- 學位論文
針對故障注入攻擊的RISC-V處理器健全硬體回復機制的實現
Implementation of Robust Hardware Recovery Mechanism Against Fault Injection Attacks on RISC-V Processor
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
嵌入式系統在現今的科技發展中已經成為隨處可見的重要設備,舉凡各式物聯網裝置、自動化工廠設備、自動駕駛汽車等產品皆搭載嵌入式系統。RISC-V架構指令集及其處理器因其可擴充的指令設計及開放性的硬體設計,並擁有完整的開源生態系,已成為時下嵌入式系統最炙手可熱的應用選項。因此,提升RISC-V處理器面對嵌入式系統常見的障礙注入攻擊時的安全性已然成為一項重要課題。 障礙注入攻擊作為本論文主要關注的攻擊手段,攻擊者可用低成本的方式由硬體外部注入可影響處理器正常運作的訊號,導致處理器出現運作錯誤或是敏感資訊洩漏。本文尤其探討注入時鐘短時脈衝攻擊的情況,針對處理器的受到此類攻擊的情況提出一種故障回復機制以及對應的硬體電路設計,目標是可以在不需要軟體支援的情況下以有限的額外硬體和運作時間將處理器回復至攻擊前的狀態並正常運作。本文針對開源四級管線化RISC-V架構處理器的特殊管線架構設計回復電路,並在現場可程式化邏輯閘陣列開發板上驗證此硬體回復機制可以百分之百抵抗時鐘短時脈衝攻擊。 此外,本文亦提出專為故障注入攻擊相關硬體實驗所設計之自動化驗證平台,將現場可程式化邏輯閘陣列開發板與電腦自動控制流程進行整合,並針對時鐘短時脈衝攻擊提出精確的定義以及穩健的攻擊產生電路,實現快速且精準的障礙注入攻擊的實驗與驗證。
並列摘要
Embedded systems are now widespread in products like IoT devices, automated factory equipment, and autonomous vehicles. With its extensible instruction set and open-source ecosystem, the RISC-V architecture has become a popular choice for these systems. Thus, enhancing the security of RISC-V processors against fault injection attacks has become crucial. Fault injection attacks, the focus of this thesis, allow attackers to inject malicious signals cheaply, causing processors to malfunction or leak information. This thesis specifically examines clock glitch attacks and proposes a recovery mechanism and corresponding hardware circuit design to address the effects of such attacks on the processor. The goal is to recover the processor to its pre-attack state and ensure normal operation with minimal additional hardware and operation time without software support. The proposed recovery circuit is designed for the unique pipeline architecture of an open-source, four-stage pipelined RISC-V processor, and its effectiveness in fully countering clock glitch attacks is verified on an FPGA development board. Additionally, this thesis introduces an automatic validation platform for fault injection hardware experiments. The platform integrates the FPGA development board with an automated control process and offers precise definitions and robust attack generation circuits for quick and accurate fault injection experiments and verification.
參考文獻
[1] Bhasin, S., Mukhopadhyay, D., “Fault Injection Attacks: Attack Methodologies, Injection Techniques and Protection Mechanisms,” Security, Privacy, and Applied Cryptography Engineering, vol 10076, 2016, pp. 415-418.
[2] A. Barenghi, L. Breveglieri, I. Koren and D. Naccache, “Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures,” Proceedings of the IEEE, vol. 100, no. 11, 2012, pp. 3056-3076.
[3] Yuce, Bilgiday, et al., “Software fault resistance is futile: Effective single-glitch attacks,” Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), IEEE, 2016.
[4] X. Wang, Z. Zhao, D. Xu, Z. Zhang, Q. Hao and M. Liu, “An M-Cache-Based Security Monitoring and Fault Recovery Architecture for Embedded Processor,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 28, no. 11, 2020, pp. 2314-2327.
[5] Santos, Douglas Almeida, et al., “A low-cost fault-tolerant RISC-V processor for space systems,” 15th Design & Technology of Integrated Systems in Nanoscale Era (DTIS), IEEE, 2020.