 All right, everybody. We're going to get started. Oh, okay. Two minutes. Got to wait two minutes. How's everybody doing? Who's hacking badges? No one? Oh, come on. Let's see you raise your hands. Hacking the badge. No one? Who's been up to the HHV, at least? Let's hear a round of applause for the guys up in the HHV giving out their time. Come on. All right. There's a bunch of volunteers up there. They're donating their time at DEF CON. Be sure to say thanks to them, okay? Anyone notice anything peculiar that could be a side effect of the badge blinking? Anyone notice that when you're talking, your badge blinks with you? Wonder what would happen if you were to capture that light and try to convert it to audio? Would it be what you were saying? It might be interesting. How are we doing on time? All right. We're not trying to start early. Riddles? It's over there. This is over there in this corner if you want Riddles. We're just here to try to share our info. Yeah. Has everyone seen the whole badge put together that they had up in the HHV? Yeah. The guys up there, Smitty, got together a team, got the whole thing assembled, even got the Uber badge from DT himself. I think it's up on Twitter, if you check there. All right. Well, we're going to start. My name is Steve Jananski. My partner here, Nick Waite. We're both from the University of Delaware. We work out of a research group called CVORG. May have seen some of our guys around. May have seen us last year. Basically what we're going to be talking to you today is about hardware trojans and more of an application. So often we get asked what exactly is a hardware trojan? And last year, Dr. Kiamlov came out and he tried to explain to everyone through a talk what exactly hardware trojans were, why are they important, why should people be looking at the security of hardware. And we got questions like, well doesn't my antivirus protect against that and why should we worry about hardware when software is already there? So basically we define a hardware trojan to be any malicious alteration of hardware that could under the specific conditions result in a change. This could be anything from a time bomb or any of the typical things you would think of a software trojan, just implement it in hardware. Now the reason is it's just like a central theme of today has been and yesterday has been trust. There's a lot of things with the SSL stuff and the central authorities concerning trust. Well, when you're designing hardware, the hardware is going to go through many stages at many different places before it's actually made. At any of those points, people could modify that hardware. Basically, everyone assumes the hardware to be trusted or secure. I mean, it's your box. If it's not plugged into the internet, it's safe. It's secure. No one's touching it. And this is a fundamental problem. Basically, hardware can be manipulated easily to disguise, to misuse, to abuse any of the software you've written. So here's a quick scenario for you to kind of give you the Doomsday appeal. So imagine someone comes out with their new super secure, smart card, authentication, PKI model, et cetera. They're selling it out to the world. And the banking system decides this is our standard. This is what we're going to use. An example of such standards might be the DoD's cat card system, easy pass, any of those systems like that. Now the device happens to be weak via a zero day vulnerability. Could be via differential power analysis. Could just have a back door pin that you listen for the key to come out on. Anything. Could have been accidental. Could have been intentionally done. But no one knows how it got there or that it's even there. So the banks adopt it. They rolled into production. Everything's there. Then suddenly the bad guy shows up at the door, knock on the door of the bank and say, hey, you've got to give us money or we're going to go tell public that your system's broken and that we can break it. So they have three options as you see. They can either admit the flaw and people are going to lose faith in the system. As was seen by there was one bank in the 90s admit they got hacked. One hour business ever since then. Haven't really heard banks admitting they got hacked. People will claim account was stolen, information was stolen, but it's minimized because of the damage it can do to your reputation. You can deny the flaw on the chip and hope that they don't exploit and pay out the money on it. Basically, you know, you can cover the losses as was done. What was it? The United Kingdom with the ATM system? Yeah, they just in the 80s, they had a broken ATM system rather than admit it. They just sucked up the cost of the people doing it because they didn't want people to lose faith in them. Or you can just play blackmail and who knows what's going to happen. They are, you know, it's a standard crime scene. So basically what we're looking at specifically in modification of hardware are hardware Trojans. And back at DEFCON 16, Dr. K and one of his students, Ryan Hoover, came out with a team of us and demonstrated three particular types of hardware Trojans. An optical Trojan where the light was blinking so fast you couldn't see it was blinking, but it was leaking out a message. It was actually saying, hello DEFCON. There was a thermal Trojan where the components were heating up and cooling and under an IR camera you could actually see this happening. So still couldn't see it to the eye. And finally there was the RF Trojan which was toggling one of the unused pins on device to create radio waves that could be picked up by a radio. So we presented these, we showed them, people were like, ooh cool, but no one really did anything about it after that. So we decided we were going to become more mischievous and bring some stuff back. So basically what we have to present to you today is a power line Trojan. It is a hardware Trojan that we're using to leak data over the power line and