protecting the control flow of embedded processors
play

Protecting the Control Flow of Embedded Processors against Fault - PowerPoint PPT Presentation

Dec 09, 2023 •230 likes •552 views

W I S S E N T E C H N I K L E I D E N S C H A F T Protecting the Control Flow of Embedded Processors against Fault Attacks Mario Werner 1 , Erich Wenger 2 , and Stefan Mangard 1 , 1 Graz University of Technology 2 Infineon

  1. W I S S E N T E C H N I K L E I D E N S C H A F T Protecting the Control Flow of Embedded Processors against Fault Attacks Mario Werner 1 , Erich Wenger 2 , and Stefan Mangard 1 , 1 Graz University of Technology 2 Infineon Technologies AG, Munich 5th November 2015, Bochum www.iaik.tugraz.at

  2. www.iaik.tugraz.at Context and Motivation Embedded systems are everywhere Assets in malicious environment Memory Processor Crypto System Various assets Protecting cryptographic primitives is insufficient Werner, Wenger, Mangard, 2 5th November 2015, Bochum

  3. www.iaik.tugraz.at Do we really care about the Processor? unsigned pin = read_pin(); bool auth = tpm_check(pin); if( auth ) { open_door(); } else { alert_police(); } log_event(); read_pin() tpm_check(pin) check if auth == true open_door() alert_police() log_event() Werner, Wenger, Mangard, 3 5th November 2015, Bochum

  4. www.iaik.tugraz.at Do we really care about the Processor? unsigned pin = read_pin(); bool auth = tpm_check(pin); if( auth ) { open_door(); } else { alert_police(); } log_event(); check condition perform action handle error continue Werner, Wenger, Mangard, 3 5th November 2015, Bochum

  5. www.iaik.tugraz.at Do we really care about the Processor? check_auth: // auth in R0 (1 if true) LDR R1, #1 CMP R0, R1 BNE not_authenticated authenticated: // open door // ... B next not_authenticated: // alert police next: // log event Werner, Wenger, Mangard, 3 5th November 2015, Bochum

  6. www.iaik.tugraz.at Do we really care about the Processor? check_auth: // auth in R0 (1 if true) LDR R1, #1 CMP R0, R1 BEQ not_authenticated authenticated: // open door // ... B next not_authenticated: // alert police next: // log event Werner, Wenger, Mangard, 3 5th November 2015, Bochum

  7. www.iaik.tugraz.at Do we really care about the Processor? check_auth: // auth in R0 (1 if true) LDR R1, #1 CMP R0, R0 BNE not_authenticated authenticated: // open door // ... B next not_authenticated: // alert police next: // log event Werner, Wenger, Mangard, 3 5th November 2015, Bochum

  8. www.iaik.tugraz.at Do we really care about the Processor? check_auth: // auth in R0 (1 if true) LDR R1, #1 CMP R0, R1 BNE not_authenticated authenticated: // open door // ... B next not_authenticated: // alert police next: // log event Werner, Wenger, Mangard, 3 5th November 2015, Bochum

  9. www.iaik.tugraz.at Goal and Results Goal: Enforce control-flow integrity Results: Analysis and evaluation of signature functions Detect a faulty instruction with 99.9 % within 3 cycles (arbitrary fault) Resistant against at least 7 precise bit flips injected across two instructions HDL implementation for a Cortex-M3 clone LLVM based toolchain 6.4 % hardware overhead 2 % to 71 % runtime overhead Werner, Wenger, Mangard, 4 5th November 2015, Bochum

  10. www.iaik.tugraz.at Control-Flow Integrity Execute code as programmed Perform only intended function calls Traverse control flow graph along programmed edges Execute basic blocks from start to end Preserve instructions and their order read_pin check_pin main unlock_door alert_police log_event Werner, Wenger, Mangard, 5 5th November 2015, Bochum

  11. www.iaik.tugraz.at Control-Flow Integrity Execute code as programmed Perform only intended function calls Traverse control flow graph along programmed edges Execute basic blocks from start to end Preserve instructions and their order check auth open_door() alert_police() log_event() Werner, Wenger, Mangard, 5 5th November 2015, Bochum

