Forensics is the art of gathering evidence, which for electronics amounts to accurately recovering data. Often, this can only be archived with state-of-the-art hacking techniques.
However, replicating state-of-the-art research in hardware security can be difficult, due to the
...
Forensics is the art of gathering evidence, which for electronics amounts to accurately recovering data. Often, this can only be archived with state-of-the-art hacking techniques.
However, replicating state-of-the-art research in hardware security can be difficult, due to the large number of components and connections. To counter this, a custom Printed Circuit Board (PCB) is presented, that aids with hardware attacks, and allows them to be executed in a reliable and reproducible way.
The PCB is targeted specifically towards hardware encrypted USB drives, and provides accessible ways to break out and interact with the target’s electrical components.
In the first part of this thesis, the design and fabrication of the platform, called LUPIn, short for Lawful Unlocking of PIN-protected USB drives, is established. The design integrates commonly-used components and functions, making it suitable for a wide range of different attacks and devices. It also incorporates robust and traceable connections to the target.
In the second part, LUPIn is verified by implementing it in a real attack. The target is a PIN-protected USB drive, which contains an IC performing key derivation. Since the debug port is not fully secured, a technique called Cold-Boot Stepping is used. This method is specifically designed to circumvent partially disabled debug ports.
To analyse the gathered data, it first must be filtered. This filtering is done using a graph-based algorithm.
In one crytographic function, an input parameter is used twice with different XOR masks. By analyzing all the filtered data, it is possible to find masked values, and use those to recover the original input value.
Concluding, a hardware tooling PCB (LUPIn) is successfully designed, assembled and tested. It proves to be a reliable platform for performing hardware attacks against encrypted USB drives. It makes development of hardware attacks simpler and less time-consuming.
In the validation of LUPIN, a real-life USB drive is successfully attacked. Thousands of RAM snapshots are collected and an algorithm is developed to filter this data. A single variable can be extracted, but it ultimately proved insufficient to fully crack the target.