Description: https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-kiamilev.pdf Recent developments such as the FBI operation Cisco Raider that resulted in the discovery of 3,500 counterfeit Cisco network components show the growing concern of U.S. government about an electronic hardware equivalent of a Trojan horse. In an electronic Trojan attack, extra circuitry is illicitly added to hardware during its manufacture. When triggered, the hardware Trojan performs an illicit action such as leaking secret information, allowing attackers clandestine access or control, or disabling or reducing functionality of the device. The growing use of programmable hardware devices (such as FPGAs) coupled with the increasing push to manufacture most electronic devices overseas means that our hardware is increasingly vulnerable to a Trojan attack from potential enemies.
This talk explores three possible methods that a hardware Trojan can use to leak secret information to the outside world: thermal, optical and radio. The hardware platform for our demonstration is a Spartan-3E Starter Kit from XILINX. The application used in our demonstration is AES encryption. The objective of our Trojan is to illicitly leak the AES encryption keys once triggered.
In the thermal Trojan demo, we use an infrared camera to show how electronic components or exposed connector pins can be used to transmit illicit information thermally. In the optical Trojan demo, we use an optical-to-audio converter to show how a power-on LED can be used to transmit illicit information using signal frequencies undetectable by human eyes. Finally, in the radio Trojan demo, we use a radio receiver to show how an external connector can be used to transmit illicit information using AM radio transmission.
We finish our talk with a demonstration of an optical Trojan that leaks the encryption keys from a popular commercial network router (e.g. Cisco-Linksys WRT54GS).
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 16 , Defcon 16 , dc-16 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.