Analyzing Control-flow-based Glitching Attacks and Defenses

Abstract

Hardware fault injection, or glitching, attacks can compromise the security of devices even when no software vulner- abilities exist. The very nature of these attacks is quite mysterious — they break numerous long-held beliefs. Attempts to analyze the hardware effects of glitching are subject to the Heisenberg effect and there is typically a large disconnect between what people “think” is possible and what is actually possible with respect to these attacks. In this work, we attempt to provide some clarity to the real-world impacts of attacks and defenses for control-flow modification through glitching. First, we introduce a glitching emulation framework, which provides a scalable playground to test the effects of bit flips on specific instruction set architectures (ISAs) (i.e., the fault tolerance of the instruction encoding). Next, we examine real glitching experiments using the ChipWhisperer, a popular microcontroller using open-source glitching hardware. These real-world experiments provide novel insights into how glitching attacks are realized and might be defended against in practice. Finally, we present GLITCHRE - SISTOR , an open-source, software-based glitching defense tool that can automatically insert glitching defenses into any existing source code, in an architecture-independent way. We evaluated G LITCHRESISTOR , which integrates numerous software-only defenses, against powerful, real-world glitching attacks. Our findings indicate that software-only defenses can be implemented with acceptable runtime and size overheads, while completely mitigating some single glitch attacks, minimizing the likelihood of a successful multi-glitch attack (i.e., bringing the success rate to 0.000306%), and detecting failed glitching attempts at a high rate (between 79.2% and 100%).