This talk presents an overview of all things that can go wrong when developers attempt to implement a chain of trust also called ‘secure boot’. This talk focused at the general application in iot, pay-tv, automotive, gaming and mobile devices. On both sides of the fence secure boot is a vital mechanism to understand. Starting out from design mistakes, we look at crypto problems, logical and debug problems and move towards side channel problems such as timing attacks and fault injection. Covered challenges to implement a secure boot will be illustrated with either public examples or the presenters experiences.
Jasper (@jzvw) currently is CTO for Riscure North America, working with the SF based team to improve embedded device security.
As CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America's technical activities.
Jasper's interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master's degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security.
At Riscure, Jasper's expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America's pentesting teams and has a special interest in combining AI with security research.
Jasper's eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision and academic publications.
Jasper has spoken at many security conferences including BlackHat briefings and trainings, Intel Security Conference, RWC, RSA, EDSC, BSides SF, Shakacon, ICMC, Infiltrate, and Hardwear.io and has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, has reviewed papers for CHES and JC(rypto)EN, and has given invited talks at Stanford, NPS, GMU and the University of Amsterdam.
Specialties: embedded security, side channel analysis, fault injection, binary code analysis, security evaluations of {mobile phones, smart cards, set-top-boxes}, network penetration testing, code reviews.