Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses

Presented at Black Hat Europe 2018, Dec. 6, 2018, 1:30 p.m. (50 minutes).

Secure Boot is widely deployed in modern embedded systems and an essential part of the security model. Even when no (easy to exploit) logical vulnerabilities remain, attackers are surprisingly often still able to compromise it using Fault Injection or a so called glitch attack. Many of these vulnerabilities are difficult to spot in the source code and can only be found by manually inspecting the disassembled binary code instruction by instruction.

While the idea to use simulation to identify these vulnerabilities is not new, this talk presents a fault simulator created using existing open-source components and without requiring a detailed model of the underlying hardware. The challenges to simulate real-world targets will be discussed as well as how to overcome most of them.

An attacker in procession of the binary of his target can use such simulator to find the ideal glitch location while developers of these systems can use such a tool to verify the effectiveness of their countermeasures against specific types of fault attacks.

We used our simulator to identify locations in the binaries of several real-world targets where due to a successful glitch the security could be compromised. For example, a successful glitch would result in bypassing the authentication of the next boot stage or arbitrary code execution in the context of the boot process. This would then reveal the cryptographic keys used to protect the system or gives access to additional information required to develop a more scalable attack not requiring fault injection.


Presenters:

  • Martijn Bogaard - Senior Security Analyst, Riscure
    Martijn Bogaard is a Senior Security Analyst at Riscure where he focuses most of his time on analyzing the security of low-level embedded software (bootloaders, operating systems) and is slowly expanding into embedded hardware security. Recent research interests include the effects of fault injection on software, TEE (in-)security and levering the hardware to attack software.
  • Niek Timmers - Principal Security Analyst, Riscure
    Niek Timmers is a Principal Security Analyst at Riscure where he analyzes embedded device security. He loves attacking embedded systems using hardware attacks like fault injection. However, never a week goes by without disassembling some random binary. At the moment, he is focusing mostly on automotive security. But is that really so different from analyzing embedded devices? He shared the results of his Fault Injection research at various conferences around globe like Black Hat, BlueHat, HITB and ESCAR.

Links:

Similar Presentations: