четверг 05 мартаadmin

Contents

  • What's New

Altera University Program Flash Memory Demonstration. Intel FPGA Training - Curricula. Recommended Courses. These courses assume that you understand the material covered in Fundamentals Part 1 because they cover more advanced topics such as functional simulation, timing analysis, power analysis, debug, and system design using the Qsys tool. We provide IP cores that support the various devices on our University Program FPGA boards. The IP cores are available in an open-source format with complete documentation, and are distributed as part of the FPGA University Program Installer. The FPGA University Program.

I am a Senior Research Associate in the Security Group at the Computer Laboratory of the University of Cambridge in the UK.

  • Ph.D. in Computer Science, University of Cambridge, UK (2005)
  • M.Sc. in Physics, Automatics and Electronics, Moscow Engineering Physics Institute (MEPhI, МИФИ), Russia (1997)

I have background in electronics, chemistry, computer science and physics. Before starting my research at the University of Cambridge in 2000, I was working for industry designing various electronic devices for eye sight diagnostic and correction.

My research interests include Hardware Security, Embedded memory security, Smartcards, Semiconductors Failure Analysis methods, Forensic Analysis.

I have a strong track record of establishing new directions in hardware security field and finding “impossible” solutions to hardware security problems:
2002 – discovery of optical fault injection attacks which shaked the industry with many semiconductor manufacturers still struggling with implementation of reliable countermeasures;
2005 – discovery of data remanence in EEPROM and Flash memory which required tweaking of hardware designs in some Flash and EEPROM chips;
2006 – introduction of combined attacks of fault injection with power analysis which opened up a new area for academic research on attacks and countermeasures;
2010 – introduction of bumping attacks on Flash memory that can extract data from devices without readback function which forced many developers to implement robust countermeasures;
2012 – introduction of hardware acceleration to power analysis for finding backdoors which forced implementation of more robust countermeasures;
2016 – demonstrating “impossible” NAND mirroring attack on iPhone 5c which proved possibility of things officially named as impossible;
2017 – introduction of direct SEM imaging of EEPROM and Flash memory which paved the way for inexpensive memory extraction at scale;
2018 – demonstrating decapsulation on a battery powered chip which proved that decapsulation with acid is not as dangerous as it was thought.

Research

I work in the Hardware Security field on attack technologies and tamper-resistant processors. My Hardware Security research is aimed at finding vulnerabilities, hidden functions and backdoors in silicon chips. Many new attack methods and techniques were developed by me in the past decade. Some of them were previously thought to be impossible.

I presented my latest research achievements at Hardware Security Conference and Training (Hardwear.IO 2019), 26-27 September 2019, Hague, Netherlands. The title of my talk on 26th September was: Hardware security evaluation of Intel MAX 10 FPGAs: from feasibility study to security boundaries. The full paper is available here.

I was an invited speaker at TL@NTU Workshop on IC Hardware Analysis on 20th July in Singapore. I presented the talk 'Hardware Security: Present challenges and Future directions'.

I was an invited speaker at 25th International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA-2018), 16-19 July 2018, Singapore. I presented the talk 'Is Hardware Security prepared for unexpected discoveries?'

I was asked to perform a security evaluation of USB fan by a reporter at The Economist. Here is my report on findigns.

I was an invited speaker at Design Automation Conference (DAC-2018) for PAINE workshop on 24th June 2018, USA. The title of my talk was: Hardware Security implications of Reliability, Remanence and Recovery in Embedded memory.

I was an invited speaker at 43rd International Symposium for Testing and Failure Analysis (ISTFA-2017), 5-9 November 2017, Pasadena, USA. The title of my talk on 7th November was: Combining Hardware Security, Failure Analysis and Forensic Analysis for the benefit of all.

Here is the list of some of my recent research projects:

  • Failure analysis of embedded systems
  • Searching for backdoors and Trojans in silicon devices
  • Using new methods of side-channel analysis for finding backdoors and trojans in secure chips
  • Using new technology for health monitoring of hardware systems used in automotive, aerospace and industrial applications
  • Using side-channel analysis and fault attacks for partial reverse engineering of secure chips
  • Developing new technology for effective side-channel analysis and secret key extraction from real-world devices
  • Investigation of hardware security related problems in SRAM, Flash and EEPROM memory of semiconductor chips including microcontrollers, secure memory chips and FPGAs. Evaluation against: fault injection, data remanence, side-channel attacks, heating attacks, side-channel emission analysis attacks, bumping attacks, fault masking attacks and other recently discovered attacks
  • Investigation of hardware security related problems in hardware encryption engines embedded into various semiconductor devices. Evaluation against: side-channel attacks, fault injection, side-channel emission, bumping and other recently discovered attacks
  • Hardware security analysis of nonvolatile memory structures in microcontrollers, smartcards, CPLDs and FPGAs against all known attacks
  • Thermal imaging analysis of semiconductors

Usually new areas of research require additional work force. For that collaborators from industry and academia are sought and new grant applications are submitted. Should a new postdoc position be open this will be announced at the University Job site.

