Security researcher Yifan Lu recently published a detailed paper that examines how voltage glitching causes critical timing violations in CMOS behavior. More specifically, Lu closely analyzes CMOS transistor behavior to better understand when the combinational logic is most susceptible to voltage glitch induced faults. The paper also describes a real-world fault injection attack against the PlayStation Vita’s SoC that gains early (boot time) execution control and dumps the secure boot ROM.
As Lu notes, glitching, or fault injection, has been used for quite some time to attack software running on allegedly secure execution environments. This is because fault injections can cause a malfunction in the target’s SoC that enable an attacker to assume full control over a device. Voltage glitching, he says, is a specific kind of fault injection that is particularly appealing to attackers, as it is inexpensive to deploy and widely applicable to most chips. Crowbar glitching, he adds, was implemented in the ChipWhisperer open hardware platform and brought such attacks to the mainstream.
“It works by abusing the capacitance ringing effect caused by introducing a crowbar circuit into the existing system,” he explains. “The ringing causes faults that can be exploited.”
For the Vita attack, Lu closely examines how voltage glitches introduce timing violations into a digital circuit. He then finds snippets of code to glitch. Once a target is identified, he searches for the correct timing parameters for the crowbar circuit to cause a fault. Finally, the injected fault introduces a software vulnerability that is exploited to gain code execution.
“All of this can be done at a low cost thanks to the open hardware interface of the ChipWhisperer. With a custom script written for ChipWhisperer, we created a working attack on a security hardened consumer device,” he concludes.
From our perspective, the fault injection attack against the PlayStation Vita’s SoC could have been prevented if it had included a hardware-based security core. Siloed from the primary processor, such a security core is specially designed to securely run sensitive code, processes and algorithms. Indeed, a hardware-based security core can utilize advanced anti-tamper techniques to provide the highest level of security and protection against fault injection and other attacks. These include a canary core for the detection of glitching and over-clocking, logic and crypto redundancy, secure state encoding and ephemeral keys that are generated on-the-fly from multiple splits and flushed immediately after use.
In addition, a hardware-based security core can protect the host processor from compromise, as well as thwart non-volatile memory (NVM) key extraction, tearing and other attacks against NVM writes, corruption of non-volatile memory or fuses, probing of external buses, man-in-the-middle and replay attacks. Last, but certainly not least, a hardware-based security core can help protect SoCs against test and debug interface attacks, power/EM analysis (SPA/DPA) and other side-channel attacks, including timing attacks.
Interested in learning more about hardware-based security cores? You can check out our CryptoManager Root of Trust product page here.