Paper 2022/602

Real-Time Frequency Detection to Synchronize Fault Injection on System-on-Chip

Clément Fanjas, Clément Gaine, Driss Aboulkassimi, Simon Pontié, and Olivier Potin

Abstract

The success rate of Fault Injection (FI) and Side-Channel Analysis (SCA) depends on the quality of the synchronization available in the target. As the modern SoCs implement complex hardware architectures able to run at high-speed frequency, the synchronization of hardware security characterization becomes therefore a real challenge. However when I/Os are unavailable, unreachable or if the synchronization quality is not sufficient, other triggering methodologies should be investigated. This paper proposes a new synchronization approach named Synchronization by Frequency Detection (SFD), which does not use the target I/Os. This approach consists in the identification of a vulnerability following a specific code responsible for the activation of a characteristic frequency which can be detected in the EM field measured from the target. A real time analysis of EM field is applied in order to trigger the injection upon the detection of this characteristic frequency. For validating the proof-of-concept of this new triggering methodology, this paper presents an exploitation of the SFD concept against the Android Secure-Boot of a smartphone-grade SoC. By triggering the attack upon the activation of a frequency at 124.5 MHz during a RSA signature computation, we were able to synchronize an electromagnetic fault injection to skip a vulnerable instruction in the Linux Kernel Authentication. We successfully bypassed this security feature, effectively running Android OS with a compromised Linux Kernel with one success every 15 minutes.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Secure BootFault injectionSide-ChannelSystem on Chip
Contact author(s)
simon pontie @ cea fr
clement fanjas @ cea fr
driss aboulkassimi @ cea fr
oliver potin @ emse fr
History
2022-05-17: received
Short URL
https://ia.cr/2022/602
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/602,
      author = {Clément Fanjas and Clément Gaine and Driss Aboulkassimi and Simon Pontié and Olivier Potin},
      title = {Real-Time Frequency Detection to Synchronize Fault Injection on System-on-Chip},
      howpublished = {Cryptology ePrint Archive, Paper 2022/602},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/602}},
      url = {https://eprint.iacr.org/2022/602}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.