Attacking the Edge-of-Things: A Physical Attack Perspective

The concepts between Internet of Things (IoT) and edge computing are increasingly intertwined, as an edge-computing architecture generally comprises a (large) number of diverse IoT devices. This, however, increases the potential attack vectors since any one of these connected IoT devices can be targeted to facilitate other malicious cyber activities. Physical attacks are generally harder to mitigate and less studied, in comparison to their cyber counterparts. Thus, in this article we present an attack framework targeting true random number generators (TRNGs), which are a key component in cryptosystems for edge devices. We then demonstrate how such a framework can guide our investigation of a commercial ASIC chip that runs ring-oscillator-based TRNG. Specifically, we show that our template power attack, low voltage fault attack, and voltage glitch fault attack do not require prior knowledge of the TRNG implementation.