protecting risc v processors
play

Protecting RISC-V Processors against Physical Attacks Stefan - PowerPoint PPT Presentation

Apr 08, 2024 •49 likes •621 views

www.iaik.tugraz.at S C I E N C E P A S S I O N T E C H N O L O G Y Protecting RISC-V Processors against Physical Attacks Stefan Mangard, Robert Schilling, Thomas Unterluggauer, Mario Werner

  1. www.iaik.tugraz.at  S C I E N C E  P A S S I O N  T E C H N O L O G Y Protecting RISC-V Processors against Physical Attacks Stefan Mangard, Robert Schilling, Thomas Unterluggauer, Mario Werner Graz University of Technology March 28 th , 2019 u www.iaik.tugraz.at

  2. www.iaik.tugraz.at  Attack Settings I/O Network Computer System Processor RAM Interfaces 2 Graz University of Technology

  3. www.iaik.tugraz.at  Classic Setting: Attacks Via The (Network) Interfaces I/O Network Computer System Processor RAM Interfaces 3 Graz University of Technology

  4. www.iaik.tugraz.at  Classic Setting: Attacks Via The (Network) Interfaces I/O Network Computer System Processor RAM Interfaces 4 Graz University of Technology

  5. www.iaik.tugraz.at  The Secure Processor Setting I/O Network RAM Processor Interfaces Memory Encryption 5 Graz University of Technology

  6. www.iaik.tugraz.at  Physical Attack Setting: Also Processor is Attacked I/O Network RAM Processor Interfaces Example attacks: power analysis, fault attacks, … 6 Graz University of Technology

  7. www.iaik.tugraz.at  Small Faults – Big Effects 1 bit determines your privilege level  determines your access rights  determines whether a password is considered correct or not  Changes completely the meaning of an opcode  …  7 Graz University of Technology

  8. www.iaik.tugraz.at  Fault Attacks - Relevance Traditional fields  secure elements  smart cards, …  New fields:  IoT, automotive, etc.  Example: Privilege escalation on Linux (Niek Timmers, Cristofaro Mune:  Escalating Privileges in Linux Using Voltage Fault Injection. FDTC 2017: 1-8) 8 Graz University of Technology

  9. www.iaik.tugraz.at  Fault Attacks – How? Rowhammer Most popular techniques  Voltage glitches  Laser  Effects  Changes in data, pointers, …  Changes in program flow: skip of instruction pointer,  induction of branches, … 9 Graz University of Technology

  10. www.iaik.tugraz.at  Fault Attacks – What Can We Do? 10 Graz University of Technology

  11. www.iaik.tugraz.at  Fault Attacks – What Can We Do? Control flow graph integrity  Mario Werner, Thomas Unterluggauer, David Schaffenrath , Stefan Mangard. “Sponge - Based Control-Flow Protection for IoT Devices”. In: Euro S&P 2018 11 Graz University of Technology

  12. www.iaik.tugraz.at  Fault Attacks – What Can We Do? Branch Integrity  Robert Schilling, Mario Werner, Stefan Mangard. “Securing Conditional Branches in the Presence of Fault Attacks”. In: DATE 2018 12 Graz University of Technology

  13. www.iaik.tugraz.at  Fault Attacks – What Can We Do? Memory Access  Robert Schilling, Mario Werner, Pascal Nasahl , Stefan Mangard. “Pointing in the Right Direction- Securing Memory Accesses in a Faulty World”. In: ACSAC 2018 13 Graz University of Technology

  14. www.iaik.tugraz.at  Fault Attacks – What can we do? 14 Graz University of Technology

  15. www.iaik.tugraz.at  Sponge-Based Control-Flow Protection 15 Graz University of Technology

  16. www.iaik.tugraz.at  Control Flow Integrity is Critical Robert Schilling 16 Graz University of Technology

  17. www.iaik.tugraz.at  Control Flow Integrity is Critical Robert Schilling 17 Graz University of Technology

  18. www.iaik.tugraz.at  Control Flow Integrity is Critical Robert Schilling 18 Graz University of Technology

  19. www.iaik.tugraz.at  Control Flow Integrity is Critical Robert Schilling 19 Graz University of Technology

