Bypassing Isolated Execution on RISC-V using Side-Channel-Assisted Fault-Injection and Its Countermeasure

Nashimoto, Shoei; Suzuki, Daisuke; Ueno, Rei; Homma, Naofumi

doi:10.46586/tches.v2022.i1.28-68

Cited by 10 publications

(10 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, in [36], the authors resort to physically hooking upon the Serial Voltage Identification bus to manipulate voltages for similar objectives. In [37], a clock glitch is used to bypass RISC-V's physical memory protection. While in [38], voltage glitches are used to load malicious firmware that decrypts virtualized memory and fake attestations.…”

Section: A Beyond Faults On Hardware: Stepping Into the Soc Worldmentioning

confidence: 99%

“…On similar lines, works like [13], [37], [39], [40], [72], [73] allow an adversary to attach a second adversarial controlled device to the victim device, where the second device controls the inputs to the clock/voltage inputs of the victim device. Such well timed glitches can introduce precise faults.…”

Section: A Comparison With Previous Workmentioning

confidence: 99%

“…Finally, in addition to running on low-end devices like FGPAs and using external voltage/clock glitches, works like [37] assume the ability of an attacker to introduce code-based triggers, signalling the start of an execution of interest where the fault must be injected. Although an acceptable fault model in academic settings, it does not agree with our goal G1 (which we believe is more relevant to practical situations).…”

Section: A Comparison With Previous Workmentioning

confidence: 99%

See 2 more Smart Citations

Faults in Our Bus: Novel Bus Fault Attack to Break ARM TrustZone

Mishra,

Chakraborty,

Mukhopadhyay

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

The ever-increasing growth of Internet-of-Things (IoT) has led to wide-scale deployment of high-frequency, highly complex Systems-on-a-Chip (SoCs), which are capable of running a full-fledged operating system (OS). The presence of OS and other software countermeasures make SoCs resilient against the traditional fault attacks that are relevant on FPGAs and microprocessors. In this work, we present the first practical implications of targeting an orthogonal aspect of SoC's architecture: the system bus. We inject electromagnetic pulses onto the system bus during the execution of instructions involving processor-memory interaction. We show how address bus faults compromise software implementations of masked implementations of ciphers, illustrated using implementations of state-of-theart post-quantum cryptography (PQC) schemes, leaking entire secret keys with a single fault. We also demonstrate that data bus faults can be controlled and exploited to launch Differential Fault Analysis (DFA) attacks on table-based implementation of the Advanced Encryption Standard (AES). Furthermore, we demonstrate that the impact of such bus faults can be farreaching and mislead the security guarantees of the popular and widely used ARM TrustZone. We use data-bus faults (along with loopholes in the GlobalPlatform API specification) to mislead the signature verification step to load a malicious Trusted Application (TA) inside the TrustZone. We follow this up with address bus faults to steal symmetric encryption keys of other benign TAs in the system, leading to complete breakdown of security on TrustZone. We note that since the attack relies upon loopholes in the GlobalPlatform API specification, it is portable to any TEE following this specification. To emphasize upon this portability of the attack, we demonstrate successful installation of malicious TAs on two TrustZone implementations (OP-TEE and MyTEE) on two different platforms (Raspberry Pi 3 and Raspberry Pi 4). Finally, we propose countermeasures that can be integrated into the SoC environment to defend against these attack vectors.

show abstract

Section: A Beyond Faults On Hardware: Stepping Into the Soc Worldmentioning

confidence: 99%

Section: A Comparison With Previous Workmentioning

confidence: 99%

Section: A Comparison With Previous Workmentioning

confidence: 99%

See 1 more Smart Citation

Faults in Our Bus: Novel Bus Fault Attack to Break ARM TrustZone

Mishra,

Chakraborty,

Mukhopadhyay

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…RISC-V: RISC-V [51] is an open standard instruction set architecture that is growing in popularity for its flexibility and extensibility. Several initiatives (e.g., [52,53,54]) are underway to develop TEE implementations based on the RISC-V architecture, aiming to provide hardware-level security guarantees while preserving the open and customizable nature of RISC-V.…”

