Protecting RISC-V Processors against Physical Attacks
Mario Werner1,a, Robert Schilling1,2,b, Thomas Unterluggauer1,c and Stefan Mangard1,d
1Graz University of Technology
aMario.Werner@iaik.tugraz.at
bRobert.Schilling@iaik.tugraz.at
cThomas.Unterluggauer@iaik.tugraz.at
dStefan.Mangard@iaik.tugraz.at
2Know-Center GmbH
ABSTRACT
RISC-V is an emerging instruction-set architecture suitable for a wide variety of applications, which ranges from simple microcontrollers to high-performance CPUs. As an increasing number of commercial vendors now plans to adopt the architecture in their products, its security aspects are becoming a significant concern. For microcontroller implementations of RISC-V, one of the main security risks are attackers with direct physical access to the microchip. These physical attackers can perform highly powerful attacks that span from memory probing to power analysis up to fault injection and analysis. In this paper, we give an overview of the capabilities of attackers with direct physical device access, common threat models and attack vectors, and possible countermeasures. Besides, we discuss in more detail current approaches to secure RISC-V processors against fault injection attacks on the microchip itself. First, we show how to protect the control-flow against fault attacks by using an encrypted instruction stream and decrypting it on-thefly in a newly added pipeline stage between the processor's fetch and decode unit. Second, we show how to protect conditional branches against fault injection by adding redundancy to the comparison operation and entangling the comparison result with the encrypted instruction stream. Finally, we discuss an approach to protect all pointers and memory accesses from tampering.
Keywords: RISC-V, Physical attacks, Fault injection, Countermeasures