Thomas Trouchkine,Sébanjila Kevin Bukasa,Mathieu Escouteloup,Ronan Lashermes,Guillaume Bouffard

DOI: https://doi.org/10.48550/arXiv.1910.11566

2019-10-25

Cryptography and Security

Abstract:Electromagnetic fault injection (EMFI) is a well known technique used to disturb the behaviour of a chip for weakening its security. These attacks are mostly done on simple microcontrollers. On these targets, the fault effects are relatively simple and understood. Exploiting EMFI on modern system-on-chips (SoCs), the fast and complex chips ubiquitous today, requires to understand the impact of such faults. In this paper, we propose an experimental setup and a forensic process to create exploitable faults and assess their impact on the SoC micro-architecture. On our targeted SoC (a BCM2837), the observed behaviours are radically different to what were obtained with state-of-the-art fault injection attacks on microcontrollers. SoC subsystems (L1 caches, L2 cache, memory management unit (MMU)) can be individually targeted leading to new fault models. We also highlight the differences in the fault impact with and without an operating system (OS). This shows the importance of the software layers in the exploitation of a fault. With this work, we demonstrate that the complexity and the speed of SoCs do not protect them against hardware fault attacks. To conclude our work, we introduce countermeasures to protect the SoC caches and MMU against EMFI attacks based on the disclosed faults effects.

Nicolas Moro,Amine Dehbaoui,Karine Heydemann,Bruno Robisson,Emmanuelle Encrenaz

DOI: https://doi.org/10.48550/arXiv.1402.6421

2014-02-26

Cryptography and Security

Abstract:Injection of transient faults as a way to attack cryptographic implementations has been largely studied in the last decade. Several attacks that use electromagnetic fault injection against hardware or software architectures have already been presented. On microcontrollers, electromagnetic fault injection has mostly been seen as a way to skip assembly instructions or subroutine calls. However, to the best of our knowledge, no precise study about the impact of an electromagnetic glitch fault injection on a microcontroller has been proposed yet. The aim of this paper is twofold: providing a more in-depth study of the effects of electromagnetic glitch fault injection on a state-of-the-art microcontroller and building an associated register-transfer level fault model.

Haoxiang Zhang,Qinhong Jiang,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei256261.2022.10116648

2022-01-01

Abstract:Infrared thermal imaging camera can be used to measure the temperature of the target object or detect the existence of the object by generating the thermal image of the object, thus it is widely used in the military and civil fields, and plays a key role in human daily life. As the core module of the infrared thermal imaging camera, the infrared thermal imaging sensor is an indispensable part of the infrared thermal imaging camera. Infrared thermal imaging cameras rely on infrared thermal imaging sensors to measure temperature and perform thermal imaging. If the infrared thermal imaging sensor detects the temperature wrong, there will be serious consequences of delaying the military situation in the military, and will seriously affect the production and life of the society in the civilian field. In this work, it is demonstrated that intentional electromagnetic interference can affect the communication process of the infrared thermal imaging sensor MLX90640. The data transmission line between MLX90640 and MCU can be tampered with through intentional electromagnetic interference attacks, which eventually lead to temperature numerical errors and abnormal infrared thermal image display.

zhen ren,Yan-Bing Shi,Wen-Yan Yin

DOI: https://doi.org/10.1109/APMC.2008.4958299

2009-01-01

Abstract:With the rapid development of microelectronics,microelectronic devices are used more extensively.Electronic systems become more sensitive to electromagnetic interference.Transistors would electronically and thermally break down in the presence of an EMP.The reliability of semiconductor devices becomes a critical issue under such disturbances.In order to investigate the reliability of semiconductor devices,a hybrid time-domain Finite Element Method(FEM) is presented in this paper to simulate the electro-thermal behavior of LDMOS under an EMP.By solving semiconductor equations and heat conduction equations,the temperature distribution of LDMOS is obtained to characterize the influence of the incident EMP.From simulation results,it is obvious that semiconductor devices have serious thermal effects under an EMP.The temperature will even rise above the melting point of semiconductor material.So semiconductor devices should be protected against EMP in electronic systems.

