Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
characterization of a cortex m4 microcontroller with

Characterization of a Cortex-M4 microcontroller with backside - PowerPoint PPT Presentation

Aug 14, 2023 •415 likes •683 views

Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research Project 1 Jasper Hupkens Dominika Rusek 05.02.2019 1 Introduction to the world of fault injection Research project at Riscure Fault

  1. Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research Project 1 Jasper Hupkens Dominika Rusek 05.02.2019 1

  2. Introduction to the world of fault injection • Research project at Riscure • Fault injection techniques introduce faults into a target by controlled environmental changes, in order to alter its intended behavior • 5 types - clock, voltage, electromagnetic, optical, temperature • Our focus - optical (laser) fault injection 2 Introduction

  3. Why? • Secure software relies on hardware functioning in the intended way • You can have the best lock in the world on your door, but if your door is made out of paper, it is useless • Used e.g in bypassing secure boot of Nintendo consoles 3 Introduction

  4. Research question What is the security impact of injecting laser glitches into an ARM based, Cortex-M4 microcontroller (MCU)? • How may laser glitches be injected into the MCU so that it results in a fault? • What are the optimal variables for the laser to introduce glitches in the ARM Cortex-M4 MCU? • What behavioral changes occur in the MCU when injecting laser glitches? 4 Research setup

  5. Device Under Test - Cortex-M4 5 Research setup

  6. Test environment 6 Research setup

  7. Test environment 7 Research setup

  8. Methodology • Global vs detailed scan • Several laser parameters • Color coding of the results: • Red/pink – success • Green – expected • Yellow – mute • Orange – reset • Cyan – timeout • Glitch repeatability 8 Research setup

  9. Results: Counter increment Code in C: • Goal: verify the setup, check if glitches can occur • Result: 0.012% successful glitches Code in ARM assembly: • Different memory and register operations 9 Results

  10. Results: Counter increment 10 Results

  11. Results: Bitwise increment • Goal: setting bits in a byte with a consecutive power of 2 • Result: 36.14% successful glitches • 0xff: 1111 1111 • 0xfb: 1111 1011 • 0xf7: 1111 0111 11 Results

  12. Results: Bitwise increment 12 Results

  13. Results: Register value modification • Goal: Modify value while in register • How: Initialize registers with known values • Result: 1.50% successful glitches • But we are modifying instructions instead 13 Results

  14. Results: Register value modification • Register values: • r0: fa ca de 00 r6 : de ad be ef r4: ca fe ba be r5: fa ce fe ed • NOP instruction: mov r1, r1 • MOV transformed into Linear Shift Left (LSL) • Expected output: 0xfacade00deadbeefcafebabefacefeed 14 Results

  15. Results: ADD loop • Goal: Increment a counter to 10,000 using a single instruction • Instruction: add.w r1, r1 #1 repeated 10,000 times • Result: 50.77% successful glitches • 0xdeadd77f • 0xeadc0789 • 0x1890 15 Results

  16. Results: ADD loop • 16 Results

  17. Results: ADD loop (0xdeadd77f) • Register r0 was first loaded with 0xdeadbeef • This value now shows up in r1 • Subtract 0x1890 from the result 17 Results

  18. Results: ADD loop (0xeadc0789) • The same was true for this result • When we subtract 0x1890 from result 18 Results

  19. Results: ADD loop • So how can this happen? • We modified the processor instruction, instead loading r1 it loads r0 19 Results

  20. Results: ADD loop • How could we obtain the value of 0x1890 • Probably the counter was restarted, also this can be explained using a modified instruction • The AND instruction sets the counter back to 1 or 0 20 Results

  21. Bypass authentication • Goal: Attack a real-world scenario, in this case, password verification • Result: 0.22% successful glitches • Lots of possibilities for introducing glitches 21 Results

  22. Results: Bypass authentication 22 Results

  23. Conclusion What is the security impact of injecting laser • There are two ways laser injection can be glitches into an ARM performed - backside and frontside based, Cortex-M4 microcontroller (MCU)? • Power 20-25% of the maximum 20W seemed to be most efficient • Other variables differ per experiment • We have proven to be able to modify processor instructions 23 Conclusion

