Theatre

Electromagnetic Fault Injection Made Easy with PicoEMP

Watch Now

33:21

EOC 2022

Login to Watch

Colin O'Flynn

Colin O'Flynn has developed the world's first open-source platform (ChipWhisperer) for side-channel power analysis and glitching attacks, and has spoken around the world about the application of this platform to various targets. Previously he worked developing low-power wireless embedded systems and completed a PhD in embedded security. He lives in Halifax, NS, Canada where he's an Assistant Professor at Dalhousie University, run's a start-up (NewAE Technology Inc) and continues to write about embedded systems for Circuit Cellar magazine.

View full profile

Topics Covered

Hardware Security Testing Tools

Theatre

Electromagnetic Fault Injection Made Easy with PicoEMP

Colin O'Flynn

33:21 EOC 2022

Colin O'Flynn

33:21

Electromagnetic Fault Injection (EMFI) is a powerful method of injecting "faults" into devices, which can be used for both security and safety evaluations. Various platforms for EMFI exist (including the ChipSHOUTER tool Colin has designed), but they are often overkill when it comes to performing basic work or trying to get started with EMFI. This talk introduces the PicoEMP, a low-cost EMFI tool Colin designed and released as open-source hardware. Coverage of the theory behind EMFI along with how to build your own PicoEMP will be covered, including some recent examples of real-world usage.

1 / 4

Please log in or create an account to test your knowledge and see the answers.

What is the primary mechanism by which electromagnetic fault injection (EMFI) perturbs the internal logic of a chip, as described in the talk?

A A magnetic field couples into on-die loop areas (power distribution networks and metal traces), inducing voltages that disrupt timing and logic.

B EMFI injects charge carriers through the chip package causing latch-up and permanent shorts.

C EMFI locally heats regions of the die, changing transistor thresholds and causing timing failures.

D EMFI creates radio‑frequency interference that only affects wireless transceivers and communication peripherals.

E EMFI forces the PCB traces to carry large currents via direct electrical contact with the probe.

Why does Colin say EMFI tools often use high-voltage, fast pulses rather than simply relying on low-voltage current?

A High voltage overcomes the probe's inductance so you can produce a fast-changing current (sharp rise time) which creates the useful magnetic field; many turns raise inductance and demand higher voltage.

B High voltage directly increases magnetic field strength independent of current or rise time, so voltage alone is what matters.

C High voltage is used mainly to deliver more total energy so the pulse can be long and sustain the magnetic field for milliseconds.

D High voltage eliminates the inductance of the probe coil, so you can add many turns without penalty.

E Voltage level is irrelevant; only the DC current magnitude through the coil determines the magnetic coupling.

What architectural choice does PicoEMP use to reduce safety risk compared with a straightforward low‑side direct-drive design?

A It uses transformer‑coupled gate drive and an isolation barrier so the high-voltage output is floating (no reference to the host ground), making it safer to touch and isolating the trigger.

B It uses a low‑side direct connection so the probe is intentionally at high voltage relative to the system ground for certainty.

C It ties the probe to earth ground so any high voltage is immediately drained to ground for safety.

D It uses just a coupling capacitor with no isolation because that is the simplest and safest option.

E It relies on the computer USB ground as the reference so the timing is more accurate and safer.

How did EMFI enable recovery of the RSA private factors (P and Q) in the Raspberry Pi demo described?

A A fault injected during the RSA computation (using CRT optimizations) produced an incorrect signature/output; that faulty result allowed factoring to recover P and Q.

B The EMFI physically opened the chip package so memory contents (SRAM) could be read directly without any cryptographic attack.

C The attack caused the operating system to write the private key to disk, which was then read back normally.

D EMFI lengthened the key generation time so the primes could be brute‑forced while the device was busy.

E The injection modified the random number generator so it produced weak predictable primes during key creation.

Formatting help

italics	surround text with asterisks
bold	surround text with two asterisks
hyperlink	[hyperlink](https://example.com) or just a bare URL
inline code	surround text with single `backticks`
code block (multi-line)	wrap on its own lines with three backticks: ``` your code here ```
~~strikethrough~~	surround text with ~~two tilde characters~~
quote	prefix with >

Upvotes Newest Oldest

GillianM

Score: 0 | 4 years ago | 1 reply

Hello Colin,
Thank you for your talk! I'm posting as a follow-up to the Q&A session to see if you are able to send links to articles/sites with ideas on how us firmware developers can be on the defense to such attacks.

Colin_OFlynnSpeaker

Score: 1 | 4 years ago | 1 reply

Hi Gillian,
These types of attacks are typically looking for "fault injection mitigation" strategies. Basic strategies are relatively well-known, Jasper & I have a few in Chapter 14 of our book too for example. You can find a few examples in the Trusted Firmware-M bootloader I mentioned - a short overview is at https://www.trustedfirmware.org/docs/TF-M_fault_injection_mitigation.pdf, but if you look into their code base there is more examples there. More advanced countermeasures can sometimes take advantage of hardware features. There is a whole area of research around "code flow integrity" - some of this is protecting against code flow changes due to software injection, but some of it protects hardware injection too. This can be anything from pointer integrity to validating things like the cycle count is what you expect at a certain point in time. For many of these protections you could bypass them with multiple glitches, but the reality is that most systems still have no protection. So if you're putting a little bit of thought into this & making life a little hardware, you are probably way ahead of most other designs out there.

