1

I’m using atoi to convert an string to integer in a embedded c application. However, I could exploit the vulnerability in atoi() using clock glitching fault injection attack. I mean when I have a single or multiple glitch, the processor missed some characters and returns faulty integer. Is there any alternative for atoi function which is more robust against fault injection? Can I use its complementary (itoa function) to regenerate the string and compare two strings?

  • I saw the strtol function as an alternative for validation instead of atoi(). could that be a case for my problem or it just returns the software errors?
elik1991
  • 73
  • 1
  • 8
  • 2
    You could just call `atoi()` twice and see if you get the same result. – Barmar Apr 12 '21 at 21:28
  • 3
    *"clock glitching fault injection attack"* Getting a faulty integer from atoi() would be the best-cast scenario. The typical case is that processor just crashes. In fact, the odds the you could glitch the clock and the only effect is a missed digit in atoi() are so low that this question is essentially meaningless. – user3386109 Apr 12 '21 at 21:40
  • 1
    @user3386109 Indeed. All the "anti-glitch-attack" "solutions I saw so far are pretty much meaningless, because it can cause like anything. For example skipping an instruction (or bunch) all together. – Eugene Sh. Apr 12 '21 at 21:47
  • 2
    I'm thinking someone with the ability to glitch the clock in your hardware already owns you anyway. – Andrew Henle Apr 12 '21 at 21:51
  • 3
    From: https://www.darkreading.com/edge/theedge/glitching-the-hardware-attack-that-can-disrupt-secure-software-/b/d-id/1336119 _clock signals are interrupted, the CPU and other processing components can skip instructions, temporarily stop executing programs, or behave in other ways that can allow attackers to slip malicious instructions into the processing gaps._ If you've got one, you've got far bigger problems that `atoi` You'd have the same issue with `itoa` or "compare" or almost _any_ code you write. – Craig Estey Apr 12 '21 at 21:55
  • " the processor missed some characters and returns faulty integer." --> so `atoi()` worked fine, it just had bad input? Or did the fault happen while inside `atoi()`? – chux - Reinstate Monica Apr 12 '21 at 22:00

1 Answers1

3

This is a typical case of a CPU controlled by a Schrödinger cat. With her quantic paws, she can decide which instructions to execute or skip...

It is difficult to imagine code that would be resilient in such an environment.

As a matter of fact, any attempt at testing output consistency could be defeated by skipping the corresponding instructions.

As commented by Barmar, you could just call atoi() twice and compare the values, hoping for a moment of distraction of the clock glitcher.

chqrlie
  • 131,814
  • 10
  • 121
  • 189
  • If 2 calls mis-match, a 3rd call needed that _hopefully_ matches a prior one. – chux - Reinstate Monica Apr 13 '21 at 03:17
  • @chux-ReinstateMonica: If 2 calls mismatch, something fishy is definitely going on... If you are on Earth, aborting the launch process seems preferable, if you are on the Moon or alone on Mars, launch anyway and hope for a Hollywood script with a happy end. – chqrlie Apr 13 '21 at 06:53
  • ... or [5](https://history.nasa.gov/computers/Ch4-3.html#:~:text=NASA%20uses%20five%20general-purpose%20computers%20in%20the%20Shuttle.). I like your idea of location dependent next step. – chux - Reinstate Monica Apr 13 '21 at 10:58
  • I saw the strtol function as an alternative for validation instead of atoi(). could that be a case for my problem or it just returns the software errors? – elik1991 Apr 13 '21 at 11:11
  • 3
    @elik1991: `strtol` is an alternative for `atoi()` that has the distinct advantage of proper handling of values outside the range of type `long`. No special handling of clock glitches though. – chqrlie Apr 13 '21 at 12:31