Milosch Meriac

miloschSpeaker Name: Milosch Meriac

Title:- Tower defense for hackers: Layered (in-)security for microcontrollers

Abstract

Although security is quite well-understood on higher-end embedded systems like routers and mobile phones, microcontroller security is still stuck in the dark ages of computing. The security of most contemporary connected microcontroller-based devices is on par with the security models of early networked MS-DOS systems from the 80’s. This talk presents an overview of microcontroller system security and the peculiarities of microcontroller targets to show how these can be exploited. Happy hunting!

Takeaway:

  • circuit-board-level security

          o   black-box analysis of running microcontrollers         

          o   useful attacks

  • microcontroller architectures and their security implication
  • random number insecurities on microcontrollers
  • shooting yourself into the foot: internal flash as dynamic storage
  • choosing cryptography for constrained devices

About the Speaker

Milosch is involved in hardware, embedded software and security-projects around the Internet of Things. He enjoys designing secure ultra low power wireless sensors with privacy-enabled protocols and services. He is currently working on advanced IoT security solutions to allow detection and remote recovery from attacks or malware infection on embedded devices. His core security project is a secure hypervisor that enforces hardware security boundaries between embedded software components using the ARMv7M memory protection unit on contemporary ARM Cortex M3/M4 micro controllers.
 
Milosch broke HID’s iCLASS RFID reader & card security (http://www.openpcd.org/HID_iClass_demystified) and has co-founded open hardware projects like OpenBeacon.org, OpenPCD.org and designed the first open RFID reader hardware design to enable sophisticated research on human interaction and the spread of diseases as part of SocioPatterns.org. His open hardware OpenPCD RFID reader/sniffer designs targeting security researcher were used to break MIFARE Classic security.