debunking fault injection
play

Debunking Fault Injection Myths and Misconceptions Cristofaro Mune - PowerPoint PPT Presentation

Jun 04, 2023 •228 likes •920 views

Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers Todays agenda Introduction Fault injection, what is it? Fault injection,

  1. Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers

  2. Today’s agenda • Introduction • Fault injection, what is it? • Fault injection, where are we now? • Trends • Debunking myths • Takeaways

  3. Who are we… • Cristofaro Mune • Niek Timmers • Product Security Consultant • Freelance Device Security Expert • Security trainer • Security trainer • Research: • Interests: • Fault injection • Embedded device security • TEEs • Secure boot • White-box Cryptography • Hardware attacks • Device exploitation • Automotive

  4. WHAT IS FAULT INJECTION?

  5. Fault injection basics “Introducing faults into a chip to alter its intended behavior.” How do you introduce those faults?

  6. Fault injection techniques Faults are introduced by injecting glitches that put a chip temporarily outside of its expected conditions.

  7. Fault injection techniques Faults are introduced by injecting glitches that put a chip temporarily outside of its expected conditions. 4.0 V 3.3 V Clock 1.0 V Time Voltage Clock

  8. Fault injection techniques Faults are introduced by injecting glitches that put a chip temporarily outside of its expected conditions. Voltage Clock Laser Electromagnetic

  9. WHERE ARE WE NOW?

  10. Research • There’s academic conferences • Great academic papers at various conferences • Great contributions from the community at various conferences • E.g. Exide @ REcon 2014

  11. Tooling • Do-it-yourself • < $100 (Voltage) • E.g. chipfail glitcher • Commercial (affordable) • < $1000 (Voltage); < $4000 (EMFI) • E.g. NewAE ChipWhisperer • Commercial (professional) • > $10,000 (Voltage, EMFI, Laser, etc.) • E.g. Riscure Inspector FI

  12. Attacks • Breaking the security of crypto wallets • Breaking the security of smart phones • Breaking the security of secure boot • Breaking the security of crypto engines

  13. Trends • Tooling is becoming available to the masses • Lots of focus on the ‘how to inject a glitch’ part of an attack • Most research conducted on low power chips • Focus is mostly on altering software behavior

  14. Important exceptions • Optical fault injection tooling not available to the masses • Academia performs theoretical research on fault injection • Real attackers go further than: • low powered chips • just altering software

  15. WHERE DO WE FIT IN?

  16. What we are working on… • A fault injection think tank (AllOurFaults): • Alyssa Milburn (@noopwafel) • Albert Spruyt • Cristofaro Mune (@pulsoid) • Niek Timmers (@tieknimmers) • An open source voltage glitching platform • Fault injection research; some results covered in this presentation • You can find us on: allourfaults.com and @allourfaults

  17. Published fault injection research • Academic contributions: • Controlling PC on ARM using Fault Injection, 2016 • Escalating Privileges in Linux using Voltage Fault Injection, 2017 • Several community contributions:

  18. Lots of research… but still many ‘Myths and Misconceptions’

  19. Let’s debunk them in a systematic fashion!

  20. Fault injection reference model “Control” “Inject” “Glitch” “Execute” “Introduce” “Achieve” Glitch Goal Injection Target Exploit Activation Faults Software • CLKSCREW “Selecting specific faults” Voltage • Rowhammer Hardware • FI tooling Clock Fault model HW Vulnerability EM Glitch parameters … FI technique

  21. Here they come…

  22. “Fault attacks are not effective on >1 GHz chips.”

  23. FAULT ATTACKS ARE NOT EFFECTIVE ON > 1 GHZ CHIPS

  24. BUT THAT’S VOLTAGE… WHAT ABOUT EMFI?

  25. “EMFI does not work on >100 MHz chips.” • Awesome do-it-yourself EMFI tool • Incorrect statement on EMFI attacks • Not everybody aware of EMFI research “BADFET: Defeating Modern Secure Boot Using Second -Order Pulsed Electromagnetic Fault Injection” – Cui, Housley

  26. Actually… Attacks above 100 MHz already published in 2014…

  27. More EMFI research above 100MHz 2019

  28. EM-FI DOES NOT WORK ON >100 MHZ TARGETS

  29. Research Fragmentation • Fault injection research is conducted in multiple communities: • Academia • Industry • Security community • Consolidation of knowledge does not always happens • Result: Research is being missed Inconsistent views result in ‘Myths and Misconceptions’

  30. “Fault attacks are used to bypass SW checks” Report / Slides

  31. “Fault attacks are used to bypass SW checks” Preset user space registers. Linux Kernel Privilege Escalation Control of kernel PC from user space! “Don’t tell anyone…No checks involved!”

