NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
-
Upload
nosuchcon -
Category
Technology
-
view
125 -
download
0
Transcript of NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
![Page 1: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/1.jpg)
Forging the USB armory
Andrea Barisani<[email protected]>
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 2: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/2.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
2007: Unusual Car Navigation TricksInjecting RDS-TMC Traffic Information Signals
2009: Sniff Keystrokes With Lasers/VoltmetersSide Channel Attacks Using Optical Sampling OfMechanical Energy And Power Line Leakage
2011: Chip & PIN is definitely brokenCredit card skimming and PIN harvesting in an EMV world
2013: Fully arbitrary 802.3 packet injectionMaximizing the Ethernet attack surface
![Page 3: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/3.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 4: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/4.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
Designed for personal security applications mass storage device with advanced features such as automatic
encryption, virus scanning, host authentication and data self-destruct
OpenSSH client and agent for untrusted hosts (kiosk) router for end-to-end VPN tunneling, Tor password manager with integrated web server electronic wallet (e.g. pocket Bitcoin wallet) authentication token portable penetration testing platform low level USB security testing
![Page 5: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/5.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
enhanced mass storage
![Page 6: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/6.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
enhanced mass storage
![Page 7: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/7.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
enhanced mass storage
![Page 8: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/8.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
SSH proxy
![Page 9: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/9.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
password manager
*trivial example, better options planned
![Page 10: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/10.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
authentication token
![Page 11: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/11.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
USB device authenticates host
![Page 12: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/12.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
Design goals
Compact USB powered deviceFast CPU and generous RAMSecure bootStandard connectivity over USBFamiliar developing/execution environmentOpen design
![Page 13: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/13.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
Selecting the System on Chip (SoC)
Freescale i.MX53
ARM® Cortex™-A8 800-1200 Mhz almost all datasheets/manuals are public (no NDA required) Freescale datasheets are “ok” (far better than other vendors) ARM® TrustZone®, secure boot + storage + RAM detailed power consumption guide available excellent native support (Android, Debian, Ubuntu, FreeBSD) good stock and production support guarantee
![Page 14: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/14.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 15: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/15.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
ARM® TrustZone®
http://genode.org/documentation/articles/trustzone
![Page 16: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/16.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
ARM® TrustZone®
http://genode.org/documentation/articles/trustzone
![Page 17: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/17.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
Development timeline2014/01: first concept idea (based on AT91RM9200)2014/03: schematics development begins2014/04: PCB layout for breakout/prototyping board2014/08: order for alpha board manufacturing2014/09: USB armory alpha board arrives2014/10: project announcement2014/10: order for 7 optimized revisions against alpha design2014/11: beta revisions arrive and are evaluated
future planning2014/11: design finalization and first batch production2014/12: shipping
![Page 18: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/18.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
http://inversepath.com/usbarmory
![Page 19: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/19.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
USB armory - Open source flash-drive-sized computer Freescale i.MX53 ARM® Cortex™-A8 800Mhz, 512MB DDR3
RAM USB host powered (<500 mA) device with compact form factor
(65 x 19 x 6 mm) ARM® TrustZone®, secure boot + storage + RAM microSD card slot 5-pin breakout header with GPIOs and UART customizable LED, including secure mode detection excellent native support (Android, Debian, Ubuntu, FreeBSD) USB device emulation (CDC Ethernet, mass storage, HID, etc.) Open Hardware & Software
![Page 20: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/20.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 21: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/21.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 22: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/22.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 23: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/23.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 24: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/24.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 25: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/25.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 26: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/26.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 27: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/27.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 28: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/28.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 29: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/29.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 30: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/30.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 31: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/31.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 32: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/32.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
*we actually measure consumption with better equipment ^_^
*
![Page 33: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/33.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 34: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/34.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 35: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/35.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 36: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/36.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
lessons learned #1tiny inductors are fragile
![Page 37: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/37.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
lessons learned #2 (the five-second rule)gold plating traces cause under-voltage on hot swap
![Page 38: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/38.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
![Page 39: NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory](https://reader030.fdocuments.in/reader030/viewer/2022032502/55badd1ebb61ebf4148b475a/html5/thumbnails/39.jpg)
Forging the USB armory Copyright 2014 Inverse Path S.r.l.
Thank you!
Q & A
Andrea Barisani<[email protected]>