I am a member of the following communities:

  • Hardware-Oriented Security and Trust (HOST), Program Committee (2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019)
  • Cryptographic Hardware and Embedded Systems (CHES), Program Committee (2010, 2012, 2016, 2017, 2018, 2019, 2020)
  • Fault Diagnosis and Tolerance in Cryptography (FDTC), Program Committee (2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018)
  • Smart Card Research and Advanced Application Conference (CARDIS), Program Committee (2011, 2012, 2013)
  • Constructive Side-Channel Analysis and Secure Design (COSADE), Program Committee (2012)
  • Digital System Design (DSD) Euromicro conference, Special Session Program Committee (2014, 2015, 2016, 2017, 2018, 2019, 2020)
  • Design, Automation and Test in Europe (DATE), Program Committee (2017, 2018)
  • CCS 2017, ASHES workshop on hardware security, Program Committee (2017, 2018, 2019)
  • International Symposium for Testing and Failure Analysis (ISTFA), Program Committee (2019)
  • European Research Council (ERC), Peer Reviewer (2010)
  • Technology Foundation STW, Dutch Research Funding Council, Peer Reviewer (2013)
  • Journal of Cryptology, Peer Reviewer (2018)
  • Journal of Cryptographic Engineering (JCEN), Associate Editor and Peer Reviewer (2011, 2012, 2013, 2014, 2015, 2016, 2017)
  • IEEE Transactions on Dependable and Secure Computing (TDSC), Peer Reviewer (2018)
  • IEEE Transactions on Computers (TC), Peer Reviewer (2006, 2007, 2009, 2012, 2013, 2014)
  • IEEE Transactions on Reliability (TR), Peer Reviewer (2014)
  • IEEE Transactions on Computer-Aided Design of ICs and Systems (2014, 2018, 2019)
  • IEEE Transactions on Very Large Scale Integration Systems (2018, 2019)
  • Wiley Publisher, Reviewer (2010)
  • AIP Publishing for Applied Physics Letters (2019)
  • Journal of Information Security, Peer Reviewer (2011)
  • Journal of Microelectronics Reliability, Peer Reviewer (2012, 2013)
  • Journal of Information Science and Engineering, Peer Reviewer (2013)
  • The Computer Journal (COMPJ), Peer Reviewer (2013)
  • ACM Transactions on Reconfigurable Technology and Systems, Peer Reviewer (2008, 2013)
  • ACM Transactions on Information and System Security, Peer Reviewer (2013)
  • ACM Transactions on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT), Peer Reviewer (2018)
  • Microprocessors and Microsystems (Elsevier), Peer Reviewer (2015, 2017, 2020)

Here are some of my current project ideas for undergraduate students. Old project ideas are placed here and here.

Teaching

We just finished the new ACS course 'Hardware Security' for Part III and M.Phil students. This course provides a practical introduction to aspects of hardware security, in particular the reverse engineering of embedded microcontroller devices that implement a cryptographic application. The particular target on which the practical exercises center this year was the evaluation kit of an authentication chip embedded in consumer electronics accessories, such as ink-jet printer tanks, which implements a challenge-response protocol based on elliptic-curve public-key cryptography.

Creative 3d sound mp3 download youtube

I was a first assessor for 1st year PhD viva of Shih-Chun You entitled 'Attacking Cryptographic Algorithms on 32-bit Devices by Template Analysis - Using SHA-3 as an Example' at the department on 19 September 2019.

I was a member of the viva jury to examine PhD thesis entitled 'Reverse Engineering Secure Systems Using Physical Attacks' at Ecole Normale Superieure, Paris on 18th June 2018.

Since 2008 I have been giving guest lectures on Tamper resistance and hardware security in the Part II Security course for undergraduate students.

Since 2013 I have been contributing to the PartIII/MPhil ACS course Current Applications and Research in Computer Security as a guest convener with topic 'Tampering with hardware'.

I am invited from time to time to give lectures about my research achievements. The usual places are security-related workshops and other universities. Please refer to my publications section for the full list.

I now have a dedicated teaching course on Hardware Security aimed at industrial engineers and graduate students. It covers the following subjects: Introduction to Hardware Security; Common mistakes in the design of secure hardware; Data remanence effects in memory; Imaging techniques and Optical attacks; Side-channel attacks; Lessons, Countermeasures and Defence technologies. The course was well received by various people from industry and academia. I now have a contract with a large industrial chip manufacturing company for running yearly teaching course for their design engineers during the next five years.