  32. “Fault attacks are used to bypass SW checks” • RSA key weakening by flipping bits in the modulus • Also performed as part of other attacks: • E.g CLKSCREW

  33. “Fault attacks are used to bypass SW checks” • PlayStation Vita attack • Differential Fault Analysis Attack (DFA) on cryptographic engines • Recovered keys from the target • 30 master keys Yifan Lu – “Attacking Hardware AES with DFA” – (PS Vita) • 238 out of 240 non-master keys Paper/Blog

  34. FAULT ATTACKS ARE USED TO BYPASS SW CHECKS

  35. “Fault attacks are not effective on multi - core chips.” • Multiple cores have an impact…but fault injection still possible. • Even when cores verify each other in lockstep

  36. FAULT ATTACKS DO NOT WORK ON MULTI-CORE CHIPS

  37. “Physical access is required to perform fault attacks.” Use case #1: Rowhammer Use case #2: CLKSCREW These HW vulnerabilities can be remotely triggered by software

  38. Rowhammer: Kernel Privilege Escalation Glitch Target Goal Injection Faults Exploit Activation Software Control Accessing DDR rows bit flips Kernel Privilege escalation Fault Model DDR data corruption Goal Faults Electric coupling between rows Process Page Table Entry modification “Electric Field” injection HW Vulnerability Physical memory R/W access FI technique Exploit Reference: Google Project Zero

  39. CLKSCREW: Key extraction Glitch Goal Injection Target Exploit Activation Faults Software Control • DVFS registers AES state: one byte modifications AES key extracted (in TEE TA memory) from TEE TA Fault Model Data corruption Goal Faults Flip Flop de-synchronization AES DFA Clock +Voltage HW Vulnerability Exploit FI technique Reference: Clkscrew paper

  40. PHYSICAL ACCESS REQUIRED FOR FI

  41. “Fault attacks are injection dependent.” • Literature often links injection technique to goal: • E.g. “Fault injection technique A is used for attack B” • No systematic comparison of faults available • Actually… specific fault models are applicable to multiple FI techniques • i.e. exploitation is independent from injection

  42. Exploitation is independent from injection! CLKSCREW Modify clock and voltage Software Independent Injection Glitch Activation Goal Exploit Faults Target Activation Injection Glitch AES key extracted Voltage from TEE TA Hardware AES state: modifications AES DFA Goal UNKNOWN Fault Model Exploit • Attack works if the faults fits the chosen fault model • Setup changes but the exploitation strategy stays the same

  43. “FAULT ATTACKS ARE INJECTION DEPENDENT.”

  44. “Glitch resolution is key to success” • Shorter glitches definitely have advantages… • But may not always be needed! Yifan Lu – “Attacking Hardware AES with DFA” – (PS Vita) Paper/Blog Lesson learned: always try first…

  45. GLITCH RESOLUTION IS KEY TO SUCCESS

  46. “Synchronization with the target is required.” • Synchronizing with target clock allows for increased precision. • Often not possible. • Clock signal not reachable • Our research is usually performed without clock synchronization • Fast setup and short attack cycles increase attempts per second: • Speed overcomes target jitter

  47. SYNCHRONIZATION WITH THE TARGET IS REQUIRED

  48. “Successes rate determines attack feasibility” • Fault attacks typically have a success rate < 100% • Let’s assume two attacks, which one is more effective? • Attack A: 1% success rate, 10 attempts per minute • Attack B: 0,1% success rate, 1000 attempts per minute • Success rate only provides fault frequency • Feasibility better described by “average time for success”

  49. SUCCESS RATE DETERMINES ATTACK FEASIBILITY

  50. “Fault injection attacks do not scale.” • They don’t. Their results do. • Get assets out once and profit forever (e.g. code, keys, etc.). What do they have in common?

