Xintang M2354 Fault Injection Attack Protection

火辣西米秀

Xintang M2354 Fault Injection Attack Protection [Copy link]

 

Abstract

Shortly after Arm, a global mobile computing IP giant, launched its new isolation technology TrustZone, the hacker community took the opportunity to launch its own attack against the architecture, claiming that it could bypass the protection of TrustZone. Regardless of whether the hacker can ultimately obtain any substantial information or benefits through this crack, what we can know is that the method used by the hacker is the fault injection attack method that is generally known in information security. This attack method is widely used by hackers because of its advantages such as simplicity, low cost, and easy equipment acquisition. There are even special kits for sale on the market.

Since there are attacks, there must be corresponding protection, and the protection methods can be simply divided into software protection and hardware protection. For software protection against fault injection, it is necessary to first analyze the possible weaknesses and develop and protect the corresponding software against these weaknesses. For software engineers, this requires quite professional information security knowledge and skills to be able to do this.

Using devices with hardware protection makes it much simpler to protect against fault injection attacks in software development. Since protection against error attacks has been taken into consideration in the hardware design of the MCU, it is equivalent to the information security expertise required in product applications being embedded in the hardware. All software engineers need to do next is turn them on to protect against fault injection attacks, which is relatively easy and can minimize security vulnerabilities caused by software negligence.

Hardware protection against fault injection attacks

When the execution conditions of a product exceed the originally preset specifications, the product will fail to operate properly. If such execution conditions can be limited to occur at a specific time and last only for a very short period of time, it will be enough to cause the product to fail when executing specific instructions, while other instructions can be executed normally. This is the so-called error injection attack. A common method is to attack by briefly exceeding the voltage and frequency of the semiconductor component's operating specifications. Therefore, in terms of protection, as long as the abnormal voltage and frequency can be effectively detected, real-time response can be carried out to block the attack in real time.

In order to ensure that the hardware can effectively respond to attacks at any time, the detection hardware must be independent of the normal working circuit and have its own power supply and frequency system to prevent external attacks from paralyzing the detection circuit at the same time. In addition, the detection circuit must be able to directly control key hardware to automatically perform necessary protection actions, such as clearing secret keys in memory, to avoid software errors caused by error injection, which may prevent key processing when attacked from being performed normally.

Figure 1: Tamper detects attacks from voltage and frequency, notifies the CPU and directly triggers the Key Store protection mechanism.

Voltage and frequency attacks and treatment

The M2354 covers various voltage and frequency attack methods in the error injection protection hardware, and designs corresponding countermeasures, as listed below:

Detection method	General Condition	Attacked state	Protection method
Use EADC to detect VDD	1.62V ~ 3.6V	Voltages other than 1.62V ~ 3.6V	Software intervention
High voltage detection	VDD < 4.0V	VDD >= 4.0V	Hardware interrupt and trigger default action
Low voltage breakthrough detection	User-defined error tolerance range	Exceeding the set tolerance range	Hardware interrupt and trigger default action
V BAT voltage detection	RTC is functioning normally	V BAT Low Voltage	Hardware interrupt and trigger default action
Power failure detection	LDO_CAP is within the preset high and low voltage limits	LDO_CAP exceeds the preset high and low voltage limits	Hardware interrupt and trigger default action
High-speed external frequency failure detection	The frequency source is stable and continuous	Frequency source disappears	Hardware automatically switches internal frequency source
Low speed external frequency failure detection	The frequency source is stable and continuous	Frequency source disappears	Hardware automatically switches internal frequency source
High-speed external frequency monitoring	The frequency falls within the default range	Frequency exceeds the default range	Interrupts notify software to intervene
Low speed external frequency monitoring	The frequency falls within the default range	Frequency exceeds the default range	Hardware interrupt and trigger default action

The "default action" in the above table can be just software intervention, or it can be a forced system reset or a forced clearing of all keys stored in the Key Store.

Summarize

For microcontroller products, error injection attacks are indeed simple, effective and low-cost attacks, which also makes this attack often used by hackers. In order to protect important information in the product, protection against this attack is imperative. However, purely software-based protection requires not only engineers with professional information security, but also a rigorous inspection mechanism to prevent human omissions. In contrast, with the protection method based on hardware detection, engineers only need to turn on all hardware protections and set corresponding actions to completely prevent attacks from power supply and frequency. Hardware protection is much easier.

Therefore, by using the M2354's error injection attack protection design, users can focus more on developing product functions without having to do too much extra work for information security protection, thus reducing the extra time and cost of developing protection mechanisms.