Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

TRANSPOSE: Transitional Approaches for Spatially-Aware LFI Resilient FSM Encoding

Muhtadi Choudhury, Minyan Gao, Avinash Varna, Elad Peer, Domenic Forte

TL;DR

A transition-based encoding CAD framework (TRANSPOSE), that incorporates spatial transitional vulnerability metrics to quantify design susceptibility of FSMs based on both the bit flip model and the set-reset models, is proposed.

Abstract

Finite state machines (FSMs) regulate sequential circuits, including access to sensitive information and privileged CPU states. Courtesy of contemporary research on laser attacks, laser-based fault injection (LFI) is becoming even more precise where an adversary can thwart chip security by altering individual flip-flop (FF) values. Different laser models, e.g., bit flip, bit set, and bit reset, have been developed to appreciate LFI on practical targets. As traditional approaches may incorporate substantial overhead, state-based SPARSE and transition-based TAMED countermeasures were proposed in our prior work to improve FSM resiliency efficiently. TAMED overcame SPARSE's limitation of being too conservative, and generating multiple LFI resilient encodings for contemporary LFI models on demand. SPARSE, however, incorporated design layout information into its vulnerability estimation which makes its vulnerability estimation metric more accurate. In this paper, we extend TAMED by proposing a transition-based encoding CAD framework (TRANSPOSE), that incorporates spatial transitional vulnerability metrics to quantify design susceptibility of FSMs based on both the bit flip model and the set-reset models. TRANSPOSE also incorporates floorplan optimization into its framework to accommodate secure spatial inter-distance of FF-sensitive regions. All TRANSPOSE approaches are demonstrated on 5 multifarious benchmarks and outperform existing FSM encoding schemes/frameworks in terms of security and overhead.

TRANSPOSE: Transitional Approaches for Spatially-Aware LFI Resilient FSM Encoding

TL;DR

A transition-based encoding CAD framework (TRANSPOSE), that incorporates spatial transitional vulnerability metrics to quantify design susceptibility of FSMs based on both the bit flip model and the set-reset models, is proposed.

Abstract

Finite state machines (FSMs) regulate sequential circuits, including access to sensitive information and privileged CPU states. Courtesy of contemporary research on laser attacks, laser-based fault injection (LFI) is becoming even more precise where an adversary can thwart chip security by altering individual flip-flop (FF) values. Different laser models, e.g., bit flip, bit set, and bit reset, have been developed to appreciate LFI on practical targets. As traditional approaches may incorporate substantial overhead, state-based SPARSE and transition-based TAMED countermeasures were proposed in our prior work to improve FSM resiliency efficiently. TAMED overcame SPARSE's limitation of being too conservative, and generating multiple LFI resilient encodings for contemporary LFI models on demand. SPARSE, however, incorporated design layout information into its vulnerability estimation which makes its vulnerability estimation metric more accurate. In this paper, we extend TAMED by proposing a transition-based encoding CAD framework (TRANSPOSE), that incorporates spatial transitional vulnerability metrics to quantify design susceptibility of FSMs based on both the bit flip model and the set-reset models. TRANSPOSE also incorporates floorplan optimization into its framework to accommodate secure spatial inter-distance of FF-sensitive regions. All TRANSPOSE approaches are demonstrated on 5 multifarious benchmarks and outperform existing FSM encoding schemes/frameworks in terms of security and overhead.

Paper Structure

This paper contains 21 sections, 10 equations, 11 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Background Concepts
  3. Basic Notation and Common Terms
  4. FSM and Encoding
  5. Fault Injection Against FSMs
  6. D Flip-Flop Operation
  7. Threat model, Flip-Flop Sensitivity and Security Assessment
  8. Proposed Threat Model
  9. SEU Sensitive Regions of Flip-Flop
  10. Transitional vs State-based Protection Approaches
  11. Defining Precise Set-Reset Model
  12. Security Assessment of Transition- vs. State-based Approaches
  13. TRANSPOSE Methodology
  14. Secure Flip-Flops and Normal Flip-Flops
  15. Formulating Spatial Transitional Vulnerability Metric
  16. ...and 6 more sections

Figures (11)

  • Figure 1: A password checking FSM where the fault causes an incorrect password to be accepted.
  • Figure 2: D flip-flop operation for logic low and high clock signal. Orange regions highlight the active circuits and blue semi-circle indicates a latch in hold mode.
  • Figure 3: Experimental results showing the sensitivity map on a D Flip-Flop with laser stimulation champeix2015seu.
  • Figure 4: Simplified representation of sensitive areas in a DFF. Sensitive areas for a bit reset (left) and for a bit set (right).
  • Figure 5: Comparison between set-reset and bit flip models under the same attack setting. Green and red arrows represent authorized and faulty transitions, respectively. Crossed arrow represents no transition occurs. (a) Set-reset model showing a laser incident on bit set sensitive regions of $FF_{1:2}$; (b) Bit flip model for the same attack setting as (a); (c) Set-reset model showing a laser incident on bit reset sensitive regions of $FF_{1:2}$.
  • ...and 6 more figures