Unlock the Door to my Secrets, but don’t Forget to Glitch

IACR Transactions on Cryptographic Hardware and Embedded Systems Pub Date : 2024-03-12 DOI:10.46586/tches.v2024.i2.88-129

M. Schink, Alexander Wagner, Felix Oberhansl, Stefan Köckeis, Emanuele Strieder, Sven Freud, Dominik Klein

{"title":"Unlock the Door to my Secrets, but don’t Forget to Glitch","authors":"M. Schink, Alexander Wagner, Felix Oberhansl, Stefan Köckeis, Emanuele Strieder, Sven Freud, Dominik Klein","doi":"10.46586/tches.v2024.i2.88-129","DOIUrl":null,"url":null,"abstract":"In this work, we look into an attack vector known as flash erase suppression. Many microcontrollers have a feature that allows the debug interface protection to be deactivated after wiping the entire flash memory. The flash erase suppression attack exploits this feature by glitching the mass erase, allowing unlimited access to the data stored in flash memory. This type of attack was presented in a confined context by Schink et al. at CHES 2021. In this paper, we investigate whether this generic attack vector poses a serious threat to real-world products. For this to be true, the success rate of the attack must be sufficiently high, as otherwise, device unique secrets might be erased. Further, the applicability to different devices, different glitching setups, cost, and limitations must be explored. We present the first in-depth analysis of this attack vector. Our study yields that realistic attacks on devices from multiple vendors are possible. As countermeasures can hardly be retrofitted with software, our findings should be considered by users when choosing microcontrollers for security-relevant products or for protection of intellectual property (IP), as well by hardware designers when creating next generation microcontrollers.","PeriodicalId":321490,"journal":{"name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","volume":"90 4‐5","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Transactions on Cryptographic Hardware and Embedded Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tches.v2024.i2.88-129","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

In this work, we look into an attack vector known as flash erase suppression. Many microcontrollers have a feature that allows the debug interface protection to be deactivated after wiping the entire flash memory. The flash erase suppression attack exploits this feature by glitching the mass erase, allowing unlimited access to the data stored in flash memory. This type of attack was presented in a confined context by Schink et al. at CHES 2021. In this paper, we investigate whether this generic attack vector poses a serious threat to real-world products. For this to be true, the success rate of the attack must be sufficiently high, as otherwise, device unique secrets might be erased. Further, the applicability to different devices, different glitching setups, cost, and limitations must be explored. We present the first in-depth analysis of this attack vector. Our study yields that realistic attacks on devices from multiple vendors are possible. As countermeasures can hardly be retrofitted with software, our findings should be considered by users when choosing microcontrollers for security-relevant products or for protection of intellectual property (IP), as well by hardware designers when creating next generation microcontrollers.

查看原文本刊更多论文

打开我的秘密之门，但不要忘了闪烁

在这项工作中，我们研究了一种称为闪存擦除抑制的攻击向量。许多微控制器都有一个功能，允许在擦除整个闪存后停用调试接口保护。闪存擦除抑制攻击就是利用了这一特性，使大规模擦除发生故障，从而允许无限制地访问存储在闪存中的数据。Schink 等人在 2021 年 CHES 会议上介绍了这种攻击的局限性。在本文中，我们将研究这种通用攻击向量是否会对现实世界的产品构成严重威胁。要做到这一点，攻击的成功率必须足够高，否则设备独有的机密可能会被清除。此外，还必须探讨对不同设备、不同故障设置、成本和局限性的适用性。我们首次对这种攻击向量进行了深入分析。我们的研究表明，对来自多个供应商的设备进行现实攻击是可能的。由于对策很难通过软件进行改装，因此用户在为安全相关产品或知识产权（IP）保护选择微控制器时，以及硬件设计人员在创建下一代微控制器时，都应考虑我们的研究结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IACR Transactions on Cryptographic Hardware and Embedded Systems

自引率

0.00%

发文量