  12. www.iaik.tugraz.at Control-Flow Integrity Execute code as programmed Perform only intended function calls Traverse control flow graph along programmed edges Execute basic blocks from start to end Preserve instructions and their order check auth open_door() alert_police() log_event() Werner, Wenger, Mangard, 5 5th November 2015, Bochum

  13. www.iaik.tugraz.at Control-Flow Integrity Execute code as programmed Perform only intended function calls Traverse control flow graph along programmed edges Execute basic blocks from start to end Preserve instructions and their order check_auth: // auth in R0 (1 if true) LDR R1, #1 CMP R0, R0 BNE not_authenticated Werner, Wenger, Mangard, 5 5th November 2015, Bochum

  14. www.iaik.tugraz.at Concept Instruction stream integrity through derived signatures [MM88] Generalized path signature analysis (GPSA) [WS90] Optimize against fault attacks Implemented as hybrid scheme Dedicated assertions Continuous checks Werner, Wenger, Mangard, 6 5th November 2015, Bochum

  15. www.iaik.tugraz.at Derived Signatures [MM88] R e s e t _ H a n d l e r 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 b 5 b 0 b 5 b 0 : p u s h { r 4 , r 5 , r 7 , l r } 0 x 0 0 0 1 6 4 b 2 a f 0 2 : a d d r 7 , s p , # 8 0 x 0 0 0 1 a c b f 4 8 0 d : l d r r 0 , [ p c , # 5 2 ] 0 x 0 0 0 1 f 5 c d 4 9 0 e : l d r r 1 , [ p c , # 5 6 ] 0 x 0 0 0 2 3 8 5 5 4 2 8 8 : c m p r 0 , r 1 0 x 0 0 0 3 0 a 6 2 d 2 0 d : b h s # 2 6 R e s e t _ H a n d l e r : 1 R e s e t _ H a n d l e r : 2 0 x 0 0 0 3 0 a 6 2 0 x 0 0 0 3 0 a 6 2 0 x 0 0 0 3 5 4 6 f 4 a 0 d : l d r r 2 , [ p c , # 5 2 ] 0 x 0 0 0 3 5 6 6 8 4 c 0 6 : l d r r 4 , [ p c , # 2 4 ] . . . . . . ??? Werner, Wenger, Mangard, 7 5th November 2015, Bochum

  16. www.iaik.tugraz.at Generalized Path Signature Analysis [WS90] % 1 ( i f ) / / . . . % 2 % 3 / / . . . / / . . . / / . . . % 4 / / . . . / / . . . Werner, Wenger, Mangard, 8 5th November 2015, Bochum

  17. www.iaik.tugraz.at Generalized Path Signature Analysis [WS90] % 1 ( i f ) / / . . . % 2 % 3 / / . . . / / . . . update(sig1) / / . . . % 4 / / . . . / / . . . Werner, Wenger, Mangard, 8 5th November 2015, Bochum

  18. www.iaik.tugraz.at Generalized Path Signature Analysis [WS90] % 1 ( i f ) / / . . . % 2 % 3 / / . . . / / . . . update(sig1) / / . . . % 4 / / . . . / / . . . check(sig2) Werner, Wenger, Mangard, 8 5th November 2015, Bochum

  19. www.iaik.tugraz.at Generalized Path Signature Analysis [WS90] % 1 ( i f ) / / . . . % 2 % 3 / / . . . / / . . . update(sig1) / / . . . % 4 / / . . . / / . . . check(sig2) Werner, Wenger, Mangard, 8 5th November 2015, Bochum

  20. www.iaik.tugraz.at Generalized Path Signature Analysis [WS90] % 1 / / . . . % 2 ( w h i l e ) / / . . . % 6 / / . . . % 3 ( i f ) r e t u r n / / . . . % 5 % 4 / / . . . / / . . . r e t u r n Werner, Wenger, Mangard, 8 5th November 2015, Bochum

