Memory address scrambling revealed using fault attacks - Mines Saint-Étienne Access content directly
Conference Papers Year : 2010

Memory address scrambling revealed using fault attacks


Today's trend in the smart card industry is to move from ROM+EEPROM chips to Flash-only products. Recent publications have illustrated the vulnerability of Floating Gate memories to UV and heat radiation. In this paper, we explain how, by using low cost means, such a vulnerability can be used to modify specific data within an EEPROM memory even in the presence of a given type of counter-measure. Using simple means, we devise a fault injection tool that consistently causes predictable modifications of the targeted memories' contents by flipping `1's to `0's. By mastering the location of those modifications, we illustrate how we can reverse-engineer a simple address scrambling mechanism in a white box analysis of a given EEPROM. Such an approach can be used to test the security of Floating Gate memories used in security devices like smart cards. We also explain how to prevent such attacks and we propose some counter-measures that can be either implemented on the hardware level by chip designers or on the software level in the Operating System interacting with those memories.
No file

Dates and versions

emse-00540990 , version 1 (29-11-2010)



Jacques Jean-Alain Fournier, Philippe Loubet-Moundi. Memory address scrambling revealed using fault attacks. Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2010, Aug 2010, Santa-Barbara, United States. pp.30-36, ⟨10.1109/FDTC.2010.13⟩. ⟨emse-00540990⟩
106 View
0 Download



Gmail Facebook X LinkedIn More