Hardware Trojans and Other Threats against Embedded Systems
Prof. Christof Paar, Ruhr-Universität Bochum • Monday April 3, 9:30
Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security-critical, e.g., automotive electronics, medical devices, or SCADA systems. If the underlying ICs in such applications are maliciously manipulated through hardware Trojans, the security of the entire system can be compromised. In recent years, hardware Trojans have drawn the attention of the scientific community and government. Initially, the primary attacker model was a malicious foundry that could alter the design, i.e., introduce hardware Trojans which could interfere with the functionality of a chip. Many other attacker models exist too. For instance, a legitimate IC manufacturer, such as a consumer electronics company, might be in cohort with a national intelligence agency and could alter its products in a way that compromises their security.
Even though hardware Trojans have been studied for a decade or so in the literature, little is known about how they might look, especially those that are particularly designed to avoid detection. In this talk we introduce several low-level manipulation attacks against embedded system, targeting two popular types of hardware platforms, ASICs and FPGAs.
Christof Paar has the Chair for Embedded Security at Ruhr University Bochum, Germany, and is affiliated professor at the University of Massachusetts Amherst. He co-founded CHES (Cryptographic Hardware and Embedded Systems), the leading international conference on applied cryptography. Christof’s research interests include efficient crypto implementations, hardware security, and security analysis of real-world systems. He also works on applications of embedded security, e.g., in cars or consumer devices. He holds an ERC Advanced Grant in hardware security and is spokesperson for two doctoral research schools, UbiCrypt and SecHuman. Christof has over 180 peer-reviewed publications and he is co-author of the textbook Understanding Cryptography. He is Fellow of the IEEE and was recipient of an NSF CAREER Award, the German IT Security Award and the Innovation Prize NRW. He has given numerous invited talks, including presentations at MIT, Yale, Stanford, IBM Labs and Intel.
What might it mean for security to be sustainable?
Prof. Ross Anderson, University of Cambridge • Monday April 3, 18:30
People talk about what computing can do for sustainability, but a more concrete and urgent problem is how computing itself can become more sustainable. As all sorts of things from medical devices to cars go online, they will start to need monthly software updates, or the latest security vulnerabilities will cause safety problems too. The safety case for your SUV or your insulin pump will no longer be just a matter of pre-market testing; it will need to be maintained. We did a study for the European Commission of the implications for product regulation, and it’s becoming clear that Europe’s ecosystem of safety regulators, standards bodies and testing labs will need a substantial upgrade. The way we develop software will also have to change. If I’m writing navigation code right now in Cambridge which will appear in your SUV in 2020, how will we keep shipping security patches in 2030, 2040 and 2050? What tools will we need, and who will pay for it all?
Ross Anderson is Professor of Security Engineering at Cambridge University. He was one of the founders of the discipline of security economics, and leads the Cambridge Cybercrime Centre, which collects and analyses data about online wickedness. He was one of the designers of the international standards for prepayment electricity metering and powerline communications; he was one of the inventors of the AES finalist encryption algorithm Serpent; he was also a pioneer of peer-to-peer systems, hardware tamper-resistance and API security. He is a Fellow of the Royal Society, the Royal Academy of Engineering, and the Institute of Physics, and a winner of the Lovelace Medal – the UK’s top award in computing. He is best known as the author of the textbook “Security Engineering – A Guide to Building Dependable Distributed Systems”.
Advanced Security Research in the World of IoT
Gregory Neal Akers, Senior Vice President, Cisco Systems • Tuesday April 4, 9:15
As the evolution of technology accelerates toward the “Everything Connected” model, the demands placed on cyber security will be the principle concern of users when considering adoption. In this new era the logical point of protection will be the communications infrastructure that forms the connected web. As such, Cisco Systems is funding research and driving innovation in network based cyber security. The initial thrust of this effort is focused on cryptography, data analytics and privacy, platform protection and threat awareness. This discussion will focus on what Cisco is presently doing in Advanced Security Research. The current global engagements, future needs and likely methodologies.
Greg Akers is the Senior Vice President & CTO of Advanced Security Research & Government and Chief Technology Officer within the Security & Trust Organization (STO) group at Cisco. With more than two decades of executive experience, Akers brings a wide range of technical and security knowledge to his current role. A major focus of his group is to expand security awareness and launch product resiliency initiatives throughout Cisco’s development organization to deliver high-quality and secure products to customers. He also serves as executive sponsor of the Cisco Disability Awareness Network.
Akers joined Cisco in 1993. He has held a variety of technical, managerial and executive roles at Cisco. These have included networking engineer, Vice President for the Worldwide Technical Assistance Center, Senior Vice President-CTO Services and Senior Vice President-Global Governments Solutions Group. He also holds the CCIE certification.
In addition, Akers is an Internet security and critical infrastructure protection advisor to Cisco customers and to the U.S. government. He regularly advises and directs activities relative to technology and security matters of domestic and international importance. Akers has also advised the U.S. Department of Defense and the federal intelligence community for more than fifteen years.
Before joining Cisco, Akers’ career included more than 15 years of designing, building, and running large networks for Fortune 100 companies. He has held senior technical and leadership roles at Fechheimer Brothers, a holding of Berkshire Hathaway, and Procter and Gamble.
Akers holds a bachelor of science degree in chemical engineering from the University of Akron.