On a Low Cost Fault Injection Framework for Security Assessment of Cyber-Physical Systems: Clock Glitch Attacks

Fault injection methods as a type of physical attack have gained significant importance in the security of MCU-based Internet-of-Things (IoTs) systems and they continue to become more and more important as the value of assets continues to increase. These attacks can pose severe security risks to the entire IoT system and their effects can quickly lead to security breaches. However, embedded software developers most often do not have the necessary expertise concerning existing vulnerabilities against such attacks. This makes it necessary to have a practical evaluation platform for measuring the degree of security, in a rapid and accurate way. These platforms are important not only from the performance and capability point of view, but also they need to be cost-effective, which is a critical factor to consider during their design. We present in this work a generic low cost and open platform, called HackMyMCU framework. While this platform offers both side channel and fault injection capabilities, this paper focuses on its clock glitch attacks. A first review of existing clock-based fault injectors is initially performed. Then we present two different clock glitchers and we use them to evaluate a modern MCU. The suggested methods consider the necessary parameters for the development of cost-effective and easy to use evaluation platforms which utilize easily accessible equipment. The findings show that a common and low-cost evaluation platform can be implemented with the goal to validate appropriate countermeasures against such attacks.