Skip to main content
Springer Nature Link
Log in

Duplication-Based Fault Tolerance for RISC-V Embedded Software

  • Conference paper
  • First Online:
Computer Security – ESORICS 2024 (ESORICS 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14985))

Included in the following conference series:

  • 724 Accesses

Abstract

Embedded devices play critical roles in security and safety, demanding robust protection against fault injection attacks. Among the myriad of fault effects, the instruction skip fault model stands out due to its recurrent manifestation in silicon devices. Furthermore, the continually evolving landscape of hardware attacks facilitates increasingly sophisticated exploits by achieving multiple instruction skips. In this work, we propose an extension of the RISC-V debug specification which enables efficient fault injection testing of the firmware executed on an FPGA-emulated core under a commonly observed instruction skip fault model. We use insights from a fault injection campaign to harden and protect potentially exploitable instructions and propose an assembly level duplication-based approach for software fault tolerance against instruction skip applied to RISC-V architecture. Additionally, we provide a custom debugger implementation which accelerates fault injection campaign by factor of ten. By combining fault injection testing and a generic instruction duplication technique, our methodology can increase fault tolerance of the reference software while having minimal performance loss and code size overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/orshinAtNXP/.

References

  1. JTAG-HS2 programming cable. https://digilent.com/shop/jtag-hs2-promming-cable/. Accessed 01 Dec 2023

  2. Open on-chip debugger. https://openocd.org/. Accessed 01 Dec 2023

  3. Teensy®4.1 development board. https://www.pjrc.com/store/teensy41.html. Accessed 04 Jan 2024

  4. Ahmad, H.A.H., Sedaghat, Y., Moradiyan, M.: LDSFI: a lightweight dynamic software-based fault injection. In: 2019 9th International Conference on Computer and Knowledge Engineering (ICCKE), pp. 207–213 (2019). https://doi.org/10.1109/ICCKE48569.2019.8964875. ISSN: 2643-279X

  5. Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 105–114 (2011). https://doi.org/10.1109/FDTC.2011.9

  6. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006). https://doi.org/10.1109/JPROC.2005.862424. http://ieeexplore.ieee.org/document/1580506/

  7. Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012). https://doi.org/10.1109/JPROC.2012.2188769

    Article  Google Scholar 

  8. Barry, T., Couroussé, D., Robisson, B.: Compilation of a countermeasure against instruction-skip fault attacks. In: Proceedings of the Third Workshop on Cryptography and Security in Computing Systems, pp. 1–6. ACM (2016). https://doi.org/10.1145/2858930.2858931. https://dl.acm.org/doi/10.1145/2858930.2858931

  9. Blömer, J., Silva, R.G.D., Günther, P., Krämer, J., Seifert, J.P.: A practical second-order fault attack against a real-world pairing implementation. In: 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 123–136 (2014). https://doi.org/10.1109/FDTC.2014.22

  10. Breier, J., Hou, X.: How practical are fault injection attacks, really? IEEE Access 10, 113122–11313 (2022). https://doi.org/10.1109/ACCESS.2022.3217212

    Article  Google Scholar 

  11. Colombier, B., et al.: Multi-spot laser fault injection setup: new possibilities for fault injection attacks. In: Grosso, V., Pöppelmann, T. (eds.) CARDIS 2021. LNCS, vol. 13173, pp. 151–166. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-97348-3_9

    Chapter  Google Scholar 

  12. Dutertre, J.M., Riom, T., Potin, O., Rigaud, J.B.: Experimental analysis of the laser-induced instruction skip fault model. In: Askarov, A., Hansen, R.R., Rafnsson, W. (eds.) Secure IT Systems. LNCS, vol. 11875, pp. 221–237. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35055-0_14

    Chapter  Google Scholar 

  13. Elmohr, M.A.: Embedded systems security: on EM fault injection on RISC-v and BR/TBR PUF design on FPGA (2020)

    Google Scholar 

  14. Farooq, U., Mehrez, H.: Pre-silicon verification using multi-FPGA platforms: a review. J. Electron. Test. 37(1), 7–24 (2021). https://doi.org/10.1007/s10836-021-05929-1

