Benutzer: Gast  Login
Titel:

Practical Evaluation of Code Injection in Encrypted Firmware Updates

Dokumenttyp:
Konferenzbeitrag
Art des Konferenzbeitrags:
Vortrag / Präsentation
Autor(en):
Guillen, Oscar and Schmidt, Dawin and Sigl, Georg
Abstract:
Several firmware update mechanisms in microcontrollers still make use of confidentiality-only block cipher modes, ultimately lulling the users into a false sense of security. In this work we show how easy it is to apply well known malleability attacks to successfully inject arbitrary code into an encrypted firmware image. We demonstrate this vulnerability by attacking the Advanced Encryption Standard in Cipher Block Chaining mode on an ARM-based microcontroller. The attack makes use of patterns...     »
Stichworte:
Code Injection, Firmware
Dewey-Dezimalklassifikation:
620 Ingenieurwissenschaften
Kongress- / Buchtitel:
Design Automation and Test in Europe, DATE 2016
Kongress / Zusatzinformationen:
Dresden, Germany
Datum der Konferenz:
14.03.-18.03.2016
Jahr:
2016
Quartal:
1. Quartal
Jahr / Monat:
2016-03
Monat:
Mar
Reviewed:
ja
Sprache:
en
WWW:
http://www.date-conference.com/
 BibTeX