  21. www.iaik.tugraz.at Generalized Path Signature Analysis [WS90] % 1 / / . . . % 2 ( w h i l e ) / / . . . % 6 / / . . . % 3 ( i f ) r e t u r n / / . . . % 4 % 5 / / . . . / / . . . update(sig1) r e t u r n Werner, Wenger, Mangard, 8 5th November 2015, Bochum

  22. www.iaik.tugraz.at Generalized Path Signature Analysis [WS90] % 1 / / . . . % 2 ( w h i l e ) / / . . . % 6 update(sig2) % 3 ( i f ) / / . . . / / . . . r e t u r n % 4 % 5 / / . . . / / . . . update(sig1) r e t u r n Werner, Wenger, Mangard, 8 5th November 2015, Bochum

  23. www.iaik.tugraz.at Signature Functions against Fault Attacks Compression function Avoid collisions within one cycle Qualitative Requirements for GPSA: Reliability: S j + 1 ⊕ ∆ S j + 1 = f ( S j , I j ⊕ ∆ I j ) Error preservation: S j + 1 ⊕ ∆ S j + 1 = f ( S j ⊕ ∆ S j , I j ) Non associativity: f ( f ( S j , I j ) , I k ) � = f ( f ( S j , I k ) , I j ) Invertibility: S j = f − 1 ( S j + 1 , I j ) → single faulty instructions detectable Werner, Wenger, Mangard, 9 5th November 2015, Bochum

  24. www.iaik.tugraz.at Quantitative Evaluation MISRs and CRCs with various polynomials How hard is it to bypass the protection? Quality function: q ( j , t ) = HW (∆ I j ) + HW (∆ I j + t ) Worst case behavior min ( q ) matters → CRCs are better than MISRs against faults → min ( q ) = 8 for CRC-32C and CRC-32Q Werner, Wenger, Mangard, 10 5th November 2015, Bochum

  25. www.iaik.tugraz.at Implementation Hardware: Monitor for derived signatures Extended fetch unit Software: Compiler for ... GPSA signature updates ... assertions Post-processing tool for ... update and check constants ... continuous signature monitoring (CSM) Werner, Wenger, Mangard, 11 5th November 2015, Bochum

  26. www.iaik.tugraz.at Hardware Modifications Cortex-M3 System Address Space Fetch Decode Execute RAM DataOut Fetched CodeIn Instructions Register File DataIn Controller Peripherals Reference Signature Signatures Monitor for CSM MUL/ ALU DIV Address signature Code Generation Addr. Fetch Unit Controller f u Address Werner, Wenger, Mangard, 12 5th November 2015, Bochum

  27. www.iaik.tugraz.at Evaluation Hardware: CPU Core: 37 kGE Monitor: 1.5 kGE (4 %) Monitor + Core with CSM: 39 kGE (6.4 %) Benchmarks: Modified vs stock LLVM Coremark AES-256 Elliptic Curve Cryptography in C and with ASM Werner, Wenger, Mangard, 13 5th November 2015, Bochum

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dominant Species Embedded Information Technology Embedded = most processors! Systems 300

Dominant Species Embedded Information Technology Embedded = most processors! Systems 300

Dominant Species Embedded Information Technology Embedded = most processors! Systems 300 million PC and server Jakob Engblom 9000 million embedded Adj. Lektor, IT-inst Business Development Manager, Virtutech

559 views • 10 slides
Protecting Dynamic Code by Modular Control-Flow Integrity Gang Tan Department of CSE, Penn State

Protecting Dynamic Code by Modular Control-Flow Integrity Gang Tan Department of CSE, Penn State

Protecting Dynamic Code by Modular Control-Flow Integrity Gang Tan Department of CSE, Penn State Univ. At International Workshop on Modularity Across the System Stack (MASS) Mar 14 th , 2016, Malaga, Spain Cyber Insecurity 2 Blame the

804 views • 54 slides
The Emerging Power Crisis in Embedded The Emerging Power Crisis in Embedded Processors What Can a

