A Framework for Embedded Hardware Security Analysis
Embedded computers are unavoidable in our daily life, and our interaction with them only looks to increase as more products include the words `Internet of Thing' in their selling features. Embedded computers can be found in our credit cards, in our cars, and in our thermostats. With such a wide distribution of embedded computers one might expect the companies designing and building them to look towards the large body of research present in academia about attacking and securing these devices. But a gap exists between these two worlds, and the result can be seen in the many attacks against embedded devices presented every year at conferences such as Black Hat and DEFCON. This thesis introduces low-cost and open-source hardware and software that allows industry to more easily apply recent research publications, so this gap can be closed. The fields of side-channel power analysis and fault injection allows us to successfully attack even strong cryptographic protocols, as these protocols can be broken when implemented on embedded devices. Understanding these attacks is critical to build strong devices that have to resist attacks for the next five to twenty years, especially where the devices may have limited ability to be updated. In addition to introducing a novel architecture for the analysis tool, this thesis includes several examples of attacks against various devices including small microcontrollers, field programmable gate arrays, embedded Linux computers, and IEEE 802.15.4 wireless nodes.