Paper 2023/1375
DeepCover DS28C36: A Hardware Vulnerability Identification and Exploitation Using T-Test and Double Laser Fault Injection
Abstract
DeepCover is a secure authenticator circuit family developed by Analog Devices. It was designed to provide cryptographic functions, true random number generation, and EEPROM secure storage. DS28C36 is one of the DeepCover family, which is widely used in secure boot and secure download for IoT. It has been recently deployed in the Coldcard Mk4 hardware wallet as a second secure element to enhance its security. In this paper, we present for the first time, a detailed evaluation for the DS28C36 secure EEPROM against Laser Fault Injection (LFI). In the context of a black box approach, we prove by experimental results that the chip resists single fault attacks. In order to overcome this, we present the use of leakage detection such as Welch’s T-test to facilitate finding the correct moments for injecting successful faults, which is not common in Fault Injection (FI) as this method has been used only for Side-Channel Attacks (SCAs). By using this knowledge, we found two moments for injecting laser pulses to extract the protected EEPROM user pages with 99% success rate. The attack can be reproduced within a day. The presented attack negatively impacts the users of DS28C36 (including Coldcard Mk4).
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. FDTC 2023
- Keywords
- DeepCoverDS28C36Laser Fault InjectionSecure EEPROM.
- Contact author(s)
-
karim abdellatif @ ledger fr
olivier heriveaux @ ledger fr - History
- 2023-09-15: approved
- 2023-09-14: received
- See all versions
- Short URL
- https://ia.cr/2023/1375
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1375, author = {Karim M. Abdellatif and Olivier Hériveaux}, title = {{DeepCover} {DS28C36}: A Hardware Vulnerability Identification and Exploitation Using T-Test and Double Laser Fault Injection}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1375}, year = {2023}, url = {https://eprint.iacr.org/2023/1375} }