Oops..! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M

AuthorSadeghi, Ahmad-Reza; Mitev, Richard; Saß, Marvin
TypeConference Proceedings
AbstractFault Injection (FI), also referred to as Glitching, has proven to be a severe threat to real-world computing devices. In this kind of attack, physical faults are injected into a device at runtime, to deliberately alter the target's behavior. In order to address this threat, various countermeasures have been proposed to counteract the different types of fault injection methods at different abstraction layers, either requiring modifying the underlying hardware or firmware at the machine instruction level. Moreover, only recently, individual chip manufacturers have started to respond to this threat by integrating certain countermeasures in their products. Multiple Fault Injection (MFI) could theoretically be used against instruction-level based countermeasures, however, as stated by previous work conducting those attacks are considered highly impractical due to the lack of precise MFI tools and efficient parameter search algorithms. In this presentation, we showcase μ-Glitch, the first FI platform dedicated to injecting multiple, coordinated voltage faults into a target device. We'll show a novel flow for MFI attacks to significantly reduce the search complexity for fault parameters, as otherwise, the search space increases exponentially with each additional fault to be injected. After that, we'll show the effectiveness and practicality of the attack platform on two real-world systems, featuring TrustZone-M: The first one has interdependent backchecking mechanisms, while the second has additionally integrated countermeasures against fault injection. It will be revealed that μ-Glitch can successfully inject four consecutive successful faults within an average time of one day.
Conference25th Black Hat USA