As an initial reading on the hardware security subject I recommend my PhD thesis and a book 'Introduction to Hardware Security and Trust' to which I contributed on Physical Security (Chapter 7). For further reading please see my publications list. Also latest research achievements in that area are usually published at the following conferences: CHES, HOST, FDTC, COSADE and CARDIS.

If you are keen about Hardware Security, have some amazing projects in mind and want to do PhD research under my supervision please first see information about PhD degree at the Computer Laboratory before contacting me.

What's New

I presented my evaluation of hardware security in Intel MAX10 FPGAs at Hardware Security Conference and Training (Hardwear.IO 2019), 26-27 September 2019, Hague, Netherlands. The title of my talk on 26th September was: Hardware security evaluation of Intel MAX 10 FPGAs: from feasibility study to security boundaries. The full paper is available here.

Adamantine features Duck Down label mates General Steele of Smif N Wessun, Skyzoo, and Torae, as well as Ill Bill, Wordsmith, Supreme, and more. I never met son but my hardcore rhyme style and his murderous production. Ruste juxx indestructible rar. IT'S ADAMANTINE!'

I was an invited speaker at TL@NTU Workshop on IC Hardware Analysis on 20th July in Singapore. I presented the talk Hardware Security: Present challenges and Future directions.

I was an invited speaker at 25th International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA-2018), 16-19 July 2018, Singapore. I presented the talk Is Hardware Security prepared for unexpected discoveries?

I was asked to perform a security evaluation of USB fan by a reporter at The Economist. Here is my report on findigns.

I was an invited speaker at Design Automation Conference (DAC-2018) for PAINE workshop on 24th June 2018, USA. The title of my talk: Hardware Security implications of Reliability, Remanence and Recovery in Embedded memory.

I was a member of the viva jury to examine PhD thesis entitled 'Reverse Engineering Secure Systems Using Physical Attacks' at Ecole Normale Superieure, Paris on 18th June 2018.

I was an invited speaker at 43rd International Symposium for Testing and Failure Analysis (ISTFA-2017), 5-9 November 2017, Pasadena, USA. The title of my talk on 7th November was: Combining Hardware Security, Failure Analysis and Forensic Analysis for the benefit of all.

I am working on security analysis of semiconductor memory. The project is aimed at exploring the limits for non-penetrative analysis of embedded memory for failure analysis and integrity testing purposes. We are developing new probing techniques to analyse the contents of on-chip semiconductor memory including but not limited to SRAM, ROM, EEPROM, Flash and FRAM (FeRAM) using non-invasive, semi-invasive and invasive methods.

I was contacted many times in the past with questions about consulting projects I can perform here in the lab. It was mainly caused by rapidly growing concerns about hardware security of semiconductor products (mostly microcontrollers, CPLDs and FPGAs) and growing intellectual property theft in Asian countries where most outsourcing is taking place. Some projects were aimed on finding security flaws in existing devices in order to improve their security or to select the most secure parts from a list. Other projects were dedicated for teaching and educating personnel. While other projects were about developing of certain attack techniques. More information on the types of research projects and possible collaboration with industry.

My research proposal for the 2019-2020 academic year

(public open abstract part only; detailed proposal and other parts are confidential)

  • Using new methods of side-channel analysis for finding backdoors and trojans in secure chips
  • Using side-channel analysis and fault attacks for partial reverse engineering of secure chips
  • EEPROM and Flash memory analysis methods. This research project is aimed on developing new techniques for analysing EEPROM and Flash memory contents using invasive methods.
  • Practical use of fault-injection attacks. We introduced these attacks in 2002. Unfortunately they have still not been properly investigated. Research is needed to estimate the requirements on these attacks for each chip manufacturing technology and possible success rate. We are currently setting up the equipment necessary for this research.
  • Practical reverse engineering of programmable logic chips. It is strongly believed that CPLDs and FPGAs offer superior IP protection by design as there is no sequential programming execution flow and the device functionality is obscured using proprietary encoding. The question is how far an attacker can go by observing the device configuration process and analysing the differences.
  • Using nanotechnologies for hardware security analysis. Current trends in the miniaturisation of electronic devices demand the ability to understand the structure and properties on the deep submicron level (latest technology is 10nm and 7nm is already proposed). Recent achievements in scanning probe microscopy allow us to observe many characteristics of semiconductor chip surface such as landscape (with atomic force microscopy), doping concentration (with scanning capacitance microscopy), resistance (with scanning spreading resistance microscopy), magnetic field (with magnetic force microscopy), temperature (with scanning thermal microscopy), and many others. We need research to estimate how much information could be extracted from silicon chips by using such technologies. This research might involve designing and building some special microscopes. As such research requires large investments in equipment, it is difficult to predict when it will be started.

