MAFIA: Protecting the Microarchitecture of Embedded Systems Against Fault Injection Attacks

Thomas Chamelot; Damien Couroussé; Karine Heydemann

Paper 2023/1323

MAFIA: Protecting the Microarchitecture of Embedded Systems Against Fault Injection Attacks

Thomas Chamelot, Univ. Grenoble Alpes, CEA, List, F-38000 Grenoble, France

Damien Couroussé

, Univ. Grenoble Alpes, CEA, List, F-38000 Grenoble, France

Karine Heydemann

, Thales DIS France, Sorbonne Univer- sité, CNRS, LIP6, 75005 Paris, France

Abstract

Fault injection attacks represent an effective threat to embedded systems. Recently, Laurent et al. have reported that fault injection attacks can leverage faults inside the microarchitecture. However, state-of-the-art counter-measures, hardware-only or with hardware support, do not consider the integrity of microarchitecture control signals that are the target of these faults. We present MAFIA, a microarchitecture protection against fault injection attacks. MAFIA ensures integrity of pipeline control signals through a signature-based mechanism, and ensures fine-grained control-flow integrity with a complete indirect branch support and code authenticity. We analyse the security properties of two different implementations with different security/overhead trade-offs: one with a CBC-MAC/Prince signature function, and another one with a CRC32. We present our implementation of MAFIA in a RISC-V processor, supported by a dedicated compiler toolchain based on LLVM/Clang. We report a hardware area overhead of 23.8 % and 6.5 % for the CBC-MAC/Prince and CRC32 respectively. The average code size and execution time overheads are 29.4% and 18.4% respectively for the CRC32 implementation and are 50 % and 39 % for the CBC-MAC/Prince.

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Published elsewhere. Minor revision. IEEE TCAD
DOI: 10.1109/TCAD.2023.3276507
Keywords: code integrity control-flow integrity control-signal integrity code authenticity control logic counter-measures
Contact author(s): chamelot thomas @ gmail com
damien courousse @ cea fr
karine heydemann @ thalesgroup com
History: 2023-09-10: revised; 2023-09-05: received; See all versions
Short URL: https://ia.cr/2023/1323
License: CC BY-NC-SA

BibTeX

@misc{cryptoeprint:2023/1323,
      author = {Thomas Chamelot and Damien Couroussé and Karine Heydemann},
      title = {{MAFIA}: Protecting the Microarchitecture of Embedded Systems Against Fault Injection Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1323},
      year = {2023},
      doi = {10.1109/TCAD.2023.3276507},
      url = {https://eprint.iacr.org/2023/1323}
}