Embedded

December 21, 2012

The Security Puzzle

by Amelia Dalton

There is no such thing as a zero security risk. No matter what you build and how you build it, there will be bad guys lurking at the door, trying to get in. This week my guest is Paul Kocher (Cryptography Research Inc.) and we're looking at the trends in security in WiFi-enabled designs and discussing how you can solve the puzzling security problems in your next design.

Also this week, I check out the new Pi Store and give everyone the chance to win a Zedboard courtesy of Xilinx. 

Channels

Consumer Electronics. Embedded.

 
    submit to reddit  

 

Watch Previous Fish Frys

Download Fish Fry Today!

add to iTunes    add to podnova   add to yahoo   add to zune  add to newsgator   

add to pageflakes      add to netvibes    add to google    RSS Feed RSS

Fish Fry Links - December 17, 2012

More Information about Cryptography Research Inc

More Information about the Pi Store

More Information about the Spartan-6 LX9 MicroBoard

More Information about the Zedboard

 

Fish Fry Executive Interviews

Moshe Gavrielov, CEO - Xilinx

John Bruggeman, Former CMO - Cadence Design Systems

Darrin Billerbeck, CEO - Lattice Semiconductor

Lauro Rizzatti, Vice President of Marketing, EVE

Bill Neifert, CTO - Carbon Design Systems

Sean Dart, CEO - Forte Design Systems

Kapil Shankar, CEO - SiliconBlue

Andy Pease, CEO - QuickLogic

Rajeev Madhavan, CEO - Magma 

Paul Kocher, President - Cryptography Research Inc.

Anupam Bakshi, CEO - Agnisys

Dave Kleidermacher, CTO - Green Hills Software

Robert Blake, CEO - Achronix

Jack Harding, CEO - eSilicon

Michiel Ligthart, COO - Verific

Adnan Hamid, CEO - Breker Technologies

Jeff Waters, VP and General Manager - Altera

Luc Burgun, CEO and President, EVE 

Comments:


amelia

Total Posts: 198
Joined: Apr 2009

Posted on December 21, 2012 at 12:52 PM

This week's Fish Fry is all about security in connected devices. What do you think about my interview with Paul Kocher from Cryptography Research Inc?

lvruffino

Total Posts: 11
Joined: Dec 2010

Posted on December 21, 2012 at 7:54 PM

Hi Amelia, That Zedboard sounds like it would save me a lot of time!
To save time I found a terrific guide to using the Xilinx LX9 Microboard, with clear exposition and real HowTO which reduces the learning curve for everybody.
Check out this link, and amplify the number of folks trying to invent a better world using "solid state intelligence"

http://svenand.blogdrive.com/archive/122.html...

Lord Loh.

Total Posts: 62
Joined: Dec 2009

Posted on December 22, 2012 at 7:40 AM

I have an atlys Spartan 6 board from Digilent. The VHDC boards are affordable, but The FMC boards that go with the Zed board are out of the roof.

If I had a zed board, I would probably build a brute force decryption peripheral to crack passwords of zip files (or SSL). It would be cool to connect a few zed boards in parallel over the FMC to have a zed board cluster!

Also, Simulink has support for Atlys, but not zed board (yet?).

kevin

Total Posts: 412
Joined: Apr 2009

Posted on December 23, 2012 at 5:21 PM

@Loh,
I have to applaud the clever irony of proposing a project to crack passwords using the prize from a podcast about beefing up security.

Nice! So far you get my vote for the Zed board (of course, I don't really get a vote...)

smiling

Kevin

ericwertz

Total Posts: 5
Joined: Sep 2010

Posted on December 23, 2012 at 11:29 PM

I've got two words for Loh -- "problem space".

There won't be enough Zedboards made to crack anything but the most pathologically poorly configured (or implemented) SSL setups.

As they say, "Minutes of wasted research can be prevented by billions of Zedboard-hours spent up-front." OK that's a Zedboard-specific variant of the classic wasted-effort one-liner (no wonder why I had my poetic license revoked years ago). Feel free to migrate-out the dopant in all your Atlys's junctions trying though.

