Sponge-Based Control-Flow Protection for IoT Devices

Mario Werner, Thomas Unterluggauer, David Schaffenrath, Stefan Mangard

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. For example, software attackers perform code injection and code-reuse attacks on their remote interfaces, and physical access to IoT devices allows to tamper with code in memory, steal confidential Intellectual Property (IP), or mount fault attacks to manipulate a CPU's control flow.
In this work, we present Sponge-based Control Flow Protection (SCFP). SCFP is a stateful, sponge-based scheme to ensure the confidentiality of software IP and its authentic execution on IoT devices. At compile time, SCFP encrypts and authenticates software with instruction-level granularity. During execution, an SCFP hardware extension between the CPU's fetch and decode stage continuously decrypts and authenticates instructions. Sponge-based authenticated encryption in SCFP yields fine-grained control-flow integrity and thus prevents code-reuse, code-injection, and fault attacks on the code and the control flow. In addition, SCFP withstands any modification of software in memory. For evaluation, we extended a RISC-V core with SCFP and fabricated a real System on Chip (SoC). The average overhead in code size and execution time of SCFP on this design is 19.8% and 9.1%, respectively, and thus meets the requirements of embedded IoT devices.
Original languageEnglish
Title of host publication2018 IEEE European Symposium on Security and Privacy
PublisherInstitute of Electrical and Electronics Engineers
Publication statusPublished - 2018
Event2018 IEEE European Symposium on Security and Privacy - London, United Kingdom
Duration: 24 Apr 201826 Apr 2018

Conference

Conference2018 IEEE European Symposium on Security and Privacy
Abbreviated titleEuroS&P 2018
CountryUnited Kingdom
CityLondon
Period24/04/1826/04/18

Fingerprint

Flow control
Intellectual property
Program processors
Internet of things
Data storage equipment
Reduced instruction set computing
Computer hardware
Cryptography

Keywords

  • control-flow protection
  • fault attacks
  • countermeasures
  • authenticated encryption
  • sponges

Cite this

Werner, M., Unterluggauer, T., Schaffenrath, D., & Mangard, S. (2018). Sponge-Based Control-Flow Protection for IoT Devices. In 2018 IEEE European Symposium on Security and Privacy Institute of Electrical and Electronics Engineers.

Sponge-Based Control-Flow Protection for IoT Devices. / Werner, Mario; Unterluggauer, Thomas; Schaffenrath, David; Mangard, Stefan.

2018 IEEE European Symposium on Security and Privacy. Institute of Electrical and Electronics Engineers, 2018.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Werner, M, Unterluggauer, T, Schaffenrath, D & Mangard, S 2018, Sponge-Based Control-Flow Protection for IoT Devices. in 2018 IEEE European Symposium on Security and Privacy. Institute of Electrical and Electronics Engineers, 2018 IEEE European Symposium on Security and Privacy, London, United Kingdom, 24/04/18.
Werner M, Unterluggauer T, Schaffenrath D, Mangard S. Sponge-Based Control-Flow Protection for IoT Devices. In 2018 IEEE European Symposium on Security and Privacy. Institute of Electrical and Electronics Engineers. 2018
Werner, Mario ; Unterluggauer, Thomas ; Schaffenrath, David ; Mangard, Stefan. / Sponge-Based Control-Flow Protection for IoT Devices. 2018 IEEE European Symposium on Security and Privacy. Institute of Electrical and Electronics Engineers, 2018.
@inproceedings{4aeccc180c854ea6b70efd6860643b50,
title = "Sponge-Based Control-Flow Protection for IoT Devices",
abstract = "Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. For example, software attackers perform code injection and code-reuse attacks on their remote interfaces, and physical access to IoT devices allows to tamper with code in memory, steal confidential Intellectual Property (IP), or mount fault attacks to manipulate a CPU's control flow.In this work, we present Sponge-based Control Flow Protection (SCFP). SCFP is a stateful, sponge-based scheme to ensure the confidentiality of software IP and its authentic execution on IoT devices. At compile time, SCFP encrypts and authenticates software with instruction-level granularity. During execution, an SCFP hardware extension between the CPU's fetch and decode stage continuously decrypts and authenticates instructions. Sponge-based authenticated encryption in SCFP yields fine-grained control-flow integrity and thus prevents code-reuse, code-injection, and fault attacks on the code and the control flow. In addition, SCFP withstands any modification of software in memory. For evaluation, we extended a RISC-V core with SCFP and fabricated a real System on Chip (SoC). The average overhead in code size and execution time of SCFP on this design is 19.8{\%} and 9.1{\%}, respectively, and thus meets the requirements of embedded IoT devices.",
keywords = "control-flow protection, fault attacks, countermeasures, authenticated encryption, sponges",
author = "Mario Werner and Thomas Unterluggauer and David Schaffenrath and Stefan Mangard",
year = "2018",
language = "English",
booktitle = "2018 IEEE European Symposium on Security and Privacy",
publisher = "Institute of Electrical and Electronics Engineers",
address = "United States",

}

TY - GEN

T1 - Sponge-Based Control-Flow Protection for IoT Devices

AU - Werner, Mario

AU - Unterluggauer, Thomas

AU - Schaffenrath, David

AU - Mangard, Stefan

PY - 2018

Y1 - 2018

N2 - Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. For example, software attackers perform code injection and code-reuse attacks on their remote interfaces, and physical access to IoT devices allows to tamper with code in memory, steal confidential Intellectual Property (IP), or mount fault attacks to manipulate a CPU's control flow.In this work, we present Sponge-based Control Flow Protection (SCFP). SCFP is a stateful, sponge-based scheme to ensure the confidentiality of software IP and its authentic execution on IoT devices. At compile time, SCFP encrypts and authenticates software with instruction-level granularity. During execution, an SCFP hardware extension between the CPU's fetch and decode stage continuously decrypts and authenticates instructions. Sponge-based authenticated encryption in SCFP yields fine-grained control-flow integrity and thus prevents code-reuse, code-injection, and fault attacks on the code and the control flow. In addition, SCFP withstands any modification of software in memory. For evaluation, we extended a RISC-V core with SCFP and fabricated a real System on Chip (SoC). The average overhead in code size and execution time of SCFP on this design is 19.8% and 9.1%, respectively, and thus meets the requirements of embedded IoT devices.

AB - Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. For example, software attackers perform code injection and code-reuse attacks on their remote interfaces, and physical access to IoT devices allows to tamper with code in memory, steal confidential Intellectual Property (IP), or mount fault attacks to manipulate a CPU's control flow.In this work, we present Sponge-based Control Flow Protection (SCFP). SCFP is a stateful, sponge-based scheme to ensure the confidentiality of software IP and its authentic execution on IoT devices. At compile time, SCFP encrypts and authenticates software with instruction-level granularity. During execution, an SCFP hardware extension between the CPU's fetch and decode stage continuously decrypts and authenticates instructions. Sponge-based authenticated encryption in SCFP yields fine-grained control-flow integrity and thus prevents code-reuse, code-injection, and fault attacks on the code and the control flow. In addition, SCFP withstands any modification of software in memory. For evaluation, we extended a RISC-V core with SCFP and fabricated a real System on Chip (SoC). The average overhead in code size and execution time of SCFP on this design is 19.8% and 9.1%, respectively, and thus meets the requirements of embedded IoT devices.

KW - control-flow protection

KW - fault attacks

KW - countermeasures

KW - authenticated encryption

KW - sponges

M3 - Conference contribution

BT - 2018 IEEE European Symposium on Security and Privacy

PB - Institute of Electrical and Electronics Engineers

ER -