Speaker
Description
Lasers are employed not only for reliability purposes but also for fault injection attacks in order to assess the security of electronic components.
Nowadays, laser fault injection attacks represent a significant threat to the security of embedded devices.
Numerous state-of-the-art studies, mainly based on Single Event Effects, have investigated the use of lasers to inject faults into an electronic device at run-time.
In a recently published paper, we have demonstrated on an experimental basis that it is also possible to perform laser fault injection on an unpowered device.
This attack vector is of particular interest due to the persistent nature of the injected faults.
Furthermore, it is possible that certain protection mechanisms may also be compromised.
Finally, laser injection sensors are unable to detect the attack, as they are active components that only function when the circuit is powered on.
In particular, our investigation focused on the Flash non-volatile memory of a widely used off-the-shelf 32-bit microcontroller.
We provide an experimental characterization of this phenomenon with a description of the fault model from the physical to the software level for laser-induced faults in NOR Flash memory.
We leverage this new laser fault injection method to perform a complete reverse engineering of the mapping between the logical and physical addresses of the Flash memory. The organization of the Flash memory can be retrieved at both the page and bit level.