  20. www.iaik.tugraz.at  Control Flow Integrity is Critical Robert Schilling 20 Graz University of Technology

  21. www.iaik.tugraz.at  Main Idea Sponge-based Control-Flow Protection (SCFP)  Hardware supported CFI scheme  Encrypts the instruction stream with small granularity  Program can only be decrypted correctly as long it is  executed correctly Costs  Highly configurable in terms of security and cost  RV32IM AEE-Light: ~10% runtime, ~20% code size  Robert Schilling 21 Graz University of Technology

  22. www.iaik.tugraz.at  High Level Concept 22 Graz University of Technology

  23. www.iaik.tugraz.at  High Level Concept 23 Graz University of Technology

  24. www.iaik.tugraz.at  High Level Concept 24 Graz University of Technology

  25. www.iaik.tugraz.at  Decryption/Execution Example 25 Graz University of Technology

  26. www.iaik.tugraz.at  Decryption/Execution Example 26 Graz University of Technology

  27. www.iaik.tugraz.at  Decryption/Execution Example 27 Graz University of Technology

  28. www.iaik.tugraz.at  Decryption/Execution Example 28 Graz University of Technology

  29. www.iaik.tugraz.at  Decryption/Execution Example 29 Graz University of Technology

  30. www.iaik.tugraz.at  Decryption/Execution Example 30 Graz University of Technology

  31. www.iaik.tugraz.at  Decryption/Execution Example 31 Graz University of Technology

  32. www.iaik.tugraz.at  Decryption/Execution Example 32 Graz University of Technology

  33. www.iaik.tugraz.at  Decryption/Execution Example 33 Graz University of Technology

  34. www.iaik.tugraz.at  Decryption/Execution Example 34 Graz University of Technology

  35. www.iaik.tugraz.at  Decryption/Execution Example 35 Graz University of Technology

  36. www.iaik.tugraz.at  RISC-V ISA Integration - Branches Branches additional have an associated  patch that is applied conditionally New BPEQ, BPNE, BPLT, BPLTU, BPGE,  and BPGEU instructions 36 Graz University of Technology

  37. www.iaik.tugraz.at  RISC-V ISA Integration – Calls Direct Calls Indirect Calls 37 Graz University of Technology

  38. www.iaik.tugraz.at  Prototype Implementation LLVM-based toolchain  RI5CY-based hardware  AEE-Light with PRINCE in  APE-like mode ~30kGE of area for SCFP at  100MHz in UMC65 ~10% runtime and ~20% code  size overhead 38 Graz University of Technology

  39. www.iaik.tugraz.at  Protected Conditional Branches

  40. www.iaik.tugraz.at  Motivation Control-flow integrity (CFI) measures restrict the  control-flow to valid execution traces PW check Branching decisions require extra protection Do Enter  System Nothing Examples of critical applications  Continue Password checks, signature verification, …  40 Graz University of Technology

  41. www.iaik.tugraz.at  Classical Conditional Branch 41 Graz University of Technology

  42. www.iaik.tugraz.at  Faulting Conditional Branches Fault the comparison Fault the operands Faulting the branch 42 Graz University of Technology

  43. www.iaik.tugraz.at  Design Goals Maximum flexibility concerning redundancy encoding of data (x, y)  Arithmetic codes are efficient for number encoding  Linear codes are used for strings  Minimal changes to hardware  43 Graz University of Technology

  44. www.iaik.tugraz.at  Step 1: Encoded Comparison in Software Efficiently possible e.g. for AN Codes  Output of comparison: n-bit symbol for true or n-bit symbol for false  44 Graz University of Technology

  45. www.iaik.tugraz.at  Step 1: Encoded Comparison in Software How to securely branch based on the n-bit symbol? 45 Graz University of Technology

  46. www.iaik.tugraz.at  Step 2: Use a standard branch for the actual branching Use a standard branch for the actual branching …. 46 Graz University of Technology

  47. www.iaik.tugraz.at  Step 3: Link Comparison Result to CFI State … and link it to the CFI state. 47 Graz University of Technology

