[Strange and Radiant Machines in the PHY Layer] presented at Hackito Ergo Sum 2012

by Sergey Bratus, Travis Goodspeed,

Tags: Hardware Reverse Engineering

Summary : As V.I. Lenin wrote, the electron is as inexhaustible as the atom. In Materialism and Empyriocriticism, Lenin strongly rejected the Idealist notion of natural phenomena assumed at some level to be indivisible or impenetrable to human cognition. Yet some Comrades still view hardware and PHY as a thing in itself, an impenetrable and indivisible package. ??? ???????. These Comrades must be shown the error of their ways. They must be shown that the PHY layer is just as malleable and just as exploitable as any of the layers above it! Under the hood, PHY layer hardware has a number of components that can be used on unintended computation paths, for unexpected results. Weird machines do not stop at software, they extend into hardware and may reside entirely in hardware. Once we get past the illusion of hardware atomicity, it provides enough weird cogs to borrow. Packet-in-Packet enables the remote attacker who can manipulate the higher layer payloads of a digital radio link to inject PHY layer frames without ever owning a radio. The attacker builds this injection out of the hardware elements of the remote PHY chip and ambient radio noise. Now thats atomic divisibility and powerful dialectics, Comrade! We will show how the Packet-in-Packet remote PHY layer injection technique is naturally derived from this view, and show other classes of PHY bug (cogs) that can be found that way. We will show that seemingly mundane fingerprinting research into hardware differences can deliver cogs that power much stronger exploits. PHY Fingerprinting is not a mostly-harmless firecracker activity. Playing around with isotopes looking for minute differences may sound silly, but this is the kind of study that delivers nuclear power, Kuzkina Mat grade. Da, Tovarisch.

Sergey Bratus: Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He enjoys wireless and wired network hacking and tries to help fellow academics to understand its value and relevance. Before coming to Dartmouth, he worked on machine learning for natural text processing at BBN Technologies. He has a Ph.D. In Mathematics from Northeastern University.