Talk Title:

The Donjon Hardware Attack Tool Suite - Fault Injection

Abstract:

Ledger's security team, the Donjon, specializes in researching and analyzing vulnerabilities in software and hardware products related to cryptocurrencies. For this purpose, the team composed of a dozen experts in software and hardware security analysis develop their own analysis and attack tools to adapt to each type of secure product evaluation.

During the Hardwear.IO event, the Donjon will showcase our category of tools dedicated to hardware fault injection attacks.

We will present our hardware tools, including Scaffold, Silicon Toaster, and Curmea, which enable precise perturbations in the execution of sensitive operations. These tools offer advanced features for controlling and measuring currents, generating signals, and disrupting processes.

We will also highlight our software tools, such as Chip Scan, Laser Studio, and QuickLog, which facilitate vulnerability research. Chip Scan allows component mapping, Laser Studio provides precise control of hardware devices for spatial research, and QuickLog enables recording and analysis of relevant events during attack campaigns.

During the presentation, we will provide a live demonstration of our lightweight test bench for fault injection campaigns. This bench utilizes laser injection with simple and lightweight optical hardware. We will also share practical examples of our fault injection methodology. We are excited to share our expertise with the hardware security community and encourage contributions by making our tools open source.

Speaker Bio:

Michael Mouchous is currently working as a hardware security expert and responsible of the Hardware Security Evaluation team of the Donjon, in Ledger. He has been working in this domain since 2013, first as Security evaluator of the ITSEF department of Thales, in Toulouse, France, and then as hardware security searcher in the SEAR team in Apple, in Paris, France.