Secure Design for the Internet of Things

Fraunhofer AISEC uncovers security flaws in microcontrollers

Press release /

© Fraunhofer AISEC / Oliver Bodmer
In their study on hardware attacks on microcontrollers, researchers at Fraunhofer AISEC investigate attack techniques and demonstrate appropriate protective measures in the security lab.

Microcontrollers have become an indispensable element of networked systems. Despite the fact that they store sensitive data, the security of the underlying hardware is rarely considered during product development. Simple measures can, however, be taken to counteract this. This is revealed by the study on hardware attacks against microcontrollers conducted by the Fraunhofer Institute for Applied and Integrated Security AISEC on behalf of the German Federal Office for Information Security (BSI).

Microcontrollers play an indispensable role in the Internet of Things (IoT). These small, single-chip computer systems are used in almost all smart devices, from industrial and consumer products to sensitive applications such as access control systems, e-wallets and critical aviation and medical infrastructure. Microcontrollers store sensitive data such as cryptographic keys, access data and valuable intellectual property. However, due to pricing and a lack of threat awareness, off-the-shelf microcontrollers are often used in security-relevant IoT products, making them an obvious target for attackers. These attackers also exploit vulnerabilities in the hardware.

Testing protective measures for pertinent attack techniques

The study “Hardware Attacks against Microcontrollers” conducted by Fraunhofer AISEC on behalf of the German Federal Office for Information Security (BSI) reveals that too little consideration is given to hardware protection during product development. Many smart devices that have microcontrollers at their core suffer from security vulnerabilities. That said, protective measures can be implemented easily using software, even in IoT devices that are already in circulation, to preempt most pertinent hardware attacks or significantly increase the effort that an attacker would have to expend.

To raise threat awareness during development and manufacturing, researchers at Fraunhofer AISEC have evaluated three types of hardware attacks against microcontrollers and proposed appropriate countermeasures:

1) Control flow manipulation: This attack technique manipulates the orderly execution of a program through voltage and clock glitching, electromagnetic or laser-assisted fault injection. Attacks of this type can be prevented or at least made more onerous using compiler-based countermeasures based on existing fault detection systems. Software tools of this type are currently the subject of research in the field of hardware security. Initial versions of the tools are already being used in industrial settings.

2) Side-channel attacks: Insight into the chip’s energy consumption and electromagnetic radiation enables attackers to learn more about keys in the microcontroller without authorization. To prevent this sensitive information from being exposed, so-called “leakage-resilient” cryptographic methods, masking of secret values or shuffling of the processing sequence can prove useful as protective measures. These obscure correlations between measured values and sensitive information.

3) Read-out protection bypass attacks: Confidential microcontroller data can be accessed through vulnerabilities in the debug interface. It is not possible to prevent the read-out protection mechanism from being bypassed using software alone. However, the impact of an attack can be significantly limited depending on the product in question, for example by using code obfuscation techniques or by storing sensitive data in encrypted form in the flash memory.

The three attack techniques that were examined compromise the integrity, confidentiality and reliability of nearly all microcontrollers identified in a market analysis and the information stored on them. The countermeasures that the study proposes and demonstrates in practice can be software-based and often implemented retroactively without severely impacting the controller’s performance or function.

Appeal to the fields of industry, research and policy making

The protective measures outlined above, however, are not yet widely applied. Researchers are therefore appealing to microcontroller manufacturers to include hardware attacks in their threat models and to disclose these models. This information would enable IoT product manufacturers that embed these microcontrollers to select appropriate products for security-relevant use cases. They are urging the research community to improve software-based countermeasure tools with an eye toward practicality and ease of use for embedded developers. Researchers are encouraging lawmakers and regulators to provide economic incentives for integrating countermeasures against hardware attacks such that they are considered inalienable for certain use cases. Finally, consumers can also have a significant influence on progress in the development of better-protected hardware through their purchasing behavior.

As the research team of the “Hardware Security” department at Fraunhofer AISEC points out: “Our study shows that hardware attacks on microcontrollers pose a real threat to security-relevant IoT systems. We want to encourage people to consider microcontroller security at all times during development and to implement effective countermeasures.”