Fault injection attacks influence the intended behavior of a device by changing critical values or program flow. Faults can be used to exploit or bypass robust security features found in secure embedded systems or dump the memory content.
Examples of such attacks include differential fault analysis (DFA) and bypassing authentication mechanisms. Faults can be injected in several ways: clock manipulation (for targets with an external clock), voltage where faults are injected in the target’s power domain and may cause wrong values to be read from the memory, electromagnetic fault injection by driving a high current through a coil or optical fault injection where a laser beam is used to achieve very specifi c change of data values or behavior.
During this course you learn how to inject faults for the purpose of security testing and you will apply these techniques in practice on real-world targets. You will also learn how to recognize when and where to inject a fault, what parameters are relevant, and how to use statistics to analyze faults.
Learning goals:
- The workflow for performing fault injection testing.
- Voltage- and clock glitching a smart card PIN verification.
- Performing Differential Fault Analysis on a DES / AES operation.
- Optical glitching using a multi pulse laser on an RSA operation.
At the end of this course you will have a thorough understanding of fault injection. You can test the resilience of smart cards and embedded systems to fault injection with none up to basic countermeasures in a simple to moderate environment complexity.
