Paper 2018/1042
Laser-induced Single-bit Faults in Flash Memory: Instructions Corruption on a 32-bit Microcontroller
Brice Colombier and Alexandre Menu and Jean-Max Dutertre and Pierre-Alain Moëllic and Jean-Baptiste Rigaud and Jean-Luc Danger
Abstract
Physical attacks are a known threat to secure embedded systems. Notable among these is laser fault injection, which is probably the most powerful fault injection technique. Indeed, powerful injection techniques like laser fault injection provide a high spatial accuracy, which enables an attacker to induce bit level faults. However, experience gained from attacking 8-bit targets might not be relevant on more advanced micro-architectures and these attacks become increasingly challenging on 32-bit microcontrollers. In this article, we show that the flash memory area of a 32-bit microcontroller is sensitive to laser fault injection. These faults occur during the instruction fetch process, hence the stored value remains unaltered. After a thorough characterisation of the induced faults and the associated fault model, we provide detailed examples of bit-level corruptions of instruction and demonstrate practical applications in compromising the security of real-life codes. Based on these experimental results, we formulate a hypothesis about the underlying micro-architectural features that could explain the observed fault model.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- Fault attacklaser injectionflash memory
- Contact author(s)
- brice colombier @ cea fr
- History
- 2019-02-26: last of 2 revisions
- 2018-11-02: received
- See all versions
- Short URL
- https://ia.cr/2018/1042
- License
-
CC BY