Unlock the Door to my Secrets, but don’t Forget to Glitch

A comprehensive analysis of flash erase suppression attacks

Authors

  • Marc Schink Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany; Technical University of Munich (TUM), Munich, Germany
  • Alexander Wagner Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany; Technical University of Munich (TUM), Munich, Germany
  • Felix Oberhansl Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany
  • Stefan Köckeis Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany
  • Emanuele Strieder Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany; Technical University of Munich (TUM), Munich, Germany
  • Sven Freud Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany
  • Dominik Klein Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany

DOI:

https://doi.org/10.46586/tches.v2024.i2.88-129

Keywords:

embedded system security, fault-injection attack, microcontroller, firmware extraction, flash erase suppression attack

Abstract

In this work, we look into an attack vector known as flash erase suppression. Many microcontrollers have a feature that allows the debug interface protection to be deactivated after wiping the entire flash memory. The flash erase suppression attack exploits this feature by glitching the mass erase, allowing unlimited access to the data stored in flash memory. This type of attack was presented in a confined context by Schink et al. at CHES 2021. In this paper, we investigate whether this generic attack vector poses a serious threat to real-world products. For this to be true, the success rate of the attack must be sufficiently high, as otherwise, device unique secrets might be erased. Further, the applicability to different devices, different glitching setups, cost, and limitations must be explored. We present the first in-depth analysis of this attack vector. Our study yields that realistic attacks on devices from multiple vendors are possible. As countermeasures can hardly be retrofitted with software, our findings should be considered by users when choosing microcontrollers for security-relevant products or for protection of intellectual property (IP), as well by hardware designers when creating next generation microcontrollers.

Downloads

Published

2024-03-12

How to Cite

Schink, M., Wagner, A., Oberhansl, F., Köckeis, S., Strieder, E., Freud, S., & Klein, D. (2024). Unlock the Door to my Secrets, but don’t Forget to Glitch: A comprehensive analysis of flash erase suppression attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(2), 88–129. https://doi.org/10.46586/tches.v2024.i2.88-129

Issue

Vol. 2024 No. 2

Section

Articles

License

Copyright (c) 2024 Marc Schink, Alexander Wagner, Felix Oberhansl, Stefan Köckeis, Emanuele Strieder, Sven Freud, Dominik Klein

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.