Protecting the Control Flow of Embedded Processors against Fault Attacks

During the last two decades, most of the research on fault attacks focused on attacking and securing intermediate values that occur during the computation of cryptographic primitives. However, also fault attacks on the control flow of software can compromise the security of a system completely. Fault attacks on the control flow can for example make a system branch to an administrative function directly or make it bypass comparisons of redundant computations. Security checks based on comparing redundant computations are for example commonly used to secure PIN checks and implementations of block ciphers against fault attacks. Although control-flow integrity is of crucial importance to secure a system against fault attacks, so far there exist only very few proposals for countermeasures. This article addresses this gap and presents an efficient hardware-supported technique that allows to maintain control-flow integrity in the setting of fault attacks. The technique is based on so-called generalized path signatures, which have initially been introduced in the context of soft errors. We present a prototype implementation for a Cortex-M3 microprocessor and corresponding compiler extensions in LLVM. Our implementation, which increases the processor size by merely 6.4i¾?%, detects every fault on the instruction-stream with 99.9i¾?% probability within 3 cycles. The runtime overhead of the protected applications ranges from 2i¾?% to 71i¾?%.

[1]  Juan José Serrano,et al.  Control Flow Error Checking with ISIS , 2005, ICESS.

[2]  José Carlos Campelo,et al.  A Watchdog Processor Architecture with Minimal Performance Overhead , 2002, SAFECOMP.

[3]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[4]  John Paul Shen,et al.  Continuous signature monitoring: low-cost concurrent detection of processor control errors , 1990, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[5]  Masood Namjoo,et al.  Techniques for Concurrent Testing of VLSI Processor Operation , 1982, ITC.

[6]  Jasper G. J. van Woudenberg,et al.  Practical Optical Fault Injection on Secure Microcontrollers , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[7]  Mingwei Zhang,et al.  Control Flow Integrity for COTS Binaries , 2013, USENIX Security Symposium.

[8]  John Paul Shen,et al.  Continuous signature monitoring: efficient concurrent-detection of processor control errors , 1988, International Test Conference 1988 Proceeding@m_New Frontiers in Testing.

[9]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[10]  Catherine A. Meadows Introduction to ACM TISSEC special issue on CCS 2005 , 2009, TSEC.

[11]  Srivaths Ravi,et al.  Hardware-Assisted Run-Time Monitoring for Secure Program Execution on Embedded Processors , 2006, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[12]  Karine Heydemann,et al.  Software Countermeasures for Control Flow Integrity of Smart Card C Codes , 2014, ESORICS.

[13]  Marc Joye,et al.  Fault Analysis in Cryptography , 2012, Information Security and Cryptography.