Description
Electromagnetic fault injection (EMFI) is a well known technique to disturb the behavior of a chip and weaken its security. These attacks are still mostly done on simple microcontrollers since the fault effects is relatively simple and understood.
Unlocking EMFI on modern System-on-Chips (SoCs), the fast and complex chips ubiquitous today, requires to understand the impact of the faults. In this paper, we target the BCM2837 SoC with four Cortex-A53 cores from ARM. We propose an experimental setup and a forensic process to create exploitable faults and assess their impact on the micro-architecture.
The observed behaviors are radically different to what was previously obtained on microcontrollers. Subsystems (L1 caches, L2 cache, memory management unit (MMU)) can be individually targeted leading to new fault models. We highlight the differences in the fault impact with or without an Operating system (OS), therefore showing the importance of the software layers in the exploitation of a fault. The complexity and speed of a SoC does not protect them against hardware attackers, quite the contrary.
After describing the effect of faults on SoC caches and MMU, we propose countermeasures to protect the system against EMFI attacks.
Infos pratiques
Prochains exposés
-
ML-Based Hardware Trojan Detection in AI Accelerators via Power Side-Channel Analysis
Orateur : Yehya NASSER - IMT Atlantique
Our work discusses the security risks associated with outsourcing AI accelerator design due to the threat of hardware Trojans (HTs), a problem traditional testing methods fail to address. We introduce a novel solution based on Power Side-Channel Analysis (PSCA), where we collect and preprocess power traces by segmenting them and extracting features from both time and frequency domains. This[…]-
SemSecuElec
-
Side-channel
-
Machine learning
-
Hardware trojan
-