University of Twente Student Theses
Fault Injection Attacks on Trusted Execution for RISC-V Cores
Dijk, Remco van (2024) Fault Injection Attacks on Trusted Execution for RISC-V Cores.
|
PDF
8MB |
| Abstract: | In recent years, the open RISC-V Instruction Set Architecture (ISA) has seen increasing adoption in the industry. However, as RISC-V grows in popularity, it also becomes a greater target for malicious behavior. Therefore, there is a need to facilitate the secure execution of software, especially in embedded systems, where RISC-V is gaining the most popularity. This is commonly achieved by making use of a Trusted Execution Environment (TEE). However, embedded devices often operate 'in the field', where it is possible for an attacker to gain physical access to the device in question, which enables physical attacks involving Fault Injection (FI) and Side-Channel Analysis (SCA). This research performs a deep dive into the world of RISC-V cores with respect to their vulnerability to FI attacks using a commonly available FI method called 'clock glitching', where the attacker takes control over the clock signal and modifies it to cause a timing violation, resulting in faults such as skipped instructions. In this work, it has been confirmed that TEEs on RISC-V are generally vulnerable to FI attacks targeting Control and Status Register (CSR) access instructions, since TEEs are commonly reliant on RISC-V's Physical Memory Protection (PMP) extension to provide isolation in memory, which needs to be configured through CSRs, as specified by the RISC-V ISA. However, in contrast to previous works that generally focus their efforts on a single core or device, this work shows that susceptibility to FI attacks is highly dependent on microarchitectural differences. Performing the same attack on different RISC-V cores using nearly identical firmware leads to vastly different results, meaning that a TEE is at most as secure as the hardware that it is running on when a system's environment enables physical attacks, which is often the case in embedded systems. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 53 electrotechnology, 54 computer science |
| Programme: | Embedded Systems MSc (60331) |
| Link to this item: | https://purl.utwente.nl/essays/104771 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page