International Association for Cryptologic Research

International Association
for Cryptologic Research


Shaping the Glitch: Optimizing Voltage Fault Injection Attacks

Claudio Bozzato , Cisco Talos
Riccardo Focardi , Ca’ Foscari University of Venice, Cryptosense
Francesco Palmarini , Ca’ Foscari University of Venice, Yarix
DOI: 10.13154/tches.v2019.i2.199-224
Search ePrint
Search Google
Presentation: Slides
Abstract: Voltage fault injection is a powerful active side channel attack that modifies the execution-flow of a device by creating disturbances on the power supply line. The attack typically aims at skipping security checks or generating side-channels that gradually leak sensitive data, including the firmware code. In this paper we propose a new voltage fault injection technique that generates fully arbitrary voltage glitch waveforms using off-the-shelf and low cost equipment. To show the effectiveness of our setup, we present new, unpublished firmware extraction attacks on six microcontrollers from three major manufacturers: STMicroelectronics, Texas Instruments and Renesas Electronics that, in 2016 declared a market of $1.5 billion, $800 million and $2.5 billion on units sold, respectively. Among the presented attacks, the most challenging ones exploit multiple vulnerabilities and inject over one million glitches, heavily leveraging on the performance and repeatability of the new proposed technique. We perform a thorough evaluation of arbitrary glitch waveforms by comparing the attack performance against two other major V-FI techniques in the literature. Along a responsible disclosure policy, all the vulnerabilities have been timely reported to the manufacturers.
Video from TCHES 2019
  title={Shaping the Glitch: Optimizing Voltage Fault Injection Attacks},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2019, Issue 2},
  author={Claudio Bozzato and Riccardo Focardi and Francesco Palmarini},