  51. “Fault injection attacks do not scale.” • They don’t. Their results do. • Get assets out once and profit forever (e.g. code, keys, etc.). Yifan Lu Team Xecuter Bernhard Froemel Assets compromised using Fault Injection

  52. FAULT INJECTION ATTACKS DO NOT SCALE

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

Saurabh Jha, Subho S. Banerjee , James Cyriac, Zbigniew T. Kalbarczyk and Ravishankar K. Iyer Computer Science, Electrical and Computer Engineering AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

215 views • 8 slides
Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der

Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der

Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der Elzen University of Amsterdam What is Fault Injection? Simply put: Introducing faults in a target to alter its intended behavior* *(N.

553 views • 34 slides
Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006

Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006

Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006 1/28 Symbolic Fault Injection An attempt to introduce Formal Methods into the area of Fault Injection Objective: Evaluate dependability of

691 views • 28 slides
Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research

Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research

Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research Project 1 Jasper Hupkens Dominika Rusek 05.02.2019 1 Introduction to the world of fault injection Research project at Riscure Fault

678 views • 25 slides
Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs

Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs

ElectroMagnetic Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs George.Thessalonikefs@os3.nl University of Amsterdam February 5, 2014 Introduction Hardware Fault Injection Induce faults to hardware through side

517 views • 26 slides
Using Fault Injection to Turn Data Transfers into Arbitrary Execution Cristofaro Mune Niek

Using Fault Injection to Turn Data Transfers into Arbitrary Execution Cristofaro Mune Niek

Using Fault Injection to Turn Data Transfers into Arbitrary Execution Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers Todays agenda Introduction Fault Injection basics Fault

1.05k views • 56 slides
Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune

Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune

Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune timmers@riscure.com c.mune@pulse-sec.com ( @ tieknimmers) ( @ pulsoid) September 25, 2017 Fault Injection A definition... Introducing faults in a target

969 views • 47 slides
Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty Ciphertext But how to inject a fault? Fault: Injection Model Exploitation Non-invasive Device is not altered physical Semi-invasive

602 views • 32 slides
Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed

Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed

Sharif University of Technology Department of Computer Engineering Dependable System Lab [DSL] Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed Nematollah Ahmadian, Seyed Ghassem Miremadi

398 views • 17 slides
Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and

Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and

Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and SEU Emulation for FPGAs Emulation for FPGAs Bradley Dutton, Mustafa Ali, John Bradley Dutton, Mustafa Ali, John Sunwoo, and Charles Stroud Sunwoo,

305 views • 26 slides
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Overviewtrated Account Summary Account: Account: &quot;SELECT

445 views • 32 slides
Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi,

Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi,

Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi, Cludio Gomes, Bentley James Oakes and Joachim Denil Summersim 2019 July 22, 2019 Berlin, Germany Outline Introduction Context and

404 views • 28 slides
Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b ,

Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b ,

Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b , C. Roscian b , J.M. Dutertre b , M. Lisart a , O. Gagliano a , V. Serradeil a , A. Tria b . a STMicroelectronics, Avenue Clestin Coq 13790 Rousset,

273 views • 14 slides
SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD (

SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD (

SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD ( guillaume.boufgard@ssi.gouv.fr ) David EL-BAZE ( david.elbaze@ssi.gouv.fr ) with the help of Thomas TROUCHKINE Agence nationale de la scurit des systmes

523 views • 28 slides
END-TO-END COMPARISON OF IR-LEVEL AND ASSEMBLY-LEVEL FAULT INJECTION Lucas Palazzi Co-authors:

END-TO-END COMPARISON OF IR-LEVEL AND ASSEMBLY-LEVEL FAULT INJECTION Lucas Palazzi Co-authors:

Practical Experience Report A TALE OF TWO INJECTORS: END-TO-END COMPARISON OF IR-LEVEL AND ASSEMBLY-LEVEL FAULT INJECTION Lucas Palazzi Co-authors: Guanpeng Li, Bo Fang, and Karthik Pattabiraman DEPART M ENT OF ELECT RIC AL AN D COM PUT ER

