Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
Embedded System Security
Transcript of Embedded System Security
was PIN entered
did PIN verification fail
... Terminal Verification Results (TVR) guy in the middle needs to tell the card that PIN is not required tell the terminal that PIN was entered correctly card authentication card to fake terminal: messages relayed without modification crimial enters 1234 cardholder verification terminal to fake terminal: 1234 entered fake terminal to terminal: PIN correct? YES!! cardholder verification transaction authorization card to fake terminal: message relayed without modification online transaction authorization bank to terminal: transaction authorized Bibliography http://ids.cs.columbia.edu/sites/default/files/ndss-2013.pdf http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html http://www.cl.cam.ac.uk/~rja14/Papers/unattack.pdf Questions? http://www.techrepublic.com/blog/security/chip-and-pin-the-technology-is-no-longer-secure/3153 http://redtape.nbcnews.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say?lite bricking a printer is pretty easy... unbricking a printer is also easy... idea: extract boot code general computing printing job flash chip (NDA) A case study of printer malware and chip card printer malware chip card today's topics.... problem statement
under the hood
effective solution "new system" (10 yrs)
"solution" problem statement... firmware update feature can be exploited to allow attackers to inject malicious firmware modifications into vulnerable embedded devices... can you really remove the malware...? General
Computering SOLUTIONS... Real Embedded Defense defense should be well-known
no more obscure secret-sauce security
defense should be decoupled from OS
OS fortification is good but should not replace independent security software problem statement
under the hood
effective solution printer malware "new system" (10 yrs)
"solution" Chip Card