Bypassing security measures with voltage fault injection on Cortex-M devices

Lorenz, David; Noseda, Mario; Künzli, Simon

Publication type:	Conference other
Type of review:	Peer review (abstract)
Title:	Bypassing security measures with voltage fault injection on Cortex-M devices
Authors:	Lorenz, David Noseda, Mario Künzli, Simon
et. al:	No
Conference details:	Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024
Issue Date:	May-2024
Language:	English
Subject (DDC):	004: Computer science
Abstract:	The normal operating range of a chip must be ensured, as otherwise, faults can occur. Supply voltage glitches (spikes or dips) can manifest themselves as faulty bits on the micro-architectural level, which then propagate to the application level as faulty instructions or data. Voltage fault injection is an attack technique that intentionally and maliciously bombards a given target with glitches and exploits the resulting faulty behavior. We built a low-cost voltage fault injection tool with a Cortex-M7 and an analog switch to show that neither much money nor effort is needed for such an attack. We used a secure-element-hardened MCUboot version as a test subject and investigated how susceptible such a system is to voltage fault injection during firmware image verification. Our analysis found various vulnerable instructions in the glue code between MCUboot and the secure element library. By attacking the Nordic nRF52840 host MCU while it executes such instructions, we were able to show how an attacker can bypass the signature verification performed on a secure element. Furthermore, we applied our tool to bypass the read-out protection on a Cortex-M device in a commercially available home automation sensor. By injecting a glitch at a specific time during boot, we were able to circumvent the protection mechanism, which would have allowed us to extract the entire flash content. The extracted firmware binary could then be searched for sensitive information (like key material) or reverse-engineered to find vulnerabilities in the firmware. Keys and vulnerabilities might be used to construct follow-up attacks that scale significantly better than the voltage fault injection itself. Such attacks show the need for a holistic approach to ensure that countermeasures like read-out protection or secure elements can unfold their full potential.
URI:	https://digitalcollection.zhaw.ch/handle/11475/31075
Fulltext version:	Published version
License (according to publishing contract):	Licence according to publishing contract
Departement:	School of Engineering
Organisational Unit:	Institute of Embedded Systems (InES)
Appears in collections:	Publikationen School of Engineering

Files in This Item:

There are no files associated with this item.

Show full item record

Lorenz, D., Noseda, M., & Künzli, S. (2024, May). Bypassing security measures with voltage fault injection on Cortex-M devices. Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024.

Lorenz, D., Noseda, M. and Künzli, S. (2024) ‘Bypassing security measures with voltage fault injection on Cortex-M devices’, in Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024.

D. Lorenz, M. Noseda, and S. Künzli, “Bypassing security measures with voltage fault injection on Cortex-M devices,” in Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024, May 2024.

LORENZ, David, Mario NOSEDA und Simon KÜNZLI, 2024. Bypassing security measures with voltage fault injection on Cortex-M devices. In: Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024. Conference presentation. Mai 2024

Lorenz, David, Mario Noseda, and Simon Künzli. 2024. “Bypassing Security Measures with Voltage Fault Injection on Cortex-M Devices.” Conference presentation. In Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024.

Lorenz, David, et al. “Bypassing Security Measures with Voltage Fault Injection on Cortex-M Devices.” Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024, 2024.