The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks (Paperback)

Van Woudenberg, Jasper, O'Flynn, Colin

  • 出版商: No Starch Press
  • 出版日期: 2021-12-21
  • 定價: $1,750
  • 售價: 9.5$1,663
  • 貴賓價: 9.0$1,575
  • 語言: 英文
  • 頁數: 512
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1593278748
  • ISBN-13: 9781593278748
  • 相關分類: 嵌入式系統資訊安全駭客 Hack
  • 立即出貨 (庫存 < 4)

買這商品的人也買了...

商品描述

The Hardware Hacking Handbook takes you deep inside embedded devices to show how different kinds of attacks work, then guides you through each hack on real hardware.

Embedded devices are chip-size microcomputers small enough to be included in the structure of the object they control, and they're everywhere--in phones, cars, credit cards, laptops, medical equipment, even critical infrastructure. This means understanding their security is critical. The Hardware Hacking Handbook takes you deep inside different types of embedded systems, revealing the designs, components, security limits, and reverse-engineering challenges you need to know for executing effective hardware attacks.

Written with wit and infused with hands-on lab experiments, this handbook puts you in the role of an attacker interested in breaking security to do good. Starting with a crash course on the architecture of embedded devices, threat modeling, and attack trees, you'll go on to explore hardware interfaces, ports and communication protocols, electrical signaling, tips for analyzing firmware images, and more. Along the way, you'll use a home testing lab to perform fault-injection, side-channel (SCA), and simple and differential power analysis (SPA/DPA) attacks on a variety of real devices, such as a crypto wallet. The authors also share insights into real-life attacks on embedded systems, including Sony's PlayStation 3, the Xbox 360, and Philips Hue lights, and provide an appendix of the equipment needed for your hardware hacking lab - like a multimeter and an oscilloscope - with options for every type of budget.

You'll learn:
- How to model security threats, using attacker profiles, assets, objectives, and countermeasures

- Electrical basics that will help you understand communication interfaces, signaling, and measurement

- How to identify injection points for executing clock, voltage, electromagnetic, laser, and body-biasing fault attacks, as well as practical injection tips

- How to use timing and power analysis attacks to extract passwords and cryptographic keys

- Techniques for leveling up both simple and differential power analysis, from practical measurement tips to filtering, processing, and visualization

Whether you're an industry engineer tasked with understanding these attacks, a student starting out in the field, or an electronics hobbyist curious about replicating existing work, The Hardware Hacking Handbook is an indispensable resource - one you'll always want to have onhand.

商品描述(中文翻譯)

《硬體駭客手冊》帶你深入嵌入式設備,展示不同類型的攻擊如何運作,然後引導你在真實硬體上進行每個駭客攻擊。

嵌入式設備是指尺寸小到足以包含在它們控制的物體結構中的芯片大小微型電腦,它們無處不在 - 手機、汽車、信用卡、筆記型電腦、醫療設備,甚至是關鍵基礎設施。這意味著了解它們的安全性至關重要。《硬體駭客手冊》帶你深入不同類型的嵌入式系統,揭示了設計、組件、安全限制和逆向工程挑戰,讓你能夠執行有效的硬體攻擊。

這本手冊以機智的筆調撰寫,並融入實驗室實踐,讓你扮演一個有意破解安全性以行善的攻擊者角色。從嵌入式設備的架構、威脅建模和攻擊樹的速成課程開始,你將探索硬體介面、端口和通信協議、電氣信號、分析韌體映像的技巧等等。在此過程中,你將使用家用測試實驗室對各種真實設備進行故障注入、側信道攻擊和簡單和差分功率分析攻擊,例如加密錢包。作者還分享了對嵌入式系統的實際攻擊的見解,包括索尼的PlayStation 3、Xbox 360和飛利浦的Hue燈,並提供了一個附錄,列出了硬體駭客實驗室所需的設備 - 如電表和示波器 - 並提供了各種預算的選擇。

你將學到:
- 如何使用攻擊者配置文件、資產、目標和對策來建模安全威脅
- 幫助你理解通信介面、信號和測量的電氣基礎知識
- 如何識別執行時鐘、電壓、電磁、激光和體偏壓故障攻擊的注入點,以及實用的注入技巧
- 如何使用時序和功率分析攻擊來提取密碼和加密金鑰
- 從實用的測量技巧到過濾、處理和可視化,提升簡單和差分功率分析的技巧

無論你是一位負責了解這些攻擊的行業工程師、一位剛入行的學生,還是一位對複製現有工作感興趣的電子愛好者,《硬體駭客手冊》都是一本不可或缺的資源 - 你將永遠想要隨身攜帶的一本書。

作者簡介

Colin O'Flynn runs NewAE Technology Inc., a startup designing tools and equipment to teach engineers about embedded security. He started the open-source ChipWhisperer project as part of his PhD, and was previously an assistant professor with Dalhousie University teaching embedded systems and security. He lives in Halifax, Canada, and you can find his dogs featured in many of the products developed with NewAE.

Jasper van Woudenberg is the CTO of Riscure North America. He has been involved in embedded device security on a broad range of topics, including finding and helping fix bugs in code that runs on hundreds of millions of devices, using symbolic execution to extract keys from faulted cryptosystems, and using speech recognition algorithms for side channel trace processing. Jasper is a father of two and husband of one and lives in California, where he likes to bike mountains and board snow. He has a cat that tolerates him but is too cool for Twitter.

作者簡介(中文翻譯)

Colin O'Flynn 是 NewAE Technology Inc. 的創辦人,該公司設計工具和設備,用於教導工程師嵌入式安全性。他在攻讀博士學位期間開始了開源項目 ChipWhisperer,之前曾在達爾豪斯大學擔任助理教授,教授嵌入式系統和安全性。他居住在加拿大的哈利法克斯,你可以在許多由 NewAE 開發的產品中看到他的狗的身影。

Jasper van Woudenberg 是 Riscure North America 的首席技術官。他在嵌入式設備安全方面涉獵廣泛,包括在數億設備上尋找並幫助修復程式碼中的錯誤,使用符號執行從故障的加密系統中提取金鑰,以及使用語音識別算法進行側信道追蹤處理。Jasper 是兩個孩子的父親,並且是一個妻子的丈夫,他居住在加利福尼亞,喜歡騎自行車和滑雪板。他有一隻貓,容忍他但對 Twitter 不感興趣。