anywhere it may go. It's similar to the guys who did killing with keyboards research. They were looking at the ground plane and data being leaked by the PS2. But we're actively trying to push the data out. We're not taking advantage of something that just happens to be a design flaw. The unique thing about this is it actually offers bi-directional communication as you'll see. And who really monitors their power lines? You'll monitor your ethernet, you'll monitor your phone line, but who's looking at the power lines? Really? Nobody. So an example of such communication is broadband over power lines, things like that that run in your home, but they all get blocked at a certain point and get stopped from propagating. But there's ways around that. So really quick course in electricity for those who don't know. There's Ohm's Law, which says that voltage is directly proportional to the current times the resistance. So just keep this in mind. Power, so the power you get out of something, is proportional to the current times the voltage. And then there's two different types when you're considering it. There's alternating current and direct current. AC is what's coming out of your power line. 60 hertz here, it's oscillating just like any sound you might see on a scope. And then there's DC, which is what is coming out of batteries. And the difference is that basically what you usually use in a device is DC. What the power lines provide is AC, and you use a power supply that will convert that AC to the DC. So what we noticed was that when looking at a computer power supply, as you'll see up there, that the computer power supply provides the following voltages, 12, 5, 3.3 sometimes, negative 12 and 5. Now the way it actually does that is it goes from the 120 volts AC to a high voltage DC that is then stepped down to the 12 volts DC, which is then stepped down to 5. Then stepped down to 3.3 or whatever you need. Basically the 12 volt rail is not traditionally conditioned or regulated back to the days when you had floppy disks which had giant motors powering them. Whereas the 5.5 and the 3.3 and all the little things that your CPU love are highly regulated because they wouldn't do so well if the power was all messy. So basically what we found was that, and we'll describe how later, is that by modifying the voltage coming into your computer, the effects are visible on the 12 volt rail inside the computer. So using something called a variac, and then using to modulate the power going into the tower, we were then able to read back using onboard motherboard sensors this change on the 12 volt rail. So at this point I'm going to turn it over to my partner Nick who's going to go into a bit more detail. Hello. So picking up there. The nature of that power supply thing is that right now only some power supplies have a noticeable shift on the 12 volts. It's actually due to the way the power supply is constructed, which is a flyback. And the nature of flybacks is that only one output is really regulated directly the rest of what's called a kind of cross regulation issue, which is maybe a couple of percent. But on the 12 volt rail which seems to be the worst regulated when you adjust the input voltage enough by like 20 to 30 volts, it actually makes a detectable thing on there. And that may or may not be useful. It's nice because you don't need any actual modification of the hardware on a computer to send data into it from the power line if the computer is made with the right kind of power supply in motherboard and those sort of things. But as you'll see later, if you add the possibility of having a power supply with a little bit of assistance inside it, you could say a trojan power supply, all kinds of interesting things become possible. So the point of all this would probably be in your doomsday scenario to get data in and out of these compartmented information facilities, the skiffs, Faraday cage designed to prevent any kind of RF from going in and out. They filter the power too typically, but at least from what I've read there's a limit to what that filtering can do. So communication over power lines, usually there's two kinds. There's a sort of high bandwidth kind that's used for doing internet or something and then there's a low bandwidth kind. And the traditional problem with power line signaling is that it stops at the mains transformer or the nearest large inductor that it runs into because those things have... they're made for 60 hertz basically, not for 120 kilohertz or 30 megahertz or whatever the bandwidth of the system uses. Some of these smart grid things like the automated meter readers are designed to use narrowband signaling in the kilohertz range to punch through these transformers and what range they can achieve, I'm not quite sure yet, but we plan to find out and it might be quite significant. The interesting thing is that even if you're in a skiff, it's very hard to completely filter the line because if you make your line a completely high impedance 60 hertz source, only let 60 hertz in and nothing else, all the line harmonics accept 60 hertz, which most nasty loads make, get reflected back and it messes up the power. So that's an interesting point to keep in mind. This is a tempest filter, which is commercial, I guess. It has a really impressive attenuation, 100 dB. If you look at that... I guess it can't be seen very well, but the 100 dB starts to cut out around 14 kilohertz, but as you can see from the plot, it actually drops off quite quickly and I estimate around 2 kilohertz, so that only 10 dB of attenuation or so, which is starting to get kind of small, something that might be able to get through even. And this is a facility filter. It's not like a power strip. This is the sort of thing you'd have mounted on the wall inside your compartmented information facility. So the principle that you can use to detect these things is this little simulation. Actually, most switching power supplies have two