Haoqi Shan,Dean Sullivan,Orlando Arias

DOI: https://doi.org/10.1109/AsianHOST59942.2023.10409308

2023-12-21

Abstract:In recent years we have seen an explosion in the usage of low-cost, low-power microcontrollers (MCUs) in embedded devices around us due to the popularity of Internet of Things (IoT) devices. Although this is good from an economics perspective, it has also been detrimental for security as microcontroller-based systems are now a viable attack target. In response, researchers have developed various protection mechanisms dedicated to improve security in these resource-constrained embedded systems. We demonstrate in this paper these defenses fall short when we leverage benign memory mapped design-for-debug (DfD) structures added by MCU vendors in their products. In particular, we utilize the Flash Patch and Breakpoint (FPB) unit present in the ARM Cortex-M family to build new attack primitives which can be used to bypass common defenses for embedded devices. Our work serves as a warning and a call in balancing security and debug structures in modern microcontrollers.

Cryptography and Security

Zihao Dan,Fengchen Yang,Kaikai Pan,Chen Yan,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei256261.2022.10116254

2022-01-01

Abstract:With the rapid development of distributed generation(DG), the penetration rate of photovoltaics(PVs) in the power grid continues to increase. Therefore, various security issues faced by PV inverters have also become a major challenge to ensure the stability of the power grid.Due to the complex and open environment of PVs, attackers are more likely to access key devices such as grid-tied inverters, thereby causing damage to the entire power grid. Taking advantage of the above characteristics, this paper proposes a novel electromagnetic interference(EMI) attack against inverters, instead of cyber attacks that have been explored well in many other research works. It injects a bias signal into the PV inverter sensor through EMI, so as to change the sensor value finally transmitted to the controller. An attacker can tamper with the sensor value in this way. This paper also analyzes the vulnerability in the inverter control algorithm, and exploits the vulnerability to cause damage to the inverter through EMI attacks.The attack was verified on a commercial inverter from Texas Instruments. We present the induced DC voltage offset corresponding to different EMI frequencies of different sensors to demonstrate that EMI attacks can independently control different sensors on the inverter. In addition, we also analyze the inverter control algorithm and the possible consequences of attacks, further evaluate the consequences of the attack through simulations (we do simulations instead of real device tests to ensure safety). And the results show that this novel attack can shut down/burn the PV inverter.

Xiang Gao,Yiqiang Zhao,Haocheng Ma

DOI: https://doi.org/10.3390/s18093034

IF: 3.9

2018-01-01

Sensors

Abstract:Information system security has been in the spotlight of individuals and governments in recent years. Integrated Circuits (ICs) function as the basic element of communication and information spreading, therefore they have become an important target for attackers. From this perspective, system-level protection to keep chips from being attacked is of vital importance. This paper proposes a novel method based on a fringing electric field (FEF) sensor to detect whether chips are dismantled from a printed circuit board (PCB) as system-level protection. The proposed method overcomes the shortcomings of existing techniques that can be only used in specific fields. After detecting a chip being dismantled from PCB, some protective measures like deleting key data can be implemented to be against attacking. Fringing electric field sensors are analyzed through simulation. By optimizing sensor’s patterns, areas and geometrical parameters, the methods that maximize sensitivity of fringing electric field sensors are put forward and illustrated. The simulation is also reproduced by an experiment to ensure that the method is feasible and reliable. The results of experiments are inspiring in that they prove that the sensor can work well for protection of chips and has the advantage of universal applicability, low cost and high reliability.

Nicolás Ruminot,Claudio Estevez,Samuel Montejo-Sánchez

DOI: https://doi.org/10.3390/s23167180

2023-08-15

Abstract:The rapid development of the Internet of Things (IoT) has brought about the processing and storage of sensitive information on resource-constrained devices, which are susceptible to various hardware attacks. Fault injection attacks (FIAs) stand out as one of the most widespread. Particularly, voltage-based FIAs (V-FIAs) have gained popularity due to their non-invasive nature and high effectiveness in inducing faults by pushing the IoT hardware to its operational limits. Improving the security of devices and gaining a comprehensive understanding of their vulnerabilities is of utmost importance. In this study, we present a novel fault injection method and employ it to target an 8-bit AVR microcontroller. We identify the optimal attack parameters by analyzing the detected failures and their trends. A case study is conducted to validate the efficacy of this new method in a more realistic scenario, focusing on a simple authentication method using the determined optimal parameters. This analysis not only demonstrates the feasibility of the V-FIA but also elucidates the primary characteristics of the resulting failures and their propagation in resource-constrained devices. Additionally, we devise a hardware/software countermeasure that can be integrated into any resource-constrained device to thwart such attacks in IoT scenarios.

