Talk Title:

Memory Security Retrospective

Abstract:

Since the advent of computers, memory has been treated as a black box where data is stored and retrieved which has caused it to be treated as a commodity that is constantly optimized based on cost per bit -- both in energy and manufacturing cost.

In more recent years it's become apparent that in this race to optimize, tradeoffs have been made with regards to security and reliability and it's often a misalignment with vendors that creates a gap for vulnerabilities to surface.

We see this manifesting in rowhammer attacks, devices being cloned or unlocked, keys being extracted, and mirroring attacks to defeat try counters. This talk will review some of these gaps, outline some of the misalignments, and present some potential solutions to these industry wide problems.

Speaker Bio:

David Hulton organizes the ToorCon suite of conferences and has spent over 25 years doing security research mostly focused on reverse engineering and cracking crypto systems. He's mostly known for developing the bsd-airtools wireless attack tools in the early 2000's, developing and presenting the first practical attack on GSM A5/1 in 2008, and releasing a DES cracking service and tools to perform a full break of MSCHAPv2 authentication in 2012. From 2005-2015 David served as Co-Founder and Director of Security Applications at Pico Computing — an FPGA super computing startup. In 2015 Pico Computing was acquired by Micron Technology where shortly thereafter he started their internal hardware red team and currently serves as the team’s technical lead and Distinguished Member of Technical Staff.