    Article  Google Scholar 

  15. Foundation, R.V.: RISC-V Debug Specification. Specification 0.13.2, RISC-V Foundation (2019). https://riscv.org/specifications/debug-specification/

  16. Gangolli, A., Mahmoud, Q.H., Azim, A.: A systematic review of fault injection attacks on IoT systems. Electronics 11(13) (2023). https://doi.org/10.3390/electronics11132023. https://www.mdpi.com/2079-9292/11/13/2023

  17. Gautschi, M., et al.: Near-threshold RISC-v core with DSP extensions for scalable IoT endpoint devices (2017). https://doi.org/10.1109/TVLSI.2017.2654506. https://ieeexplore.ieee.org/document/7864441

  18. Giraud, C., Thiebeauld, H.: A survey on fault attacks. In: Quisquater, J.-J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) CARDIS 2004. IIFIP, vol. 153, pp. 159–176. Springer, Boston, MA (2004). https://doi.org/10.1007/1-4020-8147-2_11

    Chapter  Google Scholar 

  19. Guthaus, M., Ringenberg, J., Ernst, D., Austin, T., Mudge, T., Brown, R.: Mibench: a free, commercially representative embedded benchmark suite. In: Proceedings of the Fourth Annual IEEE International Workshop on Workload Characterization. WWC-4 (Cat. No. 01EX538), pp. 3–14 (2001). https://doi.org/10.1109/WWC.2001.990739

  20. Kiaei, P., Breunesse, C.B., Ahmadi, M., Schaumont, P., Woudenberg, J.V.: Rewrite to reinforce: rewriting the binary to apply countermeasures against fault injection. In: 2021 58th ACM/IEEE Design Automation Conference (DAC), pp. 319–324 (2021). https://doi.org/10.1109/DAC18074.2021.9586278

  21. Menu, A., Dutertre, J.M., Potin, O., Rigaud, J.B., Danger, J.L.: Experimental analysis of the electromagnetic instruction skip fault model. In: 2020 15th Design & Technology of Integrated Systems in Nanoscale Era (DTIS), pp. 1–7 (2020). https://doi.org/10.1109/DTIS48698.2020.9081261

  22. Moro, N., Heydemann, K., Encrenaz, E., Robisson, B.: Formal verification of a software countermeasure against instruction skip attacks. J. Cryptogr. Eng. 4(3), 145–156 (2014). https://doi.org/10.1007/s13389-014-0077-7

    Article  Google Scholar 

  23. Moro, N., Heydemann, K., Dehbaoui, A., Robisson, B., Encrenaz, E.: Experimental evaluation of two software countermeasures against fault attacks. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 112–117 (2014). https://doi.org/10.1109/HST.2014.6855580

  24. Mosdorf, M., Sosnowski, J.: Fault injection in embedded systems using gnu debugger (2011)

    Google Scholar 

  25. Portela-García, M., López-Ongil, C., Garcia Valderas, M.G., Entrena, L.: Fault injection in modern microprocessors using on-chip debugging infrastructures. IEEE Trans. Dependable Secure Comput. 8(2), 308–314 (2011). https://doi.org/10.1109/TDSC.2010.50

    Article  Google Scholar 

  26. Proy, J., Heydemann, K., Majéric, F., Cohen, A., Berzati, A.: Studying EM pulse effects on superscalar microarchitectures at ISA level. http://arxiv.org/abs/1903.02623

  27. Reis, G., Chang, J., Vachharajani, N., Rangan, R., August, D.: SWIFT: software implemented fault tolerance. In: International Symposium on Code Generation and Optimization, pp. 243–254. IEEE (2005). https://doi.org/10.1109/CGO.2005.34. http://ieeexplore.ieee.org/document/1402092/

  28. Rivière, L., Najm, Z., Rauzy, P., Danger, J.L., Bringer, J., Sauvage, L.: High precision fault injections on the instruction cache of ARMV7-M architectures. In: 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 62–67 (2015). https://doi.org/10.1109/HST.2015.7140238

