Murdock, Kit (2023). Finding and exploiting faults in hardware and software. University of Birmingham. Ph.D.
|
Murdock2023PhD.pdf
Text Available under License All rights reserved. Download (6MB) | Preview |
Abstract
Computers are constantly being enhanced to improve their speed, size, security, and energy consumption. Dynamic Voltage and Frequency Scaling (DVFS) improves energy efficiency by enabling a processor to upscale its power as needed, thus using little energy when idle. And, more recently, hardware-based trusted execution environments such as Software Guard Extensions (SGX) have been created with the promise of securely executing sensitive processes—thus protecting the data and running computations from a root adversary.
In the first part of this thesis, we show how the attempt to make computers more efficient by dynamically responding to their energy needs has created a new attack surface. Specifically, we are able to retrieve keys from both an AES and a RSA cryptographic process running inside an SGX enclave by lowering the operating voltage. We further investigate the undervolting effect and are able to improve the attack to create an out-of-bounds under/overflow.
Meanwhile, fault injection attacks (such as our software undervolting one) represent a major threat to Internet-of-Things and embedded devices. As of today, evaluating to what extent a device is susceptible to fault injection is a mostly manual process, requiring significant expert knowledge and often expensive, complex lab equipment. In addition, even if a fault can be induced, it is often unclear which effect caused the incorrect output. In the second part of this thesis, we address this difficulty by designing and building a performant, exhaustive fault injection tool. We compare our software with three others and demonstrate it out-performs on features and speed.
Type of Work: | Thesis (Doctorates > Ph.D.) | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
Award Type: | Doctorates > Ph.D. | |||||||||
Supervisor(s): |
|
|||||||||
Licence: | All rights reserved | |||||||||
College/Faculty: | Colleges (2008 onwards) > College of Engineering & Physical Sciences | |||||||||
School or Department: | School of Computer Science | |||||||||
Funders: | None/not applicable | |||||||||
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software T Technology > T Technology (General) |
|||||||||
URI: | http://etheses.bham.ac.uk/id/eprint/13783 |
Actions
Request a Correction | |
View Item |
Downloads
Downloads per month over past year