Countermeasures:
• Software:
– Check function return values.
– Use strict comparisons when branching.
– Make sure that no code was skipped in critical parts by incrementing a dedicated variable in each
branch with prime number and check for the expected value.
– Use non-trivial values as true and false (avoid comparing to 0 or -1, try complex values with high
mutual Hamming distance).
• Hardware:
– Use Clock security system (CSS) if available.
– Use internal clock sources.
– Use internal voltage regulators.
– Use memory error detection (ECC and parity).
Side-channel attacks (SCA)
When a firmware is executed, an attacker can observe the device running characteristics (such as power
consumption, electromagnetic radiations, temperature or activity time). This observation can bring enough
information to retrieve secret assets such as data values and/or algorithms implementation. Side-channel based
attacks are powerful against cryptographic devices in order to reveal the keys used by the system. SPA (simple
power analysis) and DPA (differential power analysis) are typical example of side-channel attack exploiting power
consumption.
Countermeasures:
• Software:
– Limit key usage: use session random keys when possible.
– Use protected cryptographic libraries with behavioral randomization (such as delays or fake
instructions).
• Hardware:
– Shields against monitoring can be found in secure elements (STSAFE), but there is usually no
efficient hardware countermeasure embedded in general-purpose microcontrollers (except for the
SAES in STM32H5 and STM32U5 devices, the hardware protection in limited in general-purpose
microcontrollers. The protection level is reflected by the certification level achieved by the device.
See Section 5.5 Product certifications for more details).
3.3.2 Silicon invasive attacks
The cost of such attacks is very high; all means are considered to extract information of the device that is
destroyed during the process. The attacker needs to obtain a substantial quantity of devices to be successful.
Carried out with expensive equipments often found in specialized laboratories, they require a high level of skills
and knowledge, as well as time.
Invasive attacks start with the removal of the device package. An initial analysis can be done without eliminating
the passivation layer, however investigations with device interaction (probing) require its removal. De-packaging
can be done by chemical etching, drilling or by a laser cutter. Once the device is opened, it is possible to perform
probing or modification attacks.
Several ST microcontrollers dedicated to security offer robustness against such kind of treatments. These are
not part of the STM32 family and are out of scope of this document. Refer to ST secure hardware platforms
(www.st.com/en/secure-mcus.html).
Reverse engineering
The goal is to understand the inner structure of the device and analyze its functionality. This is quite a challenging
task with modern devices featuring millions of gates.
The first step is to create a map of the microcontroller. It can be done by using an optical microscope to produce a
high-resolution photograph of the device surface. Deeper layers can then be analyzed in a second step, after the
metal layers have been stripped off by etching the device.
AN5156
Hardware attacks
AN5156 - Rev 8
page 11/56
To Next Page
Loading...
Need help?
General
