50 research outputs found
Recommended from our members
How microprobing can attack encrypted memory
This paper exposes some weaknesses of encrypted
embedded memory in secure chips. Smartcards and secure
microcontrollers are designed to protect confidential internal
information. For that they widely employ on-chip memory
encryption. Usually both data and address buses are encrypted
to prevent microprobing attacks. This paper shows how
practical such attacks can be on real chips and whether
memory encryption is as good as it is supposed to be. It was
possible to extract the whole memory from a secure 8-bit
microcontroller with as little as 8 probing needles. This paper
questions the usual belief in that ion-doping-encoded and
encrypted Mask ROM is ultimately secure. Implications for
16-bit and 32-bit microcontrollers are discussed as well. Some
common weaknesses are exposed and possible
countermeasures are discussed
Is Hardware Security Prepared for Unexpected Discoveries?
Hardware Security of semiconductor chips is in high demand these days. Modern electronic devices are expected to have high level of protection against many known attack aimed at the extraction of stored information. This is especially important for devices used in critical areas like automotive, medical, banking and industrial control applications. This leads to a constant arms race between attackers and developers. Usually new attacks are disclosed in a responsible way leaving time for
chip manufacturers and system engineers to develop countermeasures. However, there is always a chance that mitigation technology is not developed in time, or worse, not practical to implement. Are the engineers in semiconductor community prepared for such an outcome? This paper looks at the history of similar discoveries in different areas and gives some results on memory extraction from an old smartcard and approaching highly secure embedded memory – battery-backed SRAM. Finally this paper elaborates on possible discoveries in attacks aimed at stored information. The aim of this paper is to raise awareness of emerging attacks to inspire new mitigation techniques to be developed in appropriate and timely way
Hardware security, vulnerabilities, and attacks: a comprehensive taxonomy
Information Systems, increasingly present in a world that goes towards complete digitalization, can be seen as complex systems at the base of which is the hardware. When dealing with the security of these systems to stop possible intrusions and malicious uses, the analysis must necessarily include the possible vulnerabilities that can be found at the hardware level, since their exploitation can make all defenses implemented at web or software level ineffective. In this paper, we propose a meaningful and comprehensive taxonomy for the vulnerabilities affecting the hardware and the attacks that exploit them to compromise the system, also giving a definition of Hardware Security, in order to clarify a concept often confused with other domains, even in the literature
Hardware Security Evaluation of MAX 10 FPGA
With the ubiquity of IoT devices there is a growing demand for
confidentiality and integrity of data. Solutions based on reconfigurable logic
(CPLD or FPGA) have certain advantages over ASIC and MCU/SoC alternatives.
Programmable logic devices are ideal for both confidentiality and upgradability
purposes. In this context the hardware security aspects of CPLD/FPGA devices
are paramount. This paper shows preliminary evaluation of hardware security in
Intel MAX 10 devices. These FPGAs are one of the most suitable candidates for
applications demanding extensive features and high level of security. Their
strong and week security aspects are revealed and some recommendations are
suggested to counter possible security vulnerabilities in real designs. This is
a feasibility study paper. Its purpose is to highlight the most vulnerable
areas to attacks aimed at data extraction and reverse engineering. That way
further investigations could be performed on specific areas of concern
Recommended from our members
Hardware Security Implications of Reliability, Remanence and Recovery in Embedded Memory
Secure semiconductor devices usually destroy key material on tamper detection. However, data remanence effect in SRAM and Flash/EEPROM makes secure erasure process more challenging. On the other hand, data integrity of the embedded memory is essential to mitigate fault attacks and Trojan malware. Data retention issues could influence the reliability of embedded systems. Some examples of such issues in industrial and automotive applications are presented. When it comes to the security of semiconductor devices, both data remanence and data retention issues could lead to possible data recovery by an attacker. This paper introduces a new power glitching technique that reduces the data remanence time in embedded SRAM from seconds to microseconds at almost no cost. This would definitely help in designing systems with better secret key guarding. Data remanence in non-volatile memory could be influenced in the same way. The effect of data remanence and data retention on hardware security is discussed and possible countermeasures are suggested. This should raise awareness among the designers of secure embedded systems
Hardware Security of Emerging Non-Volatile Memory Devices under Imaging Attacks
The emerging non-volatile memory (NVM)
devices are currently changing the landscape of computing
hardware. However, their hardware security remains
relatively unexplored in the field. This is a critical research
problem because given that they are non-volatile, sensitive
information may be vulnerable to various physical attacks
unless properly encrypted. In this work, we investigated
security vulnerability of two emerging non-volatile memory
devices (STT-MRAM and RRAM) against the most
commonly available, non-destructive physical attack –
Scanning Electron Microscope (SEM) imaging. The central
premise is that if any difference of memory cells in high
resistance and low resistance (bit ‘1’ and ‘0’) states can be
detected in SEM, stored data could possibly leak or be stolen
by adversaries. It is concluded that unless advanced elemental
analysis techniques such as energy dispersive x-ray
spectroscopy (EDX) are used, it is very unlikely that the bit
information stored in these memory cells leak out by imaging
attacks
Secure HfO2 based charge trap EEPROM with lifetime and data retention time modeling
Trusted computing is currently the most promising security strategy for cyber physical systems. Trusted computing platform relies on securely stored encryption keys in the on-board memory. However, research and actual cases have shown the vulnerability of the on-board memory to physical cryptographic attacks. This work proposed an embedded secure EEPROM architecture employing charge trap transistor to improve the security of storage means in the trusted computing platform. The charge trap transistor is CMOS compatible with high dielectric constant material as gate oxide which can trap carriers. The process compatibility allows the secure information containing memory to be embedded with the CPU. This eliminates the eavesdropping and optical observation. This effort presents the secure EEPROM cell, its high voltage programming control structure and an interface architecture for command and data communication between the EEPROM and CPU. The interface architecture is an ASIC based design that exclusively for the secure EEPROM. The on-board programming capability enables adjustment of programming voltages and accommodates EEPROM threshold variation due to PVT to optimize lifetime. In addition to the functional circuitry, this work presents the first model of lifetime and data retention time tradeoff for this new type of EEPROM. This model builds the bridge between desired data retention time and lifetime while producing the corresponding programming time and voltage
Deep dip teardown of tubeless insulin pump
This paper introduces a deep level teardown process of a personal medical device - the OmniPod wireless tubeless insulin pump. This starts with mechanical teardown exposing the engineering solutions used inside the device. Then the electronic part of the device is analysed followed by components identification. Finally, the firmware extraction is performed allowing further analysis of the firmware inside the device as well as real-time debugging. This paper also evaluates the security of the main controller IC of the device. It reveals some weaknesses in the device design process which lead to the possibility of the successful teardown. Should the hardware security of the controller inside the device was well thought through, the teardown process would be far more complicated. This paper demonstrates what the typical teardown process of a personal medical device involves. This knowledge could help in improving the hardware security of sensitive devices