Switching Off your Device Does Not Protect Against Fault Attacks

Paul Grandamme; Pierre-Antoine Tissot; Lilian Bossuet; Jean-Max Dutertre; Brice Colombier; Vincent Grosso

Paper 2024/1123

Switching Off your Device Does Not Protect Against Fault Attacks

Paul Grandamme

, Laboratoire Hubert Curien, Mines Saint-Étienne

Pierre-Antoine Tissot

, Laboratoire Hubert Curien

Lilian Bossuet, Laboratoire Hubert Curien

Jean-Max Dutertre

, Mines Saint-Étienne

Brice Colombier

, Laboratoire Hubert Curien

Vincent Grosso

, Laboratoire Hubert Curien

Abstract

Physical attacks, and among them fault injection attacks, are a significant threat to the security of embedded systems. Among the means of fault injection, laser has the significant advantage of being extremely spatially accurate. Numerous state-of-the-art studies have investigated the use of lasers to inject faults into a target at run-time. However, the high precision of laser fault injection comes with requirements on the knowledge of the implementation and exact execution time of the victim code. The main contribution of this work is the demonstration on experimental basis that it is also possible to perform laser fault injection on an unpowered device. Specifically, we targeted the Flash non-volatile memory of a 32-bit microcontroller. The advantage of this new attack path is that it does not require any synchronisation between the victim and the attacker. We provide an experimental characterization of this phenomenon with a description of the fault model from the physical level up to the software level. Finally, we applied these results to carry out a persistent fault analysis on a 128-bit AES with a particularly realistic attacker model which reinforces the interest of the PFA.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published by the IACR in TCHES 2024
Keywords: Fault attacks Laser injection Unpowered devices Persistent fault analysis Flash memory
Contact author(s): paul grandamme @ univ-st-etienne fr
pierre antoine tissot @ univ-st-etienne fr
lilian bossuet @ univ-st-etienne fr
dutertre @ emse fr
b colombier @ univ-st-etienne fr
vincent grosso @ univ-st-etienne fr
History: 2024-07-10: approved; 2024-07-10: received; See all versions
Short URL: https://ia.cr/2024/1123
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1123,
      author = {Paul Grandamme and Pierre-Antoine Tissot and Lilian Bossuet and Jean-Max Dutertre and Brice Colombier and Vincent Grosso},
      title = {Switching Off your Device Does Not Protect Against Fault Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1123},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/1123}},
      url = {https://eprint.iacr.org/2024/1123}
}