Analyzing the Resilience of Modern Smartphones Against Fault Injection Attacks

Master thesis (2019)

Authors

N. Aït El Mehdi Electrical Engineering, Mathematics and Computer Science

Contributors

S. Hamdioui Quantum & Computer Engineering (supervisor 1)
M. Taouil Computer Engineering - EEMCS (supervisor 2)
Z. Erkin Cyber Security - EEMCS (supervisor 2)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2019 Nourdin Aït El Mehdi
Android Hacking Fault Injection FI Lock Screen Smarpthones EMFI Electro Magnetic Fault Injection Glitching Glitch Package on Package
More Info
expand_more

Published Date

30-06-2019

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

The costs and damages that result from cyber security weaknesses are increasing year by year. The cybercrime economy has grown to acquire $600 billion in profits every year, nearly one percent of the global GDP according to a study made by The Center for Strategic and International Studies (CSIS), in collaboration with McAfee. This is likely to increase in the upcoming years especially with the growing IoT and smart devices market, mainly because security is often (partially) ignored during the design phase due to its additional costs. As a result, devices become vulnerable to attacks. In 2017, Accenture, a consulting services company, analyzed the security of 30 mobile banking applications and found out that all apps contained at least one known security vulnerability.

For many years there have been advances in software security. It gets harder and harder to attack software, due to many countermeasures developed over the years. As a result, attackers have shifted their focus to hardware attacks. Exploitable vulnerabilities found in hardware most often require hardware revisions. In contrast to software which can be updated easily. There are many forms of hardware attacks; examples are IP piracy, hardware Trojan, side-channel analysis and fault injection (FI). Recent advances in these attacks made some of them accessible to the public, which worsens the problem. One of the popular hardware attacks is FI, which is able to temporarily alter the functionality of the hardware during run time.

This thesis will focus on analyzing the resilience of smartphones against FI attacks, to further improve the security of smartphones, by researching the possibility of using FI to brute force the lock screen of an Android phone. The attack target is a high frequency package on package chip that has not been attacked before in the literature as far as we know. Based on the target design ad properties of the available FI techniques, electromagnetic fault injection (EMFI) was chosen. Using this technique, a characterization of the target chip was performed to verify its vulnerability to EMFI. To be able to use the acquired knowledge from the characterization a FI model was made, i.e., this model is based on the activity during a glitch and the glitch location. The FI model describes that faults can be injected during the transfer of instructions from the DRAM to the cache. A second characterization was performed using the FI model while running the Android OS, which showed that Android doesn't have any defenses against FI. Before attacking the lock screen, a simulation of the attack was performed, which proved the possibility of successfully performing this attack. Unfortunately, the right time to successfully glitch the lock screen was not found due to the large search space, unreliable trigger and possibly the usage of a non-optimal probe position on top of the chip. Nevertheless, it was demonstrated that the lock screen can be attacked by simulating the effect of glitching certain specific instructions and it was proven that PoP chips with a high clock frequency are vulnerable to EMFI.