SYNFI: Pre-Silicon Fault Analysis of an Open-Source Secure Element

Pascal Nasahl*, Miguel Osorio, Pirmin Vogel, Michael Schaffner, Timothy Trippel, Dominic Rizzo, Stefan Mangard

*Korrespondierende/r Autor/-in für diese Arbeit

Publikation: Beitrag in einer FachzeitschriftArtikelBegutachtung

Abstract

Fault attacks are active, physical attacks that an adversary can leverage to alter the control-flow of embedded devices to gain access to sensitive information or bypass protection mechanisms.
Due to the severity of these attacks, manufacturers deploy hardware-based fault defenses into security-critical systems, such as secure elements.
The development of these countermeasures is a challenging task due to the complex interplay of circuit components and because contemporary design automation tools tend to optimize inserted structures away, thereby defeating their purpose.
Hence, it is critical that such countermeasures are rigorously verified post-synthesis.

Since classical functional verification techniques fall short of assessing the effectiveness of countermeasures (due to the circuit being analyzed when no faults are present), developers have to resort to methods capable of injecting faults in a simulation testbench or into a physical chip sample.
However, developing test sequences to inject faults in simulation is an error-prone task and performing fault attacks on a chip requires specialized equipment and is incredibly time-consuming.
Moreover, identifying the fault-vulnerable circuit is hard in both approaches, and fixing potential design flaws post-silicon is usually infeasible since that would require another tape-out.

To that end, this paper introduces SYNFI, a formal pre-silicon fault verification framework that operates on synthesized netlists.
SYNFI can be used to analyze the general effect of faults on the input-output relationship in a circuit and its fault countermeasures, and thus enables hardware designers to assess and verify the effectiveness of embedded countermeasures in a systematic and semi-automatic way.

The framework automatically extracts sensitive parts of the circuit, induces faults into the extracted subcircuit, and analyzes the faults' effects using formal methods.
To demonstrate that SYNFI is capable of handling unmodified, industry-grade netlists synthesized with commercial and open tools, we analyze OpenTitan, the first open-source secure element.
In our analysis, we identified critical security weaknesses in the unprotected AES block, developed targeted countermeasures, reassessed their security, and contributed these countermeasures back to the OpenTitan project.
For other fault-hardened IP, such as the life cycle controller, we used SYNFI to confirm that existing countermeasures provide adequate protection.
Originalspracheenglisch
Seiten (von - bis)56–87
Seitenumfang32
FachzeitschriftIACR Transactions on Cryptographic Hardware and Embedded Systems
Jahrgang2022
Ausgabenummer4
DOIs
PublikationsstatusVeröffentlicht - 31 Aug. 2022

ASJC Scopus subject areas

  • Software
  • Artificial intelligence
  • Signalverarbeitung
  • Hardware und Architektur
  • Computernetzwerke und -kommunikation
  • Computergrafik und computergestütztes Design

Fingerprint

Untersuchen Sie die Forschungsthemen von „SYNFI: Pre-Silicon Fault Analysis of an Open-Source Secure Element“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren