Fast, Furious and Insecure - CHES 2018-09-18آ  Fast, Furious and Insecure Lennert Wouters, Eduard Marin,

  • View
    0

  • Download
    0

Embed Size (px)

Text of Fast, Furious and Insecure - CHES 2018-09-18آ  Fast, Furious and Insecure Lennert Wouters, Eduard...

  • Fast, Furious and Insecure

    Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel

    Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel COSIC

    an imec research group at KU Leuven

  • 2

    The Tesla Model S key fob TI TMS37F128

    MSP430

    (MCU)

    TMS37126

    (transponder)

    X-ray picture

    No firmware readout

    protection

    SPI

    COSIC

    an imec research group at

  • • 40-bit key DST40 cipher [1]

    • 40-bit challenge and 24-bit response

    3

    Findings

    [1] Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Aviel D. Rubin and Michael Szydlo

    In Proceedings of the USENIX Security Symposium (2005), vol. 31, pp. 1–16.

    COSIC

    an imec research group at

  • • 40-bit key DST40 cipher [1]

    • 40-bit challenge and 24-bit response

    • No mutual authentication

    3

    Findings

    [1] Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Aviel D. Rubin and Michael Szydlo

    In Proceedings of the USENIX Security Symposium (2005), vol. 31, pp. 1–16.

    COSIC

    an imec research group at

  • • 40-bit key DST40 cipher [1]

    • 40-bit challenge and 24-bit response

    • No mutual authentication

    • Time-Memory Trade-Off Table

    • Key recovery in ~2s on a Raspberry Pi

    3

    Findings

    [1] Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Aviel D. Rubin and Michael Szydlo

    In Proceedings of the USENIX Security Symposium (2005), vol. 31, pp. 1–16.

    COSIC

    an imec research group at

  • 4

    Proof of Concept attack

    COSIC

    an imec research group at

  • 5

    COSIC

    an imec research group at

  • 5

    COSIC

    an imec research group at

  • 5

    COSIC

    an imec research group at

  • • First notified Tesla on 31/08/2017

    6

    Responsible disclosure

    COSIC

    an imec research group at

  • • First notified Tesla on 31/08/2017

    • Tesla vehicles produced from June onwards use a new key fob

    6

    Responsible disclosure

    COSIC

    an imec research group at

  • • First notified Tesla on 31/08/2017

    • Tesla vehicles produced from June onwards use a new key fob

    • OTA update includes a Pin to Drive feature and the ability to disable PKE

    6

    Responsible disclosure

    COSIC

    an imec research group at

  • • First notified Tesla on 31/08/2017

    • Tesla vehicles produced from June onwards use a new key fob

    • OTA update includes a Pin to Drive feature and the ability to disable PKE

    6

    Responsible disclosure

    COSIC

    an imec research group at

  • 7

    More information

    • esat.kuleuven.be/cosic/cosic-cryptography-blog/

    • Poster sessions

    • @CosicBe or @LennertWo

    • WIRED article

    • Live demo?!

    COSIC

    an imec research group at

  • COSIC \n an imec research group at KU Leuven8