stages. They have a rectifier stage, which turns the AC into DC, and then they have a DC to DC converter stage that takes the unregulated input DC and converts it into the outputs that you want. So the second stage is represented by that current source up there on the right side, the load. That, when you load, you change the load in your box, let's say by having the idle thread in your operating system, modulating between halt instructions and a busy weight, so it's either burning power or not, or maybe by having your graphics card do nothing but do it with a lot of power. You know, drive your CUDA with a whole bunch of NO-OPS. Make it do something that's nothing you can see. You can modulate your power probably by tens, 20s of watts. I would say maybe by as much as 60, 70% between sleep and a high power mode. And modern computers more and more will have a larger and larger amount of power they can modulate because that's how you save power in the first place. So that power, because the switching power supply also is supposed to be efficient, that power reflects right through the power supply to its input loading. That current source then vibrates, modulates, and you can see on the graph up there, the red line, that is the power supply modulating between half an amp and one amp, so I'm just assuming a nice 50% variation in power. That would be at about 150 volts, so you're talking a reasonable tower being modulated between an idle state and high power state. And the green lines up there are actually what the AC line load looks like in current. They're very sharp, and the reason for that is because the way the rectifier works there, the capacitor is discharged slowly by the load, and it only conducts current from the AC line when the AC voltage is higher than the capacitor voltage, which means that it tends to compress all of its current consumption into tiny little spikes at the peak of the AC curve, at the peak of the AC wave. Newer power supplies have what's called power factor correction, but these are not likely to be what you see in a sensitive facility. So if you look at the lower chart, you can see there's actually a large number of harmonics. They go way out to two kilohertz, and they only drop down to about 10% around 800 hertz. You have nine, 10 harmonics that you can look at, and these will change somewhat when the load changes because the actual duty cycle of those peak pulses changes as well. So our setup for communicating into the box so far is this variac connected to the wall plug, and something, a motherboard that has onboard voltage monitoring, you can see the bottom bioscreenshot there, 11.937 volts. If it actually had that resolution, you have no trouble detecting it. It looks like the thing changes by 10, 20 millivolts or so when you change the input voltage by 20 volts, and it has no effect on the operation of the computer. The switching power supplies work quite well, actually. Because Steve wrote some code that actually automatically pulls that, and we are basically currently trying to integrate that into an actual communication method into the box. Now, the interesting thing is, that's all using just what's onboard the computer as it is, but if you take into account the possibility of hardware trojans, a modified power supply perhaps, you can do all kinds of crazy things where you can use either the fan speed connectors to a power supply or just voltage monitoring to send data to and from the power supply transparently by using power consumption and voltage modulation, and then have the power supplies microcontroller pipe it out from the power supply using a much more efficient long range method. So you could use, for example, OFDM, and use the OFDM, modulate the OFDM set of multiple carriers in such a way that they imitate noise sources on the line, such that it would be very difficult just by taking a Fourier transform of the line noise spectrum to detect whether there was something on it or not emitting information. There's all manner of interesting things that could be done there. CDMA techniques with orthogonal codes so that multiple devices on the same power line won't ride over top of each other. You could have an entire covert network running over the power line and people wouldn't necessarily be able to tell if it was clever enough. So similarly, you can have those techniques used to get the data in. You have a bi-directional network. The ultimate goal is to SSH into someone's box through the AC line and think that although it's not the most practical attack, it's definitely possible. And for certain people in certain cases with a high value enough target, they might be willing to do the things necessary to get that to happen. All kinds of fun stuff. So I guess this would be what would be called an amplified active tempest or an augmented active tempest because whereas a passive tempest involves sniffing data from something that's not intended to radiate, an active tempest like the ones where you use the Windows startup sound to emit a password via steganography as somebody did before or modulating the video between black and white dithers and a grayscale single color to create an AM carrier. Those are software operated active tempest but when you have a piece of hardware to assist your tempest, snuck into the device as well, you really have a Trojan that can do and that's basically where we're at. A bunch of theory, a few experiments. I can confirm that we have some positive confirmation that these effects are real but work is ongoing to develop them to something practical and hopefully you guys will see us next year with something more impressive. So that about wraps it up. We're gonna keep bringing this stuff out and we're gonna keep releasing it so stay tuned, check the website and we're gonna head up from here to the hardware hacking village to do some work and we'll do a post talk Q&A if you have questions, see us up there. Alright, thank you very much.