Fault attacks are active, physical attacks that an adversary can leverage to alter the control-flow of embedded devices to gain access to sensitive information or bypass protection mechanisms. Due to the severity of these attacks, manufacturers deploy hardware-based fault defenses into security-critical systems, such as secure elements. The development of these countermeasures is a challenging task due to the complex interplay of circuit components and because contemporary design automation tools tend to optimize inserted structures away, thereby defeating their purpose. Hence, it is critical that such countermeasures are rigorously verified post-synthesis. As classical functional verification techniques fall short of assessing the effectiveness of countermeasures, developers have to resort to methods capable of injecting faults in a simulation testbench or into a physical chip. However, developing test sequences to inject faults in simulation is an error-prone task and performing fault attacks on a chip requires specialized equipment and is incredibly time-consuming. To that end, this paper introduces SYNFI, a formal pre-silicon fault verification framework that operates on synthesized netlists. SYNFI can be used to analyze the general effect of faults on the input-output relationship in a circuit and its fault countermeasures, and thus enables hardware designers to assess and verify the effectiveness of embedded countermeasures in a systematic and semi-automatic way. To demonstrate that SYNFI is capable of handling unmodified, industry-grade netlists synthesized with commercial and open tools, we analyze OpenTitan, the first open-source secure element. In our analysis, we identified critical security weaknesses in the unprotected AES block, developed targeted countermeasures, reassessed their security, and contributed these countermeasures back to the OpenTitan repository.
翻译:由于这些攻击的严重性,制造商必须在安全关键系统中安装基于硬件的故障防护装置,例如安全要素。这些反措施的开发是一项具有挑战性的任务,因为电路部件的复杂相互作用,而且由于当代设计自动化工具倾向于优化插入结构,从而挫败其目的。因此,至关重要的是,这类反措施必须是经过严格核实的后合成。由于传统的功能核查技术在评估对策效力方面不足,开发者不得不采用能够在模拟测试箱或物理芯片中注入故障的方法。然而,在模拟中输入故障的测试序列是一项容易出错的任务,对芯片进行故障攻击需要专门设备,而且非常耗时。为此,本文件介绍了SYNFI,一个正式的、在开放式网络列表上运行的、正式的硅前级核查框架。SYNFI可用于分析在模拟测试测试或物理芯片时,在模拟测试中能够注入故障的方法,在模拟中输入故障的故障,在目标源码测试或物理芯片中分析其系统化的系统化反射系统化反射器。