Protecting the Control Flow of Embedded Processors against Fault Attacks

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

During the last two decades, most of the research on fault attacks focused on attacking and securing intermediate values that occur during the computation of cryptographic primitives. However, also fault attacks on the control flow of software can compromise the security of a system completely. Fault attacks on the control flow can for example make a system branch to an administrative function directly or make it bypass comparisons of redundant computations. Security checks based on comparing redundant computations are for example commonly used to secure PIN checks and implementations of block ciphers against fault attacks.

Although control-flow integrity is of crucial importance to secure a system against fault attacks, so far there exist only very few proposals for countermeasures. This article addresses this gap and presents an efficient hardware-supported technique that allows to maintain control-flow integrity in the setting of fault attacks. The technique is based on so-called generalized path signatures, which have initially been introduced in the context of soft errors. We present a prototype implementation for a Cortex-M3 microprocessor and corresponding compiler extensions in LLVM. Our implementation, which increases the processor size by merely 6.4 %, detects every fault on the instruction-stream with 99.9 % probability within 3 cycles. The runtime overhead of the protected applications ranges from 2 % to 71 %.

Original languageEnglish
Title of host publicationSmart Card Research and Advanced Applications
Subtitle of host publication14th International Conference, CARDIS 2015, Bochum, Germany, November 4-6, 2015. Revised Selected Papers
EditorsNaofumi Homma, Marcel Medwed
PublisherSpringer
Volume9514
ISBN (Electronic)978-3-319-31271-2
ISBN (Print)978-3-319-31270-5
DOIs
Publication statusPublished - Mar 2016
EventInternational Conference on Smart Card Research and Advanced Applications - Bochum, Germany
Duration: 4 Nov 20156 Nov 2015

Conference

ConferenceInternational Conference on Smart Card Research and Advanced Applications
CountryGermany
CityBochum
Period4/11/156/11/15

Fingerprint

Flow control
Side channel attack
Microprocessor chips
Hardware

Fields of Expertise

  • Information, Communication & Computing

Cite this

Werner, M., Wenger, E., & Mangard, S. (2016). Protecting the Control Flow of Embedded Processors against Fault Attacks. In N. Homma, & M. Medwed (Eds.), Smart Card Research and Advanced Applications: 14th International Conference, CARDIS 2015, Bochum, Germany, November 4-6, 2015. Revised Selected Papers (Vol. 9514). Springer. https://doi.org/10.1007/978-3-319-31271-2_10

Protecting the Control Flow of Embedded Processors against Fault Attacks. / Werner, Mario; Wenger, Erich; Mangard, Stefan.

Smart Card Research and Advanced Applications: 14th International Conference, CARDIS 2015, Bochum, Germany, November 4-6, 2015. Revised Selected Papers. ed. / Naofumi Homma; Marcel Medwed. Vol. 9514 Springer, 2016.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Werner, M, Wenger, E & Mangard, S 2016, Protecting the Control Flow of Embedded Processors against Fault Attacks. in N Homma & M Medwed (eds), Smart Card Research and Advanced Applications: 14th International Conference, CARDIS 2015, Bochum, Germany, November 4-6, 2015. Revised Selected Papers. vol. 9514, Springer, International Conference on Smart Card Research and Advanced Applications, Bochum, Germany, 4/11/15. https://doi.org/10.1007/978-3-319-31271-2_10
Werner M, Wenger E, Mangard S. Protecting the Control Flow of Embedded Processors against Fault Attacks. In Homma N, Medwed M, editors, Smart Card Research and Advanced Applications: 14th International Conference, CARDIS 2015, Bochum, Germany, November 4-6, 2015. Revised Selected Papers. Vol. 9514. Springer. 2016 https://doi.org/10.1007/978-3-319-31271-2_10
Werner, Mario ; Wenger, Erich ; Mangard, Stefan. / Protecting the Control Flow of Embedded Processors against Fault Attacks. Smart Card Research and Advanced Applications: 14th International Conference, CARDIS 2015, Bochum, Germany, November 4-6, 2015. Revised Selected Papers. editor / Naofumi Homma ; Marcel Medwed. Vol. 9514 Springer, 2016.
@inproceedings{e50f04cdba7a49fcb4f6d1627b123eca,
title = "Protecting the Control Flow of Embedded Processors against Fault Attacks",
abstract = "During the last two decades, most of the research on fault attacks focused on attacking and securing intermediate values that occur during the computation of cryptographic primitives. However, also fault attacks on the control flow of software can compromise the security of a system completely. Fault attacks on the control flow can for example make a system branch to an administrative function directly or make it bypass comparisons of redundant computations. Security checks based on comparing redundant computations are for example commonly used to secure PIN checks and implementations of block ciphers against fault attacks. Although control-flow integrity is of crucial importance to secure a system against fault attacks, so far there exist only very few proposals for countermeasures. This article addresses this gap and presents an efficient hardware-supported technique that allows to maintain control-flow integrity in the setting of fault attacks. The technique is based on so-called generalized path signatures, which have initially been introduced in the context of soft errors. We present a prototype implementation for a Cortex-M3 microprocessor and corresponding compiler extensions in LLVM. Our implementation, which increases the processor size by merely 6.4 {\%}, detects every fault on the instruction-stream with 99.9 {\%} probability within 3 cycles. The runtime overhead of the protected applications ranges from 2 {\%} to 71 {\%}.",
author = "Mario Werner and Erich Wenger and Stefan Mangard",
year = "2016",
month = "3",
doi = "10.1007/978-3-319-31271-2_10",
language = "English",
isbn = "978-3-319-31270-5",
volume = "9514",
editor = "Naofumi Homma and Marcel Medwed",
booktitle = "Smart Card Research and Advanced Applications",
publisher = "Springer",

