Characterization of Electromagnetic Fault Injection on a 32-bit Microcontroller Instruction Buffer

Asian Hardware-Oriented Security and Trust Symposium Pub Date : 1900-01-01 DOI:10.1109/AsianHOST51057.2020.9358270

Oualid Trabelsi, L. Sauvage, J. Danger

{"title":"Characterization of Electromagnetic Fault Injection on a 32-bit Microcontroller Instruction Buffer","authors":"Oualid Trabelsi, L. Sauvage, J. Danger","doi":"10.1109/AsianHOST51057.2020.9358270","DOIUrl":null,"url":null,"abstract":"Electromagnetic fault injection (EMFI) is an efficient technique to alter the behavior of microcontrollers in order to extract secret informations. Compared to fault injection techniques based on laser shots, it requires less device preparation but is a priori less accurate. Indeed, the related works on EMFI gives rather imprecise information, notably concerning the fault models and the link between the configuration and the faulted instructions. We will see in this paper that it is possible to get precise fault models by characterizing the sensitivity of a 32-bit microcontroller based on Cortex-M4 under EMFI. It is notably shown that it is relatively easy to corrupt the 128-bit instruction line buffer of four 32-bit or eight 16-bit instructions before being executed. The experimental results highlight the feasibility of well known fault models by playing with electrical and spatio-temporal parameters of the EMFI setup. In particular, we demonstrate how it is possible to target a specific instruction among those contained in the instruction buffer.","PeriodicalId":398997,"journal":{"name":"Asian Hardware-Oriented Security and Trust Symposium","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asian Hardware-Oriented Security and Trust Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsianHOST51057.2020.9358270","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Electromagnetic fault injection (EMFI) is an efficient technique to alter the behavior of microcontrollers in order to extract secret informations. Compared to fault injection techniques based on laser shots, it requires less device preparation but is a priori less accurate. Indeed, the related works on EMFI gives rather imprecise information, notably concerning the fault models and the link between the configuration and the faulted instructions. We will see in this paper that it is possible to get precise fault models by characterizing the sensitivity of a 32-bit microcontroller based on Cortex-M4 under EMFI. It is notably shown that it is relatively easy to corrupt the 128-bit instruction line buffer of four 32-bit or eight 16-bit instructions before being executed. The experimental results highlight the feasibility of well known fault models by playing with electrical and spatio-temporal parameters of the EMFI setup. In particular, we demonstrate how it is possible to target a specific instruction among those contained in the instruction buffer.

查看原文