| Publication type: | Conference paper |
| Type of review: | Peer review (publication) |
| Title: | Attacking secure-element-hardened MCUboot using a low-cost fault injection toolkit |
| Authors: | Noseda, Mario Künzli, Simon |
| et. al: | No |
| DOI: | 10.1007/978-3-031-52947-4_10 |
| Proceedings: | Innovative Security Solutions for Information Technology and Communications |
| Editors of the parent work: | Manulis, Mark Maimuţ, Diana Teşeleanu, George |
| Page(s): | 126 |
| Pages to: | 143 |
| Conference details: | 16th International Conference on Security for Information Technology and Communications (SecITC), Bukarest, Romania, 23-24 November 2023 |
| Issue Date: | 21-Jan-2024 |
| Series: | Lecture Notes in Computer Science |
| Series volume: | 14534 |
| Publisher / Ed. Institution: | Springer |
| Publisher / Ed. Institution: | Cham |
| ISBN: | 978-3-031-52946-7 978-3-031-52947-4 |
| Language: | English |
| Subjects: | Fault injection; Voltage glitching; MCUboot; Secure element; Ethical hacking; Hardware implant; Embedded system |
| Subject (DDC): | 006: Special computer methods |
| Abstract: | The bootloader is a critical part of a device's secure startup, and its interactions with firmware images require cryptographic operations. Instead of storing keys for authentication and encryption in the bootloader, one can harden the system by offloading the key storage and all cryptographic operations to a secure element. This paper analyzes the susceptibility of MCUboot used in conjunction with a secure element to voltage fault injection during firmware image verification. We designed and built a low-cost voltage fault injection tool using a Cortex-M7 MCU and an analog switch, which can achieve a timing resolution of 6.67 ns. We found vulnerable instructions in the glue code between the bootloader and the secure element library. By targeting these vulnerable instructions, we showed how an attacker could bypass a signature verification performed by a secure element by faulting a Nordic nRF52840 host MCU. While secure elements are still suited for securely storing keys and other sensitive data, a holistic approach is required to secure a device against fault injection. Otherwise, the threat of fault injection could diminish the benefits of secure bootloaders and secure elements. |
| URI: | https://digitalcollection.zhaw.ch/handle/11475/29794 |
| Fulltext version: | Published version |
| License (according to publishing contract): | Licence according to publishing contract |
| Departement: | School of Engineering |
| Organisational Unit: | Institute of Embedded Systems (InES) |
| Appears in collections: | Publikationen School of Engineering |
Files in This Item:
There are no files associated with this item.
Show full item record
Noseda, M., & Künzli, S. (2024). Attacking secure-element-hardened MCUboot using a low-cost fault injection toolkit [Conference paper]. In M. Manulis, D. Maimuţ, & G. Teşeleanu (Eds.), Innovative Security Solutions for Information Technology and Communications (pp. 126–143). Springer. https://doi.org/10.1007/978-3-031-52947-4_10
Noseda, M. and Künzli, S. (2024) ‘Attacking secure-element-hardened MCUboot using a low-cost fault injection toolkit’, in M. Manulis, D. Maimuţ, and G. Teşeleanu (eds) Innovative Security Solutions for Information Technology and Communications. Cham: Springer, pp. 126–143. Available at: https://doi.org/10.1007/978-3-031-52947-4_10.
M. Noseda and S. Künzli, “Attacking secure-element-hardened MCUboot using a low-cost fault injection toolkit,” in Innovative Security Solutions for Information Technology and Communications, Jan. 2024, pp. 126–143. doi: 10.1007/978-3-031-52947-4_10.
NOSEDA, Mario und Simon KÜNZLI, 2024. Attacking secure-element-hardened MCUboot using a low-cost fault injection toolkit. In: Mark MANULIS, Diana MAIMUŢ und George TEŞELEANU (Hrsg.), Innovative Security Solutions for Information Technology and Communications. Conference paper. Cham: Springer. 21 Januar 2024. S. 126–143. ISBN 978-3-031-52946-7
Noseda, Mario, and Simon Künzli. 2024. “Attacking Secure-Element-Hardened MCUboot Using a Low-Cost Fault Injection Toolkit.” Conference paper. In Innovative Security Solutions for Information Technology and Communications, edited by Mark Manulis, Diana Maimuţ, and George Teşeleanu, 126–43. Cham: Springer. https://doi.org/10.1007/978-3-031-52947-4_10.
Noseda, Mario, and Simon Künzli. “Attacking Secure-Element-Hardened MCUboot Using a Low-Cost Fault Injection Toolkit.” Innovative Security Solutions for Information Technology and Communications, edited by Mark Manulis et al., Springer, 2024, pp. 126–43, https://doi.org/10.1007/978-3-031-52947-4_10.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.