Paper 2023/1323
MAFIA: Protecting the Microarchitecture of Embedded Systems Against Fault Injection Attacks
Abstract
Fault injection attacks represent an effective threat to embedded systems. Recently, Laurent et al. have reported that fault injection attacks can leverage faults inside the microarchitecture. However, state-of-the-art counter-measures, hardware-only or with hardware support, do not consider the integrity of microarchitecture control signals that are the target of these faults. We present MAFIA, a microarchitecture protection against fault injection attacks. MAFIA ensures integrity of pipeline control signals through a signature-based mechanism, and ensures fine-grained control-flow integrity with a complete indirect branch support and code authenticity. We analyse the security properties of two different implementations with different security/overhead trade-offs: one with a CBC-MAC/Prince signature function, and another one with a CRC32. We present our implementation of MAFIA in a RISC-V processor, supported by a dedicated compiler toolchain based on LLVM/Clang. We report a hardware area overhead of 23.8 % and 6.5 % for the CBC-MAC/Prince and CRC32 respectively. The average code size and execution time overheads are 29.4% and 18.4% respectively for the CRC32 implementation and are 50 % and 39 % for the CBC-MAC/Prince.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published elsewhere. Minor revision. IEEE TCAD
- DOI
- 10.1109/TCAD.2023.3276507
- Keywords
- code integritycontrol-flow integritycontrol-signal integritycode authenticitycontrol logiccounter-measures
- Contact author(s)
-
chamelot thomas @ gmail com
damien courousse @ cea fr
karine heydemann @ thalesgroup com - History
- 2023-09-10: revised
- 2023-09-05: received
- See all versions
- Short URL
- https://ia.cr/2023/1323
- License
-
CC BY-NC-SA
BibTeX
@misc{cryptoeprint:2023/1323, author = {Thomas Chamelot and Damien Couroussé and Karine Heydemann}, title = {{MAFIA}: Protecting the Microarchitecture of Embedded Systems Against Fault Injection Attacks}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1323}, year = {2023}, doi = {10.1109/TCAD.2023.3276507}, url = {https://eprint.iacr.org/2023/1323} }