  48. www.iaik.tugraz.at  Example: Protected Conditional Branch 1. Compute the encoded comparison 𝐽1 𝑇 1 2. Perform a conditional branch 𝑇 2 𝐽2 𝑇 3 𝑑𝑝𝑜𝑒 = EncCmp 3. At the branch target: Link the 𝑐𝑠 𝑑𝑝𝑜𝑒 = 𝑈𝑠𝑣𝑓 𝑇 4 redundant condition value with the CFI state ∗ ∗ 𝑇 6 𝑉𝑞𝑒𝑏𝑢𝑓(𝑑𝑝𝑜𝑒) 𝑉𝑞𝑒𝑏𝑢𝑓(𝑑𝑝𝑜𝑒) 𝑇 8 𝑇 6 𝑇 8 𝐽6 𝐽8 𝑇 7 𝑇 9 𝐽7 𝐽9 Wrong branch and wrong condition lead to invalid CFI state 48 Graz University of Technology

  49. www.iaik.tugraz.at  Prototype Evaluation Added new branch instruction to inject first operand to the CFI state  LLVM-based toolchain  Automatically identifies conditional branches  Encodes dependent data-flow graph to AN-code domain  Inserts software-based comparison algorithm  Overhead on par with state-of-the-art duplication approaches  49 Graz University of Technology

  50. www.iaik.tugraz.at  Secure Memory Access 50 Graz University of Technology

  51. www.iaik.tugraz.at  Faulting the Pointer Memory Faulted pointer redirects  Some data the memory access ptr Secret 51 Graz University of Technology

  52. www.iaik.tugraz.at  Faulting the Memory Access Memory Faulted pointer redirects  Some data the memory access Faulting the memory  ptr access itself leads to a wrong access Secret 52 Graz University of Technology

Recommend

RISC Processors Chapter 14 S. Dandamudi Outline Introduction Itanium processor

RISC Processors Chapter 14 S. Dandamudi Outline Introduction Itanium processor

RISC Processors Chapter 14 S. Dandamudi Outline Introduction Itanium processor Architecture Evolution of CISC Addressing modes processors Instruction set RISC design principles Instruction-level parallelism

1.35k views • 70 slides
End-to-end formal ISA verification of RISC-V processors with riscv-formal Clifford Wolf About

End-to-end formal ISA verification of RISC-V processors with riscv-formal Clifford Wolf About

End-to-end formal ISA verification of RISC-V processors with riscv-formal Clifford Wolf About RISC-V RISC-V is an Open Instruction Set Architecture (ISA) Can be freely used for any purpose Many implementations are available from

677 views • 22 slides
ARM v4T CS2253 Owen Kaser, UNBSJ ARM v4T History of ARM processors R is for RISC

ARM v4T CS2253 Owen Kaser, UNBSJ ARM v4T History of ARM processors R is for RISC

ARM v4T CS2253 Owen Kaser, UNBSJ ARM v4T History of ARM processors R is for RISC Registers Status flags and conditional execution Memory Example program History of ARM v4T Acorn Computers in the UK, early 1980s

461 views • 16 slides
PROCESSOR DEVELOPMENT THE FREE AND OPEN RISC INSTRUCTION SET ARCHITECTURE Codasip is the

PROCESSOR DEVELOPMENT THE FREE AND OPEN RISC INSTRUCTION SET ARCHITECTURE Codasip is the

ENHANCED TOOLS FOR RISC-V PROCESSOR DEVELOPMENT THE FREE AND OPEN RISC INSTRUCTION SET ARCHITECTURE Codasip is the leading provider of RISC-V processor IP Codasip Bk : A portfolio of RISC-V processors Uniquely providing design automation tools

318 views • 9 slides
TEE Boot Procedure with Crypto-accelerators in RISC-V Processors Authors: Ckristian Duran,

TEE Boot Procedure with Crypto-accelerators in RISC-V Processors Authors: Ckristian Duran,

TEE Boot Procedure with Crypto-accelerators in RISC-V Processors Authors: Ckristian Duran, Trong-Thuc Hoang, Akira Tsukamoto, Kuniyasu Suzaki, and Cong-Kha Pham Outline Motivation Hardware Structure for Trusted Execution Environments

470 views • 33 slides
Nested Parallelism PageRank on RISC- V Vector Multi- Processors Al Alon Am Amid, Al Albert t

Nested Parallelism PageRank on RISC- V Vector Multi- Processors Al Alon Am Amid, Al Albert t

Nested Parallelism PageRank on RISC- V Vector Multi- Processors Al Alon Am Amid, Al Albert t Ou, Kr Krste te Asanov ovi , B Bor orivoj oje e Nikol oli Agenda Silicon-Proven Open Source Hardware and FPGA-Accelerated Problem

755 views • 51 slides
RV-IOV: Tethering RISC-V Processors via Scalable I/O Virtualization Luis Vega and Michael B.

RV-IOV: Tethering RISC-V Processors via Scalable I/O Virtualization Luis Vega and Michael B.

RV-IOV: Tethering RISC-V Processors via Scalable I/O Virtualization Luis Vega and Michael B. Taylor Bespoke Silicon Group University of Washington 1 Berkeleys Tethered Rocket core The host system provide support for: Rocket Core

1.24k views • 16 slides
ARM Cortex-M4 Programming Model ARM = Advanced RISC Machines, Ltd. ARM licenses IP to other

ARM Cortex-M4 Programming Model ARM = Advanced RISC Machines, Ltd. ARM licenses IP to other

ARM Cortex-M4 Programming Model ARM = Advanced RISC Machines, Ltd. ARM licenses IP to other companies (ARM does not fabricate chips) 2005: ARM had 75% of embedded RISC market, with 2.5 billion processors ARM available as microcontrollers, IP

611 views • 29 slides
Flexible Timing Simulation of RISC-V Processors with Sniper Neet eethu B Bal al M Mal ally

Flexible Timing Simulation of RISC-V Processors with Sniper Neet eethu B Bal al M Mal ally

Flexible Timing Simulation of RISC-V Processors with Sniper Neet eethu B Bal al M Mal ally lya 1 , Cecilia Gonzalez-Alvarez 2 , Trevor E. Carlson 1 1 National University of Singapore, Singapore 2 Ghent University, Belgium Outline Need

784 views • 28 slides
Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser |

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser |

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser LCA, Gold Coast, QLD, 2020-01-15 https://trustworthy.systems What is seL4? A 30-Year Dream 3 | LCA |

886 views • 36 slides
Protecting the Control Flow of Embedded Processors against Fault Attacks Mario Werner 1 , Erich

Protecting the Control Flow of Embedded Processors against Fault Attacks Mario Werner 1 , Erich

W I S S E N T E C H N I K L E I D E N S C H A F T Protecting the Control Flow of Embedded Processors against Fault Attacks Mario Werner 1 , Erich Wenger 2 , and Stefan Mangard 1 , 1 Graz University of Technology 2 Infineon

552 views • 32 slides
The future of operating systems on RISC-V Alex Bradbury asb@lowrisc.org @asbradbury 4th

The future of operating systems on RISC-V Alex Bradbury asb@lowrisc.org @asbradbury 4th

The future of operating systems on RISC-V Alex Bradbury asb@lowrisc.org @asbradbury 4th March 2019 Structure of this talk Introduction to RISC-V RISC-V status Selected RISC-V topics RISC-V and open hardware: the future

733 views • 28 slides
http://www.megaprocessor.com/ 1 Navigation Check Simple (RISC) Processor 2 Simplified

http://www.megaprocessor.com/ 1 Navigation Check Simple (RISC) Processor 2 Simplified

CSE140 - Processors 8-bit adder Edited file from Bryan Chin http://www.megaprocessor.com/ 1 Navigation Check Simple (RISC) Processor 2 Simplified Digital Computer Instruction Store Register File Execute Control ALU Memory

807 views • 28 slides
Implementing out-of-order execution processors IBM 360/91 High performance substrate CSE240A:

Implementing out-of-order execution processors IBM 360/91 High performance substrate CSE240A:

Implementing out-of-order execution processors IBM 360/91 High performance substrate CSE240A: Neha Chachra and Bryan S. Kim Feb. 11, 2010 1 Historical perspective Pipeline RISC Superscalar Out-of-order VLIW SMT 1960 1970 1980 1990

1.01k views • 45 slides
Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail

Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail

Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail in the instruction set wars? Describe a simple RISC ISA called DLX 2. Designing a simple DLX processor: Single Cycle Implementation Multiple

1.01k views • 21 slides
Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail

Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail

Roadmap 1. Instruction Set Architectures (ISA) What is CISC? What is RISC? Why did RISC prevail in the instruction set wars? Describe a simple RISC ISA called DLX 2. Designing a simple DLX processor: Single Cycle Implementation Multiple

753 views • 11 slides
LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner

LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner

LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner Research Institute for Symbolic Computation (RISC) Wolfgang.Schreiner@risc.jku.at http://www.risc.jku.at Systematic Problem Solving A key competence

592 views • 24 slides
LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner

LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner

LOGIC TECHNOLOGY FOR CS EDUCATION RISCAL The RISC Algorithm Language Wolfgang Schreiner Research Institute for Symbolic Computation (RISC) Wolfgang.Schreiner@risc.jku.at http://www.risc.jku.at Systematic Problem Solving A key competence

1.25k views • 73 slides
Sail, RISC-V, and CHERI-RISC-V Prashanth Mundkur and Peter G. Neumann, SRI International (most of

Sail, RISC-V, and CHERI-RISC-V Prashanth Mundkur and Peter G. Neumann, SRI International (most of

Sail, RISC-V, and CHERI-RISC-V Prashanth Mundkur and Peter G. Neumann, SRI International (most of this work done by University of Cambridge) Robert Norton-Wright, Jon French, Brian Campbell , Alasdair Armstrong, Thomas Bauereiss, Shaked Flur,

866 views • 24 slides
QEMU Support for the RISC-V Instruction Set Architecture Sagar Karandikar

QEMU Support for the RISC-V Instruction Set Architecture Sagar Karandikar

QEMU Support for the RISC-V Instruction Set Architecture Sagar Karandikar sagark@eecs.berkeley.edu KVM Forum 2016 https://github.com/riscv/riscv-qemu Outline Why RISC-V? Benefits of an Open ISA RISC-V ISA Basics Virtualization

536 views • 42 slides
CISC / RISC Complex / Reduced Instruction Set Computers CISC / RISC p. 1/12 Instruction

CISC / RISC Complex / Reduced Instruction Set Computers CISC / RISC p. 1/12 Instruction

Systems Architecture CISC / RISC Complex / Reduced Instruction Set Computers CISC / RISC p. 1/12 Instruction Usage Instruction Group Average Usage 1 Data Movement 45.28% 2 Flow Control 28.73% 3 Arithmetic 10.75% 4 Compare

1.3k views • 12 slides
Stochastic Processors (or processors that do not always compute correctly by design) Rakesh Kumar

Stochastic Processors (or processors that do not always compute correctly by design) Rakesh Kumar

Stochastic Processors (or processors that do not always compute correctly by design) Rakesh Kumar Department of Electrical and Computer Engineering University of Illinois, Urbana-Champaign Insisting on Correctness Always is Expensive

281 views • 12 slides
Adventures with RISC-V Vectors and LLVM Robin Kruppe Roger Espasa Chief Architect Embedded

Adventures with RISC-V Vectors and LLVM Robin Kruppe Roger Espasa Chief Architect Embedded

Adventures with RISC-V Vectors and LLVM Robin Kruppe Roger Espasa Chief Architect Embedded Systems and Applications Group 1 Background RISC-V is a new open-source ISA rapidly gaining momentum Definition controlled by the RISC-V

530 views • 23 slides
Today Digital Signal Processors Digital signal processors Microcontrollers are optimized

Today Digital Signal Processors Digital signal processors Microcontrollers are optimized

Today Digital Signal Processors Digital signal processors Microcontrollers are optimized for control-intensive apps VLIW SHARC details Average general-purpose application branches every seven instructions Quick look at

613 views • 6 slides

More recommend