TU Darmstadt / ULB / TUbiblio

Oops..! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M

Sadeghi, Ahmad-Reza ; Mitev, Richard ; Saß, Marvin (2022)
Oops..! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M.
25th Black Hat USA. Las Vegas, USA (06.08.2022-11.08.2022)
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Fault Injection (FI), also referred to as Glitching, has proven to be a severe threat to real-world computing devices. In this kind of attack, physical faults are injected into a device at runtime, to deliberately alter the target's behavior. In order to address this threat, various countermeasures have been proposed to counteract the different types of fault injection methods at different abstraction layers, either requiring modifying the underlying hardware or firmware at the machine instruction level.

Moreover, only recently, individual chip manufacturers have started to respond to this threat by integrating certain countermeasures in their products. Multiple Fault Injection (MFI) could theoretically be used against instruction-level based countermeasures, however, as stated by previous work conducting those attacks are considered highly impractical due to the lack of precise MFI tools and efficient parameter search algorithms.

In this presentation, we showcase μ-Glitch, the first FI platform dedicated to injecting multiple, coordinated voltage faults into a target device. We'll show a novel flow for MFI attacks to significantly reduce the search complexity for fault parameters, as otherwise, the search space increases exponentially with each additional fault to be injected. After that, we'll show the effectiveness and practicality of the attack platform on two real-world systems, featuring TrustZone-M: The first one has interdependent backchecking mechanisms, while the second has additionally integrated countermeasures against fault injection. It will be revealed that μ-Glitch can successfully inject four consecutive successful faults within an average time of one day.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2022
Autor(en): Sadeghi, Ahmad-Reza ; Mitev, Richard ; Saß, Marvin
Art des Eintrags: Bibliographie
Titel: Oops..! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M
Sprache: Englisch
Publikationsjahr: 11 August 2022
Veranstaltungstitel: 25th Black Hat USA
Veranstaltungsort: Las Vegas, USA
Veranstaltungsdatum: 06.08.2022-11.08.2022
URL / URN: https://www.blackhat.com/us-22/briefings/schedule/index.html...
Kurzbeschreibung (Abstract):

Fault Injection (FI), also referred to as Glitching, has proven to be a severe threat to real-world computing devices. In this kind of attack, physical faults are injected into a device at runtime, to deliberately alter the target's behavior. In order to address this threat, various countermeasures have been proposed to counteract the different types of fault injection methods at different abstraction layers, either requiring modifying the underlying hardware or firmware at the machine instruction level.

Moreover, only recently, individual chip manufacturers have started to respond to this threat by integrating certain countermeasures in their products. Multiple Fault Injection (MFI) could theoretically be used against instruction-level based countermeasures, however, as stated by previous work conducting those attacks are considered highly impractical due to the lack of precise MFI tools and efficient parameter search algorithms.

In this presentation, we showcase μ-Glitch, the first FI platform dedicated to injecting multiple, coordinated voltage faults into a target device. We'll show a novel flow for MFI attacks to significantly reduce the search complexity for fault parameters, as otherwise, the search space increases exponentially with each additional fault to be injected. After that, we'll show the effectiveness and practicality of the attack platform on two real-world systems, featuring TrustZone-M: The first one has interdependent backchecking mechanisms, while the second has additionally integrated countermeasures against fault injection. It will be revealed that μ-Glitch can successfully inject four consecutive successful faults within an average time of one day.

Zusätzliche Informationen:

Die Arbeit wird auf dem kommenden renommierten „32nd USENIX Security Symposium“ im August 2023 unter dem Titel „Oops …! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M” vorgestellt.

Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
Hinterlegungsdatum: 12 Okt 2022 08:16
Letzte Änderung: 11 Okt 2023 06:54
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen