Flash memory 'bumping' attacks

Authors:
Sergei Skorobogatov
Affiliations:
University of Cambridge, Computer Laboratory, Cambridge, United Kingdom
Venue:
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Year:
2010

Citing 5
Cited 3

Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Optical Fault Induction Attacks

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Tamper resistance: a cautionary note

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Using Optical Emission Analysis for Estimating Contribution to Power Analysis

FDTC '09 Proceedings of the 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography
DFA on AES

AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard

Side-channel analysis of PUFs and fuzzy extractors

TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Side channel attacks and the non volatile memory of the future

Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systems
Breakthrough silicon scanning discovers backdoor in military chip

CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper introduces a new class of optical fault injection attacks called bumping attacks. These attacks are aimed at data extraction from secure embedded memory, which usually stores critical parts of algorithms, sensitive data and cryptographic keys. As a security measure, read-back access to the memory is not implemented leaving only authentication and verification options for integrity check. Verification is usually performed on relatively large blocks of data, making brute force searching infeasible. This paper evaluates memory verification and AES authentication schemes used in secure microcontrollers and a highly secure FPGA. By attacking the security in three steps, the search space can be reduced from infeasible 2100 to affordable ≈ 215 guesses per block of data. This progress was achieved by finding a way to preset certain bits in the data path to a known state using optical bumping. Research into positioning and timing dependency showed that Flash memory bumping attacks are relatively easy to carry out.