International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Unlock the Door to my Secrets, but don’t Forget to Glitch: A comprehensive analysis of flash erase suppression attacks

Authors:
Marc Schink , Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany; Technical University of Munich (TUM), Munich, Germany
Alexander Wagner , Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany; Technical University of Munich (TUM), Munich, Germany
Felix Oberhansl , Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany
Stefan Köckeis , Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany
Emanuele Strieder , Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany; Technical University of Munich (TUM), Munich, Germany
Sven Freud , Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany
Dominik Klein , Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany
Download:
DOI: 10.46586/tches.v2024.i2.88-129
URL: https://tches.iacr.org/index.php/TCHES/article/view/11422
Search ePrint
Search Google
Abstract: In this work, we look into an attack vector known as flash erase suppression. Many microcontrollers have a feature that allows the debug interface protection to be deactivated after wiping the entire flash memory. The flash erase suppression attack exploits this feature by glitching the mass erase, allowing unlimited access to the data stored in flash memory. This type of attack was presented in a confined context by Schink et al. at CHES 2021. In this paper, we investigate whether this generic attack vector poses a serious threat to real-world products. For this to be true, the success rate of the attack must be sufficiently high, as otherwise, device unique secrets might be erased. Further, the applicability to different devices, different glitching setups, cost, and limitations must be explored. We present the first in-depth analysis of this attack vector. Our study yields that realistic attacks on devices from multiple vendors are possible. As countermeasures can hardly be retrofitted with software, our findings should be considered by users when choosing microcontrollers for security-relevant products or for protection of intellectual property (IP), as well by hardware designers when creating next generation microcontrollers.
BibTeX
@article{tches-2024-34046,
  title={Unlock the Door to my Secrets, but don’t Forget to Glitch: A comprehensive analysis of flash erase suppression attacks},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={024 No. 2},
  pages={88-129},
  url={https://tches.iacr.org/index.php/TCHES/article/view/11422},
  doi={10.46586/tches.v2024.i2.88-129},
  author={Marc Schink and Alexander Wagner and Felix Oberhansl and Stefan Köckeis and Emanuele Strieder and Sven Freud and Dominik Klein},
  year=2024
}