ZIP files on the other hand, because they're typically encrypted with human-generated passwords, are known to be much more vulnerable. Old, classic ZIP encryption cracking can probably be done in a reasonable amount of time on your current cellphone.

My newly won Zedboard would be used for North Korean missile tracking, now that gravity is no longer their overwhelmingly dominating influence upon their trajectories. It would be a great addition to Santa's 2013 flight management and counter-threat system.

All the best holiday season to Amelia and her Daltoids!

SteveNordquis4

Total Posts: 47
Joined: Jan 2011

Posted on December 25, 2012 at 10:00 PM

Paul Kocher has chosen interestingly in offering Reducto Ad Med-school (European/AMA vein) analogies. Perhaps keen enough in that IPv6 is not the aTRON or PRC party line?

I would dress my Zedboard as the 'key exchange bear' in a bid to own the meme (but program it to safely trim silver maples and several types of oak with only abrasive cable, CMOS cameras, microphones and a winding drum or two.) What should it do when hit with squirrels or tranquilizer darts (besides stop and crawl off slowly?) Barf nulls and hash-signs?

Hearing about Amelia, the Daltoids and the Pi store (Hello! Can I interest you in our trepanning augers?) I had to think of Aranofsky remakes (possibly with tiger and rowing skiff) of Amelie and new Dr. Who. I'm not getting there, though glib blindside explanations at the end seem perfectly at home. Happy Newtonmas.

dougwithau

Total Posts: 16
Joined: Oct 2010

Posted on December 26, 2012 at 7:02 PM

I would love a Zed board. I worked on what became the Zynq. (I was NOT responsible for naming the product.)
Originally it was called Angelfire and was meant to give some high speed peripherals to be paired with the Microblaze.
Then it was Dragonfire and had an ARM 1136,then a Cortex-A8.
Finally it was Pele (Hawaiian fire goddess, and finally had the dual Cortex-A9. There is a whole lot of cool peripherals in there and a huge pipe to tie the cache to the FPGA fabric.

Most of the people I worked with are not at Xilinx any more. They closed the Albuquerque office a while ago, that is where the original embedded group was. Too bad, there was a whole lot of talent working there.

If I win the board, I would use it to port the Kozio VTOS test system to it.http://www.kozio.com/ Mostly because that is my new gig.

I also want to try getting a multicore version of QP going. I was never able to get a real multicore Microblaze system to work, sigh.http://concretemulticore.wordpress.com/2010/09/30/event-driven-mult...

johnbaustian

Total Posts: 13
Joined: Dec 2010

Posted on December 27, 2012 at 5:09 PM

I would love to have a Zedboard. A project I want to do is to recreate the tone generator of a Hammond B3 organ, with a MIDI interface. I think The Zynq 7000 could handle that, with perhaps some power left over to emulate a Leslie cabinet as well.

d0ubled

Total Posts: 7
Joined: Dec 2010

Posted on December 27, 2012 at 9:16 PM

The zedboard would make an awesome logic protocol analyzer platform. Something like a next generation Open logic sniffer. In fact I would like to see something like the zync products roled together with embedded Linux as a basis for future logic analyzers form Agilent and the other big test equipment companies.

Lord Loh.

Total Posts: 62
Joined: Dec 2009

Posted on January 04, 2013 at 4:11 PM

Sorry for the late response:

@kevin: Thanks

@ericwertz: Yes. SSL might be a tough nut to crack. I recently bought a WiFi Pineapple and would like to try WiFi Hacking.

I know of people who just refuse to do online banking over anything wireless. I have so far blindly relied on SSL to secure my communications. Mary, the Queen of Scots lost her head for relying on cryptography blindly (Reference: The Code Book by Simon Singh's which in turn refers to Code Breakers by David Kahn).

I would like to verify that am not repeating history Of course, when I am cracking my own SSL communications, I could git it some 'tips' on what to expect.
You must be logged in to leave a reply. Login »
  • Feature Articles RSS
  • Comment on this article
  • Print this article

Login Required

In order to view this resource, you must log in to our site. Please sign in now.

If you don't already have an acount with us, registering is free and quick. Register now.

Sign In    Register