The Emerging Power Crisis in Embedded The Emerging Power Crisis in Embedded Processors What Can a

The Emerging Power Crisis in Embedded The Emerging Power Crisis in Embedded Processors What Can a (Poor) Compiler Do ? Processors What Can a (Poor) Compiler Do ? Weng-Fai Wong National University of Singapore Collaborators L.N. Chakrapani

377 views • 24 slides
Automated combination of tolerance and control flow integrity countermeasures against multiple

Automated combination of tolerance and control flow integrity countermeasures against multiple

Automated combination of tolerance and control flow integrity countermeasures against multiple fault attacks on embedded systems Thierno Barry PhD Candidate in security of Embedded Systems at CEA ( the French Atomic Energy Commission )

681 views • 18 slides
1 What is it Really? ARM Chips ARM Chips ARM Chips ARM Chips Typically an Embedded

1 What is it Really? ARM Chips ARM Chips ARM Chips ARM Chips Typically an Embedded

Overview Embedded Processors Why? Design Criteria Introduction to E mbedded Processors Architectural Options Example Architecture: ARM Instruction Set Architecture CSE 291E / EE260C ARM7 Spring 2002 ARM9

315 views • 7 slides
Embedded Processors Overview Design features Design features AMBA Bus AMBA Bus System

Embedded Processors Overview Design features Design features AMBA Bus AMBA Bus System

Advanced Digital IC Design Contents Embedded Processors Embedded Processors Overview Design features Design features AMBA Bus AMBA Bus System Why AMBA Dalia Iurascu AMBA AHB, APB Structure Alejandro Vzquez Bofill

386 views • 10 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS Operating Systems Major differences Details XPE / CE Embedded PC 2 The Windows Embedded OS family The modular, real The modular, real- -time

611 views • 22 slides
Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification and overview of main techniques TCP Tahoe, Reno, Vegas TCP Westwood Readings: (1) Keshavs book Chapter on Flow Control; (2)

374 views • 22 slides
1 Introduction to ES Architectures Components and Systems Embedded System Architectures

1 Introduction to ES Architectures Components and Systems Embedded System Architectures

Lectures 5 & 6 Overview Processors and Architectures General Purpose vs. Application Specific for Embedded Systems Processors General Purpose Core (IP)-based design vs. Application Specific Processors Reconfigurable Systems

362 views • 5 slides
Control flow Conditionals and Control Flow l A conditional branch

Control flow Conditionals and Control Flow l A conditional branch

10/2/15 Control flow Conditionals and Control Flow l A conditional branch is sufficient to implement most control Condition codes flow constructs offered in higher

356 views • 12 slides
1 Why Why flow flow control? control? sender

1 Why Why flow flow control? control? sender

Lecture 7. Lecture 7. TCP mechanisms for: TCP mechanisms for: data transfer control / flow control error control congestion control Graphical examples (applet java) of several algorithms at:

589 views • 13 slides
Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of

Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of

Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of Computer Science, Purdue University Project 2 j Now posted on the class webpage. Due Wed, Sept. 17 at 10 pm. Start early All

663 views • 22 slides
Concurrency and Scheduling Analysis of Real-time Embedded Software on Multi-core Processors

Concurrency and Scheduling Analysis of Real-time Embedded Software on Multi-core Processors

Concurrency and Scheduling Analysis of Real-time Embedded Software on Multi-core Processors Yann-Hang Lee Young Song Duo Lu CONFIDENTIAL Center for Embedded Systems | An NSF Industry/University Cooperative Research Center Project Overview and

276 views • 5 slides
Retargetable Compilers System on Chip Many different types of DSPs and embedded processors

Retargetable Compilers System on Chip Many different types of DSPs and embedded processors

Introduction Retargetable Compilers System on Chip Many different types of DSPs and embedded processors Daniel Karlsson ASIPs (replace by latest general purpose processor?) danka@ida.liu.se no compromise, high speed, low cost,

437 views • 9 slides
Programming in C 1 Flow of Control Flow of control The order in which statements are

Programming in C 1 Flow of Control Flow of control The order in which statements are

