Skip to Main content Skip to Navigation
Conference papers

Let's shock our IoT's heart: ARMv7-M under (fault) attacks

Sebanjila Bukasa 1 Ronan Lashermes 2 Jean-Louis Lanet 1, 2 Axel Legay 3
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
3 TAMIS - Threat Analysis and Mitigation for Information Security
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : A fault attack is a well-known technique where the behaviour of a chip is voluntarily disturbed by hardware means in order to undermine the security of the information handled by the target. In this paper, we explore how Electromagnetic fault injection (EMFI) can be used to create vulnerabilities in sound software, targeting a Cortex-M3 microcontroller. Several use-cases are shown experimentally: control flow hijacking, buffer overflow (even with the presence of a canary), covert backdoor insertion and Return Oriented Programming can be achieved even if programs are not vulnerable in a software point of view. These results suggest that the protection of any software against vulnerabilities must take hardware into account as well.
Complete list of metadata

Cited literature [14 references]  Display  Hide  Download
Contributor : Sebanjila Bukasa Connect in order to contact the contributor
Submitted on : Wednesday, December 12, 2018 - 2:21:53 PM
Last modification on : Wednesday, November 3, 2021 - 8:17:45 AM


Files produced by the author(s)



Sebanjila Bukasa, Ronan Lashermes, Jean-Louis Lanet, Axel Legay. Let's shock our IoT's heart: ARMv7-M under (fault) attacks. ARES 2018 - 13th International Conference on Availability, Reliability and Security, Aug 2018, Hambourg, Germany. pp.1-6, ⟨10.1145/3230833.3230842⟩. ⟨hal-01950842⟩



Record views


Files downloads