Nicolas Moro,Karine Heydemann,Amine Dehbaoui,Bruno Robisson,Emmanuelle Encrenaz

DOI: https://doi.org/10.48550/arXiv.1407.6019

2014-07-23

Abstract:Injection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection with glitches or electromagnetic pulses could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller. We provide some necessary conditions for an efficient implementation of those countermeasure schemes in practice. We also evaluate their efficiency and highlight their limitations. To the best of our knowledge, no experimental evaluation of the security of such instruction-level countermeasure schemes has been published yet.

Cryptography and Security

J. Longo,E. De Mulder,D. Page,M. Tunstall

DOI: https://doi.org/10.1007/978-3-662-48324-4_31

2015-01-01

Abstract:Increased complexity in modern embedded systems has presented various important challenges with regard to side-channel attacks. In particular, it is common to deploy SoC-based target devices with high clock frequencies in security-critical scenarios; understanding how such features align with techniques more often deployed against simpler devices is vital from both destructive (i.e., attack) and constructive (i.e., evaluation and/or countermeasure) perspectives. In this paper, we investigate electromagnetic-based leakage from three different means of executing cryptographic workloads (including the general purpose ARM core, an on-chip co-processor, and the NEON core) on the AM335x SoC. Our conclusion is that addressing challenges of the type above is feasible, and that key recovery attacks can be conducted with modest resources.

Enrico Magliano,Alessio Carpegna,Alessadro Savino,Stefano Di Carlo

2024-06-11

Abstract:In contemporary times, the increasing complexity of the system poses significant challenges to the reliability, trustworthiness, and security of the SACRES. Key issues include the susceptibility to phenomena such as instantaneous voltage spikes, electromagnetic interference, neutron strikes, and out-of-range temperatures. These factors can induce switch state changes in transistors, resulting in bit-flipping, soft errors, and transient corruption of stored data in memory. The occurrence of soft errors, in turn, may lead to system faults that can propel the system into a hazardous state. Particularly in critical sectors like automotive, avionics, or aerospace, such malfunctions can have real-world implications, potentially causing harm to individuals. This paper introduces a novel fault injector designed to facilitate the monitoring, aggregation, and examination of micro-architectural events. This is achieved by harnessing the microprocessor's PMU and the debugging interface, specifically focusing on ensuring the repeatability of fault injections. The fault injection methodology targets bit-flipping within the memory system, affecting CPU registers and RAM. The outcomes of these fault injections enable a thorough analysis of the impact of soft errors and establish a robust correlation between the identified faults and the essential timing predictability demanded by SACRES.

Hardware Architecture,Artificial Intelligence

Rui Chang,Liehui Jiang,Wenzhi Chen,Yang Xiang,Yuxia Cheng,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1007/s10586-017-0833-4

