Description
The security of embedded systems must hold up even if an attacker
has physical access to it. By using electromagnetic pulses or
lasers, the hardware can be coerced into incorrect execution of
instructions or data corruption. Those fault injections can finally
lead to a leak of sensitive information or to a take-over of the
target system by an attacker. Countermeasures can be either applied
in hardware or software. Hardware-based countermeasures are
expensive to implement and are not available for off-the-shelf
components. On the contrary, software-based countermeasures can be
implemented in the compiler such that the generated binary is
hardened against those attacks. This enables retrofitting for
devices which are already in use through regular firmware updates.
Previous work has either ignored faults of the memory subsystem or
implemented it incomplete. This thesis focuses on implementing such
countermeasures in the LLVM compiler framework. Error detection
codes are applied to the memory subsystem, which allows detecting
bit flips in memory or during the bus transfer. The implemented
solution allows choosing between two different encodings: repetition
code and AN code. Both have a similar performance slowdowns between
2-4x and increase the size of the binary between 4-7x.
The detection capabilities are very different for the two encodings.
AN code is better at detecting a low number of bit flips with a high
percentage. Whereas, repetition code has a better overall
performance for multiple bit flips. Because of the relatively large
binary sizes, the presented approach can be problematic in memory
constraint environments. However, the encoding can be applied
without any source code changes and provides an easy-to-use solution
to increase resilience against memory-based fault injections.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching