Wax on, Wax off: How to mitigate Hardware Attacks Speaker: Jasper van Woudenberg

Side channel and fault attacks are moving out of the labs and into the basements, with the availability of off-the-shelf attack hardware. Especially for unprotected microcontrollers, but certainly also for more complex SoCs, these attacks can circumvent many security features, such as secure boot and hardware accelerated crypto. Luckily, there are things you can do to mitigate such attacks, even in software. This talk will briefly touch upon what side channel and fault attacks are, and will include an overview of publicly available (software) code patterns that can serve as countermeasures. I’ll show some simulation results on good and bad countermeasures. Finally, this talk comes with a new and improved, superextra bonus section on automotive ECU (countermeasure) research from this year.

Speaker

Jasper van Woudenberg

Website

Riscure

Twitter

@jzvw

linkedin

jaspervw

As CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America's technical activities. Jasper's interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master's degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security. At Riscure, Jasper's expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America's pentesting teams and has a special interest in combining AI with security research. Jasper's eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision and academic publications. Jasper has spoken at many security conferences including BlackHat trainings, Intel Security Conference, RSA, EDSC, BSides SF, Shakacon, ICMC, Infiltrate, has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, has reviewed papers for CHES and JC(rypto)EN, and has given invited talks at Stanford, NPS, GMU and the University of Amsterdam. Specialties: side channel analysis, fault injection, binary code analysis, security evaluations of {mobile phones, smart cards, set-top-boxes}, network penetration testing, code reviews.