Muutke küpsiste eelistusi

E-raamat: Hardware Hacking Handbook

4.56/5 (49 hinnangut Goodreads-ist)
,
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 21-Dec-2021
  • Kirjastus: No Starch Press,US
  • Keel: eng
  • ISBN-13: 9781593278755
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 36,04 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Hardware Hacking HandbookSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 21-Dec-2021
  • Kirjastus: No Starch Press,US
  • Keel: eng
  • ISBN-13: 9781593278755
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Hardware attacks on embedded systems explained by notable experts Jasper van Woudenberg and Colin O'Flynn. The authors explore the embedded system threat model, hardware interfaces, various side channel and fault injection attacks (such as timing attacks, simple power analysis, and differential power analysis), as well as voltage and clock glitching.

The Hardware Hacking Handbook is a deep dive into hardware attacks on embedded systems, perfect for anyone interested in designing, analyzing, and attacking devices. You'll start with a crash course in embedded systems and threats to them, as well as hardware interfaces and how to set up a test lab, all while learning invaluable theoretical background. Real-life examples and hands-on labs throughout allow you to explore hardware interfaces and complete various side channel or fault attacks on real devices. You'll learn fault injection attacks and methods like voltage glitching, clock glitching, and optical and electromagnetic fault injection, side channel power analysis, and differential fault analysis.

Arvustused

"I really wished such a book existed when I started with researching hardware hacking a few years ago. It introduces all the relevant background thats needed for hardware hacking along with references to further reading (the references are really nice to have for more intermediate readers). It also provides many practical examples that helps you see why the concepts are important and how they are applied." Yifan Lu, Security Researcher

"One of the most complete introductions to hardware hacking Ive seen . . . provide[ s] you something you wouldn't learn elsewhere." Arya Voronova, Hackaday