852 views • 56 slides
More robust I2C designs with a new fault-injection driver Wolfram Sang, Consultant / Renesas

More robust I2C designs with a new fault-injection driver Wolfram Sang, Consultant / Renesas

More robust I2C designs with a new fault-injection driver Wolfram Sang, Consultant / Renesas ELCE17 Wolfram Sang, Consultant / Renesas Robust I2C with fault-injection ELCE17 1 / 24 Motivation It really got personal I2C maintainer since

257 views • 24 slides
Cool Chips Cool Chips Markets Markets Cool Cargo Applications Cool Cargo Applications

Cool Chips Cool Chips Markets Markets Cool Cargo Applications Cool Cargo Applications

Slide 1 Cool Chips plc Cool Chips plc Cool Chips Cool Chips Markets Markets Cool Cargo Applications Cool Cargo Applications Cool Chips plc Proprietary and Confidential - Property of Cool Chips plc Slide 2 Cool Chips Market

295 views • 6 slides
Cool Chips Cool Chips Markets Markets Semiconductor Fabrication Semiconductor

Cool Chips Cool Chips Markets Markets Semiconductor Fabrication Semiconductor

Slide 1 Cool Chips plc Cool Chips plc Cool Chips Cool Chips Markets Markets Semiconductor Fabrication Semiconductor Fabrication Cool Chips plc Proprietary and Confidential - Property of Cool Chips plc Slide 2 Fabrication Cost

317 views • 4 slides
Small is beautiful 1. Cramming More Components Onto Integrated Circuits, G.E. Moore, 1965 Where

Small is beautiful 1. Cramming More Components Onto Integrated Circuits, G.E. Moore, 1965 Where

Small is beautiful 1. Cramming More Components Onto Integrated Circuits, G.E. Moore, 1965 Where the IC can go? 2. Design of ion-implanted MOSFET's with very small physical dimensions, R.H. Dennard et al, 1974 The right way to get there. 3.

561 views • 41 slides
On-Chip Communications Somayyeh Koohi Department of Computer Engineering Sharif University of

On-Chip Communications Somayyeh Koohi Department of Computer Engineering Sharif University of

On-Chip Communications Somayyeh Koohi Department of Computer Engineering Sharif University of Technology Introduction 1 Adapted with modifications from lecture notes prepared by S.Pasricha and N.Dutt Outline 2 Introduction to SoC Design

700 views • 17 slides
Evaluation and Optimization of Multicore Performance Bottlenecks in Supercomputing Applications

Evaluation and Optimization of Multicore Performance Bottlenecks in Supercomputing Applications

Evaluation and Optimization of Multicore Performance Bottlenecks in Supercomputing Applications Jeff Diamond 1 , Martin Burtscher 2 , John D. McCalpin 3 , Byoung-Do Kim 3 , Stephen W. Keckler 1,4 , James C. Browne 1 1 University of Texas, 2 Texas

407 views • 27 slides
Analysis and Approximation of Optimal Co-Scheduling on Chip Multiprocessors Yunlian Jiang

Analysis and Approximation of Optimal Co-Scheduling on Chip Multiprocessors Yunlian Jiang

Analysis and Approximation of Optimal Co-Scheduling on Chip Multiprocessors Yunlian Jiang Xipeng Shen The College of William &amp; Mary, USA Jie Chen DoE Jefferson Lab , USA Rahul Tripath University of South Florida, USA Cache

946 views • 45 slides
Design of a Simple Computer 2 Schedule Today

Design of a Simple Computer 2 Schedule Today

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Design of a Simple Computer 2 Schedule Today

535 views • 17 slides
SYSC3601 Microprocessor Systems Unit 5: Memory Structures and Interfacing SYSC3601 1

SYSC3601 Microprocessor Systems Unit 5: Memory Structures and Interfacing SYSC3601 1

SYSC3601 Microprocessor Systems Unit 5: Memory Structures and Interfacing SYSC3601 1 Microprocessor Systems Topics/Reading 1. Memory Types 2. Interfacing 8-bit memory/IO (8088) 3. Interfacing 16-bit memory/IO (8086) 4. Interfacing

823 views • 39 slides

More recommend