On more serious devices you can have glitch detectors too. Basically the glitches happen due to either timing violations (the timing violations often caused by voltage perturbations), or directly flipping bits in static registers. Glitch detectors are just the same sort of digital circuits but they simply sit there confirming there is no invalid value loaded (checking for static bit flipped, invalid value loaded into a shifter, etc). They may also look for the actual signal inserting the glitch (such as a bright pulse of light that should never exist on the chip surface, or a strong EM wave). The hardware detectors are less common in generic micros but some have them as part of a security subsystem - the EFR32MG21A/B from Silicon Labs has glitch detectors in the trusted 'secure element' subsystem. If you attempt to insert a glitch during certain operations (such as any crypto operation) the subsystem will return an error.

On firmware you can do some minor glitch detection too. If you have very sensitive operations, you can for example add some long for() loops around them that simply increment a variable, and at the end of the loop you confirm the variable has the expected value. Someone trying to insert glitches into your sensitive operation are likely to accidently hit your "mine". Reacting to this error can be tricky though - if an attacker can try forever to hit the right spot, you're still vulnerable. But if you can slow them down (maybe you just reboot, and the reboot process takes some time) or even erase sensitive data they are much more effective.

Of course anything with firmware be careful of the compiler - I really love godbolt.org or testing these sorts of things quickly. Hopefully the above gives you some ideas of what is out there - there is no "easy" solution I know of yet, it still tends to be a lot of tuning for specific devices or use-cases it seems.

GillianM

Score: 0 | 4 years ago | no reply

It is great to know all these strategies. Thank you for the detailed answer!

Mark_Tuma

Score: 0 | 4 years ago | 1 reply

Hi Colin,
That was a really interesting talk, thank you. When you do an attack is it right to assume that all sorts of things are going wrong on the chip and you just happen to get lucky with e.g. the RSA demo producing what you want? Or can you target specific peripherals or chip components based on where you place the probe?
Thanks,

Colin_OFlynnSpeaker

Score: 0 | 4 years ago | no reply

One use-case for EMFI is just "see what goes wrong" - in a lot of designs this may include for example some failsafe mode that cannot be externally triggered (there is a paper called BadFET showing this - https://www.usenix.org/system/files/conference/woot17/woot17-paper-cui.pdf). My demo on the RSA one is a "cheat" as it sits there in a loop doing RSA signatures (normally you wouldn't do that). In reality you would need to trigger on the location of the RSA - this isn't as hard as it sounds, since RSA is so slow this glitch can be easily applied.

But more realistic use-cases always need a careful test of the trigger conditions. My example of the car ECU one was bypassing a password check which required me to figure out when the password check is happening. This isn't as difficult as it sounds since you often have lots of external information (when I sent the password, when it responds, if I can see power usage differences). You can see this example at https://colinoflynn.com/2020/11/bam-bam-on-reliability-of-emfi-for-in-situ-automotive-ecu-attacks/.

The other link in the comment above to Lennert's example also shows using EMFI with specific timing. So sometimes it can be as easy as triggering some invalid mode, but most of the time it requires a lot of effort to get there.

Erwin

Score: 0 | 4 years ago | 1 reply

Awesome presentation!
I didn't have the time so far to check out all the resources you mentioned in your presentation but is this PicoEMP more or less an academic approach to show the technical possibility to do EMFI or ist it ment for real application testing. I was involved in some ChipCard OS development some years ago and remember that our crypto experts had much more expensive tools for hardening our hardware and software against such attacks. So is it nowadays possible to achieve this goal with hardware like PicoEMP?

Colin_OFlynnSpeaker

Score: 0 | 4 years ago | no reply

The primary goal of it is for educational, including research and evaluating your own designs against FI. But even with some effort one can push it towards more real-world usage - Lennert Wouters' demo that I mention in the presentation shows using PicoEMP on an (unhardened) microcontroller to circumvent the security settings (https://github.com/KULeuven-COSIC/SimpleLink-FI/blob/main/notebooks/5_ChipSHOUTER-PicoEMP.ipynb for direct link).

Colin_OFlynnSpeaker

Score: 0 | 4 years ago | no reply

Let me know if you've got any questions - I'll be doing a live/video Q&A on April 25th at 13:30 Eastern, see https://www.embeddedonlineconference.com/meeting/Live_Discussion_Electromagnetic_Fault_Injection_Made_Easy_with_PicoEMP to attend.!

Partners & Sponsors

Percepio

Edge Impulse

STMicroelectronics

Renesas

Amazon AWS

The Qt Company

NXP

TUXERA

XMOS

Timesys

Saleae

Become a Sponsor