Paper 2024/247

Fault-Resistant Partitioning of Secure CPUs for System Co-Verification against Faults

Simon Tollec, Université Paris-Saclay, CEA, List, F-91120, Palaiseau, France
Vedad Hadžić, Graz University of Technology, Graz, Austria
Pascal Nasahl, Graz University of Technology, Graz, Austria, lowRISC C.I.C., Cambridge, United Kingdom
Mihail Asavoae, Université Paris-Saclay, CEA, List, F-91120, Palaiseau, France
Roderick Bloem, Graz University of Technology, Graz, Austria
Damien Couroussé, Univ. Grenoble Alpes, CEA, List, F-38000, Grenoble, France
Karine Heydemann, Thales DIS, France, Sorbonne Univ., CNRS, LIP6, F-75005, Paris, France
Mathieu Jan, Université Paris-Saclay, CEA, List, F-91120, Palaiseau, France
Stefan Mangard, Graz University of Technology, Graz, Austria
Abstract

Fault injection attacks are a serious threat to system security, enabling attackers to bypass protection mechanisms or access sensitive information. To evaluate the robustness of CPU-based systems against these attacks, it is essential to analyze the consequences of the fault propagation resulting from the complex interplay between the software and the processor. However, current formal methodologies combining hardware and software face scalability issues due to the monolithic approach used. To address this challenge, this work formalizes the $k$-fault resistant partitioning notion to solve the fault propagation problem when assessing redundancy-based hardware countermeasures in a first step. Proven security guarantees can then reduce the remaining hardware attack surface when introducing the software in a second step. First, we validate our approach against previous work by reproducing known results on cryptographic circuits. In particular, we outperform state-of-the-art tools for evaluating AES under a three-fault-injection attack. Then, we apply our methodology to the OpenTitan secure element and formally prove the security of its CPU's hardware countermeasure to single bit-flip injections. Besides that, we demonstrate that previously intractable problems, such as analyzing the robustness of OpenTitan running a secure boot process, can now be solved by a co-verification methodology that leverages a $k$-fault resistant partitioning. We also report a potential exploitation of the register file vulnerability in two other software use cases. Finally, we provide a security fix for the register file, prove its robustness, and integrate it into the OpenTitan project.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A major revision of an IACR publication in TCHES 2024
Keywords
Physical AttacksOpenTitanSecure BootHardwareSoftware
Contact author(s)
simon tollec @ cea fr
vedad hadzic @ iaik tugraz at
nasahlpa @ lowrisc org
mihail asavoae @ cea fr
roderick bloem @ iaik tugraz at
damien courousse @ cea fr
karine heydemann @ thalesgroup com
mathieu jan @ cea fr
stefan mangard @ iaik tugraz at
History
2024-07-13: revised
2024-02-15: received
See all versions
Short URL
https://ia.cr/2024/247
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/247,
      author = {Simon Tollec and Vedad Hadžić and Pascal Nasahl and Mihail Asavoae and Roderick Bloem and Damien Couroussé and Karine Heydemann and Mathieu Jan and Stefan Mangard},
      title = {Fault-Resistant Partitioning of Secure {CPUs} for System Co-Verification against Faults},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/247},
      year = {2024},
      url = {https://eprint.iacr.org/2024/247}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.