Tampering with the flash memory of microcontrollers: permanent fault injection via laser illumination during read operations - CMPGC / SAS : Systèmes et Architectures Sécurisées
Article Dans Une Revue Journal of Cryptographic Engineering Année : 2023

Tampering with the flash memory of microcontrollers: permanent fault injection via laser illumination during read operations

Jean-Max Dutertre
Matthieu Pommies
  • Fonction : Auteur
  • PersonId : 1406348
Anthony Bertrand
  • Fonction : Auteur
  • PersonId : 1406349

Résumé

Modern microcontroller units (MCUs) often feature integrated flash memory, which has been found to be vulnerable to hardware attacks. This type of memory is used to store critical data, including firmware, passwords, and cryptographic keys, making it a valuable target for attackers. Recent research has demonstrated the use of laser fault injection (LFI) during runtime to corrupt firmware by targeting the flash memory during read operations. However, these faults are non-permanent, as they only affect the read copies of the data without altering the actual data stored in the flash memory, following a bit-set fault model induced on a single bit. In our work, we extend this fault model to the flash memory of a 32-bit MCU, allowing us to induce permanent faults by compromising the stored data during read operations. In addition, we leverage photoemission analysis for target identification and characterization, enhancing the precision of our attack. By utilizing a double-spot LFI technique, we are able to concurrently induce permanent bit-set faults at two distinct locations in the flash memory, increasing the complexity and effectiveness of the attack. We also provide a practical example of how this fault model can be applied, wherein we iteratively change all 32 bits of a password to logic ‘1’, successfully bypassing a basic counter for login attempts. It is important to note, however, that there are physical limitations associated with using multi-laser spots in this context, which we thoroughly discuss in our research. Nonetheless, our approach presents a powerful method for exploiting vulnerabilities in flash memory of MCUs, underscoring the need for robust security measures to protect critical data and mitigate the risks associated with hardware attacks.
Fichier principal
Vignette du fichier
VIE23_Tampering with the Flash Memory of Microcontrollers: Permanent Fault Injection via Laser Illumination During Read Operations_JCEN_2023.pdf (13.8 Mo) Télécharger le fichier
Origine Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-04667604 , version 1 (05-08-2024)

Identifiants

Citer

Jean-Max Dutertre, Rodrigo Silva Lima, Matthieu Pommies, Anthony Bertrand, Raphael A. Camponogara Viera. Tampering with the flash memory of microcontrollers: permanent fault injection via laser illumination during read operations. Journal of Cryptographic Engineering, 2023, 14 (2), pp.207 - 221. ⟨10.1007/s13389-023-00335-z⟩. ⟨hal-04667604⟩
41 Consultations
20 Téléchargements

Altmetric

Partager

More