}

TY - GEN

T1 - Protecting the Control Flow of Embedded Processors against Fault Attacks

AU - Werner, Mario

AU - Wenger, Erich

AU - Mangard, Stefan

PY - 2016/3

Y1 - 2016/3

N2 - During the last two decades, most of the research on fault attacks focused on attacking and securing intermediate values that occur during the computation of cryptographic primitives. However, also fault attacks on the control flow of software can compromise the security of a system completely. Fault attacks on the control flow can for example make a system branch to an administrative function directly or make it bypass comparisons of redundant computations. Security checks based on comparing redundant computations are for example commonly used to secure PIN checks and implementations of block ciphers against fault attacks. Although control-flow integrity is of crucial importance to secure a system against fault attacks, so far there exist only very few proposals for countermeasures. This article addresses this gap and presents an efficient hardware-supported technique that allows to maintain control-flow integrity in the setting of fault attacks. The technique is based on so-called generalized path signatures, which have initially been introduced in the context of soft errors. We present a prototype implementation for a Cortex-M3 microprocessor and corresponding compiler extensions in LLVM. Our implementation, which increases the processor size by merely 6.4 %, detects every fault on the instruction-stream with 99.9 % probability within 3 cycles. The runtime overhead of the protected applications ranges from 2 % to 71 %.

AB - During the last two decades, most of the research on fault attacks focused on attacking and securing intermediate values that occur during the computation of cryptographic primitives. However, also fault attacks on the control flow of software can compromise the security of a system completely. Fault attacks on the control flow can for example make a system branch to an administrative function directly or make it bypass comparisons of redundant computations. Security checks based on comparing redundant computations are for example commonly used to secure PIN checks and implementations of block ciphers against fault attacks. Although control-flow integrity is of crucial importance to secure a system against fault attacks, so far there exist only very few proposals for countermeasures. This article addresses this gap and presents an efficient hardware-supported technique that allows to maintain control-flow integrity in the setting of fault attacks. The technique is based on so-called generalized path signatures, which have initially been introduced in the context of soft errors. We present a prototype implementation for a Cortex-M3 microprocessor and corresponding compiler extensions in LLVM. Our implementation, which increases the processor size by merely 6.4 %, detects every fault on the instruction-stream with 99.9 % probability within 3 cycles. The runtime overhead of the protected applications ranges from 2 % to 71 %.

U2 - 10.1007/978-3-319-31271-2_10

DO - 10.1007/978-3-319-31271-2_10

M3 - Conference contribution

SN - 978-3-319-31270-5

VL - 9514

BT - Smart Card Research and Advanced Applications

A2 - Homma, Naofumi

A2 - Medwed, Marcel

PB - Springer

ER -