BADFET: Defeating Modern Secure Boot Using Second-Order Pulsed Electromagnetic Fault Injection

Numerous Electromagnetic Fault Injection (EMFI) techniques have been used to attack FPGAs, ASICs, cryptographic devices, and microcontrollers. Unlike other classes of fault injection techniques, EMFI-based attacks can, in theory, be carried out non-invasively without requiring physical contact with the victim device. Prior research has demonstrated the viability of EMFIbased attacks against relatively simple, low-frequency, synchronous digital circuits. However, theoretical and practical constraints limit the range, degree of isolation and temporal resolution of existing EM injector hardware. These limitations, combined with the trend towards faster, denser and more complex digital circuits has made the application of many previously proposed EMFI techniques infeasible against modern computers and embedded devices. This paper makes two contributions. First, we present a novel method of leveraging controlled electromagnetic pulses to attack modern computers using secondorder effects of induced faults across multiple components of the target computer. Second, we present the design and implementation of BADFET: a low-cost, highperformance pulsed EMFI platform. We aim to share BADFET with the research community in order to democratize future EMFI research. Using these two contributions, we present a reliable and effective attack against a widely used TrustZone-based secure boot implementation on a multi-core 1Ghz+ ARM embedded system. Additionally, we disclose two novel vulnerabilities within a widely used implementation of TrustZone SMC in Appendix A.

[1]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[2]  Ingrid Verbauwhede,et al.  Hardware Designer's Guide to Fault Attacks , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[3]  A. Kuthi,et al.  Nanosecond pulse generator using a fast recovery diode , 2004, Conference Record of the Twenty-Sixth International Power Modulator Symposium, 2004 and 2004 High-Voltage Workshop..

[4]  David Naccache,et al.  Single-bit DFA using multiple-byte laser fault injection , 2010, 2010 IEEE International Conference on Technologies for Homeland Security (HST).

[5]  Zhizhang Chen,et al.  ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research , 2014, COSADE.

[6]  P. Maurine,et al.  Magnetic microprobe design for EM fault attack , 2013, 2013 International Symposium on Electromagnetic Compatibility.

[7]  Philippe Maurine,et al.  Electromagnetic fault injection: the curse of flip-flops , 2016, Journal of Cryptographic Engineering.

[8]  Marian K. Kazimierczuk,et al.  Class D voltage-switching MOSFET power amplifier , 1991 .

[9]  Jason D. Harper,et al.  A Compact High Voltage Nanosecond Pulse Generator , 2008 .

[10]  Karine Heydemann,et al.  Electromagnetic fault injection on microcontrollers , 2013 .

[11]  Amine Dehbaoui,et al.  Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[12]  T. Aoki,et al.  Precisely timed IEMI fault injection synchronized with EM information leakage , 2014, 2014 IEEE International Symposium on Electromagnetic Compatibility (EMC).

[13]  Kerstin Lemke,et al.  Embedded Security: Physical Protection against Tampering Attacks , 2006 .