The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks (Paperback)
暫譯: 硬體駭客手冊:利用硬體攻擊破解嵌入式安全

Van Woudenberg, Jasper, O'Flynn, Colin

The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks (Paperback)

買這商品的人也買了...

相關主題

商品描述

The Hardware Hacking Handbook takes you deep inside embedded devices to show how different kinds of attacks work, then guides you through each hack on real hardware.

Embedded devices are chip-size microcomputers small enough to be included in the structure of the object they control, and they're everywhere--in phones, cars, credit cards, laptops, medical equipment, even critical infrastructure. This means understanding their security is critical. The Hardware Hacking Handbook takes you deep inside different types of embedded systems, revealing the designs, components, security limits, and reverse-engineering challenges you need to know for executing effective hardware attacks.

Written with wit and infused with hands-on lab experiments, this handbook puts you in the role of an attacker interested in breaking security to do good. Starting with a crash course on the architecture of embedded devices, threat modeling, and attack trees, you'll go on to explore hardware interfaces, ports and communication protocols, electrical signaling, tips for analyzing firmware images, and more. Along the way, you'll use a home testing lab to perform fault-injection, side-channel (SCA), and simple and differential power analysis (SPA/DPA) attacks on a variety of real devices, such as a crypto wallet. The authors also share insights into real-life attacks on embedded systems, including Sony's PlayStation 3, the Xbox 360, and Philips Hue lights, and provide an appendix of the equipment needed for your hardware hacking lab - like a multimeter and an oscilloscope - with options for every type of budget.

You'll learn:
- How to model security threats, using attacker profiles, assets, objectives, and countermeasures

- Electrical basics that will help you understand communication interfaces, signaling, and measurement

- How to identify injection points for executing clock, voltage, electromagnetic, laser, and body-biasing fault attacks, as well as practical injection tips

- How to use timing and power analysis attacks to extract passwords and cryptographic keys

- Techniques for leveling up both simple and differential power analysis, from practical measurement tips to filtering, processing, and visualization

Whether you're an industry engineer tasked with understanding these attacks, a student starting out in the field, or an electronics hobbyist curious about replicating existing work, The Hardware Hacking Handbook is an indispensable resource - one you'll always want to have onhand.

商品描述(中文翻譯)

《硬體駭客手冊》深入探討嵌入式設備,展示各種攻擊的運作方式,並指導您在真實硬體上進行每一項駭客行為。

嵌入式設備是微型計算機,尺寸足夠小,可以嵌入其控制的物體結構中,無處不在——在手機、汽車、信用卡、筆記型電腦、醫療設備,甚至關鍵基礎設施中。因此,了解它們的安全性至關重要。《硬體駭客手冊》深入探討不同類型的嵌入式系統,揭示您在執行有效的硬體攻擊時需要了解的設計、組件、安全限制和逆向工程挑戰。

本手冊以幽默的筆觸和實作實驗為特色,讓您扮演一位有興趣打破安全以做好事的攻擊者。從嵌入式設備的架構、威脅建模和攻擊樹的速成課程開始,您將探索硬體介面、端口和通訊協議、電信號、分析韌體映像的技巧等。在此過程中,您將使用家庭測試實驗室對各種真實設備(如加密錢包)進行故障注入、側信道(SCA)以及簡單和差異功率分析(SPA/DPA)攻擊。作者還分享了對嵌入式系統的實際攻擊見解,包括索尼的 PlayStation 3、Xbox 360 和 Philips Hue 燈,並提供了硬體駭客實驗室所需設備的附錄——如萬用表和示波器,並提供各種預算的選擇。

您將學到:
- 如何使用攻擊者檔案、資產、目標和對策來建模安全威脅

- 有助於理解通訊介面、信號和測量的電氣基礎知識

- 如何識別執行時鐘、電壓、電磁、激光和身體偏壓故障攻擊的注入點,以及實用的注入技巧

- 如何使用時間和功率分析攻擊來提取密碼和加密金鑰

- 提升簡單和差異功率分析的技術,從實用的測量技巧到過濾、處理和可視化

無論您是負責了解這些攻擊的行業工程師、剛入門的學生,還是對複製現有工作感到好奇的電子愛好者,《硬體駭客手冊》都是一個不可或缺的資源——您將始終希望隨身攜帶。

作者簡介

Colin O'Flynn runs NewAE Technology Inc., a startup designing tools and equipment to teach engineers about embedded security. He started the open-source ChipWhisperer project as part of his PhD, and was previously an assistant professor with Dalhousie University teaching embedded systems and security. He lives in Halifax, Canada, and you can find his dogs featured in many of the products developed with NewAE.

Jasper van Woudenberg is the CTO of Riscure North America. He has been involved in embedded device security on a broad range of topics, including finding and helping fix bugs in code that runs on hundreds of millions of devices, using symbolic execution to extract keys from faulted cryptosystems, and using speech recognition algorithms for side channel trace processing. Jasper is a father of two and husband of one and lives in California, where he likes to bike mountains and board snow. He has a cat that tolerates him but is too cool for Twitter.

作者簡介(中文翻譯)

Colin O'Flynn 目前擔任 NewAE Technology Inc. 的負責人,這是一家設計工具和設備以教導工程師有關嵌入式安全的初創公司。他在攻讀博士學位期間啟動了開源的 ChipWhisperer 專案,並曾擔任達爾豪斯大學的助理教授,教授嵌入式系統和安全。他居住在加拿大哈利法克斯,您可以在許多與 NewAE 開發的產品中看到他的狗的身影。



Jasper van Woudenberg 是 Riscure North America 的首席技術官。他參與了廣泛的嵌入式設備安全主題,包括尋找並協助修復運行在數億設備上的代碼中的錯誤,使用符號執行從故障加密系統中提取密鑰,以及使用語音識別算法進行側信道追蹤處理。Jasper 是兩個孩子的父親和一位妻子的丈夫,居住在加利福尼亞州,他喜歡騎自行車上山和滑雪。他有一隻貓,雖然能容忍他,但對 Twitter 太酷了。

類似商品