My scientific interests

  • Computer Security, Hardware Security
  • Analog-to-Digital and Digital-to-Analog systems
  • Embedded systems and controllers
  • Precision submicron positioning systems
  • Non-Invasive attacks on secure microcontrollers
  • Invasive attacks on secure microcontrollers
  • Memory remanence and data retention
  • DPSS and diode lasers
  • Microscopes and optical equipment
  • Nonvolatile memory technology
  • Semiconductor failure analysis

Expertise

Some of my special skills and fields of knowledge include:

  • Secure microcontrollers
  • Tamper resistance, smartcard systems, analysis of secure systems
  • Decapsulation and chemical (wet) etching
  • Focused Ion Beam (FIB) workstation (FEI Vectra 200)
  • Scanning Electron Microscopy (SEM) (Zeiss Leo 1530VP)
  • Cross-beam FIB/SEM (FEI Helios NanoLab 650)
  • Atomic Force Microscopy (AFM) (Veeco EnviroScope AFM)
  • Submicron mechanical positioning (stage1, stage2, stage3, stage4 ).
  • Assembler programming (8048, Z80, 8051, 6502, SAM47, 80x86, 6805/08/11, PIC12/16/18/24, 68000, AVR, MIPS, ARM, MSP430, H8/300, PowerPC, V850)
  • C/C++ programming for PC and embedded systems
  • Verilog HDL programming (Altera, Xilinx, Actel)
  • Designing of hardware devices using CPLDs and FPGAs (Altera, Xilinx, Actel)
  • Printed Circuit Boards (PCB) design
  • IBM PC hardware design and programming
  • Hardware design and programming for Sinclair ZX Spectrum, Nintendo (NES) game console, SEGA Megadrive game console

Some of my research and plans

Up-to-date information on my hardware security research.

My first security-related research project was an analysis of the copy protection mechanisms in modern microcontrollers. I still work in this area and I occasionally provide penetration testing and consulting services for old and new microcontroller designs. My work aims at understanding the detailed mechanism of how protection can be broken and how the security of new designs can be improved.

Using new methods of side-channel analysis for finding backdoors and trojans in secure chips.

Using side-channel analysis and fault attacks for partial reverse engineering of secure chips.

Developing new technology for effective side-channel analysis and secret key extraction from real-world devices.

My other research is more about a general evaluation of different memory structures against all kind of attacks, rather than testing any particular samples. As I expected long time ago (it was announced by me in 1999) Flash and EEPROM memories are not very good candidates for hardware security on their own, unless special attention was taken into data flow control and interface protocols. It was also suggested in my popular article on copy protection in microcontrollers with its first edition in year 2000. Much more information about various problems in EPROM, EEPROM and Flash memories are in my Ph.D. thesis which is available for public. My further research will involve detailed investigation in different Flash/EEPROM memory cells as well as in antifuse cells which are believed to be highly secure and my personal opinion is that it was not properly proved and tested. The next step would be learning and testing FRAM and MRAM memory structures as they are considered to be a highly secure replacement to Flash and EEPROM memories.

Past projects

  • Development and debugging of microcontroller based secure fiscal memory card for Cash Control Monitor (Master thesis project in University)
  • System for ophthalmic rehabilitation based on Nintendo Game Console (Co-authorship in patent invention)
  • Technology and special hardware devices for elimination of ophthalmic tension during work at CRT systems - TVs and Monitors(Patented in Co-authorship)

How you can contact me

Secure email: For confidential messages use HushMail and send email to my HushMail address Sergei.Skorobogatov (at) hushmail.com. Alternatively, use my PGP key.

I always reply to personal emails. But sometimes due to server problems or spam filters mail could be lost. Therefore please resend your message if I have not replied within one week. In case of important messages I would prefer you to forward a copy of your letter to my HushMail address. Please avoid using HTML format in your emails (such messages are very likely to be filtered out) and ask my permission if you want to attach any files to your emails.

Publications

Please do not copy any of my publications onto your own Internet server for public access without explicit permission. If you want to refer to any of my texts, please use a hyperlink to my original and not a copy. I update these texts frequently and I want to prevent the confusion that arises if people read somewhere else obsolete versions that are not under my control.

