Flash Memory 'Bumping' Attacks
نویسنده
چکیده
This paper introduces a new class of optical fault injection attacks called bumping attacks. These attacks are aimed at data extraction from secure embedded memory, which usually stores critical parts of algorithms, sensitive data and cryptographic keys. As a security measure, read-back access to the memory is not implemented leaving only authentication and verification options for integrity check. Verification is usually performed on relatively large blocks of data, making brute force searching infeasible. This paper evaluates memory verification and AES authentication schemes used in secure microcontrollers and a highly secure FPGA. By attacking the security in three steps, the search space can be reduced from infeasible > 2 to affordable ≈ 2 guesses per block of data. This progress was achieved by finding a way to preset certain bits in the data path to a known state using optical bumping. Research into positioning and timing dependency showed that Flash memory bumping attacks are relatively easy to carry out.
منابع مشابه
KadCache: Employing Kad to Mitigate Flash Crowds and Application Layer DDoS Attacks Against Web Servers
Flash crowds or application layer DDoS attacks can severely degrade the availability of websites. Peer-to-peer (P2P) networks have been exploited to amplify DDoS attacks, but we believe their available resource, such as distributed storage and network bandwidth, can be used to mitigate both flash crowds and DDoS attacks. In this poster, we propose a server initiated approach to employing the P2...
متن کاملGANGRENE: Exploring the Mortality of Flash Memory
Flash memory is used for non-volatile storage in a vast array of devices that touch users at work, at home, and at play. Flash memory offers many desirable characteristics, but its key weakness is limited write endurance. Endurance limits continue to decrease as smaller integrated circuit architectures and greater storage densities are pursued. There is a significant body of published work demo...
متن کاملControlling High Bandwidth Aggregates in the Network (Extended Version)
The current Internet infrastructure has very few built-in protection mechanisms and is therefore vulnerable to attacks and failures. In particular, recent events have illustrated the Internet’s vulnerability to both denial of service (DoS) attacks and flash crowds in which one or more links in the network (or servers at the edge of the network) become severely congested. In both flash crowds an...
متن کاملCached Guaranteed-Timer Random Drop (Cached GT-RD) for Protecting Web Servers from TCP SYN-Flood Attacks and Flash Crowds
This paper proposes a new method and algorithm to efficiently protect web servers against SYN-flooding denial-of-service attacks and flash crowds. The method proposes use of cache to avoid preemption of legitimate SYN messages from the TCP backlog queue in Random Drop (RD) method during SYN-flooding attacks. A new algorithm, the Cached Guaranteed Timer Random Drop (Cached GT-RD), was designed t...
متن کاملAggregate-Based Congestion Control
Recent events have illustrated the Internet’s vulnerability to both denial of service (DoS) attacks and flash crowds in which links (or servers) in the network become severely congested. In both DoS attacks and flash crowds, the congestion is neither due to a single flow, nor due to a general increase in traffic, but to a well-defined subset of the traffic — an aggregate. This paper proposes ag...
متن کامل