Markus Muellner scite author profile

Markus Muellner

3Publications

3Citation Statements Received

34Citation Statements Given

How they've been cited

How they cite others

Affiliations

TU Wien

Publications

Order By: Most citations

Breaking Integrated Circuit Device Security through Test Mode Silicon Reverse Engineering

Kammerstetter

Muellner

Burian

et al. 2014

View full text Add to dashboard Cite

Integrated Circuit (IC) device manufacturing is a challenging task and often results in subtle defects that can render a chip unusable. To detect these defects at multiple stages during the IC production process, test modes are inserted (Design For Testability). On the downside, attackers can use these test modes to break IC device security and extract sensitive information such as the firmware implementation or secret key material. While in high security smart cards the testing circuits are physically removed during production for this reason, in the majority of digital ICs the testing modes remain intact. Often they are undocumented, wellhidden and contain secret test commands. Utilizing search algorithms and/or side channel information, several attacks on secret testing modes have been presented lately. Accordingly, countermeasures that frequently rely on obfuscation techniques have been proposed as more advanced cryptographic methods would require significantly more space on the die and thus cause higher production costs. In this work, we show that limited effort silicon reverse engineering can be effectively used to discover secret testing modes and that proposed obfuscation based countermeasures can be circumvented without altering the analysis technique. We describe our approach in detail at the example of a proprietary cryptographic game authentication chip of a well known gaming console and present an FPGA implementation of the previously secret authentication algorithm.

show abstract

Efficient High-Speed WPA2 Brute Force Attacks Using Scalable Low-Cost FPGA Clustering

Kammerstetter¹,

Muellner²,

Burian³

et al. 2016

View full text Add to dashboard Cite

WPA2-Personal is widely used to protect Wi-Fi networks against illicit access. While attackers typically use GPUs to speed up the discovery of weak network passwords, attacking random passwords is considered to quickly become infeasible with increasing password length. Professional attackers may thus turn to commercial high-end FPGAbased cluster solutions to significantly increase the speed of those attacks. Well known manufacturers such as Elcomsoft have succeeded in creating world's fastest commercial FPGA-based WPA2 password recovery system, but since they rely on high-performance FPGAs the costs of these systems are well beyond the reach of amateurs. In this paper, we present a highly optimized low-cost FPGA cluster-based WPA-2 Personal password recovery system that can not only achieve similar performance at a cost affordable by amateurs, but in comparison our implementation would also be more than 5 times as fast on the original hardware. Since the currently fastest system is not only significantly slower but proprietary as well, we believe that we are the first to present the internals of a highly optimized and fully pipelined FPGA WPA2 password recovery system. In addition, we evaluated our approach with respect to performance and power usage and compare it to GPU-based systems. To assess the real-world impact of our system, we utilized the well known Wigle Wi-Fi network dataset to conduct a case study within the country and its border regions. Our results indicate that our system could be used to break into each of more than 160, 000 existing Wi-Fi networks requiring 3 days per network on our low-cost FPGA cluster in the worst case.

show abstract

ChemInform Abstract: Application of the Hurd‐Mori‐Reaction for the Synthesis of Tricyclic Anellated 1,2,3‐Thiadiazoles.

1997

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Markus Muellner

Breaking Integrated Circuit Device Security through Test Mode Silicon Reverse Engineering

Efficient High-Speed WPA2 Brute Force Attacks Using Scalable Low-Cost FPGA Clustering

ChemInform Abstract: Application of the Hurd‐Mori‐Reaction for the Synthesis of Tricyclic Anellated 1,2,3‐Thiadiazoles.

Contact Info

Product

Resources

About