Every finalist for The Hackaday Prize has some aspect of it that hasn’t been done before; finding the chemical composition of everything with some 3D printed parts is novel, as is building a global network of satellite ground stations with off the shelf components. [Colin]’s ChipWhisperer, though, has some scary and interesting implications. By looking inside a microcontroller as its running, the ChipWhisperer is able to verify – or break – security on these chips. It’s also extremely interesting and somewhat magical being able to figure out what data a chip is processing simply by looking at its power consumption.
We have no idea who the winner of The Hackaday Prize is yet, and I’m hoping to remain ignorant of that fact until the party two weeks from now. Until then, you can read the short interview with [Colin O’Flynn], or check out his five-minute video for the ChipWhisperer below:
How seriously are the backdoors the Chipwhisperer opens taken in the industry? Are we looking at a huge problem with on-chip security out there, simply because the tools to investigate them have been really expensive?
For people who care about security because they directly have money to lose
(think chip & pin credit cards, satellite set-top boxes, etc.) they’ve taken
these problems seriously for a long time. But the majority of embedded
systems work doesn’t fall into that category, and it’s those products which
end up vulnerable. Part of the issue is the design engineers either don’t
know about these attacks. Or the engineers trust the vendors they are buying
from, which sell the crypto libraries, hardware accelerators, or stand-alone
chips as completely bullet-proof systems.
The problem may not be one of fundamental deficiencies in the design of
the crypto, but more the users (i.e. design engineers) don’t fully
understand how “secure” the specific implementation of the crypto is.
If you could give 100 words of advice to embedded designers implementing encryption, what would you tell them?
Crypto is not a check-box. Every implementation will be vulnerable, your
question is how secure do I need this to be? If someone is able to determine
the secret key in one device, does this mean they are now able to gain
access to all similar devices? The problems exposed by side-channel analysis
is often made worse by classic mistakes, such as re-using keying material
across multiple devices to make deployment easier, but when the devices
don’t actually require a shared key (think firmware images).
You’ve already said a few people have gotten the files and built their own ChipWhisperer. You’re also selling the complete kit. Who is buying it? Are we looking at academics, security researchers, companies verifying their own hardware, or just random people who sign their emails ZeroCool?
Mostly academics so far, although there has also been a few security
researchers and companies too. My intention with the design is for it to be
a learning tool, and about as far from an ‘offensive attack tool’ as I could
reasonable make it. Unless you understand the underlying theory of the
attacks you’ll never have success with them.
What was the reaction from different communities? What was the response from security researchers versus the general public? Are you surprised at how popular your project was?
The biggest reaction has been from embedded engineers, as they have often
been sold on ‘secure because math’ during their design process. They are
using AES-256 for example and assume that means someone attacking the system
would need to physically decap the chip, reset fuse bits, and then read out
Flash memory to get the key. They’d never seen practical demonstrations of
side-channel attacks, only vaguely heard about it.
I am surprised how popular the project was outside of this sphere though! A
lot more people are involved in side-channel power analysis then I first
realized, which is great to learn. I started a web forum with the intention
of trying to collect some of that community, as it would be great to share
research results in a more informal manner.
Hypothetical, and we’re not going to hold you to whatever answer you give. You win the grand prize, a trip to space or about $200,000 USD. Which one to you take, and what is your reasoning for doing so?
The trip to space would be great, but I think I’d have a hell of a time
turning down $200k! There’s no question I’d invest that back into this
project though. I really want to create a lower-cost version of these tools,
and a big part of that is doing a larger production run with more advanced
technology (mounting the FPGA directly on a multi-layer PCB). I’ve avoided
Kickstarter so far as I want this project to remain pretty technical – if I
went the Kickstarter route I’m afraid I’d end up with people who’ve only
ever used an Arduino backing the project, and then get frustrated when I’m
asking them to compile C code. I’ve also avoided trying to get an outside
investor, as they want to scale-back on the open-source/free nature of the
project. I’m also still part-way through a PhD, so can’t get too distracted
as I want to finish that off first!
Either way I’d need to check the tax implications of the prize too – if I
had to pay full Canadian income tax on the prize, I couldn’t afford the trip
to space anyway, even with the offer in the rules of the sponsor covering up
to 20% of the value! Unfortunately practical matters might dictate my