Experimental evaluation of two software countermeasures against fault attacks
This addresses security vulnerabilities in embedded systems for applications like IoT and automotive, but it is incremental as it builds on existing countermeasure schemes.
The paper tackles the problem of fault attacks on embedded systems by experimentally evaluating two software countermeasures using pulsed electromagnetic fault injection on a 32-bit microcontroller, finding necessary conditions for efficient implementation and highlighting their limitations.
Injection of transient faults can be used as a way to attack embedded systems. On embedded processors such as microcontrollers, several studies showed that such a transient fault injection with glitches or electromagnetic pulses could corrupt either the data loads from the memory or the assembly instructions executed by the circuit. Some countermeasure schemes which rely on temporal redundancy have been proposed to handle this issue. Among them, several schemes add this redundancy at assembly instruction level. In this paper, we perform a practical evaluation for two of those countermeasure schemes by using a pulsed electromagnetic fault injection process on a 32-bit microcontroller. We provide some necessary conditions for an efficient implementation of those countermeasure schemes in practice. We also evaluate their efficiency and highlight their limitations. To the best of our knowledge, no experimental evaluation of the security of such instruction-level countermeasure schemes has been published yet.