free hit counter

Thursday, February 04, 2010

Software Security: cooler than once thought

So I used to think software security was a nuisance, getting in the way of what you really want to do. However, now I'm starting to see the light, and am finding it fascinating.

Companies are spending tremendous amounts of money developing and using software IP and thinking they're protected just because it's packaged in a chip and not on some windows machine hooked up to the internet. However, just because it's in silicon doesn't mean it's safe.

This is a good intro article:
Software protection introduction

Glitch attacks, as introduced in Glitch Attacks Revealed , and really explained in The Sorcerer’s Apprentice Guide to Fault Attacks” by Bar-el et al, explains why encryption done on an insecure processor without any countermeasures may be due diligence but is not protection against a determined attack.

These guys at FlyLogic talk about relatively low budget (<$5k) methods for de-capping and etching away metal layers to do things like find UV-resetable fuses, bridge burned out fuses with micro-probe wire, and read ROM bits directly. A ”backdoor” has been discovered by Flylogic Engineering in the Atmel AT88SC153 and AT88SC1608 CryptoMemory.


Interesting Company: Green Plug

Green Plug - Universal Power Adapter - DC Power Converter & Charger - One World. One Plug.

Glad to see someone is finally doing this. This problem has bugged me for years, but the challenge of finding a business model to support the solution is daunting.