CRC Seminar Series - Cristofaro Mune, Niek Timmers

Jun 03, 2021
CRC Seminar Series - Cristofaro Mune, Niek Timmers

 

niek
 

Cristofaro Mune, Niek Timmers

Raelize

 

3rd June 2021 - 4:00 pm - 5:00 pm (GST)

 

Title:

Espressif ESP32: Bypassing unbreakable crypto using FI!

Abstract:

Modern secure devices support Secure Boot in order to assure the integrity and confidentiality of the software that's executed. Even if the authentication would by passed, the enforced decryption could still prevent an attacker from execution arbitrary code as the decryption key is not known. Using a Differential Fault Analysis (DFA) or Side-Channel Analysis (SCA) attack, it may be possible to recover the cryptographic key that's used by the Encrypted Secure Boot feature.
Interestingly, fault attacks can also be used to bypass Encrypted Secure Boot using easier methods than DFA or SCA attacks. In this presentation, we explain, step-by-step, how we bypassed the hardware-based Encrypted Secure Boot implementation of the ESP32 SoC using a single EM glitch, without any knowledge of the decryption key. Using this attack, where we exploited multiple (hardware) vulnerabilities, we were able to execute arbitrary code and extract the plain-text data stored in external flash.

More News
tii_logo_thumbnail
Technology Innovation Institute

TII McEliece Encryption Challenges Winners Announced

SCROLL TO EXPLORE MORE