Posters

English texts

  • Hardware Security Evaluation of MAX 10 FPGA: Feasibility Study of Intel® MAX 10 devices for compliance to MODH security level. arXiv:1910.05086, October 2019
  • Hardware security evaluation of Intel MAX 10 FPGAs: from feasibility study to security boundaries. Hardware Security Conference and Training (Hardwear.IO 2019), Hague, Netherlands, September 2019
  • Hardware Security: Present challenges and Future directions. TL@NTU Workshop on IC Hardware Analysis, 20th July 2018, Singapore
  • Is Hardware Security prepared for unexpected discoveries? 25th International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA-2018), 16-19 July 2018, Singapore. IEEE Xplore 2018. (Slides)
  • Hardware Security implications of Reliability, Remanence and Recovery in Embedded memory. PAINE workshop at Design Automation Conference (DAC-2018), 24th June 2018, San Francisco, USA. Journal of Hardware and Systems Security, 2(4), Springer 2018, pp.314-321. (Slides)
  • Combining Hardware Security, Failure Analysis and Forensic Analysis for the benefit of all. Invited talk at ISTFA 2017, Pasadena, USA, November 2017
  • Challenging real-world targets: from iPhone to insulin pump. Keynote talk at Hardware Security Conference and Training (Hardwear.IO 2017), Hague, Netherlands, September 2017
  • Deep dip teardown of tubeless insulin pump. arXiv:1709.06026, September 2017
  • How microprobing can attack encrypted memory. In Proceedings of Euromicro Conference on Digital System Design, AHSA 2017 Special Session, Vienna, Austria. IEEE Computer Society, 2017. (Slides).
  • Reverse engineering Flash EEPROM memories using Scanning Electron Microscopy. In Proceedings of the 15th Smart Card Research and Advanced Application Conference (CARDIS 2016), Cannes, France, November 2016
  • Direct charge measurement in Floating Gate transistors of Flash EEPROM using Scanning Electron Microscopy. In Proceedings of the 42nd International Symposium for Testing and Failure Analysis (ISTFA), Fort Worth, USA, November 2016
  • The bumpy road towards iPhone 5c NAND mirroring. arXiv:1609.04327, September 2016
  • Be prepared: The EMV pre-play attack. IEEE Security & Privacy, 2015.
  • Chip and Skim: cloning EMV cards with the pre-play attack. IEEE Symposium on Security and Privacy ('Oakland'), May, 2014.
  • Security, Reliability and Backdoors. Talk at the Security Group seminar 13 May 2014 (slides).
  • Tamper resistance and hardware security. Guest lecture in the Part II Security course, 03 February 2014.
  • I gave a lecture course on Hardware Security of semiconductor chips at Nanyang Technological University in Singapore for undergraduates and PhD students of Temasek Laboratory department in May 2013.
  • I gave invited talk 'Silicon scanning technology for hidden backdoors in semiconductor chips' at National University of Singapore, Department of Engineering on 20 May 2013.
  • Tamper resistance and hardware security. Guest lecture in the Part II Security course, 04 February 2013.
  • Chip and Skim: cloning EMV cards with the pre-play attack. Eprint arXiv:1209.2531, September 2012
  • Breakthrough silicon scanning discovers backdoor in military chip. Cryptographic Hardware and Embedded Systems Workshop (CHES-2012), 9-12 September 2012, Leuven, Belgium, LNCS 7428, Springer, ISBN 978-3-642-33026-1, pp.23-40. (slides).
  • In the blink of an eye: There goes your AES key. IACR Cryptology ePrint Archive, Report 2012/296, 2012.
  • Integrated Circuit Investigation Method and Apparatus. Patent number WO2012/046029 A1
  • Tamper resistance and hardware security. Guest lecture in the Part II Security course, 20 February 2012.
  • Physical Attacks and Tamper Resistance. Chapter 7 in Introduction to Hardware Security and Trust, Eds: Mohammad Tehranipoor and Cliff Wang, Springer, September 2011, ISBN 978-1-4419-8079-3
  • Hardware Security of Semiconductor Chips: Progress and Lessons. School of Computing Science, Newcastle University, 27 June 2011, Newcastle upon Tyne.
  • Fault attacks on secure chips: from glitch to flash. ECRYPT2 School on Design and Security of Cryptographic Algorithms and Devices, 29 May-03 June 2011, Albena near Varna, Bulgaria.
  • Side-channel attacks: new directions and horizons. ECRYPT2 School on Design and Security of Cryptographic Algorithms and Devices, 29 May-03 June 2011, Albena near Varna, Bulgaria.
  • Physical Attacks on Tamper Resistance: Progress and Lessons. 2nd ARO Special Workshop on Hardware Assurance, 11-12 April 2011, Washington DC, USA.
  • Synchronization method for SCA and fault attacks. Journal of Cryptographic Engineering (JCEN), Vol.1, No.1, Springer, 2011, pp.71-77.
  • Bumping attacks: the affordable way of obtaining chip secrets. Talk at the Security Group seminar 7 December 2010 (slides).
  • Tamper resistance and hardware security. Guest lecture in the Part II Security course, 5 November 2010.
  • Optical Fault Masking Attacks. 7th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2010), 21 August 2010, Santa Barbara, USA. IEEE-CS Press, ISBN 978-0-7695-4169-3, pp.23-29. (slides).
  • Real world AES key extraction. Rump session at Cryptographic Hardware and Embedded Systems Workshop (CHES-2010), 19 August 2010, Santa Barbara, USA.
  • Flash Memory 'Bumping' Attacks. Cryptographic Hardware and Embedded Systems Workshop (CHES-2010), 18-20 August 2010, LNCS 6225, Springer, ISBN 3-642-15030-6, pp.158-172. (slides).
  • Fault and side-channel attacks on memory. PASTIS-2010 Workshop on PACA Security Trends in Embedded Systems, 16-17 June 2010, Gardanne, France (abstract and slides).
  • Hardware security of silicon chips: progress, pitfalls and challenges for physical attacks. Lorentz Center Workshop on Provable Security against Physical Attacks. 15-19 February 2010, Leiden, Netherlands (abstract and slides).
  • Tamper resistance and hardware security. Guest lecture in the Part II Security course, 20 November 2009.
  • Optical surveillance on silicon chips: your crypto keys are visible. Talk at the Security Group seminar 13 October 2009. (slides).
  • Using Optical Emission Analysis for Estimating Contribution to Power Analysis. 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009), 6 September 2009, Lausanne, Switzerland. IEEE-CS Press, ISBN 978-0-7695-3824-2, pp.111-119. (slides).
  • Local Heating Attacks on Flash Memory Devices. 2nd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2009), 27 July 2009, San Francisco, CA, USA. IEEE Xplore, ISBN 978-1-4244-4804-3. (slides).
  • Hardware security: trends and pitfalls of the past decade. Talk at the Security Group seminar 20 January 2009 (slides).
  • Tamper resistance and hardware security. Guest lecture in the Part II Security course, 24 November 2008.
  • Semi-Invasive Extension to Physical Attacks. Securing Cyberspace: Applications and Foundations of Cryptography and Computer Security. Workshop IV: Special purpose hardware for cryptography: Attacks and Applications. 4-8 December 2006, Los Angeles (abstract and slides).
  • Optically enhanced position-locked power analysis. Talk at the Security Group seminar 31 October 2006 (slides).
  • Optically Enhanced Position-Locked Power Analysis. Cryptographic Hardware and Embedded Systems Workshop (CHES-2006), 11-13 October 2006, LNCS 4249, Springer, ISBN 3-540-46559-6, pp.61-75 (slides).
  • Tamper resistance and physical attacks. Summer School on Cryptographic Hardware, Side-Channel and Fault Attacks (ECRYPT-2006), 12-15 June 2006, Louvain-la-Neuve (slides 1, slides 2, slides 3 and slides 4).
  • Cryptographic Processors -- A Survey (Invited Paper). IEEE Proceedings, Special Issue on Cryptography and Security, February 2006, Vol.94, No.2, pp.357-369. Full version is available as a Technical Report UCAM-CL-TR-641.
  • Data Remanence in Flash Memory Devices. Cryptographic Hardware and Embedded Systems Workshop (CHES-2005), 30 August - 1 September 2005, LNCS 3659, Springer, ISBN 3-540-28474-5, pp.339-353 (slides).
  • Semi-invasive attacks - A new approach to hardware security analysis. Technical Report UCAM-CL-TR-630, University of Cambridge,Computer Laboratory, April 2005.
  • Data remanence in non-volatile semiconductor memories. Part I: Introduction and non-invasive approach. Talk at the Security Group seminar 26 October 2004 (slides).
  • On a New Way to Read Data from Memory. First International IEEE Security in Storage Workshop, 11 December 2002, Greenbelt Marriott, Maryland, USA.
  • Optical Fault Induction Attacks. Cryptographic Hardware and Embedded Systems Workshop (CHES-2002), 13-15 August 2002, LNCS 2523, Springer-Verlag, ISBN 3-540-00409-2, pp.2-12 (slides, Russian version).
  • Low Temperature Data Remanence in Static RAM. Technical Report UCAM-CL-TR-536, University of Cambridge,Computer Laboratory, June 2002.
  • Copy Protection in Modern Microcontrollers is an overview of copy protection reliability in modern microcontrollers, 2000.

