*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Tara La Bouff, tara.labouff@iisp.gatech.edu, 404.769.5408
Summary Sentence: Patrick Schaumont from Virginia Tech delivers a guest lecture titled "Fault Injection as an Attack Vector Against Trustworthy Embedded Systems."
Full Summary: No summary paragraph submitted.
Cybersecurity Lecture Series
Jackson National Life Insurance CompanyThe weekly Cybersecurity Lecture Series is a free, open-to-the-public lecture from a thought leader who is advancing the field of information security and privacy. Invited speakers include executives and researchers from private companies, government agencies, start-up incubators as well as Georgia Tech faculty and students presenting their research.
Held weekly each Friday at Noon through Dec. 2, lectures are open to all -- students, faculty, industry, government, or simply the curious. Students may register for credit under seminar course CS-8001-INF.
Complimentary lunch provided for registered guests. Please bring your own beverage.
Sign up to receive future lecture announcements.
ABSTRACT | In the Internet of Things, the cyber-world will use a huge number of small embedded computing elements to control and sense the real world. The integrity and trustworthiness of these embedded systems is crucial; their manipulation has direct consequences to the safety of the applications they support.
In this presentation we discuss the threat vector of implementation attacks on these embedded systems. We assume an adversary who can disturb the operation of such embedded systems by means of fault injection: the deliberate insertion of a computation error or memory error. This attack vector is realistic in cases when the embedded computing elements are subject to physical manipulation by an adversary. Fault injection can be achieved by pushing the embedded system outside of its nominal operating limits, which can be achieved by many different techniques.
We review the principles of fault injection, and highlight its use as a versatile hacking tool to obtain device control and to extract secret data. The traditional technique, differential fault analysis, dates back almost two decades, and many very effective variants have since been proposed. Most recently, biased-fault attacks have been developed which are able to use fault-response behavior as a side-channel signal. We review these biased fault attacks and explain why they are a threat to contemporary embedded designs. Finally, we show that biased-fault attacks apply equally well to software. We conclude that a fault attack can be engineered by an adversary to obtain a precise result.
BIO | Patrick Schaumont is a professor in Computer Engineering at Virginia Tech. He received the Ph.D. degree in Electrical Engineering from UCLA in 2004, and the M.S. degree in Computer Science from Ghent University in 1990. From 2012 to 2014 he served as director for the Center for Embedded Systems for Critical Applications (CESCA) at Virginia Tech. His research interests are in design and design methods of secure, efficient and real-time embedded computing systems. He served as program co-chair for several conferences in this field, including CHES, HOST, WESS and RFIDsec. He received the National Science Foundation CAREER Award in 2007. He was named Outstanding New Assistant Professor in 2007, received the Dean's Award for Excellence in Teaching in 2012, and was named Dean's Faculty Fellow in 2013.
Supported by Jackson National Life Insurance Company
