Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Lorenz, David | - |
| dc.contributor.author | Noseda, Mario | - |
| dc.contributor.author | Künzli, Simon | - |
| dc.date.accessioned | 2024-07-12T08:51:05Z | - |
| dc.date.available | 2024-07-12T08:51:05Z | - |
| dc.date.issued | 2024-05 | - |
| dc.identifier.uri | https://digitalcollection.zhaw.ch/handle/11475/31075 | - |
| dc.description.abstract | The normal operating range of a chip must be ensured, as otherwise, faults can occur. Supply voltage glitches (spikes or dips) can manifest themselves as faulty bits on the micro-architectural level, which then propagate to the application level as faulty instructions or data. Voltage fault injection is an attack technique that intentionally and maliciously bombards a given target with glitches and exploits the resulting faulty behavior. We built a low-cost voltage fault injection tool with a Cortex-M7 and an analog switch to show that neither much money nor effort is needed for such an attack. We used a secure-element-hardened MCUboot version as a test subject and investigated how susceptible such a system is to voltage fault injection during firmware image verification. Our analysis found various vulnerable instructions in the glue code between MCUboot and the secure element library. By attacking the Nordic nRF52840 host MCU while it executes such instructions, we were able to show how an attacker can bypass the signature verification performed on a secure element. Furthermore, we applied our tool to bypass the read-out protection on a Cortex-M device in a commercially available home automation sensor. By injecting a glitch at a specific time during boot, we were able to circumvent the protection mechanism, which would have allowed us to extract the entire flash content. The extracted firmware binary could then be searched for sensitive information (like key material) or reverse-engineered to find vulnerabilities in the firmware. Keys and vulnerabilities might be used to construct follow-up attacks that scale significantly better than the voltage fault injection itself. Such attacks show the need for a holistic approach to ensure that countermeasures like read-out protection or secure elements can unfold their full potential. | de_CH |
| dc.language.iso | en | de_CH |
| dc.rights | Licence according to publishing contract | de_CH |
| dc.subject.ddc | 004: Informatik | de_CH |
| dc.title | Bypassing security measures with voltage fault injection on Cortex-M devices | de_CH |
| dc.type | Konferenz: Sonstiges | de_CH |
| dcterms.type | Text | de_CH |
| zhaw.departement | School of Engineering | de_CH |
| zhaw.organisationalunit | Institute of Embedded Systems (InES) | de_CH |
| zhaw.conference.details | Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024 | de_CH |
| zhaw.funding.eu | No | de_CH |
| zhaw.originated.zhaw | Yes | de_CH |
| zhaw.publication.status | publishedVersion | de_CH |
| zhaw.publication.review | Peer review (Abstract) | de_CH |
| zhaw.author.additional | No | de_CH |
| zhaw.display.portrait | Yes | de_CH |
| Appears in collections: | Publikationen School of Engineering | |
Files in This Item:
There are no files associated with this item.
Show simple item record
Lorenz, D., Noseda, M., & Künzli, S. (2024, May). Bypassing security measures with voltage fault injection on Cortex-M devices. Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024.
Lorenz, D., Noseda, M. and Künzli, S. (2024) ‘Bypassing security measures with voltage fault injection on Cortex-M devices’, in Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024.
D. Lorenz, M. Noseda, and S. Künzli, “Bypassing security measures with voltage fault injection on Cortex-M devices,” in Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024, May 2024.
LORENZ, David, Mario NOSEDA und Simon KÜNZLI, 2024. Bypassing security measures with voltage fault injection on Cortex-M devices. In: Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024. Conference presentation. Mai 2024
Lorenz, David, Mario Noseda, and Simon Künzli. 2024. “Bypassing Security Measures with Voltage Fault Injection on Cortex-M Devices.” Conference presentation. In Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024.
Lorenz, David, et al. “Bypassing Security Measures with Voltage Fault Injection on Cortex-M Devices.” Embedded Computing Conference (ECC), Winterthur, Switzerland, 28 May 2024, 2024.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.