App note: Secure hash algorithms back to basics

Maxim Integrated’s introduction to SHA security. Link here (PDF) This application note goes over the basics of Secure Hash Algorithms (SHA) and discusses the variants of the algorithm. It then briefly touches on how the algorithm is used for authentication, including the concept of a Hashed Message Authentication Code (HMAC). It concludes by looking at […]

App note: Enhancing system security with Macronix(TM) flash

Technical note from Macronix about built-in and hardware security strategies on their flash memories. Link here (PDF) Attacks on a system typically alter or copy the content of the Flash image for three primary reasons, which are to: operate the system in an unauthorized manner with the purpose of committing fraud against the user or […]

App note: Challenge and Response with 1-Wire® SHA Devices

Another app note from Maxim Integrated about challenge-response security on 1-wire devices. Link here (PDF) Challenge-response can be a secure way of protecting access to any privileged material if implemented correctly. In this document, many options for challenge-response access control are discussed but the most secure method given is presenting a different random challenge on […]

Sega System 16 security reverse engineering

Reverse engineering of Sega’s System 16 Hitachi FD1089 cpu security module by Eduardo Cruz: I’m glad to announce the successful reverse engineering of Sega’s System 16 cpu security modules. This development will enable collectors worldwide preserving hardware unmodified, and stop the general discarding of Hitachi FD modules. The project is right now involving external testers so […]

App note: Fundamentals of electronic security: Tampering with the easy targets

An app note from Maxim Integrated about tampering electronic securities through physical means and how to protect against it. Link here (PDF) More and more frequently, computer-based systems store valuable data and manage the flow of valuable commodities. If an opponent can gain control of the computer that touches this valuable data, they can access […]

Reversing D-Link’s WPS Pin Algorithm

Craig of /dev/ttyS0 wrote an article on reversing D-Link’s WPS Pin Algorithm: While perusing the latest firmware for D-Link’s DIR-810L 80211ac router, I found an interesting bit of code in sbin/ncc, a binary which provides back-end services used by many other processes on the device, including the HTTP and UPnP servers I first began examining this particular piece […]

Gesture based security lock project

Alan Parekh writes: Instead of using keys and codes for security this device that Ankur Thakkar, Darshan Shah and Saisrinivasan Mohankumar built as part of their ece4760 Final Project uses gestures to grant access. The system uses IR sensors to determine the movement of a persons hand within the detection area, after you train the […]

App note: Hardware security ICs offer large security returns at a low cost

An application note from Maxim: Hardware security ICs offer large security returns at a low cost In the face of security vulnerabilities in health and safety applications, governments and industry leaders have focused on security weaknesses in the design and protection of electronic devices. This article explains how using hardware security ICs dramatically reduces the risk […]

App Note: wireless home security implementing KEELOQ® and PIC®

KEELOQ® is an authentication system designed by Microchip. It’s based on a proprietary, non-linear encryption algorithm that creates a unique transmission on every use, supposedly rendering RF replay attacks useless. The algorithm uses a programmable 64-bit encryption key unique to each device to generate 32-bit hopping code. In this new app note, Microchip presents a […]

Secure usb time stamp

Simon Inns created a secure USB time stamp device. This project implements a USB device which provides a real-time clock for the purpose of time-stamping events in an non-networked embedded computer environment. For embedded applications where a periodic time-stamp is required (such as entry-system logs, configuration audit logs, etc.) it is necessary to have a […]

Free laundry hack highlights lack of security

cam0 pried open a laundry smartcard and found an unprotected SPI EEPROM chip. He googled the part number and found a datasheet that describes the chip protocol, then dumped the data with a Bus Pirate. He found the card balance by comparing the contents before and after a load of laundry, the value was stored […]