Muu info

Hardware attacks on embedded systems explained by notable experts Jasper van Woudenberg and Colin O'Flynn. The authors explore the embedded system threat model, hardware interfaces, various side channel and fault injection attacks (such as timing attacks, simple power analysis, and differential power analysis), as well as voltage and clock glitching.
Foreword xix
Acknowledgments xxi
Introduction xxiii
What Embedded Devices Look Like xxiv
Ways of Hacking Embedded Devices xxv
What Does Hardware Attack Mean? xxv
Who Should Read This Book? xxvi
About This Book xxvii
1 Dental Hygiene: Introduction To Embedded Security
1(34)
Hardware Components
2(2)
Software Components
4(1)
Initial Boot Code
5(1)
Bootloader
5(1)
Trusted Execution Environment OS and Trusted Applications
6(1)
Firmware Images
7(1)
Main Operating System Kernel and Applications
7(1)
Hardware Threat Modeling
7(1)
What Is Security?
7(3)
The Attack Tree
10(1)
Profiling the Attackers
10(2)
Types of Attacks
12(1)
Software Attacks on Hardware
12(3)
PCB-Level Attacks
15(1)
Logical Attacks
16(2)
Noninvasive Attacks
18(1)
Chip-Invasive Attacks
18(4)
Assets and Security Objectives
22(1)
Confidentiality and Integrity of Binary Code
23(1)
Confidentiality and Integrity of Keys
23(1)
Remote Boot Attestation
24(1)
Confidentiality and Integrity of Personally Identifiable Information
24(1)
Sensor Data Integrity and Confidentiality
25(1)
Content Confidentiality Protection
25(1)
Safety and Resilience
25(1)
Countermeasures
26(1)
Protect
26(1)
Detect
26(1)
Respond
27(1)
An Attack Tree Example
27(3)
Identification vs. Exploitation
30(1)
Scalability
30(1)
Analyzing the Attack Tree
30(1)
Scoring Hardware Attack Paths
31(2)
Disclosing Security Issues
33(1)
Summary
34(1)
2 Reaching Out, Touching Me, Touching You: Hardware Peripheral Interfaces
35(36)
Electricity Basics
36(1)
Voltage
36(1)
Current
36(1)
Resistance
37(1)
Ohm's Law
37(1)
AC/DC
37(1)
Picking Apart Resistance
37(1)
Power
38(1)
Interface with Electricity
39(1)
Logic Levels
39(2)
High Impedance, Pullups, and Pulldowns
41(1)
Push-Pull vs. Tristate vs. Open Collector or Open Drain
42(1)
Asynchronous vs. Synchronous vs. Embedded Clock
43(2)
Differential Signaling
45(1)
Low-Speed Serial Interfaces
46(1)
Universal Asynchronous Receiver/Transmitter Serial
46(2)
Serial Peripheral Interface
48(2)
Inter-IC Interface
50(3)
Secure Digital Input/Output and Embedded Multimedia Cards
53(2)
CAN Bus
55(1)
JTAG and Other Debugging Interfaces
56(3)
Parallel Interfaces
59(1)
Memory Interfaces
60(1)
High-Speed Serial Interfaces
61(1)
Universal Serial Bus
62(1)
PCI Express
63(1)
Ethernet
63(1)
Measurement
64(1)
Multimeter: Volt
64(1)
Multimeter: Continuity
65(1)
Digital Oscilloscope
65(4)
Logic Analyzer
69(1)
Summary
70(1)
3 Casing The Joint: Identifying Components And Gathering Information
71(48)
Information Gathering
72(1)
Federal Communications Commission Filings
72(3)
Patents
75(2)
Datasheets and Schematics
77(2)
Information Search Example: The USB Armory Device
79(7)
Opening the Case
86(1)
Identifying ICs on the Board
86(2)
Small Leaded Packages: SOIC, SOP, and QFP
88(3)
No-Lead Packages: SO and QFN
91(1)
Ball Grid Array
91(3)
Chip Scale Packaging
94(1)
DIP, Through-Hole, and Others
95(1)
Sample IC Packages on PCBs
95(3)
Identifying Other Components on the Board
98(4)
Mapping the PCB
102(4)
Using the JTAG Boundary Scan for Mapping
106(3)
Information Extraction from the Firmware
109(1)
Obtaining the Firmware Image
109(2)
Analyzing the Firmware Image
111(7)
Summary
118(1)
4 Bull In A Porcelain Shop: Introducing Fault Injection
119(28)
Faulting Security Mechanisms
120(1)
Circumventing Firmware Signature Verification
121(1)
Gaining Access to Locked Functionality
121(1)
Recovering Cryptographic Keys
121(1)
An Exercise in OpenSSH Fault Injection
122(1)
Injecting Faults into C Code
122(1)
Injecting Faults into Machine Code
123(2)
Fault Injection Bull
125(1)
Target Device and Fault Goal
126(1)
Fault Injector Tools
126(1)
Target Preparation and Control
127(4)
Fault Searching Methods
131(1)
Discovering Fault Primitives
132(3)
Searching for Effective Faults
