Smart Card Fault Injections with High Temperatures

Power and clock glitch attacks on smart cards can help an attacker to discover some internal secrets or bypass certain security checks. Also, an attacker can manipulate the temperature and supply voltage of the device, thus making the device glitch more easily. If these manipulations are within the device operating conditions, it becomes harder to distinguish between an extreme condition from an attacker. To demonstrate temperature and power supply effect on fault attacks, we perform several tests on an Atmega 163 microcontroller in different conditions. Our results show that this kind of attacks are still a serious threat to small devices, whilst maintaining the manufacturer recommendations

On Mitigation of Side-Channel Attacks in 3D ICs: Decorrelating Thermal Patterns from Power and Activity

Various side-channel attacks (SCAs) on ICs have been successfully demonstrated and also mitigated to some degree. In the context of 3D ICs, however, prior art has mainly focused on efficient implementations of classical SCA countermeasures. That is, SCAs tailored for up-and-coming 3D ICs have been overlooked so far. In this paper, we conduct such a novel study and focus on one of the most accessible and critical side channels: thermal leakage of activity and power patterns. We address the thermal leakage in 3D ICs early on during floorplanning, along with tailored extensions for power and thermal management. Our key idea is to carefully exploit the specifics of material and structural properties in 3D ICs, thereby decorrelating the thermal behaviour from underlying power and activity patterns. Most importantly, we discuss powerful SCAs and demonstrate how our open-source tool helps to mitigate them.Comment: Published in Proc. Design Automation Conference, 201

Microelectromechanical Systems (MEMS) Resistive Heaters as Circuit Protection Devices

With increased opportunities for the exploitation (i.e., reverse engineering) of vulnerable electronic components and systems, circuit protection has become a critical issue. Circuit protection techniques are generally software-based and include cryptography (encryption/decryption), obfuscation of codes, and software guards. Examples of hardware-based circuit protection include protective coatings on integrated circuits, trusted foundries, and macro-sized components that self-destruct, thus destroying critical components. This paper is the first to investigate the use of microelectromechanical systems (MEMS) to provide hardware-based protection of critical electronic components to prevent reverse engineering or other exploitation attempts. Specifically, surface-micromachined polycrystalline silicon to be used as meandering resistive heaters were designed analytically and fabricated using a commercially available MEMS prototyping service (i.e., PolyMUMPs), and integrated with representative components potentially at risk for exploitation, in this case pseudomorphic high-electron mobility transistors (pHEMTs). The MEMS heaters were initiated to self-destruct, destroying a critical circuit component and thwart a reverse engineering attempt. Tests revealed reliable self-destruction of the MEMS heaters with approximately 25 V applied, resulting in either complete operational failure or severely altering the pHEMT device physics. The prevalent failure mechanism was metallurgical, in that the material on the surface of the device was changed, and the specific failure mode was the creation of a short-circuit. Another failure mode was degraded device operation due to permanently altered device physics related to either dopant diffusion or ohmic contact degradation. The results, in terms of the failure of a targeted electronic component, demonstrate the utility of using MEMS devices to protect critical components which are otherwise vulnerable to exploitation

Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis

Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments, full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, requiring the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections and side-channel attacks on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common set of criteria, identify several challenges and shortcomings, and suggest future directions of research

Burnt to memory: Data extraction from heat damaged mobile phones

Data is retained in SIM card devices that are subjected to temperatures which exceed those likely to be experienced in house fires. In some cases the data is retrievable by rebuilding severed connections; however, in the majority of instances, chips will suffer additional damage to the top surface or circuitry, or experience some mechanical damage. In these cases, although the data is retained in the memory, it cannot be read by conventional methods, and an alternative technique, such as direct probing of the stored charge, needs to be employed to access the retained data

Hardware security, vulnerabilities, and attacks: a comprehensive taxonomy

Information Systems, increasingly present in a world that goes towards complete digitalization, can be seen as complex systems at the base of which is the hardware. When dealing with the security of these systems to stop possible intrusions and malicious uses, the analysis must necessarily include the possible vulnerabilities that can be found at the hardware level, since their exploitation can make all defenses implemented at web or software level ineffective. In this paper, we propose a meaningful and comprehensive taxonomy for the vulnerabilities affecting the hardware and the attacks that exploit them to compromise the system, also giving a definition of Hardware Security, in order to clarify a concept often confused with other domains, even in the literature

An Experimental Analysis of RowHammer in HBM2 DRAM Chips

RowHammer (RH) is a significant and worsening security, safety, and reliability issue of modern DRAM chips that can be exploited to break memory isolation. Therefore, it is important to understand real DRAM chips' RH characteristics. Unfortunately, no prior work extensively studies the RH vulnerability of modern 3D-stacked high-bandwidth memory (HBM) chips, which are commonly used in modern GPUs. In this work, we experimentally characterize the RH vulnerability of a real HBM2 DRAM chip. We show that 1) different 3D-stacked channels of HBM2 memory exhibit significantly different levels of RH vulnerability (up to 79% difference in bit error rate), 2) the DRAM rows at the end of a DRAM bank (rows with the highest addresses) exhibit significantly fewer RH bitflips than other rows, and 3) a modern HBM2 DRAM chip implements undisclosed RH defenses that are triggered by periodic refresh operations. We describe the implications of our observations on future RH attacks and defenses and discuss future work for understanding RH in 3D-stacked memories.Comment: To appear at DSN Disrupt 202