Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fault Injection Attacks

1,120 views

Published on

Introduction to fault injection attacks (mainly glitching), with examples from the MITRE eCTF 2017 challenge.

Published in: Software
  • ⇒ www.WritePaper.info ⇐ This service will write as best as they can. So you do not need to waste the time on rewritings.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Überprüfen Sie die Quelle ⇒ www.WritersHilfe.com ⇐ . Diese Seite hat mir geholfen, eine Diplomarbeit zu schreiben.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • HelpWriting.net is a good website if you’re looking to get your essay written for you. You can also request things like research papers or dissertations. It’s really convenient and helpful. If you’ve got something very last-minute then it can be a little risky but either way it’s probably better than anything you can throw together :).
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Fault Injection Attacks

  1. 1. Fault Injection Attacks on embedded systems Ziyad Alshehri IA 5984 Fall - 2017
  2. 2. Overview • Fault injection techniques • Clock Glitching • Timing the attack • Setup for Clock Glitching • Advanced Clock Glitching • Voltage Glitching • Setup for Voltage Glitching • Defenses against fault injection • Contribution to Sprite team • Conclusion
  3. 3. Glitching Attacks • Introducing faults in a target to alter its intended behavior • The goal is to skip instructions or corrupt data while read/write • Real-life Example: • Xbox 360 Reset Glitch Hack – by a French hacker GliGli, 2011
  4. 4. Clock Glitching • Since the instructions are executed in a pipeline based on the rising edge, it’s possible to skip an instruction by reducing the execution time.
  5. 5. Clock Glitching • To build a Clock Glitcher, we XOR the glitch stream with the original clock: • Then we remove the crystal oscillator and use the new clock.
  6. 6. Timing the attack • In order to precisely attack the target, we have to identify a trigger signal to initiate the attack based on. • Status LEDs • Toggle GPIO • Serial messages ( UART ) • Any other hardware events ( Reset, … )
  7. 7. Setup for Clock Glitching • We will use Chipwhisperer-Lite for this attack • Comprised of MCU & FPGA (ATSAM3U2C + SPARTAN-6) CLK out Trigger in UART for output
  8. 8. Setup for ATMEGA1284PChipWhispere r CLK OUT Trigger in UART output
  9. 9. ChipWhisperer Software Configuration External trigger offset = 22% of 50ns = 11ns = 14% of 50ns = 7ns Glitch offset Glitch Width 20MHz freq = Period 50ns
  10. 10. Results Trigger Target instruction
  11. 11. Examples of Successful Glitches • Rolled back to version 1 using FPGA trigger (UART=‘U’) to skip version check, and then printed the flag. River Hawk (Umass Lowell) Target instruction
  12. 12. Examples of Successful Glitches • Obtained the encryption keys by glitching to exit the while loop, and then installing a malicious firmware to print the keys over serial, then decrypted v1 firmware. • Forced the bootloader to print out memory read log and decrypt it using the keys to get stored flags. Northeastern ReadbackNortheastern Upload If statement Print ‘F’ = 0x46 Infinite loop wdt_reset() Minimum optimization -O1
  13. 13. Optimized !Optimized ! Lesson learned! Review the assembly code
  14. 14. Advanced Glitching • Practical Analysis of Embedded Microcontrollers against Clock Glitching Attacks - by Ricardo Gomes da Silva, 17 March 2014 Summary of the paper: • The research proposes a better design for a glitching system, and compares between different glitching results for different assembly instructions. • Also, the research shows how glitching multiple loops is possible with the appropriate hardware configurations.
  15. 15. Glitcher Development • Using Die Datenkrake, Hardware Security Platform • Comprised of ARM MCU & FPGA • Their target XMEGA-A1 Xplained XMEGA-A1 Xplained
  16. 16. Glitcher Development • Results of the glitched clock: • The research compares between • Unconditional loops (Jump, Relative Jump) • Conditional loops (Branch if equal, Branch if not equal) • Multiple loops
  17. 17. Unconditional loops: Jump ( JMP ) Explanation: JMP requires 3 CLK cycles to be executed. Each instruction is (16-bit) long, and the new address is (22-bit) long, therefore, we need 2 cycles to fit the new address. If these 2 cycles were glitched then we can bypass the instruction.
  18. 18. If we glitched both cycles, we won’t change the PC value.
  19. 19. Unconditional loops – Relative Jump ( RJMP ) Explanation: RJMP requires 2 CLK cycles to be executed. RJMP is a sum of the current PC + offset (12 bit) +1 , so the first cycle will conduct the sum operation for the new address, if glitched, then we can bypass the instruction.
  20. 20. Conditional loops – Branch if equal ( BREQ ) Explanation: BREQ changes the current flow of the program if the compared values are equal. In other words, subtract then branch if zero. BREQ requires 1 or 2 CLK cycles to be executed. The first cycle, will compare if the result is zero or not (0xFF), and the second one will execute the branch. We only need to glitch the first cycle to bypass the instruction.
  21. 21. Conditional loops –Branch if not equal (BRNE) Explanation: BRNE changes the current flow of the program if the compared values are not equal. In other words, subtract then branch if not zero. BRNE requires 1 or 2 CLK cycles to be executed. The first cycle, will compare if the result is not zero (0xEE), and the second one will execute the branch. We only need to glitch the first cycle to bypass the instruction.
  22. 22. Multiple loops – (double RJMP) We needed to use the internal trigger to add a precise delay before the second RJMP.
  23. 23. Multiple loops – (double RJMP) Explanation: D0 and W0 correspond to the delay and width of the first glitch, while D1 and W1 correspond to the delay and width of the second glitch (after the trigger). They were able to glitch multiple RJMPs with 1-2 repeated glitches
  24. 24. VCC Glitching Shunt resistor
  25. 25. Setup for Voltage Glitching
  26. 26. Setup for ATMEGA1284P ChipWhisperer Glitch OUT
  27. 27. Example of VCC Glitching
  28. 28. Defenses against glitching attacks • Using different clock for sensitive operations ( Firmware Dogs )
  29. 29. Defenses against glitching attacks • Enable Brown-out-detection against vcc glitching
  30. 30. Defenses against glitching attacks • Erase the flash/eeprom in case failure (Firmware Dogs, pgm_flag) • Using bl_configure function, to configure only once ( Firmware Dogs ) Firmware Dogs: Fill the buffer with FFs and rewrite pgm_flag: Erase SRAM, then erase flash
  31. 31. Defenses against glitching attacks • Disable any unnecessary debug info (Snorlax) Snorlax: no feedback on UART!
  32. 32. Contribution to Sprite team • Got all flags from RPI, using AVR Dragon and High Voltage Parallel Programming (HVPP) • Hardening the hardware configurations (Lockbits)
  33. 33. Contribution to Sprite team • implementing Clock Glitching, and helped getting all flags from vulnerable designs.
  34. 34. References • Gomes, Ricardo, “Practical Analysis of Embedded Microcontrollers against Clock Glitching Attacks”, https://rgsilva.com/Bachelorarbeit.pdf • Riscure: https://www.riscure.com/documents/eu-16-timmers-bypassing-secure-boot-using- fault-injection.pdf?1479193246 • NCC Group:https://www.blackhat.com/docs/eu-15/materials/eu-15-Giller-Implementing- Electrical-Glitching-Attacks.pdf • Chipwhisperer: https://wiki.newae.com • Die Datenkrake: https://github.com/ddk • AVR XMEGA datasheet: http://www.atmel.com/images/doc8077.pdf
  35. 35. Thank you

×