Sponge-Based Control-Flow Protection for IoT Devices

Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. For example, software attackers perform code injection and code-reuse attacks on their remote interfaces, and physical access to IoT devices allows to tamper with code in memory, steal confidential Intellectual Property (IP), or mount fault attacks to manipulate a CPU's control flow. In this work, we present Sponge-based Control Flow Protection (SCFP). SCFP is a stateful, sponge-based scheme to ensure the confidentiality of software IP and its authentic execution on IoT devices. At compile time, SCFP encrypts and authenticates software with instruction-level granularity. During execution, an SCFP hardware extension between the CPU's fetch and decode stage continuously decrypts and authenticates instructions. Sponge-based authenticated encryption in SCFP yields fine-grained control-flow integrity and thus prevents code-reuse, code-injection, and fault attacks on the code and the control flow. In addition, SCFP withstands any modification of software in memory. For evaluation, we extended a RISC-V core with SCFP and fabricated a real System on Chip (SoC). The average overhead in code size and execution time of SCFP on this design is 19.8% and 9.1 %, respectively, and thus meets the requirements of embedded IoT devices.

[1]  Andrey Bogdanov,et al.  APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography , 2014, FSE.

[2]  Stefan Mangard,et al.  Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript , 2015, DIMVA.

[3]  Claude Castelluccia,et al.  Defending embedded systems against control flow attacks , 2009, SecuCode '09.

[4]  G. V. Assche,et al.  On the security of the keyed sponge construction , 2011 .

[5]  Guido Bertoni,et al.  Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[6]  Yunsup Lee,et al.  The RISC-V Instruction Set Manual , 2014 .

[7]  Yu Sasaki,et al.  How to Incorporate Associated Data in Sponge-Based Authenticated Encryption , 2015, CT-RSA.

[8]  Ingrid Verbauwhede,et al.  A survey of Hardware-based Control Flow Integrity (CFI) , 2017, ArXiv.

[9]  Johannes Götzfried,et al.  SOFIA: Software and control flow integrity architecture , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[10]  Zhenkai Liang,et al.  Jump-oriented programming: a new class of code-reuse attack , 2011, ASIACCS '11.

[11]  Bart Mennink,et al.  Security of Full-State Keyed and Duplex Sponge: Applications to Authenticated Encryption , 2015, IACR Cryptol. ePrint Arch..

[12]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[13]  Shufu Mao,et al.  Hardware Support for Secure Processing in Embedded Systems , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[14]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[15]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[16]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[17]  Saurabh Bagchi,et al.  Protecting Bare-Metal Embedded Systems with Privilege Overlays , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[18]  Bart Mennink,et al.  Security of Keyed Sponge Constructions Using a Modular Proof Approach , 2015, FSE.

[19]  Stefan Mangard,et al.  Protecting the Control Flow of Embedded Processors against Fault Attacks , 2015, CARDIS.

[20]  V. K. Agarwal,et al.  Continuous Signature Monitoring: Low-Cost Concurrent Detection of Processor Control Errors , 1990 .

[21]  David A. Wagner,et al.  Control-Flow Bending: On the Effectiveness of Control-Flow Integrity , 2015, USENIX Security Symposium.

[22]  Srivaths Ravi,et al.  Hardware-Assisted Run-Time Monitoring for Secure Program Execution on Embedded Processors , 2006, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[23]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[24]  George Candea,et al.  Code-pointer integrity , 2014, OSDI.

[25]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[26]  Florian Mendel,et al.  Submission to the CAESAR Competition , 2014 .

[27]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[28]  Thomas Korak,et al.  On the Effects of Clock and Power Supply Tampering on Two Microcontroller Platforms , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[29]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.