Configurable fault injection detection method for RISC-V based on instruction extension
-
摘要:
针对处理器运行时受到故障攻击出现的数据流错误,提出了一种面向RISC-V处理器微架构的模式可配置故障注入检测方法。该方法基于RISC-V指令集架构,利用其可扩展性添加带模式配置的自定义算术逻辑运算指令和控制与状态寄存器,以软硬件结合的方式同时实现算术逻辑运算和故障注入检测。在软件层面,通过写寄存器指令将配置信息写入自定义的控制与状态寄存器,配置自定义指令的故障注入检测模式,包括信息冗余和时间冗余2种故障注入检测模式及其参数;在硬件层面,实现了支持模式可配置故障注入检测方法的RISC-V处理器微架构。采用仿真器命令模拟故障注入,验证扩展后的RISC-V处理器的功能正确性与故障注入检测能力。实验结果表明:当信息冗余模式和时间冗余模式的应用频率相同时,模式可配置方法相较于单信息冗余方法,平均故障检测率提高13.34%,引入4.4%的平均资源开销;相较于单时间冗余方法,降低了8.24%的平均时间开销,故障检测率降低了13.33%。所提模式可配置方法可以实现故障检测率和时间开销的折中,适用于不同安全性和性能需求的应用场景。
Abstract:For data flow errors caused by fault attacks during processor operation, this paper designed a configurable fault injection detection method based on RISC-V processor microarchitecture. Based on the RISC-V instruction set architecture, this method took advantage of its expandability to add custom arithmetic logic instructions with mode configuration and control and state registers and realized the arithmetic logic operation and fault detection simultaneously by the combination of hardware and software. At the software level, configuration information was written to the customized control and state register by register access instructions to configure the fault detection modes of the customized instructions, including information and temporal redundancy modes and their parameters. At the hardware level, a RISC-V processor microarchitecture supporting configurable fault injection detection was implemented. Finally, the simulator command was used to simulate the fault injection, and the functional correctness and fault injection detection capability of the extended RISC-V processor were verified. The experimental results show that compared to the single information redundancy method, when the information redundancy mode and temporal redundancy mode are applied with the same frequency, the proposed configurable method improves the average fault detection rate by 13.34% with an average resource overhead of 4.4%. Compared to the single temporal redundancy method, it reduces the average time overhead by 8.24% with a 13.33% decrease in fault detection rate. The proposed configurable method can achieve a compromise between fault detection rate and time overhead and be applied in application scenarios with different security and performance requirements.
-
图 2 基于信息冗余的故障注入检测方法
Figure 2. Fault injection detection method based on information redundancy
图 3 基于时间冗余的故障注入检测方法
Figure 3. Fault injection detection method based on temporal redundancy
图 7 故障注入检测模式可配置RISC-V处理器微架构
Figure 7. Microarchitecture of RISC-V processor with configurable fault injection detection mode
表 1 不同故障注入检测方法时间开销
Table 1. Time overhead for different fault injection detection methods
方法 时间开销/时钟周期数 User
PIN 1User
PIN 2User
PIN 3User
PIN 4信息冗余 83 128 179 236 时间冗余(复算单次) 82 142 199 247 时间冗余(复算双次) 96 159 228 300 模式可配置(MREPLY = 01) 78 135 186 235 模式可配置(MREPLY = 10) 86 143 203 263 模式可配置(MREPLY = 11) 82 145 211 277 
下载: 导出CSV
表 2 不同故障注入检测方法资源开销
Table 2. Resource overhead for different fault injection detection methods
方法 LUT FF 数字信号
处理器总可编程
逻辑资源zero-riscy处理器 3250 1930 1 5180 信息冗余(g = 32) 4004 2038 1 6042 信息冗余(g = 16) 4098 2065 1 6163 信息冗余(g = 8) 4035 2138 1 6173 时间冗余(复算单次) 3598 2033 1 5631 时间冗余(复算双次) 3530 2034 1 5564 模式可配置(g = 32) 4261 2080 1 6341 模式可配置(g = 16) 4313 2112 1 6425 模式可配置(g = 8) 4246 2175 1 6421
下载: 导出CSV
-
