using fault injection to turn data
play

Using Fault Injection to Turn Data Transfers into Arbitrary - PowerPoint PPT Presentation

Mar 26, 2023 •478 likes •1.05k views

Using Fault Injection to Turn Data Transfers into Arbitrary Execution Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers Todays agenda Introduction Fault Injection basics Fault

  1. Using Fault Injection to Turn Data Transfers into Arbitrary Execution Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers

  2. Today’s agenda • Introduction • Fault Injection basics • Fault models and attacks • Previous research: • From data transfer to arbitrary execution on ARM (AArch32) • New research: • Generalizing the attack technique to other architectures • New techniques, attack simulations and demos • Takeaways

  3. Who are we… • Cristofaro Mune • Niek Timmers • Product Security Consultant • Freelance Device Security Expert • Security trainer • Security trainer • Research: • Interests: • Fault injection • Secure boot • TEEs • Fault injection • White-box Cryptography • Low-level software • Device exploitation • Fuzzing

  4. FAULT INJECTION BASICS

  5. Fault injection “Introducing faults into a chip to alter its intended behavior.” // check if secure boot is enabled // check if secure boot is enabled if(SECURE_BOOT_EN == 1) { if(SECURE_BOOT_EN == 1) { authenticate(&image); authenticate(&image); } } // execute the image // execute the image execute(&image); execute(&image); Awesome! But… how can these faults be introduced?

  6. Fault injection techniques 4.0 V 3.3 V Clock 1.0 V Time Voltage Clock

  7. Fault injection techniques Voltage Clock Laser Electromagnetic What goes wrong because of these glitches?

  8. GOOD QUESTION; DIFFICULT ANSWER

  9. Fault injection reference model “Control” “Inject” “Glitch” “Introduce” “Execute” “Achieve” Glitch Goal Injection Target Exploit Activation Faults Software • CLKSCREW “Selecting specific faults” Voltage • Rowhammer Hardware • FI tooling Clock Fault model HW Vulnerability EM Glitch parameters … FI technique

  10. Fault models • Instruction skipping • E.g. bypassing a check by not executing a critical instruction • Data corruption • E.g. recovering a key by corrupting cryptographic primitives • Instruction corruption • Very powerful, we will cover this later on… Just the typical ones…

  11. Typical fault attacks • Breaking crypto wallets • Hacking smart phones • Bypassing secure boot • Recovering keys from crypto engines

  12. WE HAVE ATTACKS UP OUR SLEEVE AS WELL ☺

  13. Arbitrary execution using fault injection • One of the first examples where instruction corruption is described • Introduces powerful attack: PC control on AArch32

  14. Instruction corruption • Glitches are used to corrupt instructions • Single bit corruptions add x0, x1, x3 = 10001011000000110000000000100000 add x0, x1, x2 = 10001011000000100000000000100000 • Multi bit corruptions ldr x0, [sp, #32] = 11111001010000000001001111100000 str x0, [x0, #32] = 11111001000000000001000000000000 • Most chips are affected by this fault model • Which bits can be controlled, and how, depends on the target, … • As software is modified; any software security model breaks We decided to use this to devise powerful attacks…

  15. TURNING DATA TRANSFERS INTO ARBITRARY EXECUTION

  16. Data transfers are a great target GSM RF • All devices transfer data USB ROM • From memory to memory CPU UART SRAM • Using external interfaces ETH DDR Flash Transferring data is fundamental for devices!

