Mobile platforms and connected devices play a central role in our life. The value of information they could store cannot be disputed as such data, called assets, are the keys to access any sensitive services from mobile payment to identity. This stirs up interests making mobile platforms subject to attacks. Security mechanisms and cryptography are used to prevent these attacks and provide the right level of security and trust. The increasing sophistication of attacks requires that cryptography implementations must be resilient if the assets are to be protected.
This paper describes a specific range of techniques: fault injection attacks. They have the potential to compromise virtually all implementations including whitebox and traditional cryptographic implementations if they are not specifically protected. We highlight the importance of exploring in depth the security of cryptographic implementations. It requires a blend of specific tools and skills. With this ability, it is possible to select the right protections resulting to an adequate security level.
Keywords: fault injection attack, embedded systems security, mobile application, dynamic binary analysis, reverse engineering.
Download by leaving your name and email below: