Laser-induced Single-bit Faults in Flash Memory: Instructions Corruption on a 32-bit Microcontroller

Colombier, Brice; Menu, Alexandre; Dutertre, Jean-Max; Moëllic, Pierre-Alain; Rigaud, Jean-Baptiste; Danger, Jean‐Luc

doi:10.1109/hst.2019.8741030

Cited by 39 publications

(43 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• The fault analysis will miss potential implementation weaknesses. Recent target specific fault models [4], [5], [6], bypass software countermeasures in a single fault. • This challenge becomes even more crucial for multifault attacks analysis as there will be more unnoticed vulnerabilities as well as more unexploitable attacks because of the combinatorial explosion of possible attack paths.…”

Section: Challenges Of Multi-fault Attack Vulnerability Assessmentmentioning

confidence: 99%

An End-to-End Approach for Multi-Fault Attack Vulnerability Assessment

Werner

Maingault

Potet

2020

2020 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)

View full text Add to dashboard Cite

Although multi-fault attacks are extremely powerful in defeating sophisticated hardware and software defences, detecting and exploiting such attacks remains a difficult problem, especially without any prior knowledge of the target. Our main contribution is an end-to-end approach for multi-fault attack vulnerability assessment We take advantage of target specific fault models rather than generic fault models to achieve complex multi-fault attacks that can lead to critical vulnerabilities. Target specific fault models are generated thanks to fault models inference process, based on a fault injections simulation and a characterization, in order to elaborate powerful multifault attacks based on different fault models. Combining fault models opens up new possible attack paths and adds flexibility to design fault attacks that adapt to countermeasures. Hence, the direct consequence of the increasing complexity of fault attacks question the effectiveness of software countermeasures based on generic fault models for sensitive applications.

show abstract

Section: Challenges Of Multi-fault Attack Vulnerability Assessmentmentioning

confidence: 99%

An End-to-End Approach for Multi-Fault Attack Vulnerability Assessment

Werner

Maingault

Potet

2020

2020 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)

View full text Add to dashboard Cite

show abstract

“…Instruction modification achieves an instruction skip if the modified instruction has no effect on the code operations (instruction skips are often actual code modification); the same is true for turning an instruction into a nop. An analysis of single instruction skips due to instruction modification induced by laser is reported in [8]. It relates how faulting one bit of an instruction opcode led to two successful fas.…”

Section: Study Of Laser-induced Instruction Skipsmentioning

confidence: 99%

“…Laser-induced fault injection may be used to force the identification of an attacker using a wrong PIN. As illustrated in [8], where a laser-induced modification of one instruction of a similar PIN algorithm permits to perform a PIN bypass. [9] describes, on simulation basis, several instruction skip attacks that may result in a successful PIN bypass: most of them targeting one or a few successive code instructions.…”

Section: Pin Bypass With Several Laser Pulsesmentioning

confidence: 99%

“…Denomination of the fault model The laser-induced instruction skip fm relies on two possible mechanisms: (1) injecting faults into an instruction opcode [8,11] that turn it into another instruction, or (2) replacing it by a nop instruction (this work). In neither case is the instruction really skipped over.…”

Section: Laser-induced Instruction Skip Fault Modelmentioning

confidence: 99%

“…This suggest that a similar mechanism may be at work, even though they did not test the feasibility of successive instruction skips. The authors of [8] also induced single instruction skips through laser illumination into a cortex-M3 microcontroller by faulting a single bit of the targeted instruction (hence inducing an instruction modification equivalent to an instruction skip because the modified instruction had no effect on the executed test code). The physical mechanism they revealed as the root cause of this instruction skip (a laser-induced discharge of a bitline of the Flash memory) appears compatible with induction of several skips if a long laser pulse is used.…”

Section: Generalizationmentioning

confidence: 99%

See 2 more Smart Citations

Experimental Analysis of the Laser-Induced Instruction Skip Fault Model

Dutertre

Riom

Potin

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Microcontrollers storing valuable data or using security functions are vulnerable to fault injection attacks. Among the various types of faults, instruction skips induced at runtime proved to be effective against identification routines or encryption algorithms. Several research works assessed a fault model that consists in a single instruction skip, i.e. the ability to prevent one chosen instruction in a program from being executed. This assessment is used to design countermeasures able to withstand a single instruction skip. We question this fault model on experimental basis and report the possibility to induce with a laser an arbitrary number of instruction skips. This ability to erase entire sections of a firmware has strong implications regarding the design of countermeasures.

show abstract

Message-Recovery Laser Fault Injection Attack on the Classic McEliece Cryptosystem

Cayrel

Colombier

Drăgoi

et al. 2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Code-based public-key cryptosystems are promising candidates for standardization as quantum-resistant public-key cryptographic algorithms. Their security is based on the hardness of the syndrome decoding problem. Computing the syndrome in a finite field, usually F2, guarantees the security of the constructions. We show in this article that the problem becomes considerably easier to solve if the syndrome is computed in N instead. By means of laser fault injection, we illustrate how to compute the matrix-vector product in N by corrupting specific instructions, and validate it experimentally. To solve the syndrome decoding problem in N, we propose a reduction to an integer linear programming problem. We leverage the computational efficiency of linear programming solvers to obtain real-time message recovery attacks against the code-based proposal to the NIST Post-Quantum Cryptography standardization challenge. We perform our attacks in the worst-case scenario, i.e. considering random binary codes, and retrieve the initial message within minutes on a desktop computer. Our attack targets the reference implementation of the Niederreiter cryptosystem in the NIST PQC competition finalist Classic McEliece and is practically feasible for all proposed parameters sets of this submission. For example, for the 256-bit security parameters sets, we successfully recover the message in a couple of seconds on a desktop computer. Finally, we highlight the fact that the attack is still possible if only a fraction of the syndrome entries are faulty. This makes the attack feasible even though the fault injection does not have perfect repeatability and reduces the computational complexity of the attack, making it even more practical overall.

show abstract

Laser-induced Single-bit Faults in Flash Memory: Instructions Corruption on a 32-bit Microcontroller

Cited by 39 publications

References 30 publications

An End-to-End Approach for Multi-Fault Attack Vulnerability Assessment

An End-to-End Approach for Multi-Fault Attack Vulnerability Assessment

Experimental Analysis of the Laser-Induced Instruction Skip Fault Model

Message-Recovery Laser Fault Injection Attack on the Classic McEliece Cryptosystem

Contact Info

Product

Resources

About