Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis

Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments, full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, requiring the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections and side-channel attacks on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common set of criteria, identify several challenges and shortcomings, and suggest future directions of research

An Improved Public Unclonable Function Design for Xilinx FPGAs for Hardware Security Applications

In the modern era we are moving towards completely connecting many useful electronic devices to each other through internet. There is a great need for secure electronic devices and systems. A lot of money is being invested in protecting the electronic devices and systems from hacking and other forms of malicious attacks. Physical Unclonable Function (PUF) is a low-cost hardware scheme that provides affordable security for electronic devices and systems. This thesis proposes an improved PUF design for Xilinx FPGAs and evaluates and compares its performance and reliability compared to existing PUF designs. Furthermore, the utility of the proposed PUF was demonstrated by using it for hardware Intellectual Property (IP) core licensing and authentication. Hardware Trojan can be used to provide evaluation copy of IP cores for a limited time. After that it disables the functionality of the IP core. A finite state machine (FSM) based hardware trojan was integrated with a binary divider IP core and evaluated for licensing and authentication applications. The proposed PUF was used in the design of hardware trojan. Obfuscation metric measures the effectiveness of hardware trojan. A moderately good obfuscation level was achieved for our hardware trojan

Impact of Mobility on Information Systems and Information System Design

The subject of this thesis is to analyse the impact of mobile hardware and software on information systems, to survey existing approaches for specifying mobile systems of computer science in general, and to provide suitable means for the formal design of information systems comprising such mobile units in particular. We consider a mobile unit to denote a mobile hardware or software entity, and a mobile system as a system comprising or being accessed by such mobile components. The various forms of mobile units occurring in computer science are explained and a taxonomy for them is developed, followed by a detailed discussion of their effects on computer and information systems. Several approaches for specifying mobile systems are presented and classified, with a particular emphasis on formal methods. As it turns out, these approaches do not allow to describe the set-up and release of communication links or to distinguish between the ever-mobile units of a compound system and those which provide the fixed subsystem as the context for the mobile entities, which are both important aspects to consider when developing information systems with mobile components. Therefore, corresponding constructs are then presented as an extension to the specification language Troll and its theoretical foundations, i.e. extended data signatures and the Module Distributed Temporal Logic Mdtl, both being interpreted over event structures. Finally, the application of the constructs is illustrated with the development of a system for accessing web services from mobile phones, which complements the ongoing example of information retrieval via mobile agents used to explain the constructs and concepts.Thema dieser Arbeit ist die Analyse der Auswirkungen von mobiler Hard- und Software auf Informationssysteme, die Untersuchung vorhandener Ansätze zur Spezifikation mobiler Systeme in der Informatik allgemein und für den formalen Entwurf von Informationssystemen mit mobilen Einheiten insbesondere. "Mobile Einheit" wird dabei als Oberbegriff für mobile Hardware- und Softwarekomponenten verwendet, und ein "mobiles System" ist ein System, das solche mobilen Komponenten beinhaltet oder auf das durch diese zugegriffen wird. Wir beschreiben die verschiedenen Formen, in denen mobile Einheiten in der Informatik auftreten, und entwickeln eine entsprechende Taxonomie, bevor wir deren Auswirkungen auf Computer- und Informationssysteme ausführlich diskutieren. Verschiedene Ansätze zur Spezifikation mobiler Systeme werden vorgestellt und eingeordnet, wobei das Augenmerk speziell auf formalen Methoden liegt. Es stellt sich heraus, dass es keiner dieser Ansätze ermöglicht, den Auf- und Abbau von Kommunikationsverbindungen zu beschreiben und zwischen den stets mobilen Einheiten und denjenigen zu unterscheiden, die das feste Teilsystem als Kontext für sie bilden. Beides sind aber wesentliche Aspekte, die in der Entwicklung von Informationssystemen mit mobilen Bestandteilen zu berücksichtigen sind. Daher stellen wir dann entsprechende Sprachkonstrukte als Erweiterung der Spezifikationssprache Troll inklusive der formalen Grundlagen vor. Diese Grundlagen beruhen auf erweiterten Datensignaturen und einer modularen verteilten temporalen Logik Mdtl, die beide über Ereignisstrukturen interpretiert werden. Schließlich wird die Verwendbarkeit der Sprachkonstrukte in der Entwicklung eines Systems zur Nutzung von Web-Diensten von Mobiltelefonen aus illustriert