using fault injection to turn data
play

Using Fault Injection to Turn Data Transfers into Arbitrary - PowerPoint PPT Presentation

Mar 26, 2023 •478 likes •1.05k views

Using Fault Injection to Turn Data Transfers into Arbitrary Execution Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers Todays agenda Introduction Fault Injection basics Fault

  1. Using Fault Injection to Turn Data Transfers into Arbitrary Execution Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers

  2. Today’s agenda • Introduction • Fault Injection basics • Fault models and attacks • Previous research: • From data transfer to arbitrary execution on ARM (AArch32) • New research: • Generalizing the attack technique to other architectures • New techniques, attack simulations and demos • Takeaways

  3. Who are we… • Cristofaro Mune • Niek Timmers • Product Security Consultant • Freelance Device Security Expert • Security trainer • Security trainer • Research: • Interests: • Fault injection • Secure boot • TEEs • Fault injection • White-box Cryptography • Low-level software • Device exploitation • Fuzzing

  4. FAULT INJECTION BASICS

  5. Fault injection “Introducing faults into a chip to alter its intended behavior.” // check if secure boot is enabled // check if secure boot is enabled if(SECURE_BOOT_EN == 1) { if(SECURE_BOOT_EN == 1) { authenticate(&image); authenticate(&image); } } // execute the image // execute the image execute(&image); execute(&image); Awesome! But… how can these faults be introduced?

  6. Fault injection techniques 4.0 V 3.3 V Clock 1.0 V Time Voltage Clock

  7. Fault injection techniques Voltage Clock Laser Electromagnetic What goes wrong because of these glitches?

  8. GOOD QUESTION; DIFFICULT ANSWER

  9. Fault injection reference model “Control” “Inject” “Glitch” “Introduce” “Execute” “Achieve” Glitch Goal Injection Target Exploit Activation Faults Software • CLKSCREW “Selecting specific faults” Voltage • Rowhammer Hardware • FI tooling Clock Fault model HW Vulnerability EM Glitch parameters … FI technique

  10. Fault models • Instruction skipping • E.g. bypassing a check by not executing a critical instruction • Data corruption • E.g. recovering a key by corrupting cryptographic primitives • Instruction corruption • Very powerful, we will cover this later on… Just the typical ones…

  11. Typical fault attacks • Breaking crypto wallets • Hacking smart phones • Bypassing secure boot • Recovering keys from crypto engines

  12. WE HAVE ATTACKS UP OUR SLEEVE AS WELL ☺

  13. Arbitrary execution using fault injection • One of the first examples where instruction corruption is described • Introduces powerful attack: PC control on AArch32

  14. Instruction corruption • Glitches are used to corrupt instructions • Single bit corruptions add x0, x1, x3 = 10001011000000110000000000100000 add x0, x1, x2 = 10001011000000100000000000100000 • Multi bit corruptions ldr x0, [sp, #32] = 11111001010000000001001111100000 str x0, [x0, #32] = 11111001000000000001000000000000 • Most chips are affected by this fault model • Which bits can be controlled, and how, depends on the target, … • As software is modified; any software security model breaks We decided to use this to devise powerful attacks…

  15. TURNING DATA TRANSFERS INTO ARBITRARY EXECUTION

  16. Data transfers are a great target GSM RF • All devices transfer data USB ROM • From memory to memory CPU UART SRAM • Using external interfaces ETH DDR Flash Transferring data is fundamental for devices!

