Whitepaper
Silicon Labs Authenticated-XIP Protects Embedded Devices from Glitch Attacks
As the complexity of our embedded systems increases, so does code size. This presents some security challenges when considering encryption techniques for off-die storage. During the development of Silicon Labs Series 3 devices, we discovered that encrypting the QSPI reads offers no protection against physically altering data bits as they travel on the QSPI line. This allows a surprisingly effective new type of glitching attack. Solving that problem yielded the unexpected benefit of hardening our systems against other glitching attacks, such as EMP glitching attacks.
In this whitepaper, we take readers through our testing methods and findings, including a simulated QSPI flash read attack, and how our Authenticated-XIP (AXIP) defends against these security risks through per-read authentication.
Readers will also learn:
- Why encryption by itself is no longer suffiecient to protect external flash
- How improving CPU stability also improves exploit detection
- Why AXIP is an effective approach to protecting against glitching attacks
Whitepaper
Silicon Labs Authenticated-XIP Protects Embedded Devices from Glitch Attacks
As the complexity of our embedded systems increases, so does code size. This presents some security challenges when considering encryption techniques for off-die storage. During the development of Silicon Labs Series 3 devices, we discovered that encrypting the QSPI reads offers no protection against physically altering data bits as they travel on the QSPI line. This allows a surprisingly effective new type of glitching attack. Solving that problem yielded the unexpected benefit of hardening our systems against other glitching attacks, such as EMP glitching attacks.
In this whitepaper, we take readers through our testing methods and findings, including a simulated QSPI flash read attack, and how our Authenticated-XIP (AXIP) defends against these security risks through per-read authentication.
Readers will also learn:
- Why encryption by itself is no longer suffiecient to protect external flash
- How improving CPU stability also improves exploit detection
- Why AXIP is an effective approach to protecting against glitching attacks