Some users are experiencing upload errors at the moment. If you receive a "UWSpace is down for maintenance" error, please email jordan.hale@uwaterloo.ca as soon as possible. We are very sorry for the inconvenience.

Show simple item record

dc.contributor.authorAmin, Karim
dc.date.accessioned2020-07-27 18:46:16 (GMT)
dc.date.available2020-07-27 18:46:16 (GMT)
dc.date.issued2020-07-27
dc.date.submitted2020-07-15
dc.identifier.urihttp://hdl.handle.net/10012/16082
dc.description.abstractInternet of Things (IoT) is becoming more integrated in our daily life with the increasing number of embedded electronic devices interacting together. These electronic devices are often controlled by a Micro-Controller Unit (MCU). As an example, it is estimated that today’s well-equipped automobile uses more than 50 MCUs. Some MCUs contain cryptographic co-processors to enhance the security of the exchanged and stored data with a common belief that the data is secured and safe. However many MCUs have been shown to be vulnerable to Fault Injection (FI) attacks. These attacks can reveal shared secrets, firmware, and other confidential information. In addition, this extracted information obtained by attacks can lead to identification of new vulnerabilities which may scale to attacks on many devices. In general, FI on MCUs corrupt data or corrupt instructions. Although it is assumed that only authorized personnel with access to cryptographic secrets will gain access to confidential information in MCUs, attackers in specialized labs nowadays may have access to high-tech equipment which could be used to attack these MCUs. Laser Fault Injection (LFI) is gaining more of a reputation for its ability to inject local faults rather than global ones due to its precision, thus providing a greater risk of breaking security in many devices. Although publications have generally discussed the topic of security of MCUs, attack techniques are diverse and published LFI provides few and superficial details about the used experimental setup and methodology. Furthermore, limited research has examined the combination of both LFI and Photo-Emission Microscopy (PEM), direct modification of instructions using the LFI, control of embedded processor resets using LFI, and countermeasures which simultaneously thwart other aspects including decapsulation and reverse engineering (RE). This thesis contributes to the study of the MCUs’ security by analyzing their susceptibility to LFI attacks and PEM. The proposed research aims to build a LFI bench from scratch allowing maximum control of laser parameters. In addition, a methodology for analysis of the Device Under Attack (DUA) in preparation for LFI is proposed, including frontside/backside decapsulation methods, and visualization of the structure of the DUA. Analysis of attack viability of different targets on the DUA, including One-Time Programmable (OTP) memory, Flash memory and Static Random Access Memory (SRAM) was performed. A realistic attack of a cryptographic algorithm, such as Advanced Encryption Standard (AES) using LFI was conducted. On the other hand, countermeasures to the proposed attack techniques, including decapsulation/RE, LFI and PEM, were discussed. This dissertation provides a summary for the necessary background and experimental setup to study the possibility of LFI and PEM in different DUAs of two different technologies, specifically PIC16F687 and ARM Cortex-M0 LPC1114FN28102. Attacks performed on on-chip peripherals such as Universal Asynchronous Receiver/Transmitter (UART) and debug circuity reveal new vulnerabilities. This research is important for understanding attacks in order to design countermeasures for securing future hardware.en
dc.language.isoenen
dc.publisherUniversity of Waterlooen
dc.subjectlaser fault injectionen
dc.subjectquiescent photon emissionsen
dc.subjectadvanced encryption standarden
dc.subjectreverse engineeringen
dc.subjectknown-plaintext attacken
dc.subjectphysical attacksen
dc.subjectsingle event transienten
dc.subjectcomputer hardware securityen
dc.subjectarm assemblyen
dc.subjectembedded software engineeringen
dc.titleDynamic Laser Fault Injection Aided by Quiescent Photon Emissions in Embedded Microcontrollers: Apparatus, Methodology and Attacksen
dc.typeDoctoral Thesisen
dc.pendingfalse
uws-etd.degree.departmentElectrical and Computer Engineeringen
uws-etd.degree.disciplineElectrical and Computer Engineeringen
uws-etd.degree.grantorUniversity of Waterlooen
uws-etd.degreeDoctor of Philosophyen
uws.contributor.advisorGebotys, Catherine
uws.contributor.affiliation1Faculty of Engineeringen
uws.published.cityWaterlooen
uws.published.countryCanadaen
uws.published.provinceOntarioen
uws.typeOfResourceTexten
uws.peerReviewStatusUnrevieweden
uws.scholarLevelGraduateen


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record


UWSpace

University of Waterloo Library
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4883

All items in UWSpace are protected by copyright, with all rights reserved.

DSpace software

Service outages