Mitigation-page

MID-062: Hardware Mitigations for Fault Injection

Mitigation Tier: Leading

Description

Numerous hardware-level defenses have been proposed to address the different varieties of fault injection. Tunable Replica Circuits (TRCs) [1] can be used to detect voltage and clock timing changes and have been deployed within some newer commercial CPUs from Intel [2]. Brown-out detection and reset circuits, as found in some microcontrollers, have been proposed to interrupt voltage glitch attacks if sensitive enough [8], however research has shown these can be bypassed by tuning the attack carefully [9][10] although it does increase the difficulty of the attack [10]. Comparison techniques can be used to detect attacks on processor clock signals [3][4]. Finely targeted electromagnetic interference (EMI) attacks can bypass single chip-wide voltage and clock-based defenses but have been shown to be detectable embedding multiple detectors within a chip [3] and by phase locked loop (PLL)-based sensor circuits [5]. [6] examines several detection schemes for optical fault injection techniques, such as embedding photosensors and shielding in a chip.

A combination of multiple hardware and software-based mitigation techniques (see MID-063) to address the range of fault injection types, as recommended by [8], can prove more effective than any individual mitigation.

IEC 62443 4-2 Mappings

  • none

References

[1] K. A. Bowman and J. W. Tschanz, “Resilient microprocessor design for improving performance and energy efficiency,” 2010 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), San Jose, CA, USA, 2010, pp. 85-88, doi: 10.1109/ICCAD.2010.5654317.

[2] D. Nemiroff, C. Tokunaga, “Tunable Replica Circuit for Fault- Injection Detection,” in Blackhat USA 2022, Las Vegas, NV, USA, 2022. Available: https://i.blackhat.com/USA-22/Wednesday/US-22-Nemiroff-Fault-Injection-Detection-Circuits.pdf

[3] L. Zussa et al., “Efficiency of a glitch detector against electromagnetic fault injection,” 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 2014, pp. 1-6, doi: 10.7873/DATE.2014.216.

[4] C. Deshpande, “Hardware Fault Attack Detection Methods for Secure Embedded Systems,” M.S. dissertation, Dept. Comp. Eng., Virginia Tech, Blacksburg, VA, USA, 2017. [Online]. Available: https://vtechworks.lib.vt.edu/server/api/core/bitstreams/2b264fa1-1286-4802-9125-461ca4839c1c/content

[5] Noriyuki Miura, Zakaria Najm, Wei He, Shivam Bhasin, Xuan Thuy Ngo, Makoto Nagata, and Jean-Luc Danger. 2016. PLL to the rescue: a novel EM fault countermeasure. In Proceedings of the 53rd Annual Design Automation Conference (DAC ‘16). Association for Computing Machinery, New York, NY, USA, Article 90, 1–6. https://doi.org/10.1145/2897937.2898065

[6] N. A. Anagnostopoulos, “Optical Fault Injection Attacks in Smart Card Chips and an Evaluation of Countermeasures Against Them,” M.S. thesis, Dept. Comp. Sci., Univ. of Twente, Enschede, Netherlands, 2014. [Online]. Available: https://essay.utwente.nl/66028/7/Anagnostopoulos_MA_EEMCS.pdf

[7] Bilgiday Yuce, Nahid F. Ghalaty, Chinmay Deshpande, Conor Patrick, Leyla Nazhandali, and Patrick Schaumont. 2016. FAME: Fault-attack Aware Microprocessor Extensions for Hardware Fault Detection and Software Fault Response. In Proceedings of the Hardware and Architectural Support for Security and Privacy 2016 (HASP ‘16). Association for Computing Machinery, New York, NY, USA, Article 8, 1–8. https://doi.org/10.1145/2948618.2948626

[8] J. Boone, S. Q. Khan. “Alternative Approaches for Fault Injection Countermeasures (Part 3/3).” NCC Group. Accessed: Aug. 28, 2024. [Online]. Available: https://research.nccgroup.com/2021/07/09/alternative-approaches-for-fault-injection-countermeasures-part-3-3/

[9] T. Korak and M. Hoefler, “On the Effects of Clock and Power Supply Tampering on Two Microcontroller Platforms,” 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, Busan, Korea (South), 2014, pp. 8-17, doi: 10.1109/FDTC.2014.11.

[10] C. Bozzato, R. Focardi, and F. Palmarini. “Shaping the Glitch: Optimizing Voltage Fault Injection Attacks”, TCHES, vol. 2019, no. 2, pp. 199–224, Feb. 2019, doi: 10.13154/tches.v2019.i2.199-224.

[11] J. van Woudenberg. “Top 10 Secure Boot mistakes.” Presented at hardware.io Hardware Security Conference and Training, Santa Clara, CA, USA, 2019. [Online]. Available: https://hardwear.io/usa-2019/presentations/Top-10-Secure-Boot-Mistakes-v1.1-hardwear-io-usa-2019-jasper-van-woudenberg.pdf