| Travis Goodspeed - Extracting Keys from Second Generation Zigbee Chips | | Print | |
| Written by Akiba | |
| Friday, 07 August 2009 | |
|
Travis Goodspeed just published his BlackHat 2009 paper on key extraction from Zigbee SoCs on his blog. It's scary that most of the new meters going into the smart grid are based on the chips which have the vulnerability he mentions in the paper. I don't think it's a coincidence and the implications are very severe. I've included the paper below and you can download it from his website. If you're in the 802.15.4 or Zigbee industry, you should definitely check this out... Updated 2009-08-07: Travis also mentions he'll be announcing fixes for the security vulnerabilities in future blog posts as well. Hits: 1382 Trackback(0)
Comments (2)
  written by Akiba, August 08, 2009
Yeah, 802.15.4 security just recently started taking a prominent role with the popularity of the smart grid rollout and Zigbee Smart Energy. I think that future 802.15.4 radios/SOCs are going to start paying a lot more attention to hardware vulnerabilities. It's going to become a very important topic in the future for wireless sensor networking.
report abuse
vote down
vote up
Votes: +0
Write comment
|
TrackBack URI for this entry
Subscribe to this comment's feed
Show/Hide comment form
| < Prev | Next > |
|---|
If we were in the pure paranoid world, our MCU radio modules should be tamper proof. The AES module (be it a part of radio, a part of MCU, doesn't matter) contains preloaded key (which can be burned during fabric process, during special load-once process or be even eraseable/writeable multiple times, again doesn't matter). Then the flash part of the MCU should contain key material protected with that preloadded key. The AES module stored all the keys in tamperproof area.
Then MCU willing to enc/dec something just selects keyslot, direction and voila!
Otherwise any kind of security will be false.