Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Feb 1, 2018
As reverse engineering tools and hacking techniques have improved over the years, software engineers have been forced to bury their secrets deeper down the stack – securing keys and intellectual property first in software, then drivers, on to custom firmware and microcode, and eventually as etchings on the very silicon itself.
For the hackers involved, the skills and tools needed to extract and monetize these secrets come with ever increasing hurdles and cost. Yet, seemingly as a corollary to Moore’s Law, each year the cost of the tooling drops by half, while access (and desire) doubles. Today, with access to multi-million-dollar semiconductor labs that can be rented for as little as $200 per hour, skilled adversaries can physically extract the most prized secrets from the integrated circuits (IC) directly.
Understanding your adversary lies at the crux of every defensive strategy. This session reviews the current generation of tools and techniques used by professional hacking entities to extract the magic numbers, proprietary algorithms, and WORN (Write Once, Read Never) secrets from the chips themselves.
As a generation of bug hunters begin to use such tools to extract the microcode and etched algorithms from the IC’s, we’re about to face new classes of bug and vulnerabilities – lying in (possibly) ancient code – that probably can’t be “patched”. How will we secure secrets going forward?
Speaker Bio: Gunter Ollmann serves as CTO for Security and helps oversee the cross-pillar strategy for the Cloud and Enterprise Security groups at Microsoft. Before joining Microsoft, Günter served as Chief Security Officer at Vectra AI, driving new research and innovation into ML-based threat detection of insider threats. Over the last couple of decades Günter built and led multiple world-renowned advanced security R&D and consulting teams, having held CTO and executive strategy roles, at companies such as NCC Group PLC, IOActive Inc., Damballa Inc., IBM, and Internet Security Systems. He is a widely respected authority on security issues and technologies, and has researched, written and published hundreds of technical papers and bylined articles over the years.