Memory address scrambling revealed using fault attacks

Abstract : Today's trend in the smart card industry is to move from ROM+EEPROM chips to Flash-only products. Recent publications have illustrated the vulnerability of Floating Gate memories to UV and heat radiation. In this paper, we explain how, by using low cost means, such a vulnerability can be used to modify specific data within an EEPROM memory even in the presence of a given type of counter-measure. Using simple means, we devise a fault injection tool that consistently causes predictable modifications of the targeted memories' contents by flipping `1's to `0's. By mastering the location of those modifications, we illustrate how we can reverse-engineer a simple address scrambling mechanism in a white box analysis of a given EEPROM. Such an approach can be used to test the security of Floating Gate memories used in security devices like smart cards. We also explain how to prevent such attacks and we propose some counter-measures that can be either implemented on the hardware level by chip designers or on the software level in the Operating System interacting with those memories.
Type de document :
Communication dans un congrès
Luca Breveglieri, Marc Joye, Israel Koren, David Naccache, Ingrid Verbauwhede. Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2010, Aug 2010, Santa-Barbara, United States. IEEE Computer Society, pp.30-36, 2010, 〈10.1109/FDTC.2010.13〉
Liste complète des métadonnées

https://hal-emse.ccsd.cnrs.fr/emse-00540990
Contributeur : Jacques Jean-Alain Fournier <>
Soumis le : lundi 29 novembre 2010 - 15:47:44
Dernière modification le : jeudi 30 novembre 2017 - 01:14:51

Identifiants

Collections

Citation

Jacques Jean-Alain Fournier, Philippe Loubet-Moundi. Memory address scrambling revealed using fault attacks. Luca Breveglieri, Marc Joye, Israel Koren, David Naccache, Ingrid Verbauwhede. Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2010, Aug 2010, Santa-Barbara, United States. IEEE Computer Society, pp.30-36, 2010, 〈10.1109/FDTC.2010.13〉. 〈emse-00540990〉

Partager

Métriques

Consultations de la notice

148