135(7)
Search Strategies
142(2)
Analyzing Results
144(2)
Summary
146(1)
5 Don't Lick The Probe: How To Inject Faults
147(42)
Clock Fault Injection
148(3)
Metastability
151(3)
Fault Sensitivity Analysis
154(1)
Limitations
154(1)
Required Hardware
155(2)
Clock Fault Injection Parameters
157(1)
Voltage Fault Injection
158(1)
Generating Voltage Glitches
158(1)
Building a Switching-Based Injector
159(4)
Crowbar Injected Faults
163(1)
Raspberry Pi Fault Attack with a Crowbar
164(7)
Voltage Fault Injection Search Parameters
171(1)
Electromagnetic Fault Injection
171(2)
Generating Electromagnetic Faults
173(2)
Architectures for Electromagnetic Fault Injection
175(1)
EMFI Pulse Shapes and Widths
176(1)
Search Parameters for Electromagnetic Fault Injection
177(1)
Optical Fault Injection
178(1)
Chip Preparation
178(2)
Front-Side and Back-Side Attacks
180(1)
Light Sources
181(2)
Optical Fault Injection Setup
183(1)
Optical Fault Injection Configurable Parameters
183(1)
Body Biasing Injection
184(2)
Parameters for Body Biasing Injection
186(1)
Triggering Hardware Faults
186(1)
Working with Unpredictable Target Timing
187(1)
Summary
188(1)
6 Bench Time: Fault Injection Lab
189(34)
Act 1 A Simple Loop
190(1)
A BBQ Lighter of Pain
191(3)
Act 2 Inserting Useful Glitches
194(1)
Crowbar Glitching to Fault a Configuration Word
195(15)
Mux Fault Injection
210(5)
Act 3 Differential Fault Analysis
215(1)
A Bit of RSA Math
215(3)
Getting a Correct Signature from the Target
218(4)
Summary
222(1)
7 X Marks The Spot: Trezor One Wallet Memory Dump
223(22)
Attack Introduction
224(1)
Trezor One Wallet Internals
224(2)
USB Read Request Faulting
226(2)
Disassembling Code
228(1)
Building Firmware and Validating the Glitch
229(4)
USB Triggering and Timing
233(3)
Glitching Through the Case
236(1)
Setting Up
236(1)
Reviewing the Code for Fault Injection
237(3)
Running the Code
240(1)
Confirming a Dump
241(1)
Fine-Tuning the EM Pulse
242(1)
Tuning Timing Based on USB Messages
242(1)
Summary
243(2)
8 I've Got the Power: Introduction to Power Analysis
245(20)
Timing Attacks
246(3)
Hard Drive Timing Attack
249(3)
Power Measurements for Timing Attacks
252(1)
Simple Power Analysis
253(1)
Applying SPA to RSA
254(2)
Applying SPA to RSA, Redux
256(2)
SPA on ECDSA
258(6)
Summary
264(1)
9 Bench Time: Simple Power Analysis
265(28)
The Home Lab
266(1)
Building a Basic Hardware Setup
266(3)
Buying a Setup
269(2)
Preparing the Target Code
271(1)
Building the Setup
272(3)
Pulling It Together: An SPA Attack
275(1)
Preparing the Target
275(2)
Preparing the Oscilloscope
277(1)
Analysis of the Signal
278(1)
Scripting the Communication and Analysis
279(3)
Scripting the Attack
282(2)
ChipWhisperer-Nano Example
284(1)
Building and Loading Firmware
284(1)
A First Glance at the Communication
285(1)
Capturing a Trace
285(2)
From Trace to Attack
287(4)
Summary
291(2)
10 Splitting the Difference: Differential Power Analysis
293(30)
Inside the Microcontroller
294(1)
Changing the Voltage on a Capacitor
295(2)
From Power to Data and Back
297(2)
Sexy XORy Example
299(1)
Differential Power Analysis Attack
300(1)
Predicting Power Consumption Using a Leakage Assumption
301(4)
A DPA Attack in Python
305(3)
Know Thy Enemy: An Advanced Encryption Standard Crash Course
308(2)
Attacking AES-128 Using DPA
310(1)
Correlation Power Analysis Attack
311(1)
Correlation Coefficient
312(4)
Attacking AES-128 Using CPA
316(5)
Communicating with a Target Device
321(1)
Oscilloscope Capture Speed
321(1)
Summary
322(1)
11 Gettin' Nerdy With It: Advanced Power Analysis
323(38)
The Main Obstacles
324(1)
More Powerful Attacks
325(1)
Measuring Success
326(1)
Success Rate-Based Metrics
327(1)
Entropy-Based Metrics
328(1)
Correlation Peak Progression
329(1)
Correlation Peak Height
330(1)
Measurements on Real Devices
331(1)
Device Operation
331(3)
The Measurement Probe
334(3)
Determining Sensitive Nets
337(1)
Automated Probe Scanning
338(1)
Oscilloscope Setup
339(3)
Trace Set Analysis and Processing
342(1)
Analysis Techniques
342(10)
Processing Techniques
352(3)
Deep Learning Using Convolutional Neural Networks