[1] 王省欣, 胡伟, 谭静, 等. AES相关故障注入攻击[J]. 西安电子科技大学学报, 2021, 48(4): 192-199.WANG X X, HU W, TAN J, et al. Correlation fault attack on AES[J]. Journal of Xidian University, 2021, 48(4): 192-199(in Chinese). [2] TROUCHKINE T, BUKASA S K, ESCOUTELOUP M, et al. Electromagnetic fault injection against a complex CPU, toward new micro-architectural fault models[J]. Journal of Cryptographic Engineering, 2021, 11(4): 353-367. doi: 10.1007/s13389-021-00259-6 [3] 姜会龙, 朱翔, 李悦, 等. 基于微控制器的AES激光注入攻击研究[J]. 电子与信息学报, 2021, 43(5): 1357-1364. doi: 10.11999/JEIT200163JIANG H L, ZHU X, LI Y, et al. Research on laser injection attack for AES based on micro-controller unit[J]. Journal of Electronics & Information Technology, 2021, 43(5): 1357-1364(in Chinese). doi: 10.11999/JEIT200163 [4] VASSELLE A, THIEBEAULD H, MAOUHOUB Q, et al. Laser-induced fault injection on smartphone bypassing the secure boot[C]//Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography. Piscataway: IEEE Press, 2017: 41-48. [5] NASHIMOTO S, SUZUKI D, UENO R, et al. Bypassing isolated execution on RISC-V using side-channel-assisted fault-injection and its countermeasure[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021, 2022(1): 28-68. [6] YUCE B, GHALATY N F, DESHPANDE C, et al. FAME: Fault-attack aware microprocessor extensions for hardware fault detection and software fault response[C]//Proceedings of the Hardware and Architectural Support for Security and Privacy. New York: ACM, 2016: 1-8. [7] BREIER J, BHASIN S, HE W. An electromagnetic fault injection sensor using Hogge phase-detector[C]//Proceedings of the 18th International Symposium on Quality Electronic Design. Piscataway: IEEE Press, 2017: 307-312. [8] DESHPANDE C, YUCE B, GHALATY N F, et al. A configurable and lightweight timing monitor for fault attack detection[C]//Proceedings of the IEEE Computer Society Annual Symposium on VLSI. Piscataway: IEEE Press, 2016: 461-466. [9] 王沛晶, 刘强. 一种混合粒度奇偶校验故障注入检测方法[J]. 北京航空航天大学学报, 2019, 45(4): 821-826.WANG P J, LIU Q. Mixed-grain parity-code-based fault detection method against fault injection[J]. Journal of Beijing University of Aeronautics and Astronautics, 2019, 45(4): 821-826(in Chinese). [10] MANSSOUR N A, LAPÔTRE V, GOGNIAT G, et al. Processor extensions for hardware instruction replay against fault injection attacks[C]//Proceedings of the 25th International Symposium on Design and Diagnostics of Electronic Circuits and Systems. Piscataway: IEEE Press, 2022: 26-31.MANSSOUR N A, LAPÔTRE V, GOGNIAT G, et al. Processor extensions for hardware instruction replay against fault injection attacks[C]//Proceedings of the 25th International Symposium on Design and Diagnostics of Electronic Circuits and Systems. Piscataway: IEEE Press, 2022: 26-31. [11] 邓丁, 郭阳. 面向RISC-V内核的标记指令复算与纠错机制的设计[J]. 国防科技大学学报, 2020, 42(6): 90-97.DENG D, GUO Y. Recomputation and correction mechanism design for tagged instructions of the RISC-V core[J]. Journal of National University of Defense Technology, 2020, 42(6): 90-97(in Chinese). [12] WATERMAN A S. Design of the RISC-V instruction set architecture[D]. Berkeley: University of California, Berkeley, 2016. [13] PARHAMI B. Computer arithmetic: Algorithms and hardware designs[M]. New York: Oxford University Press, 2000. [14] DESHPANDE C, YUCE B, NAZHANDALI L, et al. Employing dual-complementary flip-flops to detect EMFI attacks[C]//Proceedings of the Asian Hardware Oriented Security and Trust Symposium. Piscataway: IEEE Press, 2017: 109-114. [15] NICOLAIDIS M. Carry checking/parity prediction adders and ALUs[J]. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2003, 11(1): 121-128. doi: 10.1109/TVLSI.2002.800526 [16] NAHIYAN A, FARAHMANDI F, MISHRA P, et al. Security-aware FSM design flow for identifying and mitigating vulnerabilities to fault attacks[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2019, 38(6): 1003-1016. doi: 10.1109/TCAD.2018.2834396 [17] DUREUIL L, PETIOT G, POTET M L, et al. FISSC: A fault injection and simulation secure collection[C]//Proceedings of the International Conference on Computer Safety, Reliability, and Security. Berlin: Springer, 2016: 3-11. -
下载:
点击查看大图
计量
- 文章访问数: 621
- HTML全文浏览量: 199
- PDF下载量: 16
- 被引次数: 0
