Glitching Demystified: Analyzing Control-flow-based Glitching Attacks and Defenses

Hardware fault injection, or glitching, attacks can compromise the security of devices even when no software vulnerabilities exist. Attempts to analyze the hardware effects of glitching are subject to the Heisenberg effect and there is typically a disconnect between what people "think" is...

Full description

Saved in:
Bibliographic Details
Published inProceedings - International Conference on Dependable Systems and Networks pp. 400 - 412
Main Authors Spensky, Chad, Machiry, Aravind, Burow, Nathan, Okhravi, Hamed, Housley, Rick, Gu, Zhongshu, Jamjoom, Hani, Kruegel, Christopher, Vigna, Giovanni
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.06.2021
Subjects
attack
defense
embedded systems
Encoding
Fault tolerance
Fault tolerant systems
glitching
Hardware
Instruction sets
LLVM
Microcontrollers
static analysis
Online AccessGet full text

Cover

More Information
Summary:Hardware fault injection, or glitching, attacks can compromise the security of devices even when no software vulnerabilities exist. Attempts to analyze the hardware effects of glitching are subject to the Heisenberg effect and there is typically a disconnect between what people "think" is possible and what is actually possible with respect to these attacks. In this work, we attempt to provide some clarity to the impacts of attacks and defenses for control-flow modification through glitching. First, we introduce a glitching emulation framework, which provides a scalable playground to test the effects of bit flips on specific instruction set architectures (ISAs) (i.e., the fault tolerance of the instruction encoding). Next, we examine real glitching experiments using the ChipWhisperer, a popular microcontroller using open-source glitching hardware. These real-world experiments provide novel insights into how glitching attacks are realized and might be defended against in practice. Finally, we present GLITCHRESISTOR, an open-source, software-based glitching defense tool that can automatically insert glitching defenses into any existing source code, in an architecture-independent way. We evaluated GLITCHRESISTOR, which integrates numerous software-only defenses against powerful and real-world glitching attacks. Our findings indicate that software-only defenses can be implemented with acceptable run-time and size overheads, while completely mitigating some single-glitch attacks, minimizing the likelihood of a successful multi-glitch attack (i.e., a success rate of 0.000306%), and detecting failed glitching attempts at a high rate (between 79.2% and 100%).
ISSN:2158-3927
DOI:10.1109/DSN48987.2021.00051