Rv
R.R. van Wijk
info
Please Note
<p>This page displays the records of the person named above and is not linked to a unique person identifier. This record may need to be merged to a profile.</p>
2 records found
1
Design and Verification of LUPIn
A Platform for Hardware Attacks on Encrypted USB Drives
Forensics is the art of gathering evidence, which for electronics amounts to accurately recovering data. Often, this can only be archived with state-of-the-art hacking techniques.
However, replicating state-of-the-art research in hardware security can be difficult, due to the large number of components and connections. To counter this, a custom Printed Circuit Board (PCB) is presented, that aids with hardware attacks, and allows them to be executed in a reliable and reproducible way.
The PCB is targeted specifically towards hardware encrypted USB drives, and provides accessible ways to break out and interact with the target’s electrical components.
In the first part of this thesis, the design and fabrication of the platform, called LUPIn, short for Lawful Unlocking of PIN-protected USB drives, is established. The design integrates commonly-used components and functions, making it suitable for a wide range of different attacks and devices. It also incorporates robust and traceable connections to the target.
In the second part, LUPIn is verified by implementing it in a real attack. The target is a PIN-protected USB drive, which contains an IC performing key derivation. Since the debug port is not fully secured, a technique called Cold-Boot Stepping is used. This method is specifically designed to circumvent partially disabled debug ports.
To analyse the gathered data, it first must be filtered. This filtering is done using a graph-based algorithm.
In one crytographic function, an input parameter is used twice with different XOR masks. By analyzing all the filtered data, it is possible to find masked values, and use those to recover the original input value.
Concluding, a hardware tooling PCB (LUPIn) is successfully designed, assembled and tested. It proves to be a reliable platform for performing hardware attacks against encrypted USB drives. It makes development of hardware attacks simpler and less time-consuming.
In the validation of LUPIN, a real-life USB drive is successfully attacked. Thousands of RAM snapshots are collected and an algorithm is developed to filter this data. A single variable can be extracted, but it ultimately proved insufficient to fully crack the target.
...
However, replicating state-of-the-art research in hardware security can be difficult, due to the large number of components and connections. To counter this, a custom Printed Circuit Board (PCB) is presented, that aids with hardware attacks, and allows them to be executed in a reliable and reproducible way.
The PCB is targeted specifically towards hardware encrypted USB drives, and provides accessible ways to break out and interact with the target’s electrical components.
In the first part of this thesis, the design and fabrication of the platform, called LUPIn, short for Lawful Unlocking of PIN-protected USB drives, is established. The design integrates commonly-used components and functions, making it suitable for a wide range of different attacks and devices. It also incorporates robust and traceable connections to the target.
In the second part, LUPIn is verified by implementing it in a real attack. The target is a PIN-protected USB drive, which contains an IC performing key derivation. Since the debug port is not fully secured, a technique called Cold-Boot Stepping is used. This method is specifically designed to circumvent partially disabled debug ports.
To analyse the gathered data, it first must be filtered. This filtering is done using a graph-based algorithm.
In one crytographic function, an input parameter is used twice with different XOR masks. By analyzing all the filtered data, it is possible to find masked values, and use those to recover the original input value.
Concluding, a hardware tooling PCB (LUPIn) is successfully designed, assembled and tested. It proves to be a reliable platform for performing hardware attacks against encrypted USB drives. It makes development of hardware attacks simpler and less time-consuming.
In the validation of LUPIN, a real-life USB drive is successfully attacked. Thousands of RAM snapshots are collected and an algorithm is developed to filter this data. A single variable can be extracted, but it ultimately proved insufficient to fully crack the target.
...
Forensics is the art of gathering evidence, which for electronics amounts to accurately recovering data. Often, this can only be archived with state-of-the-art hacking techniques.
However, replicating state-of-the-art research in hardware security can be difficult, due to the large number of components and connections. To counter this, a custom Printed Circuit Board (PCB) is presented, that aids with hardware attacks, and allows them to be executed in a reliable and reproducible way.
The PCB is targeted specifically towards hardware encrypted USB drives, and provides accessible ways to break out and interact with the target’s electrical components.
In the first part of this thesis, the design and fabrication of the platform, called LUPIn, short for Lawful Unlocking of PIN-protected USB drives, is established. The design integrates commonly-used components and functions, making it suitable for a wide range of different attacks and devices. It also incorporates robust and traceable connections to the target.
In the second part, LUPIn is verified by implementing it in a real attack. The target is a PIN-protected USB drive, which contains an IC performing key derivation. Since the debug port is not fully secured, a technique called Cold-Boot Stepping is used. This method is specifically designed to circumvent partially disabled debug ports.
To analyse the gathered data, it first must be filtered. This filtering is done using a graph-based algorithm.
In one crytographic function, an input parameter is used twice with different XOR masks. By analyzing all the filtered data, it is possible to find masked values, and use those to recover the original input value.
Concluding, a hardware tooling PCB (LUPIn) is successfully designed, assembled and tested. It proves to be a reliable platform for performing hardware attacks against encrypted USB drives. It makes development of hardware attacks simpler and less time-consuming.
In the validation of LUPIN, a real-life USB drive is successfully attacked. Thousands of RAM snapshots are collected and an algorithm is developed to filter this data. A single variable can be extracted, but it ultimately proved insufficient to fully crack the target.
However, replicating state-of-the-art research in hardware security can be difficult, due to the large number of components and connections. To counter this, a custom Printed Circuit Board (PCB) is presented, that aids with hardware attacks, and allows them to be executed in a reliable and reproducible way.
The PCB is targeted specifically towards hardware encrypted USB drives, and provides accessible ways to break out and interact with the target’s electrical components.
In the first part of this thesis, the design and fabrication of the platform, called LUPIn, short for Lawful Unlocking of PIN-protected USB drives, is established. The design integrates commonly-used components and functions, making it suitable for a wide range of different attacks and devices. It also incorporates robust and traceable connections to the target.
In the second part, LUPIn is verified by implementing it in a real attack. The target is a PIN-protected USB drive, which contains an IC performing key derivation. Since the debug port is not fully secured, a technique called Cold-Boot Stepping is used. This method is specifically designed to circumvent partially disabled debug ports.
To analyse the gathered data, it first must be filtered. This filtering is done using a graph-based algorithm.
In one crytographic function, an input parameter is used twice with different XOR masks. By analyzing all the filtered data, it is possible to find masked values, and use those to recover the original input value.
Concluding, a hardware tooling PCB (LUPIn) is successfully designed, assembled and tested. It proves to be a reliable platform for performing hardware attacks against encrypted USB drives. It makes development of hardware attacks simpler and less time-consuming.
In the validation of LUPIN, a real-life USB drive is successfully attacked. Thousands of RAM snapshots are collected and an algorithm is developed to filter this data. A single variable can be extracted, but it ultimately proved insufficient to fully crack the target.
Bachelor thesis
(2019)
-
Coen Straathof, Rijk van Wijk, Henk van Zeijl, Brahim el Mansouri, Anton Montagne, Nuria Llombart Juan, Pascal Aubry
The objective of the project is to design a system which can control the temperature of a va-porizing liquid microthruster (VLM). The liquid in a VLM is heated using a heater resistor.This resistor will be used to both heat the liquid and measure the temperature.In this thesis the subsystem responsible for the measurements and the conversion of the mea-sured signals to the digital domain will be discussed. We propose a method where short measure-ment current pulses of a fixed amplitude are applied to the heater resistor. As an optimization,these pulses are omitted when a certain current threshold has been met.Results show that the system can measure temperature with±1◦C accuracy, however more fullsystem measurements are required to ensure functionality as a whole.
...
The objective of the project is to design a system which can control the temperature of a va-porizing liquid microthruster (VLM). The liquid in a VLM is heated using a heater resistor.This resistor will be used to both heat the liquid and measure the temperature.In this thesis the subsystem responsible for the measurements and the conversion of the mea-sured signals to the digital domain will be discussed. We propose a method where short measure-ment current pulses of a fixed amplitude are applied to the heater resistor. As an optimization,these pulses are omitted when a certain current threshold has been met.Results show that the system can measure temperature with±1◦C accuracy, however more fullsystem measurements are required to ensure functionality as a whole.