One of the many fascinating fields that’s covered by Hackaday’s remit lies in the world of hardware security, working with physical electronic hardware to reveal inner secrets concealed in its firmware. Colin O’Flynn is the originator of the ChipWhisperer open-source analysis and fault injection board, and he is a master of the art of glitching chips. We were lucky enough to be able to welcome him to speak at last year’s Remoticon on-line conference, and now you can watch the video of his talk below the break. If you need to learn how to break RSA encryption with something like a disposable camera flash, this is the talk for you.
This talk is an introduction to signal sniffing and fault injection techniques. It’s well-presented and not presented as some unattainable wizardry, and as his power analysis demo shows a clearly different trace on the correct first letter of a password attack the viewer is left with an understanding of what’s going on rather than hoping for inspiration in a stream of the incomprehensible. The learning potential of being in full control of both instrument and target is evident, and continues as the talk moves onto fault injection with an introduction to power supply glitching as a technique to influence code execution.
There are many reasons why one would want to measure voltage and current in a project, some applications requiring one to measure mains and even three-phase voltage to analyze the characteristics of a device under test, or in a production environment. This led [Michael Klopfer] at the University of California, Irvine along with a group of students to develop a fully isolated board to analyze both single and three-phase mains systems.
Each of these boards consists out of two sections: one is the high-voltage side, with the single phase board using the Analog Devices ADE7953 and the three-phase board the ADE9708. The other side is the low-voltage, isolated side to which the microcontroller or equivalent connects to using either SPI or I2C. Each board type comes in either SPI or I2C flavor.
Each board can be used to measure line voltage and current, and the Analog Devices IC calculates active, reactive, and apparent energy, as well as instantaneous RMS voltage and current. All of this data can then be read out using the provided software for the Arduino platform.
The goal of this project is to make it easy for anyone to reproduce their efforts, with board schematics (in Eagle format) and the aforementioned software libraries provided. Here it is somewhat unfortunate that the documentation can be somewhat incomplete, with basic information such as input and measurement ranges missing. Hopefully this will improve over the coming months as it does seem like a genuinely useful project for the community.
We’ve covered the work coming out of [Michael]’s lab before, including this great rundown on Lattice FPGAs. They’re doing machine vision, work on RISC-Vchips, and more. A stroll through the lab’s GitHub is worth your time.
Hardware wallets are devices used exclusively to store the highly sensitive cryptographic information that authenticates cryptocurrency transactions. They are useful if one is worried about the compromise of a general purpose computer leading to the loss of such secrets (and thus loss of the funds the secrets identify). The idea is to move the critical data away from a more vulnerable network-connected machine and onto a device without a network connection that is unable to run other software. When designing a security focused hardware devices like hardware wallets it’s important to consider what threats need to be protected against. More sophisticated threats warrant more sophisticated defenses and at the extreme end these precautions can become highly involved. In 2015 when [Jochen] took a look around his TREZOR hardware wallet he discovered that maybe all the precautions hadn’t been considered.
Every finalist for The Hackaday Prize has some aspect of it that hasn’t been done before; finding the chemical composition of everything with some 3D printed parts is novel, as is building a global network of satellite ground stations with off the shelf components. [Colin]’s ChipWhisperer, though, has some scary and interesting implications. By looking inside a microcontroller as its running, the ChipWhisperer is able to verify – or break – security on these chips. It’s also extremely interesting and somewhat magical being able to figure out what data a chip is processing simply by looking at its power consumption.
We have no idea who the winner of The Hackaday Prize is yet, and I’m hoping to remain ignorant of that fact until the party two weeks from now. Until then, you can read the short interview with [Colin O’Flynn], or check out his five-minute video for the ChipWhisperer below: