Security and Trust in Open Source Security Tokens

Schink, Marc; Wagner, Alexander; Unterstein, Florian; Heyszl, Johann

doi:10.46586/tches.v2021.i3.176-201

Cited by 7 publications

(15 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this work, we present the first in-depth analysis of the so-called flash erase suppression attack vector presented by Schink et al [SWUH21]. We improve and extend this work with an assessment of the potential risks caused by this attack on real-world products by investigating three open research questions:…”

Section: Contributionsmentioning

confidence: 96%

“…The attack was carried out with voltage glitching on an 8-bit microcontroller. About 15 years later, Schink et al [SWUH21] present a similar attack, this time on a more recent 32-bit microcontroller and using EMFI. Although a long time has passed since this attack vector was first published, current microcontrollers still seem to be vulnerable.…”

Section: Related Workmentioning

confidence: 98%

“…Non-invasive physical attacks to bypass the debug interface protection have been shown for some devices of the nRF52 and EFM32 microcontroller families [SWUH21,Lim20a,Lim20b,Lim21]. The restrictions on their debug interface can be temporarily disabled by applying a voltage glitch or injecting a pulse via EMFI during the power-up phase of the microcontrollers.…”

Section: Related Workmentioning

confidence: 99%

“…Nevertheless, in some cases the effects are fully understood. In [SWUH21,BFP19], for example, an attack that reactivates a debug interface that was previously deactivated completely, was presented. This attack exploits a design flaw, which makes the microcontroller's hardware downgrade the protection level, if an error during the transfer of configuration data from flash memory into an internal register is detected.…”

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

Unlock the Door to my Secrets, but don’t Forget to Glitch

Schink,

Wagner,

Oberhansl

et al. 2024

TCHES

View full text Add to dashboard Cite

In this work, we look into an attack vector known as flash erase suppression. Many microcontrollers have a feature that allows the debug interface protection to be deactivated after wiping the entire flash memory. The flash erase suppression attack exploits this feature by glitching the mass erase, allowing unlimited access to the data stored in flash memory. This type of attack was presented in a confined context by Schink et al. at CHES 2021. In this paper, we investigate whether this generic attack vector poses a serious threat to real-world products. For this to be true, the success rate of the attack must be sufficiently high, as otherwise, device unique secrets might be erased. Further, the applicability to different devices, different glitching setups, cost, and limitations must be explored. We present the first in-depth analysis of this attack vector. Our study yields that realistic attacks on devices from multiple vendors are possible. As countermeasures can hardly be retrofitted with software, our findings should be considered by users when choosing microcontrollers for security-relevant products or for protection of intellectual property (IP), as well by hardware designers when creating next generation microcontrollers.

show abstract

Section: Contributionsmentioning

confidence: 96%

Section: Related Workmentioning

confidence: 98%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Unlock the Door to my Secrets, but don’t Forget to Glitch

Schink,

Wagner,

Oberhansl

et al. 2024

TCHES

View full text Add to dashboard Cite

show abstract

“…Fault attacks are active, physical attacks that are commonly used to threaten the security of embedded devices [DM12, TM17, O'F20, ELG20] and secure elements [Hér,VWWM11,SWUH21]. In these attacks, a fault is induced into the chip causing several effects at the physical level, e.g., transient voltage and current changes as well as timing violations [RBSG21].…”

Section: Fault Attacksmentioning

confidence: 99%

SYNFI: Pre-Silicon Fault Analysis of an Open-Source Secure Element

Nasahl

Oteyza

Vogel³

et al. 2022

TCHES

View full text Add to dashboard Cite

Fault attacks are active, physical attacks that an adversary can leverage to alter the control-flow of embedded devices to gain access to sensitive information or bypass protection mechanisms. Due to the severity of these attacks, manufacturers deploy hardware-based fault defenses into security-critical systems, such as secure elements. The development of these countermeasures is a challenging task due to the complex interplay of circuit components and because contemporary design automation tools tend to optimize inserted structures away, thereby defeating their purpose. Hence, it is critical that such countermeasures are rigorously verified post-synthesis. Since classical functional verification techniques fall short of assessing the effectiveness of countermeasures (due to the circuit being analyzed when no faults are present), developers have to resort to methods capable of injecting faults in a simulation testbench or into a physical chip sample. However, developing test sequences to inject faults in simulation is an error-prone task and performing fault attacks on a chip requires specialized equipment and is incredibly time-consuming. Moreover, identifying the fault-vulnerable circuit is hard in both approaches, and fixing potential design flaws post-silicon is usually infeasible since that would require another tape-out. To that end, this paper introduces SYNFI, a formal pre-silicon fault verification framework that operates on synthesized netlists. SYNFI can be used to analyze the general effect of faults on the input-output relationship in a circuit and its fault countermeasures, and thus enables hardware designers to assess and verify the effectiveness of embedded countermeasures in a systematic and semi-automatic way. The framework automatically extracts sensitive parts of the circuit, induces faults into the extracted subcircuit, and analyzes the faults’ effects using formal methods. To demonstrate that SYNFI is capable of handling unmodified, industry-grade netlists synthesized with commercial and open tools, we analyze OpenTitan, the first opensource secure element. In our analysis, we identified critical security weaknesses in the unprotected AES block, developed targeted countermeasures, reassessed their security, and contributed these countermeasures back to the OpenTitan project. For other fault-hardened IP, such as the life cycle controller, we used SYNFI to confirm that existing countermeasures provide adequate protection.

show abstract