On the Importance of Analysing Microarchitecture for Accurate Software Fault Models

Fault injection is a powerful technique for attacking digital systems. Software developers have to take into account fault effects when system security is a concern. To this end, software fault models have been developed. However, these models are often designed independently of any hardware consideration and thus raise the problem of realism. The generality of these models cannot account for the specificities of each architecture. As a consequence, software countermeasures based on such software fault models do not guarantee a good protection against faults. Processor microarchitecture should be precisely analysed to better understand faulty behaviours and design stronger software countermeasures. To illustrate this assumption, we will show in this paper some faulty behaviours that have been observed on a RISC-V processor, and their consequences on typical software countermeasures.

[1]  Régis Leveugle,et al.  A multiple fault injection methodology based on cone partitioning towards RTL modeling of laser attacks , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2]  Vassilios A. Chouliaras,et al.  Study of the Effects of SEU-Induced Faults on a Pipeline Protected Microprocessor , 2007, IEEE Transactions on Computers.

[3]  Raoul Velazco,et al.  A Survey on Fault Injection Techniques , 2004, Int. Arab J. Inf. Technol..

[4]  Jacob A. Abraham,et al.  Quantitative evaluation of soft error injection techniques for robust system design , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[5]  Nahid Farhady Ghalaty,et al.  Software Fault Resistance is Futile: Effective Single-Glitch Attacks , 2016, 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[6]  Benjamin Grégoire,et al.  Synthesis of Fault Attacks on Cryptographic Implementations , 2014, IACR Cryptol. ePrint Arch..

[7]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[8]  Karine Heydemann,et al.  High Level Model of Control Flow Attacks for Smart Card Functional Security , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[9]  Karine Heydemann,et al.  Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[10]  Alessandro Barenghi,et al.  Countermeasures against fault attacks on software implemented AES: effectiveness and cost , 2010, WESS '10.

[11]  Cécile Canovas,et al.  From Code Review to Fault Injection Attacks: Filling the Gap Using Fault Model Inference , 2015, CARDIS.

[12]  Thanh-Ha Le,et al.  FISSC: A Fault Injection and Simulation Secure Collection , 2016, SAFECOMP.

[13]  John F. Walker,et al.  Characterising a CPU fault attack model via run-time data analysis , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[14]  Sanjay J. Patel,et al.  Characterizing the effects of transient faults on a high-performance processor pipeline , 2004, International Conference on Dependable Systems and Networks, 2004.

[15]  Yunsup Lee,et al.  The RISC-V Instruction Set Manual , 2014 .