  17. Fault injection target: memcpy • It’s everywhere. • Parameters are typically checked (dest, src and n) • Data itself often not considered security critical Let’ s use it as a Fault Injection target…

  18. Attack description Input Command buffer buffer 00000000 <memcpy>: 00000000 <memcpy>: 00000000 <memcpy>: 0: e92d0070 0: e92d0070 0: e92d0070 push push push {r4, r5, r6} {r4, r5, r6} {r4, r5, r6} Interface Command 00000004 <loop>: 00000004 <loop>: 00000004 <loop>: (USB) 4: e8b10078 4: e8b1 8 078 4: e8b10078 ldm ldm ldm r1!, {r3, r4, r5, r6 , pc } r1!, {r3, r4, r5, r6} r1!, {r3, r4, r5, r6} handler 8: e8a00078 8: e8a00078 8: e8a00078 stm stm stm r0!, {r3, r4, r5, r6} r0!, {r3, r4, r5, r6} r0!, {r3, r4, r5, r6} c: e2522020 c: e2522020 c: e2522020 subs subs subs r2, r2, #32 r2, r2, #32 r2, r2, #32 10: aafffffb bge 4 <ldmloop> 10: aafffffb 10: aafffffb bge bge 4 <ldmloop> 4 <ldmloop> 14: e8bd0070 14: e8bd0070 14: e8bd0070 pop pop pop {r4, r5, r6} {r4, r5, r6} {r4, r5, r6} 18: e12fff1e 18: e12fff1e 18: e12fff1e bx bx bx lr lr lr Output buffer Control flow is directly hijacked using an 1 bit fault!

  19. Attack summary • Corrupt instruction • Modify load instruction operands (destination register) • Directly addressable PC is set to attacker controlled value

  20. We used this technique for different attacks • Escalating privileges from user to kernel in Linux • R00ting the Unexploitable using Hardware Fault Injection @ BlueHat v17 • Bypassing encrypted secure boot • Hardening Secure Boot on Embedded Devices @ Blue Hat IL 2019 • Taking control of an AUTOSAR based ECU • Attacking AUTOSAR using Software and Hardware Attacks @ escar USA 2019

  21. NICE! BUT… AARCH32 SPECIFIC!

  22. Our new research • Generalize turning data transfers into code execution using FI • Identify techniques that apply to all architectures (e.g. ARMv8)

  23. We focus on… • Software that transfers attacker controlled data • Instructions that affect control flow: • Jumps (JMP , JX, etc.) • Calls (BL, CALL, etc.) • Returns (RET, etc.) • Exception returns (ERET, etc.) • … Present in all architectures and systems!

  24. TECHNIQUE 42: EPILOGUE: ‘ RET ’ CORRUPTION

  25. The RET instruction • We are talking here about RET on ARMv8 • It has the following encoding: • Interestingly, the RET instruction can encode any register (x0 to x30) How do we attack?

  26. Real world example • Let’s have a look at Google Bionic’s (LIBC) memcpy • Optimized memcpy uses different code based on length memcpy: memcpy: memcpy: memcpy: • Copying 16 bytes executes the following code: add srcend, src, count 0:8b020024 add x4, x1, x2 0:8b020024 add x4, x1, x2 0:8b020024 add x4, x1, x2 add dstend, dstin, count 4:8b020005 add x5, x0, x2 4:8b020005 add x5, x0, x2 4:8b020005 add x5, x0, x2 cmp count, 16 8:f100405f cmp x2, #0x10 8:f100405f cmp x2, #0x10 8:f100405f cmp x2, #0x10 • Source data resides in x6 and x7 b.ls L(copy16) c:54000229 b.ls 50 <memcpy+0x50 c:54000229 b.ls 50 <memcpy+0x50 c:54000229 b.ls 50 <memcpy+0x50 ... ... ... ... 50:f100205f cmp x2, #0x8 50:f100205f cmp x2, #0x8 cmp count, 8 50:f100205f cmp x2, #0x8 • Source data is not wiped before RET 54:540000e3 b.cc 70 <memcpy+0x70> 54:540000e3 b.cc 70 <memcpy+0x70> b.lo 1f 54:540000e3 b.cc 70 <memcpy+0x70> 58:f9400026 ldr x6, [x1] 58:f9400026 ldr x6, [x1] ldr A_l, [src] 58:f9400026 ldr x6, [x1] ldr A_h, [srcend, -8] 5c:f85f8087 ldur x7, [x4, #-8] 5c:f85f8087 ldur x7, [x4, #-8] 5c:f85f8087 ldur x7, [x4, #-8] • Glitch RET into RET x6 or RET x7 60:f9000006 str x6, [x0] 60:f9000006 str x6, [x0] 60:f9000006 str x6, [x0] str A_l, [dstin] 64:f81f80a7 stur x7, [x5, #-8] 64:f81f80a7 stur x7, [x5, #-8] str A_h, [dstend, -8] 64:f81f80a7 stur x7, [x5, #-8] 68:d65f03c0 ret 68:d65f03c0 ret ret 68:d65f03c0 ret What kind of fault do we need? Good question…