Russian texts

  • Ispolzovanie Sfokusirovannogo Lazernogo Izlucheniya Dlya Izmeneniya Sostoyaniya Elementov KMOP IS //Electronics, Micro- and Nanoelectronics. MEPhI, Moscow, 2004, pp.67-72.
  • Ispolzovanie Sfokusirovannogo Lazernogo Izlucheniya Dlya Opredeleniya Sostoyaniya Yacheek Pamyati KMOP OZU //Electronics, Micro- and Nanoelectronics. MEPhI, Moscow, 2003, pp.37-42.
  • Smart-Karty - vzgljad na bezopasnost pri svete fotovspyshki //PLAS, Vol.6-7, 2002.
  • Ataki metodom opticheskogo navedeniya oshibok. Approved translation of Optical Fault Induction Attacks paper. Cryptographic Hardware and Embedded Systems Workshop (CHES-2002), LNCS 2523, Springer-Verlag, ISBN 3-540-00409-2, pp.2-12.
  • Vliyanie temperatury na vremya sohraneniya informacii v staticheskih OZU //Electronics, Micro- and Nanoelectronics. MEPhI, Moscow, 2001, pp.86-88
  • Zaschita Sovremennyh Mikrokontrollerov ot Kopirovaniya //Automatics, Electronics, Microelectronics, Measurement Systems. MEPhI, Moscow, 2001, pp.84-85.
  • Ispolzovanie Programmiruemyh Logicheskih Integralnyh Shem v Oftalmologicheskih Ustrojstvah //Electronics, Micro- and Nanoelectronics. MEPhI, Moscow, 1999, pp.99-103.

