Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments

Two main types of faults can target system buses:

• Data bus faults causing incorrect data
• Address bus faults leading to segmentation faults

Traditional fault points were limited to processors and memories, but system bus presents a new vulnerable attack surface in SOCs

Fault characteristics vary by:

• Granularity (single bit, multiple bits, bytes, words)
• Duration (temporary vs persistent)
• Type (stuck at zero/one, random bit flips)

Successful attack chain demonstrated:

• Loading malicious trusted application (TA) into TEE
• Making TA identifier collide with legitimate TAs
• Redirecting encrypted communication
• Accessing encryption keys before surrender

Novel “register sweeping” fault model discovered:

• Can zero out entire 64-bit registers
• 35% success rate in completely clearing register values
• Enables bypassing signature verification

Key security implications:

• Breaks TEE security guarantees even with compromised kernel
• Enables decryption of communications meant for other TAs
• Affects systems following Global Platform API spec
• Impacts post-quantum crypto implementations like Kyber

Attack requirements:

• Must be non-invasive to avoid detection
• Device must remain online throughout
• Combines power side-channel analysis with fault injection

Countermeasure recommendations:

• Rethink API specifications considering combined SCA/fault attacks
• Implement additional integrity checks for segmentation faults
• Protect system bus as a new attack surface

Demonstrated on Raspberry Pi 3 using electromagnetic fault injection with exposed system bus on PCB

Impacts embedded/IoT systems meant to be secure without human supervision