Protecting RISC-V Processors against Physical Attacks

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

RISC-V is an emerging instruction-set architecture suitable for a wide variety of applications, which ranges from simple microcontrollers to high-performance CPUs. As an increasing number of commercial vendors now plans to adopt the architecture in their products, its security aspects are becoming a significant concern. For microcontroller implementations of RISC-V, one of the main security risks are attackers with direct physical access to the microchip. These physical attackers can perform highly powerful attacks that span from memory probing to power analysis up to fault injection and analysis. In this paper, we give an overview of the capabilities of attackers with direct physical device access, common threat models and attack vectors, and possible countermeasures. Besides, we discuss in more detail current approaches to secure RISC-V processors against fault injection attacks on the microchip itself. First, we show how to protect the control-flow against fault attacks by using an encrypted instruction stream and decrypting it on-the-fly in a newly added pipeline stage between the processor's fetch and decode unit. Second, we show how to protect conditional branches against fault injection by adding redundancy to the comparison operation and entangling the comparison result with the encrypted instruction stream. Finally, we discuss an approach to protect all pointers and memory accesses from tampering.
Originalspracheenglisch
TitelDesign, Automation & Test in Europe Conference - DATE 2019
Seiten1136-1141
Seitenumfang6
ISBN (elektronisch) 978-3-9819263-2-3
DOIs
PublikationsstatusVeröffentlicht - 2019
Veranstaltung2019 Design, Automation & Test in Europe Conference & Exhibition - Firenze, Italien
Dauer: 25 Mär 201929 Mär 2019

Konferenz

Konferenz2019 Design, Automation & Test in Europe Conference & Exhibition
KurztitelDATE 2019
LandItalien
OrtFirenze
Zeitraum25/03/1929/03/19

Fingerprint

Reduced instruction set computing
Microcontrollers
Data storage equipment
Flow control
Program processors
Redundancy
Pipelines

Schlagwörter

  • RISC-V
  • physical attacks
  • fault injection
  • countermeasures

Dies zitieren

Werner, M., Schilling, R., Unterluggauer, T., & Mangard, S. (2019). Protecting RISC-V Processors against Physical Attacks. in Design, Automation & Test in Europe Conference - DATE 2019 (S. 1136-1141) https://doi.org/10.23919/DATE.2019.8714811

Protecting RISC-V Processors against Physical Attacks. / Werner, Mario; Schilling, Robert; Unterluggauer, Thomas; Mangard, Stefan.

Design, Automation & Test in Europe Conference - DATE 2019. 2019. S. 1136-1141.

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Werner, M, Schilling, R, Unterluggauer, T & Mangard, S 2019, Protecting RISC-V Processors against Physical Attacks. in Design, Automation & Test in Europe Conference - DATE 2019. S. 1136-1141, Firenze, Italien, 25/03/19. https://doi.org/10.23919/DATE.2019.8714811
Werner M, Schilling R, Unterluggauer T, Mangard S. Protecting RISC-V Processors against Physical Attacks. in Design, Automation & Test in Europe Conference - DATE 2019. 2019. S. 1136-1141 https://doi.org/10.23919/DATE.2019.8714811
Werner, Mario ; Schilling, Robert ; Unterluggauer, Thomas ; Mangard, Stefan. / Protecting RISC-V Processors against Physical Attacks. Design, Automation & Test in Europe Conference - DATE 2019. 2019. S. 1136-1141
@inproceedings{d7672cf3dc794ee482cd9f71c95592ed,
title = "Protecting RISC-V Processors against Physical Attacks",
abstract = "RISC-V is an emerging instruction-set architecture suitable for a wide variety of applications, which ranges from simple microcontrollers to high-performance CPUs. As an increasing number of commercial vendors now plans to adopt the architecture in their products, its security aspects are becoming a significant concern. For microcontroller implementations of RISC-V, one of the main security risks are attackers with direct physical access to the microchip. These physical attackers can perform highly powerful attacks that span from memory probing to power analysis up to fault injection and analysis. In this paper, we give an overview of the capabilities of attackers with direct physical device access, common threat models and attack vectors, and possible countermeasures. Besides, we discuss in more detail current approaches to secure RISC-V processors against fault injection attacks on the microchip itself. First, we show how to protect the control-flow against fault attacks by using an encrypted instruction stream and decrypting it on-the-fly in a newly added pipeline stage between the processor's fetch and decode unit. Second, we show how to protect conditional branches against fault injection by adding redundancy to the comparison operation and entangling the comparison result with the encrypted instruction stream. Finally, we discuss an approach to protect all pointers and memory accesses from tampering.",
keywords = "RISC-V, physical attacks, fault injection, countermeasures",
author = "Mario Werner and Robert Schilling and Thomas Unterluggauer and Stefan Mangard",
year = "2019",
doi = "10.23919/DATE.2019.8714811",
language = "English",
pages = "1136--1141",
booktitle = "Design, Automation & Test in Europe Conference - DATE 2019",

}

TY - GEN

T1 - Protecting RISC-V Processors against Physical Attacks

AU - Werner, Mario

AU - Schilling, Robert

AU - Unterluggauer, Thomas

AU - Mangard, Stefan

PY - 2019

Y1 - 2019

N2 - RISC-V is an emerging instruction-set architecture suitable for a wide variety of applications, which ranges from simple microcontrollers to high-performance CPUs. As an increasing number of commercial vendors now plans to adopt the architecture in their products, its security aspects are becoming a significant concern. For microcontroller implementations of RISC-V, one of the main security risks are attackers with direct physical access to the microchip. These physical attackers can perform highly powerful attacks that span from memory probing to power analysis up to fault injection and analysis. In this paper, we give an overview of the capabilities of attackers with direct physical device access, common threat models and attack vectors, and possible countermeasures. Besides, we discuss in more detail current approaches to secure RISC-V processors against fault injection attacks on the microchip itself. First, we show how to protect the control-flow against fault attacks by using an encrypted instruction stream and decrypting it on-the-fly in a newly added pipeline stage between the processor's fetch and decode unit. Second, we show how to protect conditional branches against fault injection by adding redundancy to the comparison operation and entangling the comparison result with the encrypted instruction stream. Finally, we discuss an approach to protect all pointers and memory accesses from tampering.

AB - RISC-V is an emerging instruction-set architecture suitable for a wide variety of applications, which ranges from simple microcontrollers to high-performance CPUs. As an increasing number of commercial vendors now plans to adopt the architecture in their products, its security aspects are becoming a significant concern. For microcontroller implementations of RISC-V, one of the main security risks are attackers with direct physical access to the microchip. These physical attackers can perform highly powerful attacks that span from memory probing to power analysis up to fault injection and analysis. In this paper, we give an overview of the capabilities of attackers with direct physical device access, common threat models and attack vectors, and possible countermeasures. Besides, we discuss in more detail current approaches to secure RISC-V processors against fault injection attacks on the microchip itself. First, we show how to protect the control-flow against fault attacks by using an encrypted instruction stream and decrypting it on-the-fly in a newly added pipeline stage between the processor's fetch and decode unit. Second, we show how to protect conditional branches against fault injection by adding redundancy to the comparison operation and entangling the comparison result with the encrypted instruction stream. Finally, we discuss an approach to protect all pointers and memory accesses from tampering.

KW - RISC-V

KW - physical attacks

KW - fault injection

KW - countermeasures

U2 - 10.23919/DATE.2019.8714811

DO - 10.23919/DATE.2019.8714811

M3 - Conference contribution

SP - 1136

EP - 1141

BT - Design, Automation & Test in Europe Conference - DATE 2019

ER -