Improper Handling of Faults that Lead to Instruction Skips

Stable Base

Structure: Simple

Description

This vulnerability occurs when a hardware device lacks or incorrectly implements the necessary circuitry or sensors to detect and respond to the skipping of critical security instructions during CPU execution.

Extended Description

Hardware can behave unpredictably under certain operating conditions, such as during electrical disturbances or when pushed beyond its normal specifications. These conditions can cause the CPU to skip crucial security instructions, effectively bypassing the logic they were meant to enforce. In practice, this often targets single conditional branch instructions that control security decisions—like password verification or firmware authentication—flipping the intended outcome if skipped. Attackers exploit this by using fault injection techniques to deliberately induce these unstable operating conditions, making instruction skips happen more reliably and frequently than they would naturally. This allows them to manipulate security-critical decision points, such as bypassing authentication checks or altering firmware validation processes.

Common Consequences 1

Scope: ConfidentialityIntegrityAuthentication

Impact: Bypass Protection MechanismAlter Execution LogicUnexpected State

Depending on the context, instruction skipping can have a broad range of consequences related to the generic bypassing of security critical code.

Detection Methods 3

Automated Static AnalysisModerate

This weakness can be found using automated static analysis once a developer has indicated which code paths are critical to protect.

Simulation / EmulationModerate

This weakness can be found using automated dynamic analysis. Both emulation of a CPU with instruction skips, as well as RTL simulation of a CPU IP, can indicate parts of the code that are sensitive to faults due to instruction skips.

Manual AnalysisModerate

This weakness can be found using manual (static) analysis. The analyst has security objectives that are matched against the high-level code. This method is less precise than emulation, especially if the analysis is done at the higher level language rather than at assembly level.

Potential Mitigations 6

Phase: Architecture and Design

Design strategies for ensuring safe failure if inputs, such as Vcc, are modified out of acceptable ranges.

Phase: Architecture and Design

Design strategies for ensuring safe behavior if instructions attempt to be skipped.

Phase: Architecture and Design

Identify mission critical secrets that should be wiped if faulting is detected, and design a mechanism to do the deletion.

Phase: Implementation

Add redundancy by performing an operation multiple times, either in space or time, and perform majority voting. Additionally, make conditional instruction timing unpredictable.

Phase: Implementation

Use redundant operations or canaries to detect and respond to faults.

Phase: Implementation

Ensure that fault mitigations are strong enough in practice. For example, a low power detection mechanism that takes 50 clock cycles to trigger at lower voltages may be an insufficient security mechanism if the instruction counter has already progressed with no other CPU activity occurring.

Demonstrative Examples 1

A smart card contains authentication credentials that are used as authorization to enter a building. The credentials are only accessible when a correct PIN is presented to the card.

Code Example:

Bad

Other

The card emits the credentials when a voltage anomaly is injected into the power line to the device at a particular time after providing an incorrect PIN to the card, causing the internal program to accept the incorrect PIN.

There are several ways this weakness could be fixed.

Code Example:

Good

Other

add an internal filter or internal power supply in series with the power supply pin on the device
- add sensing circuitry to reset the device if out of tolerance conditions are detected
- add additional execution sensing circuits to monitor the execution order for anomalies and abort the action or reset the device under fault conditions

Observed Examples 1

CVE-2019-15894fault injection attack bypasses the verification mode, potentially allowing arbitrary code execution.

References 5

An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs

Josep Balasch, Benedikt Gierlichs, and Ingrid Verbauwhede

2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (IEEE)

09-2011

https://ieeexplore.ieee.org/document/6076473

ID: REF-1161

Experimental Analysis of the Electromagnetic Instruction Skip Fault Model

Alexandre Menu, Jean-Max Dutertre, Olivier Potin, and Jean-Baptiste Rigaud

IEEE Xplore

30-04-2020

https://ieeexplore.ieee.org/document/9081261

ID: REF-1222

Controlling PC on ARM using Fault Injection

Niek Timmers, Albert Spruyt, and Marc Witteman

11-06-2016

https://fdtc.deib.polimi.it/FDTC16/shared/FDTC-2016-session_2_1.pdf(2023-04-07)

ID: REF-1223

Attacking USB Gear with EMFI

Colin O'Flynn

Circuit Cellar

05-2019

https://www.totalphase.com/media/pdf/whitepapers/Circuit_Cellar_TP.pdf

ID: REF-1224

On The Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-Invasive Physical Attacks

Lennert Wouters, Benedikt Gierlichs, and Bart Preneel

14-03-2022

https://eprint.iacr.org/2022/328.pdf

ID: REF-1286

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

System on Chip : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Related Attack Patterns

Functional Areas

Power

Related Weaknesses

ChildOf:

Improper Handling of Physical or Environmental Conditions (CWE-1384)

PeerOf:

Improper Protection Against Voltage and Clock Glitches (CWE-1247)