Projekte pro Jahr
Abstract
Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. For example, software attackers perform code injection and code-reuse attacks on their remote interfaces, and physical access to IoT devices allows to tamper with code in memory, steal confidential Intellectual Property (IP), or mount fault attacks to manipulate a CPU's control flow.
In this work, we present Sponge-based Control Flow Protection (SCFP). SCFP is a stateful, sponge-based scheme to ensure the confidentiality of software IP and its authentic execution on IoT devices. At compile time, SCFP encrypts and authenticates software with instruction-level granularity. During execution, an SCFP hardware extension between the CPU's fetch and decode stage continuously decrypts and authenticates instructions. Sponge-based authenticated encryption in SCFP yields fine-grained control-flow integrity and thus prevents code-reuse, code-injection, and fault attacks on the code and the control flow. In addition, SCFP withstands any modification of software in memory. For evaluation, we extended a RISC-V core with SCFP and fabricated a real System on Chip (SoC). The average overhead in code size and execution time of SCFP on this design is 19.8% and 9.1%, respectively, and thus meets the requirements of embedded IoT devices.
In this work, we present Sponge-based Control Flow Protection (SCFP). SCFP is a stateful, sponge-based scheme to ensure the confidentiality of software IP and its authentic execution on IoT devices. At compile time, SCFP encrypts and authenticates software with instruction-level granularity. During execution, an SCFP hardware extension between the CPU's fetch and decode stage continuously decrypts and authenticates instructions. Sponge-based authenticated encryption in SCFP yields fine-grained control-flow integrity and thus prevents code-reuse, code-injection, and fault attacks on the code and the control flow. In addition, SCFP withstands any modification of software in memory. For evaluation, we extended a RISC-V core with SCFP and fabricated a real System on Chip (SoC). The average overhead in code size and execution time of SCFP on this design is 19.8% and 9.1%, respectively, and thus meets the requirements of embedded IoT devices.
Originalsprache | englisch |
---|---|
Titel | 2018 IEEE European Symposium on Security and Privacy |
Herausgeber (Verlag) | Institute of Electrical and Electronics Engineers |
Publikationsstatus | Veröffentlicht - 2018 |
Veranstaltung | 2018 IEEE European Symposium on Security and Privacy: EuroS&P 2018 - London, Großbritannien / Vereinigtes Königreich Dauer: 24 Apr. 2018 → 26 Apr. 2018 |
Konferenz
Konferenz | 2018 IEEE European Symposium on Security and Privacy |
---|---|
Kurztitel | EuroS&P 2018 |
Land/Gebiet | Großbritannien / Vereinigtes Königreich |
Ort | London |
Zeitraum | 24/04/18 → 26/04/18 |
Fingerprint
Untersuchen Sie die Forschungsthemen von „Sponge-Based Control-Flow Protection for IoT Devices“. Zusammen bilden sie einen einzigartigen Fingerprint.Projekte
- 1 Abgeschlossen
-
EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
1/09/16 → 31/08/21
Projekt: Forschungsprojekt