What is it about?

Microcontrollers, or MCUs for short, are the central nervous system in many devices that are part of our everyday lives. This paper deals with a new type of security threat specific to MCUs that can completely bypass the security features that are commonly found in MCUs. We propose, for the first time, a detection method that can find such dangerous security vulnerabilities with minimal human intervention. A key feature of the detection method is that it is exhaustive, that means, it detects all vulnerabilities of the investigated type and, if there are none, it can guarantee the security of an MCU.

Featured Image

Why is it important?

Most hardware security research focuses on complex processors, as they are used in PCs or servers. But they represent only a fraction of the computing systems we interact with. MCUs, on the other hand, are all around us. They control our car engines, play a critical role in medical devices and are ubiquitous in smart home applications. In addition, the security vulnerabilities we detected do not require complicated features to be exploited. This is a key difference from how similar security vulnerabilities work in complex processors. This makes our detection method critical to MCU verification flows.

Perspectives

Looking at the security vulnerabilities we detected, it is astonishing how easily such vulnerabilities can appear in an MCU design. Most MCUs implement algorithms in their on-chip communication structures that can be exploited for this purpose. Our research has not yet examined a large enough number of MCUs to make a general statement, but we have reason to believe that most MCUs used in devices today would contain such vulnerabilities.

Johannes Müller
RPTU Kaiserslautern-Landau

Read the Original

This page is a summary of: MCU-Wide Timing Side Channels and Their Detection, June 2024, ACM (Association for Computing Machinery),
DOI: 10.1145/3649329.3656541.
You can read the full text:

Read

Contributors

The following have contributed to this page