Fault Injection Attacks

Aug 05, 2024 Cyber Security / Digital & Product Solutions
Fault injection attacks are a type of hardware attack that are used to cause processing errors in hardware systems. Normally these errors, or faults, are transient, not permanent and can consist of bit flips, operation skips or operations repetition among other things, which can affect crucially to security functions.
Injected faults can have several effects on security. Among them are unauthorized debug access and memory readout of e.g. protected firmware. Another critical functionality that can be targeted using fault injection is the signature verification in the boot sequence, where a successful attack can give the attacker the possibility to execute malicious code. Fault injection attacks have also been applied to retrieve secret encryption keys.

What is the Typical Setup for a Fault Injection Attack?

The minimal typical setup for a fault injection attack is:
  • Computer (PC)
  • Target
  • Fault Injector
Fault injection attacks can be categorized depending on the method employed:

Clock Glitching:

  • Manipulation of the device clock signal. Aims to insert a too-narrow, or too-wide, clock edge.
  • The attack is low-cost, as you only need a clock fault generator.
  • The main limitation is that the target should use an external clock input for the attacker to have access to modify the clock.

Voltage Glitching:

  • Manipulation of the supply voltage below minimum, maximum or to ground. The voltage on the circuit needs to be modified at the precise moment when the switching occurs in the relevant transistors. This duration is much shorter than a clock cycle. On-chip capacitance and inductance filter any fast spikes and dips and, in these cases, any glitch on the supply to the chip needs to be adapted to this fact.
  • This attack is one of the most frequently performed due to its low cost and the number of vulnerabilities found in the past.
  • The attack control for voltage glitching is low and if the voltage is raised too high the device can be permanently damaged.

Temperature Variation:

  • Modification of the ambient operating temperature of the device outside its operating range can introduce faults.
  • These attacks are easy to perform, only a controller and temperature sensors are needed to observe how the TOE reacts.
  • Normally the temperature ranges are very wide and operating outside these ranges may cause permanent damage.

Electromagnetic Fault Injection:

  • Emission of electromagnetic pulses on a specific location of the device can induce a fault.
  • The attack control of this type is higher than the previous ones, given that the location of the fault can be varied.
  • Electromagnetic fault injection can lead to permanent board failures.

Laser Fault Injection:

  • Emitting a laser pulse to a specific location of a device can cause a fault.
  • In this case, the control of the attack is very high compared to the previous ones.
  • This attack is invasive, since the packaging of the chip must be at least partially removed (decapsulation).
Fault Injection MethodRequirementsExample of necessary equipmentCostAttack control
Clock glitchingAccess to internal clock, generation and introduction of different clock waveforms.- Oscilloscope
- Clock Fault Generator
Low Medium
Voltage glitchingAccess to efficient ways of effecting the power supply, e.g. switching two or more voltage sources to introduce voltage shapes.- Oscilloscope
- Voltage Fault Generator
Low Low
Temperature VariationChanging the ambient temperature- Temperature controlled chamber
- Temperature sensors
MediumLow
Electromagnetic Fault InjectionElectromagnetic pulse shape generation at desired location on chip.- Electromagnetic probes
- Probe positioning
- Pulse Generator
- Oscilloscope
Medium/HighMedium/High
Laser Fault Injection Chip decapsulation and high precision laser spot generation.- XYZ Table
- Oscilloscope
- Laser Control
- Laser Source
HighHigh

Methods to Prevent Fault Injection Attacks

It is essential to have a background on understanding and preventing cyberattacks as there are different methods for generating countermeasures to prevent fault injection attacks. Some of these are:
  • Information redundancy: Typical examples are signatures generated from the data, parity bits, etc.
  • Hardware redundancy: Consists of duplicating parts of the hardware, such as performing a computation in parallel. Even if the attack is successful on one computation, the error will be detected when the results are compared.
  • Temporal redundancy: An operation is performed multiple times and verifies that the result is the same.
  • Sensors for detection of fault injection: Nowadays, devices can be equipped with sensors to detect fault injection attacks. For example, voltage change detectors are used to detect and mitigate voltage glitching attacks.
Other examples of countermeasures against fault injection are special encapsulations to prevent electromagnetic or laser attacks, different filters to prevent voltage glitching attacks and many more [3].
As electronic features proliferate and systems are becoming more and more connected, it is essential to have a holistic perspective on safety and security. At DEKRA we provide comprehensive cybersecurity services , including the safety and security of hardware and software operations based on a functional safety management system. It is our mission to guide companies in keeping their systems secure from possible cyber attacks and to protect the users by complying with international security standards.
References:
[1] J.V Woudenberg y C. O’Flynn, The Hardware Hacking Handbook - Breaking Embedded Security with Hardware Attacks, 2022.
[2] J. Breier y X. Hou, «How Practical are Fault Injection Attacks, Really?,» 2022.
[3] T. Ban, «HW Fault Injection Mitigation - Trusted Firmware M».