On Power-Off Temperature Attacks Potential Against Security Sensors

Embedded systems can be targeted by fault injection attacks (FIAs), which enable attackers to alter the system specified behavior, potentially gaining access to confidential information or causing unintended outcomes, among other effects. Although numerous security sensors and attack detectors have been proposed in the literature to detect different sources of FIAs, it is crucial to ensure that these mechanisms themselves have not been tampered. Hence, the integrity of these detectors is critical in maintaining the security of embedded systems. This study focuses on evaluating the robustness of delay-based digital detectors against a new type of FIA called power-off temperature attack (POTA). POTA occurs when the chip power is turned off, rendering the detectors inactive and allowing the attackers to bypass them. After a POTA, the circuit or its detectors may not function properly when the power is restored, potentially allowing other attacks to go undetected if the detectors are less sensitive. This study implements two attack detectors on Xilinx Artix-7 FPGAs and investigates the impact of heating cycles on theses detectors’ characteristics when the FPGA is in different states, including power-off, power-on, and inactive modes (such as clock-freezing mode). Our experiments reveal that heating cycles in power-off or inactive modes can alter the FPGA component delays and reduce the accuracy of its detectors, which highlights the vulnerability of these systems to POTA and potential risks to embedded system security.