Paper 2018/1042

Laser-induced Single-bit Faults in Flash Memory: Instructions Corruption on a 32-bit Microcontroller

Brice Colombier, Alexandre Menu, Jean-Max Dutertre, Pierre-Alain Moëllic, Jean-Baptiste Rigaud, and Jean-Luc Danger

Abstract

Physical attacks are a known threat posed against secure embedded systems. Notable among these is laser fault injection, which is often considered as the most effective fault injection technique. Indeed, laser fault injection provides a high spatial accuracy, which enables an attacker to induce bit-level faults. However, experience gained from attacking 8-bit targets might not be relevant on more advanced micro-architectures, and these attacks become increasingly challenging on 32-bit microcontrollers. In this article, we show that the flash memory area of a 32-bit microcontroller is sensitive to laser fault injection. These faults occur during the instruction fetch process, hence the stored value remains unaltered. After a thorough characterisation of the induced faults and the associated fault model, we provide detailed examples of bit-level corruption of instructions and demonstrate practical applications in compromising the security of real-life codes. Based on these experimental results, we formulate a hypothesis about the underlying micro-architectural features that explain the observed fault model.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. IEEE International Symposium on Hardware Oriented Security and Trust
Keywords
Fault attacklaser injectionflash memory
Contact author(s)
b colombier @ univ-st-etienne fr
History
2019-02-26: last of 2 revisions
2018-11-02: received
See all versions
Short URL
https://ia.cr/2018/1042
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1042,
      author = {Brice Colombier and Alexandre Menu and Jean-Max Dutertre and Pierre-Alain Moëllic and Jean-Baptiste Rigaud and Jean-Luc Danger},
      title = {Laser-induced Single-bit Faults in Flash Memory: Instructions Corruption on a 32-bit Microcontroller},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1042},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/1042}},
      url = {https://eprint.iacr.org/2018/1042}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.