  17. Fault injection target: memcpy • It’s everywhere. • Parameters are typically checked (dest, src and n) • Data itself often not considered security critical Let’ s use it as a Fault Injection target…

  18. Attack description Input Command buffer buffer 00000000 <memcpy>: 00000000 <memcpy>: 00000000 <memcpy>: 0: e92d0070 0: e92d0070 0: e92d0070 push push push {r4, r5, r6} {r4, r5, r6} {r4, r5, r6} Interface Command 00000004 <loop>: 00000004 <loop>: 00000004 <loop>: (USB) 4: e8b10078 4: e8b1 8 078 4: e8b10078 ldm ldm ldm r1!, {r3, r4, r5, r6 , pc } r1!, {r3, r4, r5, r6} r1!, {r3, r4, r5, r6} handler 8: e8a00078 8: e8a00078 8: e8a00078 stm stm stm r0!, {r3, r4, r5, r6} r0!, {r3, r4, r5, r6} r0!, {r3, r4, r5, r6} c: e2522020 c: e2522020 c: e2522020 subs subs subs r2, r2, #32 r2, r2, #32 r2, r2, #32 10: aafffffb bge 4 <ldmloop> 10: aafffffb 10: aafffffb bge bge 4 <ldmloop> 4 <ldmloop> 14: e8bd0070 14: e8bd0070 14: e8bd0070 pop pop pop {r4, r5, r6} {r4, r5, r6} {r4, r5, r6} 18: e12fff1e 18: e12fff1e 18: e12fff1e bx bx bx lr lr lr Output buffer Control flow is directly hijacked using an 1 bit fault!

  19. Attack summary • Corrupt instruction • Modify load instruction operands (destination register) • Directly addressable PC is set to attacker controlled value

  20. We used this technique for different attacks • Escalating privileges from user to kernel in Linux • R00ting the Unexploitable using Hardware Fault Injection @ BlueHat v17 • Bypassing encrypted secure boot • Hardening Secure Boot on Embedded Devices @ Blue Hat IL 2019 • Taking control of an AUTOSAR based ECU • Attacking AUTOSAR using Software and Hardware Attacks @ escar USA 2019

  21. NICE! BUT… AARCH32 SPECIFIC!

  22. Our new research • Generalize turning data transfers into code execution using FI • Identify techniques that apply to all architectures (e.g. ARMv8)

  23. We focus on… • Software that transfers attacker controlled data • Instructions that affect control flow: • Jumps (JMP , JX, etc.) • Calls (BL, CALL, etc.) • Returns (RET, etc.) • Exception returns (ERET, etc.) • … Present in all architectures and systems!

  24. TECHNIQUE 42: EPILOGUE: ‘ RET ’ CORRUPTION

  25. The RET instruction • We are talking here about RET on ARMv8 • It has the following encoding: • Interestingly, the RET instruction can encode any register (x0 to x30) How do we attack?

  26. Real world example • Let’s have a look at Google Bionic’s (LIBC) memcpy • Optimized memcpy uses different code based on length memcpy: memcpy: memcpy: memcpy: • Copying 16 bytes executes the following code: add srcend, src, count 0:8b020024 add x4, x1, x2 0:8b020024 add x4, x1, x2 0:8b020024 add x4, x1, x2 add dstend, dstin, count 4:8b020005 add x5, x0, x2 4:8b020005 add x5, x0, x2 4:8b020005 add x5, x0, x2 cmp count, 16 8:f100405f cmp x2, #0x10 8:f100405f cmp x2, #0x10 8:f100405f cmp x2, #0x10 • Source data resides in x6 and x7 b.ls L(copy16) c:54000229 b.ls 50 <memcpy+0x50 c:54000229 b.ls 50 <memcpy+0x50 c:54000229 b.ls 50 <memcpy+0x50 ... ... ... ... 50:f100205f cmp x2, #0x8 50:f100205f cmp x2, #0x8 cmp count, 8 50:f100205f cmp x2, #0x8 • Source data is not wiped before RET 54:540000e3 b.cc 70 <memcpy+0x70> 54:540000e3 b.cc 70 <memcpy+0x70> b.lo 1f 54:540000e3 b.cc 70 <memcpy+0x70> 58:f9400026 ldr x6, [x1] 58:f9400026 ldr x6, [x1] ldr A_l, [src] 58:f9400026 ldr x6, [x1] ldr A_h, [srcend, -8] 5c:f85f8087 ldur x7, [x4, #-8] 5c:f85f8087 ldur x7, [x4, #-8] 5c:f85f8087 ldur x7, [x4, #-8] • Glitch RET into RET x6 or RET x7 60:f9000006 str x6, [x0] 60:f9000006 str x6, [x0] 60:f9000006 str x6, [x0] str A_l, [dstin] 64:f81f80a7 stur x7, [x5, #-8] 64:f81f80a7 stur x7, [x5, #-8] str A_h, [dstend, -8] 64:f81f80a7 stur x7, [x5, #-8] 68:d65f03c0 ret 68:d65f03c0 ret ret 68:d65f03c0 ret What kind of fault do we need? Good question…

  27. Fault injection simulator • Manually applying fault models is tedious; we need automation Compile code Emulate code Inject faults Log results • We assume various faults at the instruction level • Bit flips: 1, 2, 3 and 4 (Flip{x}) • Bits to zero: 1, 2, 3 and 4 (BiZe{x}) • Bytes to zero: 1, 2, and 4 (ByZe{x}) Important: actual faults in a real target may be different!

Recommend

AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

Saurabh Jha, Subho S. Banerjee , James Cyriac, Zbigniew T. Kalbarczyk and Ravishankar K. Iyer Computer Science, Electrical and Computer Engineering AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

215 views • 8 slides
Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers

Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers

Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers Todays agenda Introduction Fault injection, what is it? Fault injection,

920 views • 69 slides
Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der

Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der

Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der Elzen University of Amsterdam What is Fault Injection? Simply put: Introducing faults in a target to alter its intended behavior* *(N.

553 views • 34 slides
Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006

Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006

Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006 1/28 Symbolic Fault Injection An attempt to introduce Formal Methods into the area of Fault Injection Objective: Evaluate dependability of

691 views • 28 slides
Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research

Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research

Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research Project 1 Jasper Hupkens Dominika Rusek 05.02.2019 1 Introduction to the world of fault injection Research project at Riscure Fault

678 views • 25 slides
Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs

Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs

ElectroMagnetic Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs George.Thessalonikefs@os3.nl University of Amsterdam February 5, 2014 Introduction Hardware Fault Injection Induce faults to hardware through side

517 views • 26 slides
Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune

Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune

Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune timmers@riscure.com c.mune@pulse-sec.com ( @ tieknimmers) ( @ pulsoid) September 25, 2017 Fault Injection A definition... Introducing faults in a target

969 views • 47 slides
Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty Ciphertext But how to inject a fault? Fault: Injection Model Exploitation Non-invasive Device is not altered physical Semi-invasive

602 views • 32 slides
Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed

Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed

Sharif University of Technology Department of Computer Engineering Dependable System Lab [DSL] Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed Nematollah Ahmadian, Seyed Ghassem Miremadi

398 views • 17 slides
An Intelligent Approach using SVM to Enhance Turn-to-Turn Fault Detection in Power Transformers

An Intelligent Approach using SVM to Enhance Turn-to-Turn Fault Detection in Power Transformers

An Intelligent Approach using SVM to Enhance Turn-to-Turn Fault Detection in Power Transformers Dr. Mohamed Elsamahy, P.Eng. Department of Electrical Power &amp; Energy Military Technical College, Cairo, Egypt Mariya Babiy, E.I.T Department of

352 views • 16 slides
Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and

Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and

Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and SEU Emulation for FPGAs Emulation for FPGAs Bradley Dutton, Mustafa Ali, John Bradley Dutton, Mustafa Ali, John Sunwoo, and Charles Stroud Sunwoo,

305 views • 26 slides
A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application

A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application

A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application into executing commands or code embedded in data Data and code mixing! Often injected into interpreters SQL, PHP, Python, JavaScript, LDAP,

377 views • 14 slides
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Overviewtrated Account Summary Account: Account: &quot;SELECT

445 views • 32 slides
Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi,

Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi,

Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi, Cludio Gomes, Bentley James Oakes and Joachim Denil Summersim 2019 July 22, 2019 Berlin, Germany Outline Introduction Context and

404 views • 28 slides
Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b ,

Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b ,

Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b , C. Roscian b , J.M. Dutertre b , M. Lisart a , O. Gagliano a , V. Serradeil a , A. Tria b . a STMicroelectronics, Avenue Clestin Coq 13790 Rousset,

273 views • 14 slides
SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD (

SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD (

SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD ( guillaume.boufgard@ssi.gouv.fr ) David EL-BAZE ( david.elbaze@ssi.gouv.fr ) with the help of Thomas TROUCHKINE Agence nationale de la scurit des systmes

523 views • 28 slides
END-TO-END COMPARISON OF IR-LEVEL AND ASSEMBLY-LEVEL FAULT INJECTION Lucas Palazzi Co-authors:

END-TO-END COMPARISON OF IR-LEVEL AND ASSEMBLY-LEVEL FAULT INJECTION Lucas Palazzi Co-authors:

Practical Experience Report A TALE OF TWO INJECTORS: END-TO-END COMPARISON OF IR-LEVEL AND ASSEMBLY-LEVEL FAULT INJECTION Lucas Palazzi Co-authors: Guanpeng Li, Bo Fang, and Karthik Pattabiraman DEPART M ENT OF ELECT RIC AL AN D COM PUT ER

852 views • 56 slides
More robust I2C designs with a new fault-injection driver Wolfram Sang, Consultant / Renesas

More robust I2C designs with a new fault-injection driver Wolfram Sang, Consultant / Renesas

More robust I2C designs with a new fault-injection driver Wolfram Sang, Consultant / Renesas ELCE17 Wolfram Sang, Consultant / Renesas Robust I2C with fault-injection ELCE17 1 / 24 Motivation It really got personal I2C maintainer since

258 views • 24 slides
Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and

Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and

Cheap &amp; Cheerful A Low-Cost Digital Sensor for Detecting Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and Cryptographic Engineering (PACE), Nanyang Technological University, Singapore SPACE 2016,

667 views • 31 slides
Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir

Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir

Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir 2 , Sylvain Guilley 1 , Fran Pablo Rauzy 1 , Pierre-Yves Strub 2 1 Telecom ParisTech 2 IMDEA Software Institute Crypto Seminar Day @ IMDEA

101 views • 9 slides
strategies for successful fault injection Rafael Boix Carpi 1 , Stjepan Picek 2,3 , Lejla Batina 2

strategies for successful fault injection Rafael Boix Carpi 1 , Stjepan Picek 2,3 , Lejla Batina 2

Glitch it if you can: parameter search strategies for successful fault injection Rafael Boix Carpi 1 , Stjepan Picek 2,3 , Lejla Batina 2 , Federico Menarini 1 , Domagoj Jakobovic 3 and Marin Golub 3 1 Riscure BV, The Netherlands 2 Radboud

711 views • 33 slides
Chiffre : A Confjgurable Hardware Fault Injection Framework for RISC-V Systems Schuyler Eldridge

Chiffre : A Confjgurable Hardware Fault Injection Framework for RISC-V Systems Schuyler Eldridge

IBM T. J. Watson Research Center Chiffre : A Confjgurable Hardware Fault Injection Framework for RISC-V Systems Schuyler Eldridge Alper Buyuktosunoglu Pradip Bose 2 nd Workshop on Computer Architecture Research with RISC-V Motivation: Selective

395 views • 15 slides
Multi-Level Formal Analysis A New Direction for Fault Injection Attack? L. Sauvage, T. Graba, T.

Multi-Level Formal Analysis A New Direction for Fault Injection Attack? L. Sauvage, T. Graba, T.

Institut Mines-Tlcom Multi-Level Formal Analysis A New Direction for Fault Injection Attack? L. Sauvage, T. Graba, T. Porteboeuf PROOFS September 17, 2015 Presentation Outline Introduction, Motivation Multi-level Formal Verification

485 views • 27 slides
Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats Fault Tolerance Fault Injection for Fault Tolerance Assessment Basic and classic techniques Decision Mechanisms Implementation

962 views • 61 slides

More recommend