Secure elements physically exposed to adversaries are frequently targeted by fault attacks. These attacks can be utilized to hijack the control-flow of software allowing the attacker to bypass security measures, extract sensitive data, or gain full code execution. In this paper, we systematically analyze the threat vector of fault-induced control-flow manipulations on the open-source OpenTitan secure element. Our thorough analysis reveals that current countermeasures of this chip either induce large area overheads or still cannot prevent the attacker from exploiting the identified threats. In this context, we introduce SCRAMBLE-CFI, an encryption-based control-flow integrity scheme utilizing existing hardware features of OpenTitan. SCRAMBLE-CFI confines, with minimal hardware overhead, the impact of fault-induced control-flow attacks by encrypting each function with a different encryption tweak at load-time. At runtime, code only can be successfully decrypted when the correct decryption tweak is active. We open-source our hardware changes and release our LLVM toolchain automatically protecting programs. Our analysis shows that SCRAMBLE-CFI complementarily enhances security guarantees of OpenTitan with a negligible hardware overhead of less than 3.97 % and a runtime overhead of 7.02 % for the Embench-IoT benchmarks.
翻译:暴露于攻击者物理环境下的安全元素经常受到故障攻击的威胁。这些攻击可以被用于劫持软件的控制流,使攻击者绕过安全措施、提取敏感数据或获取完整的代码执行权限。在这篇论文中,我们对开源OpenTitan安全元素上的故障引起的控制流篡改威胁进行系统分析。我们的彻底分析揭示了此芯片当前的抵御措施可能要么引入很大的面积开销,要么仍然无法防止攻击者利用已经发现的威胁。在这种背景下,我们引入了SCRAMBLE-CFI,这是一种基于加密的控制流完整性方案,利用了OpenTitan的现有硬件特性。SCRAMBLE-CFI用最小的硬件开销限制了故障引起的控制流攻击的影响,方法是在加载时使用不同的加密修改对每个函数进行加密。在运行时,只有在正确的解密修改是激活时,代码才能被成功解密。我们开源了我们的硬件改动并发布了我们的LLVM工具链,自动保护程序。我们的分析表明,SCRAMBLE-CFI则以不到3.97%的可接受硬件开销和少于7.02%的运行时开销,更全面地提高了OpenTitan的安全保障。