Shaping the glitch: Optimizing voltage fault injection attacks

被引:18
作者
Bozzato C. [1 ]
Focardi R. [2 ]
Palmarini F. [3 ]
机构
[1] Ca’ Foscari University of Venice, Cryptosense
[2] Ca’ Foscari University of Venice, Yarix
来源
IACR Transactions on Cryptographic Hardware and Embedded Systems | 2019年 / 2019卷 / 02期
关键词
Embedded system security; Fault attacks; Firmware extraction; Microcon-trollers;
D O I
10.13154/tches.v2019.i2.199-224
中图分类号
学科分类号
摘要
Voltage fault injection is a powerful active side channel attack that modifies the execution-flow of a device by creating disturbances on the power supply line. The attack typically aims at skipping security checks or generating side-channels that gradually leak sensitive data, including the firmware code. In this paper we propose a new voltage fault injection technique that generates fully arbitrary voltage glitch waveforms using off-the-shelf and low cost equipment. To show the effectiveness of our setup, we present new, unpublished firmware extraction attacks on six microcontrollers from three major manufacturers: STMicroelectronics, Texas Instruments and Renesas Electronics that, in 2016 declared a market of $1.5 billion, $800 million and $2.5 billion on units sold, respectively. Among the presented attacks, the most challenging ones exploit multiple vulnerabilities and inject over one million glitches, heavily leveraging on the performance and repeatability of the new proposed technique. We perform a thorough evaluation of arbitrary glitch waveforms by comparing the attack performance against two other major V-FI techniques in the literature. Along a responsible disclosure policy, all the vulnerabilities have been timely reported to the manufacturers. © 2019, Ruhr-University of Bochum. All rights reserved.
引用
收藏
页码:199 / 224
页数:25
相关论文
共 58 条
[1]  
Aumuller Christian, Bier Peter, Fischer Wieland, Hofreiter Peter, Seifert Jean-Pierre, Fault attacks on RSA with CRT: concrete results and practical countermeasures, Cryptographic Hardware and Embedded Systems-CHES 2002, 4th International Workshop, pp. 260-275, (2002)
[2]  
Anderson Ross J., Kuhn Markus G., Low cost attacks on tamper resistant devices, Security Protocols, 5th International Workshop, pp. 125-136, (1997)
[3]  
Barenghi Alessandro, Bertoni Guido, Breveglieri Luca, Pellicioli Mauro, Pelosi Gerardo, Low voltage fault attacks to AES, HOST 2010, Proceedings of the 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 7-12, (2010)
[4]  
Barenghi Alessandro, Bertoni Guido, Breveglieri Luca, Pellicioli Mauro, Pelosi Gerardo, Low voltage fault attacks to AES and RSA on general purpose processors, IACR Cryptology ePrint Archive, 2010, (2010)
[5]  
Barenghi Alessandro, Breveglieri Luca, Koren Israel, Naccache David, Fault injection attacks on cryptographic devices: Theory, practice, and coun-termeasures, Proceedings of the IEEE, 100, 11, pp. 3056-3076, (2012)
[6]  
Barenghi Alessandro, Bertoni Guido, Parrinello Emanuele, Pelosi Gerardo, Low voltage fault attacks on the RSA cryptosystem, Sixth International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, pp. 23-31, (2009)
[7]  
Bar-El Hagai, Choukri Hamid, Naccache David, Tunstall Michael, Whelan Claire, The sorcerer’s apprentice guide to fault attacks, IACR Cryptology ePrint Archive, (2004)
[8]  
Brier Eric, Clavier Christophe, Olivier Francis, Correlation power analysis with a leakage model, Cryptographic Hardware and Embedded Systems-CHES 2004: 6th International Workshop Cambridge, pp. 16-29, (2004)
[9]  
Backes Michael, Durmuth Markus, Gerling Sebastian, Pinkal Manfred, Sporleder Caroline, Acoustic side-channel attacks on printers, 19th USENIX Security Symposium, pp. 307-322, (2010)
[10]  
Boneh Dan, DeMillo Richard A., Lipton Richard J., On the importance of checking cryptographic protocols for faults (extended abstract), Advances in Cryptology-EUROCRYPT ’97, International Conference on the Theory and Application of Cryptographic Techniques, pp. 37-51, (1997)
123456