Press releases September-October 2016

  • Researcher Bypasses iOS Passcode Limit With NAND Mirroring. On the Wire, Device Security, Hacking, 15 September 2016.
  • Researcher Shows Simple iPhone Hack FBI Said Couldn't Be Done. Fortune, 15 September 2016.
  • Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions. Black Point, 15 September 2016.
  • Researcher Does What FBI Couldn't, Bypasses iOS Passcode Limit. Softpedia, Security, 15 September 2016.
  • How the FBI Could Have Hacked the San Bernardino Shooter's iPhone. Wired, Security, 15 September 2016.
  • The FBI could have saved money with this iPhone 5c hack. PCWorld, Security, 15 September 2016.
  • Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions. Threat Post, 16 September 2016.
  • FBI used to be wrong: Researcher Claims iPhone 5c can be Hacked by means of NAND Mirroring. Tech Musiq Cafe, 16 September 2016.
  • The FBI could have saved money with this iPhone 5c hack. CSO from IDG, 16 September 2016.
  • FBI Was Wrong: Researcher Claims iPhone 5c Can Be Hacked by NAND Mirroring. Gadgets 360, 16 September 2016.
  • Instead of spending $1.3 million, FBI could have Hacked iPhone in just $100. The Hacker News, 16 September 2016.
  • You can hack iPhone 5c for less than $100 with NAND bypass. Tech Worm, 16 September 2016.
  • Researcher Develops Method to Bypass iOS Passcode Limit on iPhone. Trip Wire, Security News, 16 September 2016.
  • The FBI missed a trick to hack the San Bernardino iPhone. Engadget, 16 September 2016.
  • NAND mirroring Unlock San Bernardino shooter iPhone with just $100. Security Affairs, 17 September 2016.
  • The iPhone's passcode security can be beaten for just $100. Beta News, 17 September 2016.
  • Researcher Bypasses iPhone Passcode Using the Technique the FBI Said Doesn't Work. Bleeping Computer, 17 September 2016.
  • Now You Can Hack iPhone For Less Than $100 With NAND Bypass. Tech Ugly, 17 September 2016.
  • Did You Know You Can Hack Into The iPhone For As Less As $100?. India Times, 17 September 2016.
  • Turns out iPhone 5c can be hacked with a $100 hardware. Hack Read, 17 September 2016.
  • The FBI could have saved millions with this iPhone 5c hack. Digital Munition, 18 September 2016.
  • FBI overpaid $999,900 to crack San Bernardino iPhone 5c password: Hacker brews fast NAND mirroring prototype for $100. The Register, 19 September 2016.
  • Hardware hack defeats iPhone passcode security. BBC News, Technology, 19 September 2016.
  • Professor proves NAND mirroring attack thwarts iPhone 5c security protocols. Apple Insider, 19 September 2016.
  • Researcher posts paper detailing US$100 iPhone 5C NAND mirroring device. SC Magazine UK, 19 September 2016.
  • Cambridge Computer Scientist Uses Hardware Hack to Bypass iPhone Passcode. iPhone Hacks, 19 September 2016.
  • iPhone passwords can be broken with this cheap hardware hack. Tech Radar, 19 September 2016.
  • Bypass an iPhone 5c's passcode lock for $100. Graham Cluley, 19 September 2016.
  • Apple iPhone 5C Password Lock 'Defeated' With £75 Hardware Hack. Tech Week Europe, 19 September 2016.
  • Security researcher proves FBI wrong ? hacks an iPhone 5c. Thats Nonsense, 19 September 2016.
  • Cambridge researcher shows FBI how to hack an iPhone for $100. PC Mag UK, 19 September 2016.
  • Cambridge Computer Scientist Defeats iPhone Passcode Security. Independent, 19 September 2016.
  • Academic beats FBI by unlocking Apple iPhone for £75. Sky News, 20 September 2016.
  • Computer scientist shows how to crack Apple iPhone 5c passcode for less than $100. Tech Xplore, 20 September 2016.
  • Professor Hacks iPhone NAND Chip of iPhone 5C to Gain Access. Hipster Pixel, 20 September 2016.
  • iPhone passcode bypassed with NAND mirroring attack. Ars Technica, 20 September 2016.
  • What a bargain! Computer scientist hacks iPhone for £75 after the FBI paid a firm almost £1 MILLION to do the same thing. Daily Mail, 20 September 2016.
  • Watch a Cambridge scientist crack the iPhone encryption that stumped the FBI. Cambridge News, 20 September 2016.
  • $100 store-bought kit can help anyone hack into iPhone passcodes. The Guardian, 20 September 2016.
  • NAND mirroring iPhone hack would have made the FBI's job much easier. Search Security, 20 September 2016.
  • iPhone passcodes can be bypassed using cheap hardware hack and persistence. The Inquirer, Security, 20 September 2016.
  • You can hack almost any iPhone with just $100 worth of electronics. Digital Trends, Mobile, 21 September 2016.
  • You can hack almost any iPhone with just $100 worth of electronics. Yahoo, Tech, 21 September 2016.
  • $104 High Street Instrument Can Open An Apple iPhone In 40 Hours. 24 News, Technology, 21 September 2016.
  • The FBI spent $1.3M to crack the iPhone - this hacker spent just $100. Vice News, Technology, 21 September 2016.
  • Researcher hacked iPhone 5c ten thousand times cheaper than the FBI hackers. Technical Center of Internet, Techno News, 21 September 2016.
  • £80 high street tool can unlock an iPhone in 40 hours. The Telegraph, Technology, 21 September 2016.
  • That's the way to do it. A Cambridge don shows the FBI how to save money on phone hacking. The Economist, Data Security, 22 September 2016.
  • The FBI spent $1.3M to crack the iPhone - this hacker spent just $100. The Usual Routine, 28 September 2016.
  • How one researcher cracked the iPhone 5c. EDN Network, 11 October 2016.