  24. Future work • Use of different objectives: magnitude 20x or 50x to have smaller spotsize and more precise aim • Target specific features of the board e.g. the Read Data Protection (RDP) byte • Test other processors in Cortex family with more advanced security features e.g. TrustZone or Memory Protection Unit (MPU) 24 Conclusion

  25. Thank you! Questions? 25 Conclusion

Recommend

ARM Microcontroller Course May 6, 2015 ARM Microcontroller Course Introduction C

ARM Microcontroller Course May 6, 2015 ARM Microcontroller Course Introduction C

Introduction C Microcontroller ARM Microcontroller Course May 6, 2015 ARM Microcontroller Course Introduction C Microcontroller Table of Contents 1 Introduction 2 C Data types Operators Events 3 Microcontroller ARM Microcontroller

459 views • 45 slides
Biovision team 2 Retina Visual cortex 3 Retina Visual cortex 3 Retina Visual cortex 3

Biovision team 2 Retina Visual cortex 3 Retina Visual cortex 3 Retina Visual cortex 3

Biovision team 2 Retina Visual cortex 3 Retina Visual cortex 3 Retina Visual cortex 3 Retina Visual cortex 3 285 millions visually impaired people Retina Visual cortex 3 285 millions visually impaired people Retina Visual cortex

750 views • 63 slides
Chapter 6 Vision Exam 1 Anatomy of vision Primary visual cortex (striate cortex, V1)

Chapter 6 Vision Exam 1 Anatomy of vision Primary visual cortex (striate cortex, V1)

Chapter 6 Vision Exam 1 Anatomy of vision Primary visual cortex (striate cortex, V1) Prestriate cortex, Extrastriate cortex (Visual association coretx ) Second level association areas in the temporal and parietal lobes

456 views • 24 slides
ARM Microcontroller Course May 20, 2015 ARM Microcontroller Course Timers Analog Peripherals

ARM Microcontroller Course May 20, 2015 ARM Microcontroller Course Timers Analog Peripherals

Timers Analog Peripherals HAL Shield ARM Microcontroller Course May 20, 2015 ARM Microcontroller Course Timers Analog Peripherals HAL Shield Table of Contents 1 Timers 2 Analog Peripherals 3 HAL 4 Shield ARM Microcontroller Course

951 views • 19 slides
ARM Microcontroller Course May 27, 2015 ARM Microcontroller Course Serial Peripheral Interface

ARM Microcontroller Course May 27, 2015 ARM Microcontroller Course Serial Peripheral Interface

Serial Peripheral Interface Direct Digital Synthesis Exercises ARM Microcontroller Course May 27, 2015 ARM Microcontroller Course Serial Peripheral Interface Direct Digital Synthesis Exercises Table of Contents 1 Serial Peripheral Interface

329 views • 16 slides
ARM Microcontroller Course June 3, 2015 ARM Microcontroller Course The Course Direct Digital

ARM Microcontroller Course June 3, 2015 ARM Microcontroller Course The Course Direct Digital

The Course Direct Digital Synthesis Function Generator ARM Microcontroller Course June 3, 2015 ARM Microcontroller Course The Course Direct Digital Synthesis Function Generator Table of Contents 1 The Course 2 Direct Digital Synthesis 3

510 views • 18 slides
Microcontroller Interfacing CSE/EE 5/7385 Microcontroller Architecture and Interfacing David

Microcontroller Interfacing CSE/EE 5/7385 Microcontroller Architecture and Interfacing David

Microcontroller Interfacing CSE/EE 5/7385 Microcontroller Architecture and Interfacing David Houngninou Southern Methodist University Table of content 1. Target device: MCBSTM32C 2. References 3. GPIO ports: registers and pins 4. Interfacing

590 views • 31 slides
Agenda Technical updates Project Cortex availability Project Cortex partners

