A Secure Exception Mode for Fault-Attack-Resistant Processing

摘要

Fault attacks are a known threat to secure embedded implementations. We propose a generic technique to detect and react to fault attacks on embedded software. The countermeasure combines a micro-architecture extension in hardware with a secure trap in software. The combined extension leads to a secure exception mode to handle fault attacks. The microprocessor hardware uses a low-level hardware checkpointing mechanism to recover from fault injection. A high-level secure trap in software then enables an application-specific response. The trap is user-defined and can be co-developed with the application. The combination of hardware fault detection and recovery, with a high-level fault response policy in software leads to significantly lower overhead when compared to traditional redundancy-based techniques in hardware or software. We demonstrate a prototype implementation of the proposed secure exception mode. The prototype is based on a modified LEON3 processor and it is able to detect and respond to setup-time violation attacks. We have realized the design in a 180 nm standard cell ASIC with integrated memory. Using several driver application examples, we characterize the software and hardware overhead of the proposed solution, and we compare it to the conventional redundancy-based solutions. In our understanding this is the first proof-in-silicon processor to offer a comprehensive secure exception mode against fault-injection attacks.