AES-128 Plaintext Recovery in Nordic Semiconductor NRF52840 SoC
a year ago
- #Encryption
- #HardwareVulnerability
- #Cybersecurity
- CryptoCell CC310 vulnerability affects ECB, CBC, and CTR modes, undermining data confidentiality.
- Plaintext recovery is achieved with voltage fault injection in ECB, CBC, and CTR modes, though key extraction in ECB mode via DFA is not possible.
- Observed fault patterns include plaintext output, all-zeroes output, full and partial error byte diffusion.
- Root cause: AES hardware engine lacks protection against fault injection, leading to corrupted encryption outputs.
- Hardware-based fault injection uses a custom voltage glitching tool with a MOSFET crowbar circuit, requiring no capacitor removal.
- DFA analysis in ECB mode did not yield key extraction; precise fault patterns for optimal DFA were not consistently generated.
- Impact: Vulnerability exposes sensitive plaintext data (e.g., passwords, cryptographic keys), bypassing encryption protections.
- Affects secure communication protocols between SoC and other devices, compromising confidentiality.