Agenda Technical updates Project Cortex availability Project Cortex partners

Agenda Technical updates Project Cortex availability Project Cortex partners Q&A Joining us today Sean Squires Taxonomy service updates (MMS) Administration End User Developer Tagging & filtering end-user

730 views • 24 slides
Cortex-A15 Processor ARMs next generation mobile applications processor Travis Lanier Senior

Cortex-A15 Processor ARMs next generation mobile applications processor Travis Lanier Senior

Exploring the Design of the Cortex-A15 Processor ARMs next generation mobile applications processor Travis Lanier Senior Product Manager 1 Cortex-A15: Next Generation Leadership Cortex-A class multi-processor 1 TB physical addressing

718 views • 33 slides
Cortex: Prometheus as a Service, One Year On Tom Wilkie, PromCon 2017 tom.wilkie@gmail.com

Cortex: Prometheus as a Service, One Year On Tom Wilkie, PromCon 2017 tom.wilkie@gmail.com

Cortex: Prometheus as a Service, One Year On Tom Wilkie, PromCon 2017 tom.wilkie@gmail.com https://github.com/weaveworks/cortex https://www.youtube.com/watch?v=3Tb4Wc0kfCM Prometheus HA Grafana Cortex: Prometheus as a Service Alertmanager

544 views • 35 slides
Telencephalon/Cerebral Cortex - Anatomy Cerebral Cortex Box 26D Brain Size and Intelligence

Telencephalon/Cerebral Cortex - Anatomy Cerebral Cortex Box 26D Brain Size and Intelligence

Telencephalon/Cerebral Cortex - Anatomy Cerebral Cortex Box 26D Brain Size and Intelligence 1.12 Gross anatomy of the forebrain. (Part 3) Haines, Fund. Neuro., Fig 16 10 Figure A21 The ventricular system of the human brain (Part 1) Box

592 views • 36 slides
Schematic view of the MNS1 model Posterior cortex Frontal cortex Role of PFC in Neural network

Schematic view of the MNS1 model Posterior cortex Frontal cortex Role of PFC in Neural network

Schematic view of the MNS1 model Posterior cortex Frontal cortex Role of PFC in Neural network models of the mirror neuron action selection not included system Igor Farka Centre for Cognitive Science DAI FMPI Comenius University

240 views • 4 slides
Characterization of the Household Electricity Characterization of the Household Electricity

Characterization of the Household Electricity Characterization of the Household Electricity

Characterization of the Household Electricity Characterization of the Household Electricity Characterization of the Household Electricity Characterization of the Household Electricity Consumption in the EU, Potential Energy Savings Consumption

775 views • 35 slides
SITE CHARACTERIZATION Part 1. Non-Intrusive Site Characterization Technologies Tyler E. Gass,

SITE CHARACTERIZATION Part 1. Non-Intrusive Site Characterization Technologies Tyler E. Gass,

SITE CHARACTERIZATION Part 1. Non-Intrusive Site Characterization Technologies Tyler E. Gass, CPG Tetra Tech, Inc. Louisville, CO Site Characterization Non-intrusive Technologies Factors to Consider When Designing a Site Characterization

1.18k views • 70 slides
Customer Presentation 16-bit Ultra Low Power Microcontroller The eCOG1, 16 Bit Ultra Low Power

Customer Presentation 16-bit Ultra Low Power Microcontroller The eCOG1, 16 Bit Ultra Low Power

Customer Presentation 16-bit Ultra Low Power Microcontroller The eCOG1, 16 Bit Ultra Low Power Microcontroller Configurable ports and integrated features increase flexibility and reduce component cost External memory interface

283 views • 15 slides
USB Host with ATmega Microcontroller Ji Dostl (dostaj3@fel.cvut.cz) Martin Chloupek

USB Host with ATmega Microcontroller Ji Dostl (dostaj3@fel.cvut.cz) Martin Chloupek