2017-01-01

Cluster Computing

Abstract:With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

Aaron Joy,Ben Soh,Zhi Zhang,Sri Parameswaran,Darshana Jayasinghe

2024-11-22

Abstract:Trusted Execution Environments (TEEs) are critical components of modern secure computing, providing isolated zones in processors to safeguard sensitive data and execute secure operations. Despite their importance, TEEs are increasingly vulnerable to fault injection (FI) attacks, including both physical methods, such as Electromagnetic Fault Injection (EMFI), and software-based techniques. This survey examines these FI methodologies, exploring their ability to disrupt TEE operations and expose vulnerabilities in devices ranging from smartphones and IoT systems to cloud platforms. The study highlights the evolution and effectiveness of non-invasive techniques, such as EMFI, which induce faults through electromagnetic disturbances without physical modifications to hardware, making them harder to detect and mitigate. Real-world case studies illustrate the significant risks posed by these attacks, including unauthorised access, privilege escalation, and data corruption. In addition, the survey identifies gaps in existing TEE security architectures and emphasises the need for enhanced countermeasures, such as dynamic anomaly detection and updated threat models. The findings underline the importance of interdisciplinary collaboration to address these vulnerabilities, involving researchers, manufacturers, and policymakers. This survey provides actionable insights and recommendations to guide the development of more robust TEE architectures in mobile devices, fortify FI resilience, and shape global security standards. By advancing TEE security, this research aims to protect critical digital infrastructure and maintain trust in secure computing systems worldwide.

Cryptography and Security

Lennert Wouters,Benedikt Gierlichs,Bart Preneel

DOI: https://doi.org/10.1007/978-3-030-99766-3_7

2022-01-01

Abstract:We investigate the susceptibility of the Texas Instruments SimpleLink platform microcontrollers to non-invasive physical attacks. We extracted the ROM bootloader of these microcontrollers and then analysed it using static analysis augmented with information obtained through emulation. We demonstrate a voltage fault injection attack targeting the ROM bootloader that allows to enable debug access on a previously locked microcontroller within seconds. Information provided by Texas Instruments reveals that one of our voltage fault injection attacks abuses functionality that is left over from the integrated circuit manufacturing process. The demonstrated physical attack allows an adversary to extract the firmware (i.e. intellectual property) and to bypass secure boot. Additionally, we mount side-channel attacks and differential fault analysis attacks on the hardware AES co-processor. To demonstrate the practical applicability of these attacks we extract the firmware from a Tesla Model 3 key fob.This paper describes a case study covering Texas Instruments SimpleLink microcontrollers. Similar attack techniques can be, and have been, applied to microcontrollers from other manufacturers. The goal of our work is to document our analysis methodology and to ensure that system designers are aware of these vulnerabilities. They will then be able to take these into account during the product design phase. All identified vulnerabilities were responsibly disclosed.

Mengmeng Ling,Liji Wu,Xiangyu Li,Xiangmin Zhang,Jinsong Hou,Yong Wang

DOI: https://doi.org/10.1109/CIS.2012.125

2012-01-01

Abstract:As information security chips are more widely used in the field of information security, the security of chips becomes increasingly important, which has also been a hot research field of information security. With the advances in technology, a chip-invasive method of attack which uses laser or focused ion beam (FIB) to change the chip's internal signal line, and then probe the chip's secret information with the electron microprobe, becomes a serious threat to information security chip. Such an attack makes the shielding metal wire an effective mean to improve chip security. The protection circuit module monitoring the shielding metal line is to ensure the layer of the metal wire is undamaged, in order to ensure that the chip has not been attacked by laser or FIB. This paper studies the design and implementation of Monitor and Protect Circuits (MPC) based on RC delay, which monitor if the shielding metal wires are damaged. The circuit is designed in SMIC0.18um CMOS process and an entire layout is completed. The gate count of MPC is about 642, which is 2.9% of that of AES. And its power consumption is about 81uw.

Qiang Liu,Honghui Tang,Peiran Zhang

DOI: https://doi.org/10.1145/3480962

IF: 1.447

2022-01-31

ACM Transactions on Design Automation of Electronic Systems

Abstract:Fault injection attack (FIA) has become a serious threat to the confidentiality and fault tolerance of integrated circuits (ICs). Circuit designers need an effective method to evaluate the countermeasures of the IC designs against the FIAs at the design stage. To address the need, this article, based on FPGA emulation, proposes an in-circuit early evaluation framework, in which FIAs are emulated with parameterized fault models. To mimic FIAs, an efficient scan approach is proposed to inject faults at any time at any circuit nodes, while both the time and area overhead of fault injection are reduced. After the circuit design under test (CUT) is submitted to the framework, the scan chains insertion, fault generation, and fault injection are executed automatically, and the evaluation result of the CUT is generated, making the evaluation a transparent process to the designers. Based on the framework, the confidentiality and fault-tolerance evaluations are demonstrated with an information-based evaluation approach. Experiment results on a set of ISCAS89 benchmark circuits show that on average, our approach reduces the area overhead by 41.08% compared with the full scan approach and by over 20.00% compared with existing approaches. The confidentiality evaluation experiments on AES-128 and DES-56 and the fault-tolerance evaluation experiments on two CNN circuits, a RISC-V core, a Cordic core, and the float point arithmetic units show the effectiveness of the proposed framework.

