scholarly journals Practical, Low-Cost Fault Injection Attacks on Personal Smart Devices

2022 ◽  
Vol 12 (1) ◽  
pp. 417
Author(s):  
Shaked Delarea ◽  
Yossi Oren
Keyword(s):  
Fault Injection ◽  
Low Cost ◽  
Device Under Test ◽  
Smart Devices ◽  
Fault Attacks ◽  
Threat Model ◽  
Software Application ◽  
Injection Attacks ◽  
Close Proximity ◽  
Fault Injection Attacks

Fault attacks are traditionally considered under a threat model that assumes the device under test is in the possession of the attacker. We propose a variation on this model. In our model, the attacker integrates a fault injection circuit into a malicious field-replaceable unit, or FRU, which is later placed by the victim in close proximity to their own device. Examples of devices which incorporate FRUs include interface cards in routers, touch screens and sensor assemblies in mobile phones, ink cartridges in printers, batteries in health sensors, and so on. FRUs are often installed by after-market repair technicians without properly verifying their authenticity, and previous works have shown they can be used as vectors for various attacks on the privacy and integrity of smart devices. We design and implement a low-cost fault injection circuit suitable for placement inside a malicious FRU, and show how it can be used to practically extract secrets from a privileged system process through a combined hardware-software approach, even if the attacker software application only has user-level permissions. Our prototype produces highly effective and repeatable attacks, despite its cost being several orders of magnitude less than that of commonly used fault injection analysis lab setups. This threat model allows fault attacks to be carried out remotely, even if the device under test is in the hands of the victim. Considered together with recent advances in software-only fault attacks, we argue that resistance to fault attacks should be built into additional classes of devices.

scholarly journals Exploring the Feasibility of Low Cost Fault Injection Attacks on Sub-threshold Devices through an Example of a 65nm AES Implementation

2012 ◽  
pp. 48-60 ◽  
Author(s):  
Alessandro Barenghi ◽  
Cédric Hocquet ◽  
David Bol ◽  
François-Xavier Standaert ◽  
Francesco Regazzoni ◽  
...  
Keyword(s):  
Fault Injection ◽  
Low Cost ◽  
Injection Attacks ◽  
Fault Injection Attacks

scholarly journals Shaping the Glitch: Optimizing Voltage Fault Injection Attacks

2019 ◽  
pp. 199-224 ◽  
Author(s):  
Claudio Bozzato ◽  
Riccardo Focardi ◽  
Francesco Palmarini
Keyword(s):  
Power Supply ◽  
Fault Injection ◽  
Low Cost ◽  
Injection Technique ◽  
Side Channel ◽  
Sensitive Data ◽  
Injection Attacks ◽  
Side Channels ◽  
Security Checks ◽  
Fault Injection Attacks

Voltage fault injection is a powerful active side channel attack that modifies the execution-flow of a device by creating disturbances on the power supply line. The attack typically aims at skipping security checks or generating side-channels that gradually leak sensitive data, including the firmware code. In this paper we propose a new voltage fault injection technique that generates fully arbitrary voltage glitch waveforms using off-the-shelf and low cost equipment. To show the effectiveness of our setup, we present new, unpublished firmware extraction attacks on six microcontrollers from three major manufacturers: STMicroelectronics, Texas Instruments and Renesas Electronics that, in 2016 declared a market of $1.5 billion, $800 million and $2.5 billion on units sold, respectively. Among the presented attacks, the most challenging ones exploit multiple vulnerabilities and inject over one million glitches, heavily leveraging on the performance and repeatability of the new proposed technique. We perform a thorough evaluation of arbitrary glitch waveforms by comparing the attack performance against two other major V-FI techniques in the literature. Along a responsible disclosure policy, all the vulnerabilities have been timely reported to the manufacturers.

An AOP-Based Fault Injection Environment for Cryptographic SystemC Designs

2014 ◽  
Vol 24 (01) ◽  
pp. 1550008 ◽  
Author(s):  
Hassen Mestiri ◽  
Younes Lahbib ◽  
Mohsen Machhout ◽  
Rached Tourki
Keyword(s):  
Fault Injection ◽  
Electronic System ◽  
System Level ◽  
Standard Case ◽  
Fault Attacks ◽  
Injection Attacks ◽  
Electronic System Level ◽  
Fault Injection Attacks ◽  
The Impact ◽  
Simulation Time

The increasing complexity of cryptographic devices requires fast simulation environment in order to test their security against fault attacks. SystemC is one promising candidate in Electronic System Level that allows models to reach higher simulation speed. However in order to enable both fault injection and detection inside a SystemC cryptographic models, its code modification is mandatory. Aspect-Oriented Programming (AOP), which is a new programming paradigm, can be used to test the robustness of the cryptographic models without any code modifications. This may replace real cryptanalysis schemes. In this paper, we present a new methodology to simulate the security fault attacks of cryptographic systems at the Electronic System Level. A fault injection/detection environment is proposed to test the resistance of cryptographic SystemC models against fault injection attacks. The fault injection technique into cryptographic SystemC models is performed using weaving faults by AspectC++ as an AOP programming language. We validate our methodology with two scenarios applied to a SystemC Advanced Encryption Standard case study: the first is related to the impact of the AOP on fault detection capabilities, while the second refers to the impact of the AOP on simulation time and size of the executable files. Simulation results show that this methodology can evaluate perfectly the robustness of a cryptographic design against fault injection attacks. They show that the impact of AOP on simulation time is not significant.

scholarly journals Private circuits II versus fault injection attacks

2015 ◽  
Author(s):  
Henitsoa Rakotomalala ◽  
Xuan Thuy Ngo ◽  
Zakaria Najm ◽  
Jean-Luc Danger ◽  
Sylvain Guilley
Keyword(s):  
Fault Injection ◽  
Injection Attacks ◽  
Fault Injection Attacks
Sign in / Sign up

Export Citation Format

Share Document