CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Optical Fault Induction Attacks
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Using Optical Emission Analysis for Estimating Contribution to Power Analysis
FDTC '09 Proceedings of the 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography
AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
Side-channel analysis of PUFs and fuzzy extractors
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Side channel attacks and the non volatile memory of the future
Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systems
Breakthrough silicon scanning discovers backdoor in military chip
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
This paper introduces a new class of optical fault injection attacks called bumping attacks. These attacks are aimed at data extraction from secure embedded memory, which usually stores critical parts of algorithms, sensitive data and cryptographic keys. As a security measure, read-back access to the memory is not implemented leaving only authentication and verification options for integrity check. Verification is usually performed on relatively large blocks of data, making brute force searching infeasible. This paper evaluates memory verification and AES authentication schemes used in secure microcontrollers and a highly secure FPGA. By attacking the security in three steps, the search space can be reduced from infeasible 2100 to affordable ≈ 215 guesses per block of data. This progress was achieved by finding a way to preset certain bits in the data path to a known state using optical bumping. Research into positioning and timing dependency showed that Flash memory bumping attacks are relatively easy to carry out.