Talk Title:

Breaking SoC Security by Glitching OTP Data Transfers

Abstract:

Modern System-on-Chips (SoCs) include security critical features which are often configured securely using one-time programmable (OTP) bits, often implemented using so-called electronic fuses (eFuses). Most SoCs will transfer these configuration bits from OTP memory to dedicated shadow registers from where they will be consumed by either hardware modules (e.g. cryptographic engines) or software (e.g. ROM code). These bits must be transferred correctly during boot to ensure the SoC is configured as intended. A SoC is then assumed to operate as expected, according to the supplied configuration, especially when operating in its expected conditions. However, what if we can break this fundamental assumption?

Fault Injection (FI) attacks are becoming increasingly popular due to their effectiveness of hacking into devices (e.g. consoles) for which there are no software vulnerabilities identified yet. Although mostly used for altering software control flow, they can also affect the intended behavior of pure hardware implementations. This also includes the subsystems responsible for transferring the configuration bits from OTP memory to shadow registers.

We discussed this attack for the first time publicly during our talk at Blue Hat IL 2019 [1]. Back then, we only outlined the technical feasibility of such a technique, without considering a specific target. Since then, Limited Results applied this attack to dump the authentication keys [2] of the ESP32 SoC using a Voltage Fault Injection attack (VFI). We decided to also apply this technique using Electromagnetic Fault Injection (EMFI), which has several significant advantages.

In this talk, we demonstrate what it takes to perform a successful EMFI attack on the OTP transfer performed by the ESP32 SoC, using commercially available tooling. We will explain our thought process and approach before diving into the results of the attack. Finally. by using our Fault Injection Reference Model (FIRM), we will discuss what a manufacturer can do to harden a SoC against these type of attacks. As far as we know, this has never been discussed publicly.

Speaker Bio:

Cristofaro Mune is a Co-Founder and Security Researcher at Raelize and he has been in the security field for 20 years. He has 15 years of experience with evaluating SW and HW security of secure products, as well as 10 years of experience in testing and assessing the security of Trusted Execution Environments (TEEs). His research on Fault Injection, TEEs, Secure Boot, White-Box cryptography, IoT exploitation and Mobile Security has been presented at renowned international conferences and in academic papers.