Skip to Main content Skip to Navigation
Conference papers

Memory address scrambling revealed using fault attacks

Abstract : Today's trend in the smart card industry is to move from ROM+EEPROM chips to Flash-only products. Recent publications have illustrated the vulnerability of Floating Gate memories to UV and heat radiation. In this paper, we explain how, by using low cost means, such a vulnerability can be used to modify specific data within an EEPROM memory even in the presence of a given type of counter-measure. Using simple means, we devise a fault injection tool that consistently causes predictable modifications of the targeted memories' contents by flipping `1's to `0's. By mastering the location of those modifications, we illustrate how we can reverse-engineer a simple address scrambling mechanism in a white box analysis of a given EEPROM. Such an approach can be used to test the security of Floating Gate memories used in security devices like smart cards. We also explain how to prevent such attacks and we propose some counter-measures that can be either implemented on the hardware level by chip designers or on the software level in the Operating System interacting with those memories.
Document type :
Conference papers
Complete list of metadata
Contributor : Jacques Jean-Alain Fournier <>
Submitted on : Monday, November 29, 2010 - 3:47:44 PM
Last modification on : Wednesday, June 24, 2020 - 4:18:31 PM



Jacques Jean-Alain Fournier, Philippe Loubet-Moundi. Memory address scrambling revealed using fault attacks. Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2010, Aug 2010, Santa-Barbara, United States. pp.30-36, ⟨10.1109/FDTC.2010.13⟩. ⟨emse-00540990⟩



Record views