prof. avishai wool: school of electrical engineering, tel aviv university
TRANSCRIPT
![Page 1: Prof. Avishai Wool: School of Electrical Engineering, Tel Aviv University](https://reader035.vdocuments.site/reader035/viewer/2022070410/56649f175503460f94c2e6ab/html5/thumbnails/1.jpg)
Securing Device and Network Communications: the CoNSEL Lab @ TAU/EE
Prof. Avishai Wool:
School of Electrical Engineering, Tel Aviv University
![Page 2: Prof. Avishai Wool: School of Electrical Engineering, Tel Aviv University](https://reader035.vdocuments.site/reader035/viewer/2022070410/56649f175503460f94c2e6ab/html5/thumbnails/2.jpg)
2
Who we are
Prof. Avishai Wool
Ph.D. Student Amit Kleinman
M.Sc. Students: Dvir Schirman Noam Erez Asaf Tzur Ofir Weisse
Undergradute student Gal Lerner
Many past members
![Page 3: Prof. Avishai Wool: School of Electrical Engineering, Tel Aviv University](https://reader035.vdocuments.site/reader035/viewer/2022070410/56649f175503460f94c2e6ab/html5/thumbnails/3.jpg)
3
What we do (2013 snapshot)
Control networks SCADA: On-going
Wireless Security: RFID: Prox-cards (payments, access systems,
passports, Israeli e-voting)
Side-channel cryptography
Other projects: RFID: EPC-Gen2 (product labels) Bluetooth, anti-malware, OS, file systems, …
![Page 4: Prof. Avishai Wool: School of Electrical Engineering, Tel Aviv University](https://reader035.vdocuments.site/reader035/viewer/2022070410/56649f175503460f94c2e6ab/html5/thumbnails/4.jpg)
Example – Power Plant (Coal)On the outside
Industrial Sketch
![Page 5: Prof. Avishai Wool: School of Electrical Engineering, Tel Aviv University](https://reader035.vdocuments.site/reader035/viewer/2022070410/56649f175503460f94c2e6ab/html5/thumbnails/5.jpg)
5
On inside: Typical Components
HMIModbus/TCP (e.g. over Ethernet)
![Page 6: Prof. Avishai Wool: School of Electrical Engineering, Tel Aviv University](https://reader035.vdocuments.site/reader035/viewer/2022070410/56649f175503460f94c2e6ab/html5/thumbnails/6.jpg)
6
SCADA network security
Industrial control systems (energy, chemical, …)
Control protocol is not protected Access to control net “Pwn” all PLCs
Our work: analyze & model Modbus/TCP protocol Identify designs for accurate IDS systems Experiment [TAU has a live Modbus
network!]
![Page 7: Prof. Avishai Wool: School of Electrical Engineering, Tel Aviv University](https://reader035.vdocuments.site/reader035/viewer/2022070410/56649f175503460f94c2e6ab/html5/thumbnails/7.jpg)
7
RFID Prox-card technology
5cm range Access systems, transportation,
credit cards, passports, Israeli e-vote
Relay attacks (Extended-range) Jamming card-to-reader range extension
![Page 8: Prof. Avishai Wool: School of Electrical Engineering, Tel Aviv University](https://reader035.vdocuments.site/reader035/viewer/2022070410/56649f175503460f94c2e6ab/html5/thumbnails/8.jpg)
Range extension attacks
5 cm
HF RFID Reader HF RFID Tag
Leec
h
GhostRe
lay
Extended range
Leech
Extended range
Ghost
![Page 9: Prof. Avishai Wool: School of Electrical Engineering, Tel Aviv University](https://reader035.vdocuments.site/reader035/viewer/2022070410/56649f175503460f94c2e6ab/html5/thumbnails/9.jpg)
9
Side-Channel Cryptanalysis Devices include secret cryptographic keys
Car alarm systems (keeloq), Cellular SIM cards, …
With device in lab, collect input+output pairs … plus side channel
E.g., Power consumption trace sampled by scope Extract secret keys
Our work: algorithms that need very few traces, and can deal with measurement error