Z. Kazemi, Athanasios Papadimitriou, I. Souvatzoglou, Ehsan Aerabi, Mosabbah Mushir Ahmed, D. Hély, V. Beroulle
{"title":"On a Low Cost Fault Injection Framework for Security Assessment of Cyber-Physical Systems: Clock Glitch Attacks","authors":"Z. Kazemi, Athanasios Papadimitriou, I. Souvatzoglou, Ehsan Aerabi, Mosabbah Mushir Ahmed, D. Hély, V. Beroulle","doi":"10.1109/IVSW.2019.8854391","DOIUrl":null,"url":null,"abstract":"Fault injection methods as a type of physical attack have gained significant importance in the security of MCU-based Internet-of-Things (IoTs) systems and they continue to become more and more important as the value of assets continues to increase. These attacks can pose severe security risks to the entire IoT system and their effects can quickly lead to security breaches. However, embedded software developers most often do not have the necessary expertise concerning existing vulnerabilities against such attacks. This makes it necessary to have a practical evaluation platform for measuring the degree of security, in a rapid and accurate way. These platforms are important not only from the performance and capability point of view, but also they need to be cost-effective, which is a critical factor to consider during their design. We present in this work a generic low cost and open platform, called HackMyMCU framework. While this platform offers both side channel and fault injection capabilities, this paper focuses on its clock glitch attacks. A first review of existing clock-based fault injectors is initially performed. Then we present two different clock glitchers and we use them to evaluate a modern MCU. The suggested methods consider the necessary parameters for the development of cost-effective and easy to use evaluation platforms which utilize easily accessible equipment. The findings show that a common and low-cost evaluation platform can be implemented with the goal to validate appropriate countermeasures against such attacks.","PeriodicalId":213848,"journal":{"name":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 4th International Verification and Security Workshop (IVSW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IVSW.2019.8854391","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
Fault injection methods as a type of physical attack have gained significant importance in the security of MCU-based Internet-of-Things (IoTs) systems and they continue to become more and more important as the value of assets continues to increase. These attacks can pose severe security risks to the entire IoT system and their effects can quickly lead to security breaches. However, embedded software developers most often do not have the necessary expertise concerning existing vulnerabilities against such attacks. This makes it necessary to have a practical evaluation platform for measuring the degree of security, in a rapid and accurate way. These platforms are important not only from the performance and capability point of view, but also they need to be cost-effective, which is a critical factor to consider during their design. We present in this work a generic low cost and open platform, called HackMyMCU framework. While this platform offers both side channel and fault injection capabilities, this paper focuses on its clock glitch attacks. A first review of existing clock-based fault injectors is initially performed. Then we present two different clock glitchers and we use them to evaluate a modern MCU. The suggested methods consider the necessary parameters for the development of cost-effective and easy to use evaluation platforms which utilize easily accessible equipment. The findings show that a common and low-cost evaluation platform can be implemented with the goal to validate appropriate countermeasures against such attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
