MCH2022

Fault Injection on a modern multicore System on Chip
2022-07-24, 23:00–23:50, Abacus 🧮

Hardware attacks on security relevant components, such as fault injection, have been known for decades and have been shown to be successful on a wide range of devices ranging from general purpose microcontrollers to dedicated security engines. In this work we give an overview of different methods used for fault injection and the effectiveness of these methods. We discuss electromagnetic fault injection in more detail. Most of the published research focuses on attacking low performance secure devices. However, we present the results of electromagnetic fault injection on a modern multicore system on chip running at gigahertz speed and discuss its effectiveness.


In this presentation we discuss hardware attacks in general, their use cases, and real-world examples. We then discuss electromagnetic fault injection in detail. We compare the results of the previous research on microcontrollers and secure elements to more modern high performance system on chip devices. We discuss relevant features of modern Arm systems on chip and answer the two main questions of this research. Are electromagnetic fault injection attacks applicable and efficient when applied to software running at gigahertz speed on a modern multicore system on a chip? And to what extent does the operating frequency change the effectiveness of electromagnetic fault injection attacks?

Sergei Volokitin is a security analyst at Riscure in the Netherlands where his work is mostly focused on security evaluation of embedded systems and security testing of smart card platforms and TEE based solutions. He has a number of publications on Java Card platform attacks and conference presentations on hardware security.

Ronan is a senior security analyst at Riscure in Delft. His work focuses mostly on the security of embedded devices. This consists of both white box and black box evaluations. The work includes things such as code reviews of components like TEE OSs and TAs, penetration tests of mobile phones and other embedded devices, and Fault Injection on high security chips.