layers of the printed circuit board.

          On the plus side, this left the circuit totally maintainable. You could remove the housing and replace the battery, and then re-inject the keys again. Much better than potting compound. However, after having seen how the maze was installed, it’s certainly possible to devise a strategy to defeat it. Take apart just one sacrificial device, and you’d learn how to take apart all similar devices without fear of tripping the sensor.

          So for a home made solution that might work better for projects like the Mooltipass, we could blend the two approaches, arriving at a pretty good level of security without spending a ton of money.

          The first step is creating a detector circuit that can monitor a couple loops of wire, ensuring that they aren’t shorted together or cut, and that does not drain the battery or supercap.

          Before potting, solder a couple of 10″ – 20″ loops of fine gauge bare copper wire to their appropriate contacts. Next, pot the circuit in epoxy, allowing the loops to poke through, free of the blob. Apply a thin spray of contact adhesive to the top of the blob. Randomly lay out thin mazes of the wire in the glue, being careful to not allow adjacent wires to make contact, and separating any points where they cross with a tiny sliver of electrical tape. Run wires from different loops parallel to each other. Cover with a second layer of epoxy.

          The loops could also be rigged like traditional wired house alarms, with an “end of line resistor” (or several resistors) soldered in the middle of each loop. Shorting the different legs of a loop’s wires detectably alters the resistance. Or instead of simple resistors, have a set of the wires terminated by a phototransistor. Make your attacker work in the dark.

          This would withstand a lot of simple attacks, but would still be vulnerable to X-ray inspection, and probably wouldn’t stop a TLA.

      2. There are lots of reasonably secure smart cards in the wild. Not only they are designed to be tamper resistant because all the logic is on the same silicon die, and are also designed to be as resistant as possible to by side channel attacks, but they are also able to detect and counteract clock and power glitching faults attacks. There are numerous programming techniques to assist side-channel /fault resistant hardware.

        1. Those smart cards are so secure do to hackers/tinkerers constantly attacking them and sharing their work. Smart card companies esentialy had free antisec teams hammering on their product, after many itterations you get realy quite secure hardware.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.