For the most recent version of this paper, answers to frequently asked questions, and videos of demonstration attacks, visit

Abstract not found

PIN entry devices (PEDs) are critical security components in EMV smartcard payment systems as they receive a customer’s card and PIN. Their approval is subject to an extensive suite of evaluation and certification procedures. In this paper, we demonstrate that the tamper proofing of PEDs is unsatisfactory, as is the certification process. We have implemented practical low-cost attacks on two certified, widely-deployed PEDs – the Ingenico i3300 and the Dione Xtreme. By tapping inadequately protected smartcard communications, an attacker with basic technical skills can expose card details and PINs, leaving cardholders open to fraud. We analyze the anti-tampering mechanisms of the two PEDs and show that, while the specific protection measures mostly work as intended, critical vulnerabilities arise because of the poor integration of cryptographic, physical and procedural protection. As these vulnerabilities illustrate a systematic failure in the design process, we propose a methodology for doing it better in the future. These failures also demonstrate a serious problem with the Common Criteria. So we discuss the incentive structures of the certification process, and show how they can lead to problems of the kind we identified. Finally, we recommend changes to the Common Criteria framework in light of the lessons learned. 1

BootJacker is a proof-of-concept attack tool which demonstrates that authentication mechanisms employed by an operating system can be bypassed by obtaining physical access and simply forcing a restart. The key insight that enables this attack is that the contents of memory on some machines are fully preserved across a warm boot. Upon a reboot, BootJacker uses this residual memory state to revive the original host operating system environment and run malicious payloads. Using BootJacker, an attacker can break into a locked user session and gain access to open encrypted disks, web browser sessions or other secure network connections. Boot-Jacker’s non-persistent design makes it possible for an attacker to leave no traces on the victim machine.

A prerequisite for secure communications between two sensor nodes is that these nodes exclusively share a pairwise key. Although numerous pairwise key establishment (PKE) schemes have been proposed in recent years, most of them have no guarantee for direct key establishment, no resilience to a large number of node compromises, no resilience to dynamic network topology, or high overhead. To address these limitations, we propose a novel random perturbationbased (RPB) scheme in this paper. The scheme guarantees that any two nodes can directly establish a pairwise key without exposing any secret to other nodes. Even after a large number of nodes have been compromised, the pairwise keys shared by non-compromised nodes remain highly secure. Moreover, the scheme adapts to changes in network topology and incurs low computation and communication overhead. To the best of our knowledge, the RPB scheme is the only one that provides all these salient features without relying on public key cryptography. Through prototypebased evaluation, we show that the RPB scheme is highly efficient and practical for current generation of sensor nodes. In particular, to support a sensor network with up to 2 16 nodes, establishing a pairwise key of 80 bits between any two 8-bit, 7.37-MHz MICA2 motes only requires about 0.13 second of CPU time, 0.33 KB RAM space, and 15 KB ROM space per node.

Computing systems designed using reconfigurable hardware are now used in many sensitive applications, where security is of utmost importance. Unfortunately, a strong notion of security is not currently present in FPGA hardware and software design flows. In the following, we discuss the security implications of using reconfigurable hardware in sensitive applications, and outline problems, attacks, solutions and topics for future research. 1

Abstract. Random number generation is a fundamental security primitive for RFID devices. However, even this relatively simple requirement is beyond the capacity of today’s average RFID tag. A recently proposed solution, Fingerprint Extraction and Random Number Generation in SRAM (FERNS) [14, 15], involves the use of onboard RAM as the source of “true ” randomness. Unfortunately, practical considerations prevent this approach from reaching its full potential. First, this method must compete with other system functionalities for use of memory. Thus, the amount of uninitialized RAM available for utilization as a randomness generator may be severely restricted. Second, RAM is subject to data remanence; there is a time period after losing power during which stored data remains intact in memory. This means that after a portion of memory has been used for entropy collection once it will require a relatively extended period of time without power before it can be reused. In a usable RFID based security application, which requires multiple or long random numbers, this may lead to unacceptably high delays. In this paper, we show that data remanence negatively affects RAM based random number generation. We demonstrate the practical considerations that must be taken into account when using RAM as an entropy source. We also discuss the implementation of a true random number generator on Intel’s WISP RFID tag, which is the first such implementation to the authors ’ best knowledge. By relating this to the requirements of some popular RFID authentication protocols, we assess the (im)practicality of utilizing memory based randomness techniques on resource constrained devices.

While design security is often thought of in terms of protecting intellectual property (IP), the potential losses extend beyond just the financial. With the expansion of the use of programmable logic beyond commercial markets to avionic and military applications, design security takes on the additional aspects of safety and national security. Solutions for protecting application data during transmission and storage are well known, but much less attention has been paid to FPGA design security—that is, protecting the FPGA configuration data. This white paper describes the various threats to design security and the solutions offered by modern FPGAs. © 2010 Xilinx, Inc. XILINX, the Xilinx logo, Virtex, Spartan, ISE, and other designated brands included herein are trademarks of Xilinx in the United States and other countries.

Thinking inside the box:

I thank my advisor Professor Wayne Burleson for teaching me integrated circuits, and motivating and guiding the research. Professor Kevin Fu for introducing me to both security and RFID, and for his considerable help and enthusiasm in driving the work. Professor Israel Koren for serving on my thesis committee. Professor Adam Stubblefield of Computer Science at Johns Hopkins University and Dr. Ari Juels of RSA Labs for providing feedback on early versions of the work, and Adam for his pointers on how to generate random numbers. Intel Research and Joshua R. Smith for providing and supporting the WISP platforms. Professor Sandip Kundu for his help with understanding the costs of manufacturing integrated circuits. I thank all of my collaborators in RFID-CUSP and VLSI Circuits and Systems Group for their input, feedback, and help that made the work possible. Outside of the scope of this thesis, I thank my family, and the faculty, staff, and students of UMass Amherst, who have given me great support throughout my many years in Amherst. This material is based upon work supported by the National Science Foundation under Grant No. 0627529. iv