3,980 research outputs found
Design and validation of a platform for electromagnetic fault injection
Security is acknowledged as one of the main challenges in the design and deployment of embedded circuits. Devices need to operate on-the-field safely and correctly, even when at physical reach of potential adversaries. One of the most powerful techniques to compromise the correct functioning of a device are fault injection attacks. They enable an active adversary to trigger errors on a circuit in order to bypass security features or to gain knowledge of security-sensitive information. There are several methods to induce such errors. In this work we focus on the injection of faults through the electromagnetic (EM) channel. In particular, we document our efforts towards building a suitable platform for EM pulse injection. We design a pulse injection circuit that can provide currents over 20 A to an EM injector in order to generate abrupt variations of the EM field on the vicinity of a circuit. We validate the suitability of our platform by applying a well-know attack on an embedded 8-bit microcontroller implementing the AES block cipher. In particular, we show how to extract the AES secret cryptographic keys stored in the device by careful injection of faults during the encryption operations and simple analysis of the erroneous outputs.Peer ReviewedPostprint (published version
Trick or Heat? Manipulating Critical Temperature-Based Control Systems Using Rectification Attacks
Temperature sensing and control systems are widely used in the closed-loop
control of critical processes such as maintaining the thermal stability of
patients, or in alarm systems for detecting temperature-related hazards.
However, the security of these systems has yet to be completely explored,
leaving potential attack surfaces that can be exploited to take control over
critical systems.
In this paper we investigate the reliability of temperature-based control
systems from a security and safety perspective. We show how unexpected
consequences and safety risks can be induced by physical-level attacks on
analog temperature sensing components. For instance, we demonstrate that an
adversary could remotely manipulate the temperature sensor measurements of an
infant incubator to cause potential safety issues, without tampering with the
victim system or triggering automatic temperature alarms. This attack exploits
the unintended rectification effect that can be induced in operational and
instrumentation amplifiers to control the sensor output, tricking the internal
control loop of the victim system to heat up or cool down. Furthermore, we show
how the exploit of this hardware-level vulnerability could affect different
classes of analog sensors that share similar signal conditioning processes.
Our experimental results indicate that conventional defenses commonly
deployed in these systems are not sufficient to mitigate the threat, so we
propose a prototype design of a low-cost anomaly detector for critical
applications to ensure the integrity of temperature sensor signals.Comment: Accepted at the ACM Conference on Computer and Communications
Security (CCS), 201
A Framework for Evaluating Security in the Presence of Signal Injection Attacks
Sensors are embedded in security-critical applications from medical devices
to nuclear power plants, but their outputs can be spoofed through
electromagnetic and other types of signals transmitted by attackers at a
distance. To address the lack of a unifying framework for evaluating the
effects of such transmissions, we introduce a system and threat model for
signal injection attacks. We further define the concepts of existential,
selective, and universal security, which address attacker goals from mere
disruptions of the sensor readings to precise waveform injections. Moreover, we
introduce an algorithm which allows circuit designers to concretely calculate
the security level of real systems. Finally, we apply our definitions and
algorithm in practice using measurements of injections against a smartphone
microphone, and analyze the demodulation characteristics of commercial
Analog-to-Digital Converters (ADCs). Overall, our work highlights the
importance of evaluating the susceptibility of systems against signal injection
attacks, and introduces both the terminology and the methodology to do so.Comment: This article is the extended technical report version of the paper
presented at ESORICS 2019, 24th European Symposium on Research in Computer
Security (ESORICS), Luxembourg, Luxembourg, September 201
Microelectromechanical Systems (MEMS) Resistive Heaters as Circuit Protection Devices
With increased opportunities for the exploitation (i.e., reverse engineering) of vulnerable electronic components and systems, circuit protection has become a critical issue. Circuit protection techniques are generally software-based and include cryptography (encryption/decryption), obfuscation of codes, and software guards. Examples of hardware-based circuit protection include protective coatings on integrated circuits, trusted foundries, and macro-sized components that self-destruct, thus destroying critical components. This paper is the first to investigate the use of microelectromechanical systems (MEMS) to provide hardware-based protection of critical electronic components to prevent reverse engineering or other exploitation attempts. Specifically, surface-micromachined polycrystalline silicon to be used as meandering resistive heaters were designed analytically and fabricated using a commercially available MEMS prototyping service (i.e., PolyMUMPs), and integrated with representative components potentially at risk for exploitation, in this case pseudomorphic high-electron mobility transistors (pHEMTs). The MEMS heaters were initiated to self-destruct, destroying a critical circuit component and thwart a reverse engineering attempt. Tests revealed reliable self-destruction of the MEMS heaters with approximately 25 V applied, resulting in either complete operational failure or severely altering the pHEMT device physics. The prevalent failure mechanism was metallurgical, in that the material on the surface of the device was changed, and the specific failure mode was the creation of a short-circuit. Another failure mode was degraded device operation due to permanently altered device physics related to either dopant diffusion or ohmic contact degradation. The results, in terms of the failure of a targeted electronic component, demonstrate the utility of using MEMS devices to protect critical components which are otherwise vulnerable to exploitation
- …