Skip to Main content Skip to Navigation
Conference papers

Let's shock our IoT's heart: ARMv7-M under (fault) attacks

Sebanjila Bukasa 1 Ronan Lashermes 2 Jean-Louis Lanet 1, 2 Axel Legay 3
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
3 TAMIS - Threat Analysis and Mitigation for Information Security
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : A fault attack is a well-known technique where the behaviour of a chip is voluntarily disturbed by hardware means in order to undermine the security of the information handled by the target. In this paper, we explore how Electromagnetic fault injection (EMFI) can be used to create vulnerabilities in sound software, targeting a Cortex-M3 microcontroller. Several use-cases are shown experimentally: control flow hijacking, buffer overflow (even with the presence of a canary), covert backdoor insertion and Return Oriented Programming can be achieved even if programs are not vulnerable in a software point of view. These results suggest that the protection of any software against vulnerabilities must take hardware into account as well.
Complete list of metadatas

Cited literature [14 references]  Display  Hide  Download

https://hal.inria.fr/hal-01950842
Contributor : Sebanjila Bukasa <>
Submitted on : Wednesday, December 12, 2018 - 2:21:53 PM
Last modification on : Friday, July 10, 2020 - 4:01:35 PM

File

ares18.pdf
Files produced by the author(s)

Identifiers

Citation

Sebanjila Bukasa, Ronan Lashermes, Jean-Louis Lanet, Axel Legay. Let's shock our IoT's heart: ARMv7-M under (fault) attacks. ARES 2018 - 13th International Conference on Availability, Reliability and Security, Aug 2018, Hambourg, Germany. pp.1-6, ⟨10.1145/3230833.3230842⟩. ⟨hal-01950842⟩

Share

Metrics

Record views

206

Files downloads

344