Thwarting Electromagnetic Fault Injection Attack Utilizing Timing Attack Countermeasure

Ghodrati, Marjan

23 January 2018

The extent of embedded systems' role in modern life has continuously increased over the years. Moreover, embedded systems are assuming highly critical functions with security requirements more than ever before. Electromagnetic fault injection (EMFI) is an efficient class of physical attacks that can compromise the immunity of secure cryptographic algorithms. Despite successful EMFI attacks, the effects of electromagnetic injection on a processor are not well understood. This includes lack of solid knowledge about how EMFI affects the circuit and deviates it from proper functionality. Also, effects of EM glitches on the global networks of a chip such as power, clock and reset network are not known. We believe to properly model EMFI and develop effective countermeasures, a deeper understanding of the EM effect on a chip is needed. In this thesis, we present a bottom-up analysis of EMFI effects on a RISC microprocessor. We study these effects at three levels: at the wire-level, at the chip-network level, and at the gate-level considering parameters such as EM-injection location and timing. We conclude that EMFI induces local timing errors implying current timing attack detection and prevention techniques can be adapted to overcome EMFI. To further validate our hypothesis, we integrate a configurable timing sensor into our microprocessor to evaluate its effectiveness against EMFI. / Master of Science / In the current technology era, embedded systems play a critical role in every human’s life. They are collecting very precise and private information of the users. So, they can become a potential target for the attackers to steal this valuable information. As a result, the security of these devices becomes a serious issue in this era. Electromagnetic fault injection (EMFI) is an efficient class of physical attacks that can inject faults to the state of the processor and deviate it from its proper functionality. Despite its growing popularity among the attackers, limitations and capabilities of this attack are not very well understood. Several detection techniques have been proposed so far, but most of them are either very expensive to implement or not very effective. We believe to properly model EMFI and develop effective countermeasures, a deeper understanding of the EM effect on a chip is needed. In this research work, we try to perform a bottom-up analysis of EM fault injection on a RISC microprocessor and do a comprehensive study at all wire-level, chip-network level, and gate-level and finally propose a solution for it.

Electromagnetic Fault Injection

Countermeasure

Attack

Hardware Fault Attack Detection Methods for Secure Embedded Systems

Deshpande, Chinmay Ravindra

15 February 2018

In our daily life, we are increasingly putting our trust in embedded software applications, which run on a range of processor-based embedded systems from smartcards to pay-TV units. This trend expands the threat model of embedded applications from software into hardware. Over the last 20 years, fault attacks have emerged as an important class of hardware attacks against embedded software security. In fault attacks, an adversary breaks the security by injecting well chosen, targeted faults during the execution of embedded software, and systematically analyzing softwares fault response. In this work, we propose cycle-accurate and fully digital techniques that can efficiently detect different types of fault attacks. The detection methods are low-cost regarding the area and power consumption and can be easily implemented using the standard cell based VLSI design flow. In addition to the architecture of the detectors, we present a detailed analysis of the design considerations that affect the cost and accuracy of the detectors. The functionality of the detectors is validated by implementing on ASIC and FPGA platforms (Spartan-6, Cyclone IV). Additionally, the proposed detection methods have demonstrated to successfully detect all of the injected faults without any false alarm. / Master of Science / Embedded systems nowadays play a very crucial role in day to day life. They are always gathering sensitive and private data of the users. So they become an attractive target for the attackers to steal this important data. As a result, the security of these devices has become a grave concern. Fault attacks are a class of hardware attacks where the attacker injects faults into the system while it is executing a known program and observes the reaction. The abnormal reactions of the system are later analyzed to obtain the valuable data. Several mechanisms to detect such attacks exist in the literature, but they are not very effective. In this work, we first analyze the effect of different types of fault attacks on the embedded processor. Then we propose various low-cost digital techniques that can efficiently detect these attacks.

Fault Attack

Countermeasures

Detection

Clock glitching

Electromagnetic Fault Injection