ST STM32C0 Series Application Note page 15

SRAM
The SRAM is the device running memory. It embeds runtime buffers and variables (such as stack or heap) and
can embed firmware and keys. While in the non-volatile memory, the secrets may be stored as encrypted, when
loaded to the SRAM, they need to be present in plain view to be used. In the same time, the SRAM usually holds
communication buffers. For these two reasons, an attacker may be tempted to focus his effort on the SRAM.
At least three types of attack can be raised against this memory: code (malware) injection, memory corruption
through buffer overflow and retrieval of secrets through temporary stored variables.
• Risks: buffer overflow, data theft or device control
• Countermeasures:
– firewall
– memory protection unit
– Secure area
Random number generation
Random numbers are often used in cryptography for session key, cryptographic nonce or initialization vector (IV)
generation. Weak random generator may make any secure protocol vulnerable.
A software attack tries to exploit an hidden periodicity or structures of a random sequence to guess the secret
key and break into communication confidentiality. An hardware attack attempts to disable the entropy source, or
weaken the statistic randomness of the output.
A robust random generator depends on both the quality of the entropy source (analog) and the subsequent
processing in digital.
• Risk: reduced security of cryptographic protocols
• Countermeasure:
– Use true hardware entropy generator.
– Use tests on the RNG output, and verify statistic properties of produced random numbers.
– Take full advantage of the error detection and heath check mechanisms available on the device RNG.
Communication stack
Connectivity protocols (such as Bluetooth, Ethernet, Wi-Fi or LoRa) have complex communication firmware
stacks. These stacks, often available in open source, must not always be considered as trusted. A potential
weakness can be massively exploited.
• Risk: device access (content, control) through network
• Countermeasures:
– communication process isolation
– server authentication
– secure firmware update to patch bugs
Communication eavesdrop
Data exchanges between a device and an IoT service can be eavesdropped, either directly by a compatible RF
device or through the network. An hacker may seek for retrieving data, getting device IDs or accessing services.
Cryptography can be adopted by all communication protocols. Several encryption steps are often considered to
protect the communication between all the different layers (device, gateway, applications).
• Risk: observation and spoofing of network traffic
• Countermeasure: use of cryptographic version of the communication stack (like TLS for Ethernet)
AN5156 - Rev 8
AN5156
List of attack targets
page 15/56