Fault Injection Attack Emulation Framework for Early Evaluation of IC Designs

Fault injection attack (FIA) has become a serious threat to the confidentiality and fault tolerance of integrated circuits (ICs). Circuit designers need an effective method to evaluate the countermeasures of the IC designs against the FIAs at the design stage. To address the need, this article, based on FPGA emulation, proposes an in-circuit early evaluation framework, in which FIAs are emulated with parameterized fault models. To mimic FIAs, an efficient scan approach is proposed to inject faults at any time at any circuit nodes, while both the time and area overhead of fault injection are reduced. After the circuit design under test (CUT) is submitted to the framework, the scan chains insertion, fault generation, and fault injection are executed automatically, and the evaluation result of the CUT is generated, making the evaluation a transparent process to the designers. Based on the framework, the confidentiality and fault-tolerance evaluations are demonstrated with an information-based evaluation approach. Experiment results on a set of ISCAS89 benchmark circuits show that on average, our approach reduces the area overhead by 41.08% compared with the full scan approach and by over 20.00% compared with existing approaches. The confidentiality evaluation experiments on AES-128 and DES-56 and the fault-tolerance evaluation experiments on two CNN circuits, a RISC-V core, a Cordic core, and the float point arithmetic units show the effectiveness of the proposed framework.

Bypassing Isolated Execution on RISC-V using Side-Channel-Assisted Fault-Injection and Its Countermeasure

RISC-V is equipped with physical memory protection (PMP) to prevent malicious software from accessing protected memory regions. PMP provides a trusted execution environment (TEE) that isolates secure and insecure applications. In this study, we propose a side-channel-assisted fault-injection attack to bypass isolation based on PMP. The proposed attack scheme involves extracting successful glitch parameters for fault injection from side-channel information under crossdevice conditions. A proof-of-concept TEE compatible with PMP in RISC-V was implemented, and the feasibility and effectiveness of the proposed attack scheme was validated through experiments in TEEs. The results indicate that an attacker can bypass the isolation of the TEE and read data from the protected memory region In addition, we experimentally demonstrate that the proposed attack applies to a real-world TEE, Keystone. Furthermore, we propose a software-based countermeasure that prevents the proposed attack.

A Review on Evaluation and Configuration of Fault Injection Attack Instruments to Design Attack Resistant MCU-Based IoT Applications

The Internet-of-Things (IoT) has gained significant importance in all aspects of daily life, and there are many areas of application for it. Despite the rate of expansion and the development of infrastructure, such systems also bring new concerns and challenges. Security and privacy are at the top of the list and must be carefully considered by designers and manufacturers. Not only do the devices need to be protected against software and network-based attacks, but proper attention must also be paid to recently emerging hardware-based attacks. However, low-cost unit software developers are not always sufficiently aware of existing vulnerabilities due to these kinds of attacks. To tackle the issue, various platforms are proposed to enable rapid and easy evaluation against physical attacks. Fault attacks are the noticeable type of physical attacks, in which the normal and secure behavior of the targeted devices is liable to be jeopardized. Indeed, such attacks can cause serious malfunctions in the underlying applications. Various studies have been conducted in other research works related to the different aspects of fault injection. Two of the primary means of fault attacks are clock and voltage fault injection. These attacks can be performed with a moderate level of knowledge, utilizing low-cost facilities to target IoT systems. In this paper, we explore the main parameters of the clock and voltage fault generators. This can help hardware security specialists to develop an open-source platform and to evaluate their design against such attacks. The principal concepts of both methods are studied for this purpose. Thereafter, we conclude our paper with the need for such an evaluation platform in the design and production cycle of embedded systems and IoT devices.