  27. Fault injection simulator • Manually applying fault models is tedious; we need automation Compile code Emulate code Inject faults Log results • We assume various faults at the instruction level • Bit flips: 1, 2, 3 and 4 (Flip{x}) • Bits to zero: 1, 2, 3 and 4 (BiZe{x}) • Bytes to zero: 1, 2, and 4 (ByZe{x}) Important: actual faults in a real target may be different!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

Saurabh Jha, Subho S. Banerjee , James Cyriac, Zbigniew T. Kalbarczyk and Ravishankar K. Iyer Computer Science, Electrical and Computer Engineering AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

215 views • 8 slides
Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers

Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers

Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers Todays agenda Introduction Fault injection, what is it? Fault injection,

920 views • 69 slides
Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der

Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der

Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der Elzen University of Amsterdam What is Fault Injection? Simply put: Introducing faults in a target to alter its intended behavior* *(N.

553 views • 34 slides
Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006

Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006

Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006 1/28 Symbolic Fault Injection An attempt to introduce Formal Methods into the area of Fault Injection Objective: Evaluate dependability of

691 views • 28 slides
Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research

Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research

Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research Project 1 Jasper Hupkens Dominika Rusek 05.02.2019 1 Introduction to the world of fault injection Research project at Riscure Fault

678 views • 25 slides
Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs

Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs

ElectroMagnetic Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs George.Thessalonikefs@os3.nl University of Amsterdam February 5, 2014 Introduction Hardware Fault Injection Induce faults to hardware through side

517 views • 26 slides
Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune

Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune

Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune timmers@riscure.com c.mune@pulse-sec.com ( @ tieknimmers) ( @ pulsoid) September 25, 2017 Fault Injection A definition... Introducing faults in a target

969 views • 47 slides
Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty Ciphertext But how to inject a fault? Fault: Injection Model Exploitation Non-invasive Device is not altered physical Semi-invasive

602 views • 32 slides
Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed

Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed

Sharif University of Technology Department of Computer Engineering Dependable System Lab [DSL] Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed Nematollah Ahmadian, Seyed Ghassem Miremadi

398 views • 17 slides
An Intelligent Approach using SVM to Enhance Turn-to-Turn Fault Detection in Power Transformers

An Intelligent Approach using SVM to Enhance Turn-to-Turn Fault Detection in Power Transformers

An Intelligent Approach using SVM to Enhance Turn-to-Turn Fault Detection in Power Transformers Dr. Mohamed Elsamahy, P.Eng. Department of Electrical Power &amp; Energy Military Technical College, Cairo, Egypt Mariya Babiy, E.I.T Department of

352 views • 16 slides
Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and

Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and

Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and SEU Emulation for FPGAs Emulation for FPGAs Bradley Dutton, Mustafa Ali, John Bradley Dutton, Mustafa Ali, John Sunwoo, and Charles Stroud Sunwoo,

305 views • 26 slides
A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application

A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application

A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application into executing commands or code embedded in data Data and code mixing! Often injected into interpreters SQL, PHP, Python, JavaScript, LDAP,

377 views • 14 slides
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Overviewtrated Account Summary Account: Account: &quot;SELECT