355(3)
Summary
358(3)
12 Bench Time: Differential Power Analysis
361(26)
Bootloader Background
362(1)
Bootloader Communications Protocol
362(1)
Details of AES-256 CBC
363(1)
Attacking AES-256
364(1)
Obtaining and Building the Bootloader Code
365(1)
Running the Target and Capturing Traces
366(1)
Calculating the CRC
366(1)
Communicating with the Bootloader
367(1)
Capturing Overview Traces
367(2)
Capturing Detailed Traces
369(1)
Analysis
369(1)
Round 14 Key
370(1)
Round 13 Key
371(3)
Recovering the IV
374(1)
What to Capture
374(1)
Getting the First Trace
375(1)
Getting the Rest of the Traces
376(1)
Analysis
377(3)
Attacking the Signature
380(1)
Attack Theory
380(1)
Power Traces
381(1)
Analysis
381(1)
All Four Bytes
382(1)
Peeping at the Bootloader Source Code
383(1)
Timing of Signature Check
384(2)
Summary
386(1)
13 No Kiddin': Real-Life Examples
387(14)
Fault Injection Attacks
387(1)
PlayStation 3 Hypervisor
388(3)
Xbox360
391(2)
Power Analysis Attacks
393(1)
Philips Hue Attack
393(5)
Summary
398(3)
14 Think Of The Children: Countermeasures, Certifications, and Goodbytes
401(24)
Countermeasures
402(1)
Implementing Countermeasures
402(15)
Verifying Countermeasures
417(3)
Industry Certifications
420(3)
Getting Better
423(1)
Summary
423(2)
A MAXING OUT YOUR CREDIT CARD: SETTING UP A TEST LAB
425(42)
Checking Connectivity and Voltages: $50 to $500
426(1)
Fine-Pitch Soldering: $50 to $1,500
427(2)
Desoldering Through-Hole: $30 to $500
429(2)
Soldering and Desoldering Surface Mount Devices: $100 to $500
431(3)
Modifying PCBs: $5 to $700
434(1)
Optical Microscopes: $200 to $2,000
435(1)
Photographing Boards: $50 to $2,000
436(1)
Powering Targets: $10 to $1,000
437(1)
Viewing Analog Waveforms (Oscilloscopes): $300 to $25,000
437(2)
Memory Depth
439(1)
Sample Rate
439(2)
Bandwidth
441(2)
Other Features
443(1)
Viewing Logic Waveforms: $300 to $8,000
443(2)
Triggering on Serial Buses: $300 to $8,000
445(1)
Decoding Serial Protocols: $50 to $8,000
445(2)
CAN Bus Sniffing and Triggering: $50 to $5,000
447(1)
Ethernet Sniffing: $50
447(1)
Interacting Through JTAG: $20 to $10,000
447(1)
General JTAG and Boundary Scan
447(1)
JTAG Debug
448(1)
PCIe Communication: $100 to $1,000
449(1)
USB Sniffing: $100 to $6,000
450(1)
USB Triggering: $250 to $6,000
451(1)
USB Emulation: $100
452(1)
SPI Flash Connections: $25 to $1,000
452(1)
Power Analysis Measurements: $300 to $50,000
453(3)
Triggering on Analog Waveforms: $3,800+
456(1)
Measuring Magnetic Fields: $25 to $10,000
457(2)
Clock Fault Injection: $100 to $30,000
459(1)
Voltage Fault Injection: $25 to $30,000
460(1)
Electromagnetic Fault Injection: $100 to $50,000
461(1)
Optical Fault Injection: $1,000 to $250,000
461(1)
Positioning Probes: $100 to $50,000
462(1)
Target Devices: $10 to $10,000
463(4)
B ALL YOUR BASE ARE BELONG TO US: POPULAR PINOUTS
467(4)
SPI Flash Pinout
467(1)
0.1-Inch Headers
468(1)
20-Pin Arm JTAG
468(1)
14-Pin PowerPC JTAG
469(1)
0.05-Inch Headers
469(1)
Arm Cortex JTAG/SWD
469(1)
Ember Packet Trace Port Connector
470(1)
Index 471
Jasper van Woudenberg is the CTO of Riscure North America. He has been involved in embedded device security on a broad range of topics, including finding and helping fix bugs in code that runs on hundreds of millions of devices, using symbolic execution to extract keys from faulted cryptosystems, and using speech recognition algorithms for side channel trace processing. Jasper is a father of two and husband of one and lives in California, where he likes to bike mountains and board snow. He has a cat that tolerates him but is too cool for Twitter.

Colin O'Flynn runs NewAE Technology Inc., a startup designing tools and equipment to teach engineers about embedded security. He started the open-source ChipWhisperer project as part of his PhD, and was previously an assistant professor with Dalhousie University teaching embedded systems and security. He lives in Halifax, Canada, and you can find his dogs featured in many of the products developed with NewAE.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97815932787556e.html
Märksõnad: