Increasingly powerful microprocessors are helping us build an ultra-connected world. However, they also leave our systems facing a wider range of threats. A group of French researchers are collaborating on Arm IP to build defences against one particular type of attack – fault injection. This is where hackers create errors in embedded systems which they then exploit to gain access to restricted code. We spoke to Vincent Beroulle, a professor at the University of Grenoble Alpes, to find out more - including why they chose Arm over RISC-V.
Fault injection is a way of conducting a physical attack on the data and behavior of an integrated circuit. By injecting a fault, attackers can change the normal behavior of the device. They can then exploit that erroneous behavior as a vulnerability. This enables them to:
Such faults have been used to compromise secure smart cards, phones, and games consoles like the XBOX 360, Playstation 3 and Nintendo Switch, among other embedded systems.
To protect against such attacks, you need detailed knowledge of the impact of the faults. Developers can use fault models - abstract representations of the physical infrastructure - to analyse code vulnerabilities. They can then develop specific software or hardware protections to prevent them. Adding this protection makes the embedded system more secure. But the fault models that are currently used are not very accurate, so it is very difficult for hardware designers and code developers to provide efficient countermeasures.
“With RISC-V it was difficult to find existing products. It's been great to work with Arm, because Arm-based products are easily available in the market and we can find plenty of suitable applications and devices.”
We have proposed a new approach: a complete, more accurate method to develop new fault models for different architectures and different fault attacks. We are looking specifically at protecting low-costdevices, like smart watches and cameras. while still maintaining the best possible performance. Using our fault models, industry will be able to develop low-cost countermeasures that do not need expensive components to detect the attack. Instead, it’s about choosing the correct way to code. This is low-cost protection against “low-cost attackers”.
At first, we were thinking of using RISC-V, the open environment. But to do this work, we need to perform fault injection on actual devices. And we need a lot of devices, from a lot of families. With RISC-V it was difficult to find existing products. It has been great to work with Arm, because Arm-based products are easily available in the market and we can find plenty of suitable applications and devices.
Most existing fault models are Instruction Set Architecture (ISA)-level. They are based on a single level of analysis, describing the effect on the instruction itself. For example, "instruction skip”, which is the best-known fault model, or "instruction corruption". They are interesting, but do not cover all the possible effects. With the increasing complexity of embedded systems, characterising the effects of faults in this limited way can lead to incomplete fault models. They do not explain all the possible faulty behaviors, or represent some faulty behaviors that are never observed.
To better understand the effects of a fault, you really need to follow and analyse the propagation of the faults at different abstraction levels. From there, you can design efficient and well-tailored countermeasures in response.
“We inject faults into registers. And in a processor, there could be more than a thousand registers. So it’s a question of when to inject the fault; and which fault to inject; and where?”
We use an approach called Cross-Layer Analysis, based on the use of multi-abstraction levels: Physical, Register-Transfer Level (RTL), instruction encoding level, and ISA level. This approach had never been used before in the context of security. To understand what has happened in the system, you cannot study the system layer after layer. You need to consider all the system information, and to make a connection between layers, to understand the entire the system development process. And that is difficult.
“Arm Academic Access has been critical to the project, and a great opportunity for us. Arm provides us with RTL IP descriptions of multiple microarchitectures.”
The main difficulty lies in understanding the origin of the fault in the hardware system. It is difficult to connect the faulty behavior observed with a fault injected inside the hardware using a simulator. Or to find where to inject the fault in the hardware in the simulation, to obtain the same faulty behavior. We inject faults into registers. In a processor, there can be more than a thousand registers. So it is a question of when to inject the fault; and which fault to inject; and where? And are you replacing a 0 value with a 1, or a 1 with a 0?
Arm Academic Access has been critical to the project, and a great opportunity for us. Arm provides us with RTL IP descriptions of multiple microarchitectures. It enables us to understand the origins of the observed errors on existing products in presence of fault injection. Without this agreement, our cross-layer approach proposition would not be possible.
Currently we are working on a tool to help find a good location to inject faults, to perform fault simulations based on the layout, the gate-level description and the RTL. Rather than starting with physical fault injection on existing products, it makes sense to provide fault models in the early design stages of the architecture. This lets you better understand the effects of fault injection on the hardware before manufacturing the product. This tool will be able to analyse the RTL/ gate/ layout architecture to highlight hardware vulnerabilities and provide RTL fault models. This will enable developers to build more robust microarchitectures.
We are also working on a new, national project called Arsène; a major collaboration involving at least 10 laboratories. We are developing a compiler that will directly consider the security properties of the application, and the fault model we know, to provide an assembly code robust against fault attacks. Rather than manually developing and analysing the vulnerability of the code, and proposing a new code to directly embed in the compiler, the compiler will be able to provide all this information automatically.
I really like the work because fault injection sits right in the main axis of my research. And it’s complete. We are working in digital systems, considering both software and hardware, and combining the theoretical with the experimental. Evaluating the quality and efficiency of a fault model is a tricky question. It is quite complex. But it is very enjoyable.
Vincent Beroulle is a Professor in Embedded System Security & Safety at the Grenoble Institute of Technology, and head of the LCIS laboratory.
Arm makes a wide range of IP and tools available at no charge for academic research use. To find out more about the IP available, please visit our website.
Explore Research Enablement