6,861 research outputs found
Smart Card Fault Injections with High Temperatures
Power and clock glitch attacks on smart cards can help an attacker to discover some internal
secrets or bypass certain security checks. Also, an attacker can manipulate the temperature and supply voltage
of the device, thus making the device glitch more easily. If these manipulations are within the device operating
conditions, it becomes harder to distinguish between an extreme condition from an attacker. To demonstrate
temperature and power supply effect on fault attacks, we perform several tests on an Atmega 163 microcontroller
in different conditions. Our results show that this kind of attacks are still a serious threat to small devices,
whilst maintaining the manufacturer recommendations
On Mitigation of Side-Channel Attacks in 3D ICs: Decorrelating Thermal Patterns from Power and Activity
Various side-channel attacks (SCAs) on ICs have been successfully
demonstrated and also mitigated to some degree. In the context of 3D ICs,
however, prior art has mainly focused on efficient implementations of classical
SCA countermeasures. That is, SCAs tailored for up-and-coming 3D ICs have been
overlooked so far. In this paper, we conduct such a novel study and focus on
one of the most accessible and critical side channels: thermal leakage of
activity and power patterns. We address the thermal leakage in 3D ICs early on
during floorplanning, along with tailored extensions for power and thermal
management. Our key idea is to carefully exploit the specifics of material and
structural properties in 3D ICs, thereby decorrelating the thermal behaviour
from underlying power and activity patterns. Most importantly, we discuss
powerful SCAs and demonstrate how our open-source tool helps to mitigate them.Comment: Published in Proc. Design Automation Conference, 201
Microelectromechanical Systems (MEMS) Resistive Heaters as Circuit Protection Devices
With increased opportunities for the exploitation (i.e., reverse engineering) of vulnerable electronic components and systems, circuit protection has become a critical issue. Circuit protection techniques are generally software-based and include cryptography (encryption/decryption), obfuscation of codes, and software guards. Examples of hardware-based circuit protection include protective coatings on integrated circuits, trusted foundries, and macro-sized components that self-destruct, thus destroying critical components. This paper is the first to investigate the use of microelectromechanical systems (MEMS) to provide hardware-based protection of critical electronic components to prevent reverse engineering or other exploitation attempts. Specifically, surface-micromachined polycrystalline silicon to be used as meandering resistive heaters were designed analytically and fabricated using a commercially available MEMS prototyping service (i.e., PolyMUMPs), and integrated with representative components potentially at risk for exploitation, in this case pseudomorphic high-electron mobility transistors (pHEMTs). The MEMS heaters were initiated to self-destruct, destroying a critical circuit component and thwart a reverse engineering attempt. Tests revealed reliable self-destruction of the MEMS heaters with approximately 25 V applied, resulting in either complete operational failure or severely altering the pHEMT device physics. The prevalent failure mechanism was metallurgical, in that the material on the surface of the device was changed, and the specific failure mode was the creation of a short-circuit. Another failure mode was degraded device operation due to permanently altered device physics related to either dopant diffusion or ohmic contact degradation. The results, in terms of the failure of a targeted electronic component, demonstrate the utility of using MEMS devices to protect critical components which are otherwise vulnerable to exploitation
Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis
Today's mobile devices contain densely packaged system-on-chips (SoCs) with
multi-core, high-frequency CPUs and complex pipelines. In parallel,
sophisticated SoC-assisted security mechanisms have become commonplace for
protecting device data, such as trusted execution environments, full-disk and
file-based encryption. Both advancements have dramatically complicated the use
of conventional physical attacks, requiring the development of specialised
attacks. In this survey, we consolidate recent developments in physical fault
injections and side-channel attacks on modern mobile devices. In total, we
comprehensively survey over 50 fault injection and side-channel attack papers
published between 2009-2021. We evaluate the prevailing methods, compare
existing attacks using a common set of criteria, identify several challenges
and shortcomings, and suggest future directions of research
Recommended from our members
Burnt to memory: Data extraction from heat damaged mobile phones
Data is retained in SIM card devices that are subjected to temperatures which exceed those likely to be experienced in house fires. In some cases the data is retrievable by rebuilding severed connections; however, in the majority of instances, chips will suffer additional damage to the top surface or circuitry, or experience some mechanical damage. In these cases, although the data is retained in the memory, it cannot be read by conventional methods, and an alternative technique, such as direct probing of the stored charge, needs to be employed to access the retained data
Hardware security, vulnerabilities, and attacks: a comprehensive taxonomy
Information Systems, increasingly present in a world that goes towards complete digitalization, can be seen as complex systems at the base of which is the hardware. When dealing with the security of these systems to stop possible intrusions and malicious uses, the analysis must necessarily include the possible vulnerabilities that can be found at the hardware level, since their exploitation can make all defenses implemented at web or software level ineffective. In this paper, we propose a meaningful and comprehensive taxonomy for the vulnerabilities affecting the hardware and the attacks that exploit them to compromise the system, also giving a definition of Hardware Security, in order to clarify a concept often confused with other domains, even in the literature
An Experimental Analysis of RowHammer in HBM2 DRAM Chips
RowHammer (RH) is a significant and worsening security, safety, and
reliability issue of modern DRAM chips that can be exploited to break memory
isolation. Therefore, it is important to understand real DRAM chips' RH
characteristics. Unfortunately, no prior work extensively studies the RH
vulnerability of modern 3D-stacked high-bandwidth memory (HBM) chips, which are
commonly used in modern GPUs.
In this work, we experimentally characterize the RH vulnerability of a real
HBM2 DRAM chip. We show that 1) different 3D-stacked channels of HBM2 memory
exhibit significantly different levels of RH vulnerability (up to 79%
difference in bit error rate), 2) the DRAM rows at the end of a DRAM bank (rows
with the highest addresses) exhibit significantly fewer RH bitflips than other
rows, and 3) a modern HBM2 DRAM chip implements undisclosed RH defenses that
are triggered by periodic refresh operations. We describe the implications of
our observations on future RH attacks and defenses and discuss future work for
understanding RH in 3D-stacked memories.Comment: To appear at DSN Disrupt 202
- …