IBM - CVUT Student Research Projects USB Host with ATmega Microcontroller Ji Dostl (dostaj3@fel.cvut.cz) Martin Chloupek (chloum1@fel.cvut.cz) Our goal to create USB host device with microcontroller ATmega2560 to create a

294 views • 7 slides
Agenda Most frequently asked questions Q&A F UNDAMENTALS Question: What is

Agenda Most frequently asked questions Q&A F UNDAMENTALS Question: What is

Agenda Most frequently asked questions Q&A F UNDAMENTALS Question: What is Project Cortex? Answer: Project Cortex in Microsoft 365 puts people at the center by making it easy to discover and share knowledge within the tools

368 views • 21 slides
Contact-less Based Accelerometers Speaker: Refael Shamir Founder and CEO of Letos Presentation

Contact-less Based Accelerometers Speaker: Refael Shamir Founder and CEO of Letos Presentation

March 26 29, 2018 | Silicon Valley | #GTC18 www.gputechconf.com Affective Categorization Using Contact-less Based Accelerometers Speaker: Refael Shamir Founder and CEO of Letos Presentation Outline Motivation Driver monitoring in

549 views • 52 slides
NOVEL IN VITRO MODEL TO GROW AND CULTURE OVARIES OUTSIDE THE BODY Matthew Zanotelli, Patrick

NOVEL IN VITRO MODEL TO GROW AND CULTURE OVARIES OUTSIDE THE BODY Matthew Zanotelli, Patrick

NOVEL IN VITRO MODEL TO GROW AND CULTURE OVARIES OUTSIDE THE BODY Matthew Zanotelli, Patrick Hopkins, Joseph Henningsen, Aaron Dederich Client: Sana M. Salih, MD, MMS Advisor: John P. Puccinelli, PhD Biomedical Engineering Design University of

377 views • 26 slides
Practice Nurses Dr Catherine Black MB ChB DCH FRNZCGP Head of WOOMB NZ Using the cervical mucus

Practice Nurses Dr Catherine Black MB ChB DCH FRNZCGP Head of WOOMB NZ Using the cervical mucus

Natural Fertility for Practice Nurses Dr Catherine Black MB ChB DCH FRNZCGP Head of WOOMB NZ Using the cervical mucus system to identify ovulation. Using the Billings Ovulation Method Billings Ovulation Method Research began in 1953.

936 views • 49 slides
Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs

Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs

ElectroMagnetic Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs George.Thessalonikefs@os3.nl University of Amsterdam February 5, 2014 Introduction Hardware Fault Injection Induce faults to hardware through side

521 views • 26 slides
NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations & Performance

NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations & Performance

NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations & Performance Performance of State-of-the-Art Cryptography on ARM-based Microprocessors Hannes Tschofenig & Manuel Pegourie-Gonnard (Hannes.Tschofenig@arm.com,

510 views • 40 slides
CRYSTALSKyber Roberto Avanzi, Joppe Bos, Lo Ducas, Eike Kiltz, Tancrde Lepoint, Vadim

CRYSTALSKyber Roberto Avanzi, Joppe Bos, Lo Ducas, Eike Kiltz, Tancrde Lepoint, Vadim

CRYSTALSKyber Roberto Avanzi, Joppe Bos, Lo Ducas, Eike Kiltz, Tancrde Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe , Gregor Seiler, Damien Stehl authors@pq-crystals.org https://pq-crystals.org/kyber August 23, 2019

727 views • 26 slides
VIDEO UNDERSTANDING @ TWITTER C O U R T E S Y O F C O R T E X USER PROTECTION T W I T T E R

VIDEO UNDERSTANDING @ TWITTER C O U R T E S Y O F C O R T E X USER PROTECTION T W I T T E R

VIDEO UNDERSTANDING @ TWITTER C O U R T E S Y O F C O R T E X USER PROTECTION T W I T T E R C O R T E X T W I T T E R C O R T E X CONTENT UNDERSTANDING T W I T T E R C O R T E X T W I T T E R C O R T E X T W I T T E R C O R T E X

916 views • 64 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.