Programming in C 1 Flow of Control Flow of control The order in which statements are executed Transfer of control When the next statement executed is not the next one in sequence 2 Flow of Control Control structures

540 views • 34 slides
Computer Graphics - HDR & Tone Mapping - Hendrik Lensch Computer Graphics WS07/08 Tone

Computer Graphics - HDR & Tone Mapping - Hendrik Lensch Computer Graphics WS07/08 Tone

Computer Graphics - HDR & Tone Mapping - Hendrik Lensch Computer Graphics WS07/08 Tone Mapping Overview Last time Gamma Correction Color spaces Today Terms and Definitions Tone Mapping Next lecture

1.46k views • 72 slides
Computer Graphics HDR Imaging Philipp Slusallek Overview HDR Acquisition Tone-Mapping

Computer Graphics HDR Imaging Philipp Slusallek Overview HDR Acquisition Tone-Mapping

Computer Graphics HDR Imaging Philipp Slusallek Overview HDR Acquisition Tone-Mapping High Dynamic Range Imaging Contrast Handling Input: HDR intensities in real-world scenes (e.g. from rendering) Output: Typically LDR

802 views • 49 slides
Selected Solutions F.7 Chapter 7 Solutions 7.1 0xA7FE 7.3 Using an instruction as a label

Selected Solutions F.7 Chapter 7 Solutions 7.1 0xA7FE 7.3 Using an instruction as a label

Appendix F Selected Solutions F.7 Chapter 7 Solutions 7.1 0xA7FE 7.3 Using an instruction as a label confuses the assembler because it treats the label as the opcode itself so the label AND will not be entered into the symbol table. Instead

419 views • 5 slides
Beyond the 008 Fall Roundtable 2013 Sarah rah Chi hild lds EI Cataloging Committee Chair

Beyond the 008 Fall Roundtable 2013 Sarah rah Chi hild lds EI Cataloging Committee Chair

Beyond the 008 Fall Roundtable 2013 Sarah rah Chi hild lds EI Cataloging Committee Chair Hussey Mayfield Memorial Public Library sarahc@zionsville.lib.in.us 317-873-3149 x13330 Fie ield ld Provides coded information about the

888 views • 24 slides
High Dynamic Range (HDR) Video for Cultural Heritage

High Dynamic Range (HDR) Video for Cultural Heritage

High Dynamic Range (HDR) Video for Cultural Heritage Documenta9on and Experimental Archaeology Jassim Happa 1 , Alessandro Artusi 2 , Silvester Czanner 1 and

716 views • 26 slides
Transforming Dependency Structures to LTAG Derivation Trees 13th International Workshop on Tree

Transforming Dependency Structures to LTAG Derivation Trees 13th International Workshop on Tree

Transforming Dependency Structures to LTAG Derivation Trees 13th International Workshop on Tree Adjoining Grammars and Related Formalisms (TAG+13) Caio Corro Joseph Le Roux September 1, 2017 Laboratoire Informatique de Paris Nord (LIPN),

815 views • 64 slides
FY 2018 Results Fixed income presentation 15 15 th th February ruary 2019 Katie Murray Chief

FY 2018 Results Fixed income presentation 15 15 th th February ruary 2019 Katie Murray Chief

FY 2018 Results Fixed income presentation 15 15 th th February ruary 2019 Katie Murray Chief Financial Officer 2 FY 2018 update on progress Income remained stable (ex notable items, Natwest Resilien ient inco come Markets and

782 views • 26 slides
Inverse (Reverse) Tone Mapping dr. Francesco Banterle francesco.banterle@isti.cnr.it The

Inverse (Reverse) Tone Mapping dr. Francesco Banterle francesco.banterle@isti.cnr.it The

Inverse (Reverse) Tone Mapping dr. Francesco Banterle francesco.banterle@isti.cnr.it The problem ? The problem f ( I ) : D w h c R w h c D [0 , 255] This means to expand the range The problem L w = f ( L d ) : D w

609 views • 46 slides

More recommend