445 views • 32 slides
Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi,

Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi,

Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi, Cludio Gomes, Bentley James Oakes and Joachim Denil Summersim 2019 July 22, 2019 Berlin, Germany Outline Introduction Context and

404 views • 28 slides
Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b ,

Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b ,

Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b , C. Roscian b , J.M. Dutertre b , M. Lisart a , O. Gagliano a , V. Serradeil a , A. Tria b . a STMicroelectronics, Avenue Clestin Coq 13790 Rousset,

273 views • 14 slides
SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD (

SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD (

SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD ( guillaume.boufgard@ssi.gouv.fr ) David EL-BAZE ( david.elbaze@ssi.gouv.fr ) with the help of Thomas TROUCHKINE Agence nationale de la scurit des systmes

523 views • 28 slides
Reaction Injection Molding (RIM)- Low Quantity Injection Molding for the Life Sciences Industry

Reaction Injection Molding (RIM)- Low Quantity Injection Molding for the Life Sciences Industry

Reaction Injection Molding (RIM)- Low Quantity Injection Molding for the Life Sciences Industry Presented by: Ken Schweitz, President and Doug Culbertson, VP Business Development of Premold Corp Section I. Advantages of RIM Economical

441 views • 29 slides
INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI Security Engineering @ Research on Runtime Application Self Defence Authored MobSF, Xenotix and NodeJSScan Teach Security: opsecx.com

906 views • 55 slides
Siva Hari Timothy Tsai, Mark Stephenson, Stephen W. Keckler, Joel Emer MOTIVATION Automotive

Siva Hari Timothy Tsai, Mark Stephenson, Stephen W. Keckler, Joel Emer MOTIVATION Automotive

Siva Hari Timothy Tsai, Mark Stephenson, Stephen W. Keckler, Joel Emer MOTIVATION Automotive and HPC systems need high resilience Need to evaluate resilience of applications Silent Data Corruption (SDC), Detected Unrecoverable Error (DUE)

368 views • 26 slides
Outline Cross-site scripting CSci 5271 More cross-site risks Introduction to Computer Security

Outline Cross-site scripting CSci 5271 More cross-site risks Introduction to Computer Security

Outline Cross-site scripting CSci 5271 More cross-site risks Introduction to Computer Security Web security, part 2 Announcements intermission Stephen McCamant Confidentiality and privacy University of Minnesota, Computer Science &amp;

892 views • 6 slides
Survey of Cyber Moving Targets Second Edition Authors: B.C. Ward S.R. Gomez R.W. Skowyra D.

Survey of Cyber Moving Targets Second Edition Authors: B.C. Ward S.R. Gomez R.W. Skowyra D.

Survey of Cyber Moving Targets Second Edition Authors: B.C. Ward S.R. Gomez R.W. Skowyra D. Bigelow J.N. Martin J.W. Landry H. Okhravi Presenter: Jinghui Liao Outline Cyber Kill Chain Attack technique Moving-targets technique

562 views • 37 slides
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target

Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target

Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system Increase the complexity of cyber

442 views • 40 slides
Using Partial Taint Tracking To Protect Against Injection Attacks Ioannis Papagiannis , Matteo

Using Partial Taint Tracking To Protect Against Injection Attacks Ioannis Papagiannis , Matteo

PHP Aspis: Using Partial Taint Tracking To Protect Against Injection Attacks Ioannis Papagiannis , Matteo Migliavacca, Peter Pietzuch Department of Computing, Imperial College London USENIX WebApps 2011 Portland, OR, USA Injection

763 views • 47 slides
Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy Ruben Rios 1 , Jorge

Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy Ruben Rios 1 , Jorge

Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy Ruben Rios 1 , Jorge Cuellar 2 , Javier Lopez 1 1 NICS Lab University of Mlaga 2 Siemens AG, Munich E SORI CS 2012 10-14 Se pt. Pisa (I ta ly)

432 views • 25 slides

More recommend