Safety ≠ Security

This work aims to address the lack of attention on fault injection attacks by investigating two modern microcontroller units that receive the highest safety assurance rating (ASIL-D) of the ISO 26262 standard. This is done in both a theoretical characterization setup and a more realistic setup where debugging interfaces are targeted. The results obtained from these setups show that the mechanisms implemented to adhere to this maximum safety rating do not adequately protect against fault injection attacks and are therefore insufficient to ensure security by themselves – additional countermeasures are required. Each setup required approximately one week of preparation, but once the attacker finds the optimal fault injection parameters, the attack can be repeated in less than an hour. We provide some recommendations on what type of countermeasures should be considered to improve the security with respect to fault injection attacks and also provide several pointers to continue the security research in this area.

Get the whitepaper

Register to download the whitepaper

Thank you! Please click this link to download the whitepaper.

By continuing to browse this website, you agree to the use of cookies and data processing according to our privacy statement. Close