Oops..! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M

Presented at Black Hat USA 2022, Aug. 11, 2022, 11:20 a.m. (40 minutes).

Fault Injection (FI), also referred to as Glitching, has proven to be a severe threat to real-world computing devices. In this kind of attack, physical faults are injected into a device at runtime, to deliberately alter the target's behavior. In order to address this threat, various countermeasures have been proposed to counteract the different types of fault injection methods at different abstraction layers, either requiring modifying the underlying hardware or firmware at the machine instruction level.

Moreover, only recently, individual chip manufacturers have started to respond to this threat by integrating certain countermeasures in their products. Multiple Fault Injection (MFI) could theoretically be used against instruction-level based countermeasures, however, as stated by previous work conducting those attacks are considered highly impractical due to the lack of precise MFI tools and efficient parameter search algorithms.

In this presentation, we showcase μ-Glitch, the first FI platform dedicated to injecting multiple, coordinated voltage faults into a target device. We'll show a novel flow for MFI attacks to significantly reduce the search complexity for fault parameters, as otherwise, the search space increases exponentially with each additional fault to be injected. After that, we'll show the effectiveness and practicality of the attack platform on two real-world systems, featuring TrustZone-M: The first one has interdependent backchecking mechanisms, while the second has additionally integrated countermeasures against fault injection. It will be revealed that μ-Glitch can successfully inject four consecutive successful faults within an average time of one day.


Presenters:

  • Ahmad-Reza Sadeghi - Professor, Technical University of Darmstadt
    Ahmad-Reza Sadeghi is a full Professor of Computer Science at the Technical University (TU) of Darmstadt, in Germany, where he heads the System Security Lab. He is Founder and Director of the OpenS3 Lab and manages the OpenS3 Lab. Since October 2017 he is also the Director of the Intel Collaborative Research Institute for Collaborative Autonomous Resilient Systems (ICRI-CARS) at TU Darmstadt. He is a member of the profile area CYSEC of TU Darmstadt. He received his PhD in Computer Science with the focus on privacy protecting cryptographic protocols and systems from the University of Saarland in Saarbrücken, Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, among others Ericsson Telecommunications. In 2018 he received the ACM SIGSAC Outstanding Contributions Award for dedicated research, education, and management leadership in the security community and for pioneering contributions in content protection, mobile security and hardware-assisted security. SIGSAC is ACM's Special Interest Group on Security, Audit and Control. In 2021 he received the Intel Academic Leadership Award for his outstanding contribution to cyber security and in particular to hardware security. A full list of his publications is available at: https://www.informatik.tu- darmstadt.de/systemsecurity/people_sys/people_details_sys_45184.en.jsp
  • Richard Mitev - M.Sc., Technical University of Darmstadt
    Richard Mitev is a PhD student at System Security Lab at TU Darmstadt. His research focuses on security and privacy for Internet of Things (IoT) and embedded- as well as sensor security. After studying Computer Science in Darmstadt, he completed his master's degree in IT Security at the TU Darmstadt. During this time, he was working at the Fraunhofer Institute for Secure Information Technology. A full list of his publications is available at: https://www.informatik.tu-darmstadt.de/systemsecurity/people_sys/people_details_sys_72448.en.jsp
  • Marvin Saß - M.Sc., Technical University of Darmstadt
    Marvin Saß's research interests focus on security of embedded devices. After studying Computer Science, he completed his master degrees in IT Security at the TU Darmstadt.

Links:

Similar Presentations: