High Precision Laser Fault Injection using Low-cost Components. / Kelly, Martin; Mayes, Keith.
2020. 1-10 Paper presented at IEEE International Symposium on Hardware Oriented Security and Trust, San Jose, United States.Research output: Contribution to conference › Paper
Forthcoming
Documents
- Accepted Manuscript
Rights statement: © 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 719 KB, PDF document
Abstract
This paper demonstrates that it is possible to execute
sophisticated and powerful fault injection attacks on microcontrollers
using low-cost equipment and readily available components.
Earlier work had implied that powerful lasers and high
grade optics frequently used to execute such attacks were being
underutilized and that attacks were equally effective when using
low-power settings and imprecise focus.
This work has exploited these earlier findings to develop a lowcost
laser workstation capable of generating multiple discrete
faults with timing accuracy capable of targeting consecutive
instruction cycles. We have shown that the capabilities of this
new device exceed those of the expensive laboratory equipment
typically used in related work.
We describe a simplified fault model to categorize the effects
of induced errors on running code and use it, along with the
new device, to reevaluate the efficacy of different defensive coding
techniques. This has enabled us to demonstrate an efficient hybrid
defense that outperforms the individual defenses on our chosen
target.
This approach enables device programmers to select an appropriate
compromise between the extremes of undefended code
and unusable overdefended code, to do so specifically for their
chosen device and without the need for prohibitively expensive
equipment. This work has particular relevance in the burgeoning
IoT world where many small companies with limited budgets
are deploying low-cost microprocessors in ever more security
sensitive roles.
sophisticated and powerful fault injection attacks on microcontrollers
using low-cost equipment and readily available components.
Earlier work had implied that powerful lasers and high
grade optics frequently used to execute such attacks were being
underutilized and that attacks were equally effective when using
low-power settings and imprecise focus.
This work has exploited these earlier findings to develop a lowcost
laser workstation capable of generating multiple discrete
faults with timing accuracy capable of targeting consecutive
instruction cycles. We have shown that the capabilities of this
new device exceed those of the expensive laboratory equipment
typically used in related work.
We describe a simplified fault model to categorize the effects
of induced errors on running code and use it, along with the
new device, to reevaluate the efficacy of different defensive coding
techniques. This has enabled us to demonstrate an efficient hybrid
defense that outperforms the individual defenses on our chosen
target.
This approach enables device programmers to select an appropriate
compromise between the extremes of undefended code
and unusable overdefended code, to do so specifically for their
chosen device and without the need for prohibitively expensive
equipment. This work has particular relevance in the burgeoning
IoT world where many small companies with limited budgets
are deploying low-cost microprocessors in ever more security
sensitive roles.
| Original language | English |
|---|---|
| Pages | 1-10 |
| Number of pages | 10 |
| Publication status | Accepted/In press - 13 Feb 2020 |
| Event | IEEE International Symposium on Hardware Oriented Security and Trust - Double Tree by Hilton, San Jose, United States Duration: 6 Dec 2020 → 9 Dec 2020 http://www.hostsymposium.org/ |
Conference
| Conference | IEEE International Symposium on Hardware Oriented Security and Trust |
|---|---|
| Abbreviated title | HOST |
| Country | United States |
| City | San Jose |
| Period | 6/12/20 → 9/12/20 |
| Internet address |
This open access research output is licenced under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
ID: 38226450