User: Guest  Login
Title:

Practical Evaluation of Code Injection in Encrypted Firmware Updates

Document type:
Konferenzbeitrag
Contribution type:
Vortrag / Präsentation
Author(s):
Guillen, Oscar and Schmidt, Dawin and Sigl, Georg
Abstract:
Several firmware update mechanisms in microcontrollers still make use of confidentiality-only block cipher modes, ultimately lulling the users into a false sense of security. In this work we show how easy it is to apply well known malleability attacks to successfully inject arbitrary code into an encrypted firmware image. We demonstrate this vulnerability by attacking the Advanced Encryption Standard in Cipher Block Chaining mode on an ARM-based microcontroller. The attack makes use of patterns...     »
Keywords:
Code Injection, Firmware
Dewey Decimal Classification:
620 Ingenieurwissenschaften
Book / Congress title:
Design Automation and Test in Europe, DATE 2016
Congress (additional information):
Dresden, Germany
Date of congress:
14.03.-18.03.2016
Year:
2016
Quarter:
1. Quartal
Year / month:
2016-03
Month:
Mar
Reviewed:
ja
Language:
en
WWW:
http://www.date-conference.com/
 BibTeX