Press releases September 2012

  • Chip and pin 'weakness' exposed by Cambridge researchers. The BBC News, Technology, 11 September 2012.
  • EMV protocol flaw allows 'pre-play' attacks against chip-enabled payment cards, researchers say. PC World, Security, 11 September 2012.

Press releases May 2012

  • Cyber-attack concerns raised over Boeing 787 chip's 'back door'. The Guardian, 29 May 2012
  • Researchers find backdoor in milspec silicon. The Register, 29 May 2012
  • UK researchers discover backdoor in American military chip. Nextgov, 29 May 2012
  • Cambridge Scientist Defends Claim That US Military Chips Made In China Have 'Backdoors'. Business Insider, 29 May 2012
  • Proof That Military Chips From China Are Infected? Defense Tech, 30 May 2012

Press releases May 2002

  • 'Smart Card' Vulnerability Found. TechTV, 16 May 2002
  • Optical Smart Card Attack Not a Major Risk. Information Security Magazine, 16 May 2002
  • Camera flash opens up smart cards. New Scientist, 13 May 2002
  • Vulnerability Is Discovered in Security for Smart Cards. The New York Times, Technology, 13 May 2002

Sergei Skorobogatov<Sergei.Skorobogatov (at) cl.cam.ac.uk>
last modified 23-01-2020 -- http://www.cl.cam.ac.uk/~sps32/

Keywords: hardware security, hardware assurance, analysis, evaluation, computer testing, microcontroller, smartcard, embedded systems, tamper resistance, trojans, backdoors, smartcard systems, breaking copy protection, IP, data extraction, AES key, DES, TDES, RSA, SHA-1, electronic engineering, invasive, non-invasive, semi-invasive attacks, optical probing, side-channel, EMA, power analysis, cryptography, encryption, crypto, digital electronics, controllers, iPhone, NAND, MCU, CPLD, FPGA, ASIC, IC, fuse, antifuse, flash, EPROM, EEPROM, NAND, lock bits, attacking, cracking, hacking, crack, hack, unlock, unprotect, break, reverse engineer, recover, recovery, Motorola, Atmel, Microchip, NEC, Texas Instruments, Hitachi, Renesas, Winbond, Freescale, Cypress, Maxim, Dallas, Zilog, STMicroelectronics, SGS Thomson, Ubicom, Scenix, Intel, Cygnal, Philips, Holtek, Mitsubishi, Siemens, Samsung, Toshiba, Actel, NXP, ARM, Elan, Altera, Infineon, Lattice, Xilinx, Fujitsu, Maxim, Temic, Macronix, Microsemi, National Semiconductor, PIC, AVR, MSP430, H8, ST62, Z86, MC68HC, HC908, HCS08, HC12, PIC16, PIC18, PIC24, dsPIC30, dsPIC33, DS2432, 78K, V850, V850E, V850E1, V850ES, V850E2, AT89, AT90, ATMEGA, ATtiny, PA3, A3P, ProASIC, ProASIC3, Igloo, Fusion, SmartFusion, MAX10, 10M16, passkey, flashlock, iButton, Nintendo, SEGA, SONY, WII, NES, Newport, PM500 card, motorized stage, motion control, Kensington