Eric Michaud (CEO, Rift Recon) & Ryan Lackey (CEO, Cryptoseal)

PRESENTATION TITLE: Thwarting Evil Maid Attacks: Physically Unclonable Functions for Hardware Tamper Detection

PRESENTATION ABSTRACT:

Increasingly, users and their computing hardware are exposed a range of software and hardware attacks, ranging from disk imaging to hardware keylogger installation and beyond. Existing methods are inadequate to fully protect users, particularly from covert physical hardware modifications in the “evil maid” scenario, and yet are very inconvenient. Victims include governments and corporations traveling internationally (e.g. China), anti-government activists in places like Syria, and anyone who is a target of a motivated attacker who can gain physical access.

Physically Unclonable Functions, combined with a trusted mobile device and a network service, can be used to mitigate these risks. We present a novel open-source mobile client and network service which can protect arbitrary hardware from many forms of covert modification and attack, and which when integrated with software, firmware, and policy defenses, can provide greater protection to users and limit potential attack surface.

ABOUT ERIC MICHAUD

Rift Recon. Director of Hardware Curation at Exploit Hub. Eric has advised on physical security, lockpicking, and starting hackerspaces since 2004. Eric is the co-founder of i11 Industries, an interdisciplinary think tank, advising on R&D, physical security, testing and analysis, to organizational advising, forecasting and strategy. Eric started, HacDC and Pumping Station: One, and has advised numerous hackerspaces helping bring the movement to over 900 locations around the world. Since then Eric has helped many hackerspaces with fundraising in their early stages.

Eric co-founded College of Lockpicking and has taught workshops around the world bringing locksport to thousands of people. Eric’s skill opening impossible-to-pick locks earned him a place in locksport history with the “Michaud Attack.” He was previously on the Board of Directors for TOOOL US. He is referenced widely in academic papers, talks, and books including “Open In Thirty Seconds.”

ABOUT RYAN LACKEY

Ryan Lackey is an entrepreneur and computer security professional. He was a co-founder of HavenCo, the world’s first data haven. He also speaks at numerous conferences and trade shows, including DEF CON, RSA Data Security Conference, on various topics in the computer security field, and has appeared on the cover of Wired Magazine, in numerous television, radio, and print articles on HavenCo and Sealand. Lackey operated BlueIraq, a VSAT communications and IT company serving the DoD and domestic markets in Iraq and Afghanistan during the US conflicts.