Section: Other Tee Implementationsmentioning

confidence: 99%

Edge-MultiAI: Multi-Tenancy of Latency-Sensitive Deep Learning Applications on Edge

Zobaed

Mokhtari

Champati

et al. 2022

2022 IEEE/ACM 15th International Conference on Utility and Cloud Computing (UCC)

View full text Add to dashboard Cite

Confidential computing has gained prominence due to the escalating volume of datadriven applications (e.g., machine learning and big data) and the acute desire for secure processing of sensitive data, particularly, across distributed environments, such as edge-to-cloud continuum. Provided that the works accomplished in this emerging area are scattered across various research fields, this paper aims at surveying the fundamental concepts, and cutting-edge software and hardware solutions developed for confidential computing using trusted execution environments, homomorphic encryption, and secure enclaves. We underscore the significance of building trust in both hardware and software levels and delve into their applications particularly for machine learning (ML) applications. While substantial progress has been made, there are some barely-explored areas that need extra attention from the researchers and practitioners in the community to improve confidentiality aspects, develop more robust attestation mechanisms, and to address vulnerabilities of the existing trusted execution environments. Providing a comprehensive taxonomy of the confidential computing landscape, this survey enables researchers to advance this field to ultimately ensure the secure processing of users' sensitive data across a multitude of applications and computing tiers.

show abstract

“…Hence, FI attacks are capable of introducing vulnerabilities. As an example, this kind of attacks have been successfully launched on Trusted Execution Environments (TEEs) [16,36], embedded devices [40,63], smart cards [59] and recently even against workstation processors [14,23].…”

Section: Introductionmentioning

confidence: 99%

Oops..! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M

Saß¹,

Mitev²,

Sadeghi³

2023

Preprint

View full text Add to dashboard Cite

Voltage Fault Injection (VFI), also known as power glitching, has proven to be a severe threat to real-world systems. In VFI attacks, the adversary disturbs the power-supply of the target-device forcing the device to illegitimate behavior. Various countermeasures have been proposed to address different types of fault injection attacks at different abstraction layers, either requiring to modify the underlying hardware or software/firmware at the machine instruction level. Moreover, only recently, individual chip manufacturers have started to respond to this threat by integrating countermeasures in their products. Generally, these countermeasures aim at protecting against single fault injection (SFI) attacks, since Multiple Fault Injection (MFI) is believed to be challenging and sometimes even impractical. In this paper, we present µ-Glitch, the first Voltage Fault Injection (VFI) platform which is capable of injecting multiple, coordinated voltage faults into a target device, requiring only a single trigger signal. We provide a novel flow for Multiple Voltage Fault Injection (MVFI) attacks to significantly reduce the search complexity for fault parameters, as the search space increases exponentially with each additional fault injection. We evaluate and showcase the effectiveness and practicality of our attack platform on four real-world chips, featuring TrustZone-M: The first two have interdependent backchecking mechanisms, while the second two have additionally integrated countermeasures against fault injection. Our evaluation revealed that µ-Glitch can successfully inject four consecutive faults within an average time of one day. Finally, we discuss potential countermeasures to mitigate VFI attacks and additionally propose two novel attack scenarios for MVFI.

show abstract

Bypassing Isolated Execution on RISC-V using Side-Channel-Assisted Fault-Injection and Its Countermeasure

Cited by 10 publications

References 0 publications

Faults in Our Bus: Novel Bus Fault Attack to Break ARM TrustZone

Faults in Our Bus: Novel Bus Fault Attack to Break ARM TrustZone

Edge-MultiAI: Multi-Tenancy of Latency-Sensitive Deep Learning Applications on Edge

Oops..! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M

Contact Info

Product

Resources

About