Fault Injection Attacks Flashcards
Types of fault classifications
duration, controllability, fault resolution
duration faults
- Transient - happens once and goes away
- Permanent - the device now forever has this error
- Destructive - we can no longer use the device
controllability faults
- Precise - can control time / location of fault
- Loose - some control, but not very precise
- No-control -
Fault resolution
how much impact did the fault have on the data - bits, few bits, bytes/words
Stuck-at faults
bits are permanently the same value, no amount of reading or writing can change their value
Bit-flip faults
all bits are flipped
Random faults
bits are changed randomly
Set/reset faults
can change the value of a bit in only one direction
○ All bits become 1s (set)
○ All bits become 0s (reset)
Three ways to create faults
Clock glitches, voltage spikes, underpowering
clock glitches
- Temporarily overclock or make one cycle faster
- Processor does not have enough time to finish all the work it has to do => wrong values get set in the registers, etc
voltage spikes
- Temporarily increase or decrease in power
- Can cause circuitry to fault because it lacks power/has too much power
Underpowering
- Reduce supply voltage for a long period of time
- Can be transient or permanent
- Makes circuitry slower => sometimes is doesn’t complete what it was supposed to complete during a clock cycle
7 Effects of Glitches and Spikes
- Replacement (or skipping) of instructions
- Tampering with loops or conditionals
- Change of program counter
- Effects on data flow
○ Use value from the wrong register - Computation errors
○ Produce 7+2 = 11 - Corrupt memory pointers
- No bit transitions on data bu
does it take longer to switch a bit in one direction vs the other?
Changing 0->1 takes shorter length glitches than 1->0
Categories of Fault-Injections
non, semi-, and invasive
