{"guid":"2215a5c2-64ef-5e85-b9cb-d937a1b0d635","title":"Gestatten: The Flash","subtitle":"Security von Embedded Systemen pimpen - Wieso? Weshalb? Wow!","slug":"gpn23-21-gestatten-the-flash-security-von-embedded-systemen-pimpen-wieso-weshalb-wow-","link":"https://cfp.gulas.ch/gpn23/talk/HVECKJ/","description":"Flash-Speicher sind mehr als nur passive Datencontainer – sie können aktive Sicherheitskomponenten sein. Dieser Vortrag zeigt, wie Maker und Profis gleichermaßen Flash-Technologien nutzen können, um Sicherheitsziele von der Verschlüsselung bis zum Secure Boot zu erreichen – selbst bei Systemen, die nicht für hohe Sicherheit konzipiert wurden.\r\n\r\nFlash-Speicher führen in Sicherheitskonzepten oft ein Schattendasein - zurecht? \r\n\r\nWas kaum einer weiß, sie bieten enorme Potenziale, um grundlegende Sicherheitsziele zu erreichen – von der Arduino-Bastelei bis zum industriellen Steuerungssystem. \r\n\r\nIch nehme euch mit dahin wo die Bits und Bytes in Quantentrögen schlummern und wie Flash-Controller sie verwalten. Wenn man diese Controller unter Kontrolle hat kann man SD Karten, eMMC und Co als aktive Sicherheitskomponente eingesetzen.\r\n\r\nIch erkläre: \r\n\r\n### Grundlagen der Flash-Technologie und Sicherheitsziele\r\n* Übersicht zu Flash-Typen und der Security\r\n* Kommunikation mit SD Karten\r\n* Schutzziele für verschiedene Anwendungsszenarien (IoT, Maker-Projekte, Industrie)\r\n* Typische Angriffsvektoren auf Flash-Speicher und deren Auswirkungen\r\n* Flash-Security-Funktionen wie RPMB und Secure Erase\r\n\r\n### Mehr als der Standard\r\n* Partitionierung mit Zugriffsrechten\r\n* Integration von SmartCard-Chips in microSD-Karten als Random Number Generator und Private Key Storage\r\n* Secure Boot optionen für den RPi\r\n\r\n### Ausblick\r\n* Kryptoagilität durch PQC-Secure-Elemente in SSDs – wie zukünftige Flash-Speicher Quantencomputer-Bedrohungen begegnen könnten\r\n\r\n### Kleine Demos - wenn genügend Zeit\r\n* Ohne Krypto: Sichere Datenlogs auf SD Karten mit dem Arduino und ESP32\r\n* Secure Boot für den Raspberry Pi\r\n\r\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"deu","persons":["Roland"],"tags":["21","2025","gpn23","Cyber Security","ZKM Kubus","gpn23-deu","Day 3"],"view_count":231,"promoted":false,"date":"2025-06-21T11:15:00.000+02:00","release_date":"2025-06-21T00:00:00.000+02:00","updated_at":"2026-03-24T17:15:08.118+01:00","length":3737,"duration":3737,"thumb_url":"https://static.media.ccc.de/media/events/gpn/gpn23/21-2215a5c2-64ef-5e85-b9cb-d937a1b0d635.jpg","poster_url":"https://static.media.ccc.de/media/events/gpn/gpn23/21-2215a5c2-64ef-5e85-b9cb-d937a1b0d635_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/gpn/gpn23/21-2215a5c2-64ef-5e85-b9cb-d937a1b0d635.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/gpn/gpn23/21-2215a5c2-64ef-5e85-b9cb-d937a1b0d635.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/gpn23-21-gestatten-the-flash-security-von-embedded-systemen-pimpen-wieso-weshalb-wow-","url":"https://media.ccc.de/public/events/2215a5c2-64ef-5e85-b9cb-d937a1b0d635","conference_title":"Gulaschprogrammiernacht 23","conference_url":"https://media.ccc.de/public/conferences/gpn23","related":[],"recordings":[{"size":426,"length":3737,"mime_type":"video/webm;codecs=av01","language":"deu","filename":"gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_av1-hd.webm","state":"new","folder":"av1-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-06-22T01:12:11.127+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/av1-hd/gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_av1-hd.webm","url":"https://media.ccc.de/public/recordings/88237","event_url":"https://media.ccc.de/public/events/2215a5c2-64ef-5e85-b9cb-d937a1b0d635","conference_url":"https://media.ccc.de/public/conferences/gpn23"},{"size":35,"length":3737,"mime_type":"audio/opus","language":"deu","filename":"gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2025-06-21T13:48:41.288+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/opus/gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_opus.opus","url":"https://media.ccc.de/public/recordings/88179","event_url":"https://media.ccc.de/public/events/2215a5c2-64ef-5e85-b9cb-d937a1b0d635","conference_url":"https://media.ccc.de/public/conferences/gpn23"},{"size":2122,"length":3737,"mime_type":"video/webm","language":"deu","filename":"gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-06-21T13:58:46.149+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/webm-hd/gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_webm-hd.webm","url":"https://media.ccc.de/public/recordings/88186","event_url":"https://media.ccc.de/public/events/2215a5c2-64ef-5e85-b9cb-d937a1b0d635","conference_url":"https://media.ccc.de/public/conferences/gpn23"},{"size":57,"length":3737,"mime_type":"audio/mpeg","language":"deu","filename":"gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2025-06-21T13:48:52.474+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/mp3/gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_mp3.mp3","url":"https://media.ccc.de/public/recordings/88181","event_url":"https://media.ccc.de/public/events/2215a5c2-64ef-5e85-b9cb-d937a1b0d635","conference_url":"https://media.ccc.de/public/conferences/gpn23"},{"size":158,"length":3737,"mime_type":"video/mp4","language":"deu","filename":"gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-06-21T13:48:48.065+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/h264-sd/gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_sd.mp4","url":"https://media.ccc.de/public/recordings/88180","event_url":"https://media.ccc.de/public/events/2215a5c2-64ef-5e85-b9cb-d937a1b0d635","conference_url":"https://media.ccc.de/public/conferences/gpn23"},{"size":261,"length":3737,"mime_type":"video/webm","language":"deu","filename":"gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-06-21T13:43:23.754+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/webm-sd/gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_webm-sd.webm","url":"https://media.ccc.de/public/recordings/88177","event_url":"https://media.ccc.de/public/events/2215a5c2-64ef-5e85-b9cb-d937a1b0d635","conference_url":"https://media.ccc.de/public/conferences/gpn23"},{"size":647,"length":3737,"mime_type":"video/mp4","language":"deu","filename":"gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-06-21T13:34:52.392+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/h264-hd/gpn23-21-deu-Gestatten_The_Flash_Security_von_Embedded_Systemen_pimpen_-_Wieso_Weshalb_Wow_hd.mp4","url":"https://media.ccc.de/public/recordings/88176","event_url":"https://media.ccc.de/public/events/2215a5c2-64ef-5e85-b9cb-d937a1b0d635","conference_url":"https://media.ccc.de/public/conferences/gpn23"}]}