  29. Saß, M., Mitev, R., Sadeghi, A.R.: Oops..! i glitched it again! how to multi-glitch the glitching-protections on ARM TrustZone-m. http://arxiv.org/abs/2302.06932

  30. Schiavone, P.D., et al.: Arnold: an eFPGA-augmented RISC-v SoC for flexible and low-power IoT end nodes. https://doi.org/10.1109/TVLSI.2021.3058162. https://ieeexplore.ieee.org/document/9369856

  31. Schirmeier, H., Hoffmann, M., Dietrich, C., Lenz, M., Lohmann, D., Spinczyk, O.: FAIL*: an open and versatile fault-injection framework for the assessment of software-implemented hardware fault tolerance. In: 2015 11th European Dependable Computing Conference (EDCC), pp. 245–255 (2015). https://doi.org/10.1109/EDCC.2015.28

  32. Sharif, U., Mueller-Gritschneder, D., Schlichtmann, U.: COMPAS: compiler-assisted software-implemented hardware fault tolerance for RISC-v. In: 2022 11th Mediterranean Conference on Embedded Computing (MECO), pp. 1–4 (2022). https://doi.org/10.1109/MECO55406.2022.9797144. ISSN: 2637-9511

  33. Timmers, N., Mune, C.: Escalating privileges in linux using voltage fault injection. In: 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 1–8 (2017). https://doi.org/10.1109/FDTC.2017.16

  34. Witteman, M.: Security highlight: multi-fault attacks are practical (2023). https://www.riscure.com/security-highlight-multi-fault-attacks-are-practical/

  35. Yuce, B., Ghalaty, N.F., Santapuri, H., Deshpande, C., Patrick, C., Schaumont, P.: Software fault resistance is futile: effective single-glitch attacks. In: 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 47–58 (2016). https://doi.org/10.1109/FDTC.2016.21

  36. Zhang, Y., Liu, B., Zhou, Q.: A dynamic software binary fault injection system for real-time embedded software. In: The Proceedings of 2011 9th International Conference on Reliability, Maintainability and Safety, pp. 676–680 (2011). https://doi.org/10.1109/ICRMS.2011.5979375

  37. Ziade, H., Ayoubi, R., Velazco, R.: A survey on fault injection techniques. Int. Arab J. Inf. Technol. 1, 171–186 (2004)

    Google Scholar 

Download references

Acknowledgments

Funded by the European Union under grant agreement no. 101070008. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union. Neither the European Union nor the granting authority can be held responsible for them.

Author information

Authors and Affiliations

  1. NXP Semiconductors, Beiersdorfstraße 12, 22529, Hamburg, Germany

    Volodymyr Bezsmertnyi & Jean-Michel Cioranesco

  2. Institute for IT-Security, Ratzeburger Allee 160, 23562, Lübeck, Germany

    Volodymyr Bezsmertnyi & Thomas Eisenbarth

Authors
  1. Volodymyr Bezsmertnyi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Michel Cioranesco
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Eisenbarth
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Volodymyr Bezsmertnyi .

Editor information

Editors and Affiliations

  1. Institut Polytechnique de Paris, Palaiseau, France

    Joaquin Garcia-Alfaro

  2. Bydgoszcz University of Science and Technology, Bydgoszcz, Poland

    Rafał Kozik

  3. Bydgoszcz University of Science and Technology, Bydgoszcz, Poland

    Michał Choraś

  4. Norwegian University of Science and Technology - NTNU, Gjøvik, Norway

    Sokratis Katsikas

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bezsmertnyi, V., Cioranesco, JM., Eisenbarth, T. (2024). Duplication-Based Fault Tolerance for RISC-V Embedded Software. In: Garcia-Alfaro, J., Kozik, R., Choraś, M., Katsikas, S. (eds) Computer Security – ESORICS 2024. ESORICS 2024. Lecture Notes in Computer Science, vol 14985. Springer, Cham. https://doi.org/10.1007/978-3-031-70903-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-70903-6_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-70902-9

  • Online ISBN: 978-3-031-70903-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics