Home Publications Technical Safety does not equal Security in Automotive

Safety does not equal Security in Automotive

Author: Nils Wiersma, Ramiro Pareja

This work aims to address the lack of attention on fault injection attacks by investigating two modern microcontroller units that receive the highest safety assurance rating (ASIL-D) of the ISO 26262 standard. This is done in both a theoretical characterization setup and a more realistic setup where debugging interfaces are targeted.

Optimal fault injection parameters

The results obtained from these setups show that the mechanisms implemented to adhere to this maximum safety rating do not adequately protect against fault injection attacks and are therefore insufficient to ensure security by themselves – additional countermeasures are required. Each setup required approximately one week of preparation, but once the attacker finds the optimal fault injection parameters, the attack can be repeated in less than an hour. We provide some recommendations on what type of countermeasures should be considered to improve the security with respect to fault injection attacks and also provide several pointers to continue the security research in this area.

Recent publications

PCI MPoC: Build It or Use It?

PCI MPoC: Build It or Use It?

Should you build your own MPoC Solution, or partner with a third-party MPoC provider? This white paper provides a detailed analysis to guide payment companies through this complex decision-making process.

read more
Share This