User: Guest  Login
Document type:
Konferenzbeitrag 
Contribution type:
Vortrag / Präsentation 
Author(s):
Guillen, Oscar and Schmidt, Dawin and Sigl, Georg 
Title:
Practical Evaluation of Code Injection in Encrypted Firmware Updates 
Abstract:
Several firmware update mechanisms in microcontrollers still make use of confidentiality-only block cipher modes, ultimately lulling the users into a false sense of security. In this work we show how easy it is to apply well known malleability attacks to successfully inject arbitrary code into an encrypted firmware image. We demonstrate this vulnerability by attacking the Advanced Encryption Standard in Cipher Block Chaining mode on an ARM-based microcontroller. The attack makes use of patterns...    »
 
Keywords:
Code Injection, Firmware 
Dewey Decimal Classification:
620 Ingenieurwissenschaften 
Book / Congress title:
Design Automation and Test in Europe, DATE 2016 
Congress (additional information):
Dresden, Germany 
Date of congress:
14.03.-18.03.2016 
Year:
2016 
Quarter:
1. Quartal 
Year / month:
2016-03 
Month:
Mar 
Reviewed:
ja 
Language:
en