computer science, software engineering, hardware & architecture

Johannes Obermaier,Marc Schink,Kosma Moczek

DOI: https://doi.org/10.48550/arXiv.2008.09710

2020-08-21

Cryptography and Security

Abstract:With the increasing complexity of embedded systems, the firmware has become a valuable asset. At the same time, pressure for cost reductions in hardware is imminent. These two aspects are united at the heart of the system, i.e., the microcontroller. It runs and protects its firmware, but simultaneously has to prevail against cheaper alternatives. For the very popular STM32F1 microcontroller series, this has caused the emergence of many competitors in the last few years who offer drop-in replacements or even sell counterfeit devices at a fraction of the original price. Thus, the question emerges whether the replacements are silicon-level clones and, if not, whether they provide better, equal, or less security. In this paper, we analyze a total of six devices by four manufacturers, including the original device, in depth. Via a low-level analysis, we identify all of them as being individually developed devices. We further put the focus on debug and hardware security, discovering several novel vulnerabilities in all devices, causing the exposure of the entire firmware. All of the presented vulnerabilities, including invasive ones, are on a Do it Yourself (DiY) level without the demand for a sophisticated lab -- thereby underlining the urgency for hardware fixes. To facilitate further research, reproduction, and testing of other devices, we provide a comprehensive description of all vulnerabilities in this paper and code for proofs-of-concepts online.

Carlton Shepherd,Konstantinos Markantonakis,Nico van Heijningen,Driss Aboulkassimi,Clément Gaine,Thibaut Heckmann,David Naccache

DOI: https://doi.org/10.1016/j.cose.2021.102471

2022-03-22

Abstract:Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments, full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, requiring the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections and side-channel attacks on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common set of criteria, identify several challenges and shortcomings, and suggest future directions of research.

Cryptography and Security

M. Nagata

DOI: https://doi.org/10.1109/IRPS48227.2022.9764485

2022-03-01

Abstract:Fault injections and attacks on an integrated circuit (IC) chip using a variety of physical measures are reviewed. Laser fault injection (LFI) is highlighted for the essential vulnerability on the backside of an IC chip in flip-chip packaging. On-chip voltage waveform monitoring characterizes the voltage peaks induced by LFI and establishes the detection scheme against LFI attacks. The backside buried metal (BBM) technique is deployed by preventive measures for shielding from laser exposure, for avoidance and also waring of invasive laser attacks. The alleviation of backside LFI is proven by Si experiments with on-chip waveform monitoring.

Computer Science,Engineering

Alexandre Proulx,Jean-Yves Chouinard,Amine Miled,Paul Fortier

DOI: https://doi.org/10.1109/tvlsi.2024.3360370

2024-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:System-on-chip (SoC) field programmable gate array (FPGA) devices are becoming increasingly prominent in a vast range of applications. The fusion of the FPGA’s unmatched parallel computing capacity and flexibility with a full-bore processing system makes these devices extremely powerful. With recent technological progress, SoC FPGA devices are implemented in increasingly complex systems where security and safety are often issues of concern. To cater to these concerns, these devices are commonly fit with encryption and authentication capabilities to ensure the confidentiality and authenticity of externally stored bitstreams, firmware, and bootloaders. However, while much effort is placed into securing these partitions when stored in external memory, little attention seems to be paid to the security of this data once it is decrypted for execution. This article investigates how vulnerable systems are to attacks that target decrypted data during execution. We demonstrate that data stored in external synchronous dynamic random access memory (SDRAM) can provide access to trusted and secured interfaces of SoC FPGA devices even with diligently applied security features.

engineering, electrical & electronic,computer science, hardware & architecture