Defeating a Secure Element with Multiple Laser Fault Injections — Olivier Heriveaux
Date : 03 June 2021 à 14:30 — 30 min.
In 2020, we evaluated the Microchip ATECC508A Secure Memory circuit. We identified a vulnerability allowing an attacker to read a secret data slot using Single Laser Fault Injection. Subsequently, the product life cycle of this chip turned to be deprecated, and the circuit has been superseded by the ATECC608A, supposedly more secure.
We present a new attack allowing retrieval of the same data slot secret for this new chip, using a double Laser Fault Injection to bypass two security tests during a single command execution. This work was conducted in a black box approach. We explain the attack path identification process, using help from power trace analysis and up to 4 faults in a single command, during an intermediate testing campaign. We construct a firmware implementation hypothesis based on our results to explain how the security and one double-check counter-measure are bypassed.
After a brief recap of the setup and Laser Fault Injection technique, the talk will explain the different attack trials and what has been learned about the circuit at each step. We will detail the differences between the two chips revisions and explain how the security has been increased.