SEU Evaluation of Hardened-by-Replication Software in RISC-V Soft Processor

The interest of the space industry around soft processors is increasing. However, the advantages in terms of costs and customizability provided by soft processors are countered by the reliability issues deriving by Single Event Effects, especially Single Event Upsets. Several techniques have been proposed to tackle these issues, both at the hardware- and software levels. Software approaches rely on replicating data and computations to cope with SEUs affecting the memory where the binary code is stored. Thanks to open licenses, RISCV solutions are steadily growing in popularity among the set of available soft processors. In this works, we present a reliability evaluation of four different benchmarks running on the RI5CY soft processor implemented on SRAM-based FPGAs. The reliability of the baseline and hardened-by-replication versions of the software benchmarks are evaluated against SEUs induced faults both at the software and hardware architecture levels through fault injection campaigns in the microprocessor memory and configuration memory, respectively. Results assess how the adoption of the hardening-by-replication technique at the software level slightly improves reliability against software related faults but degrades reliability against architectural faults, making it an inefficient solution when it is not combined with hardware robustness

RISC-V-Based Platforms for HPC: Analyzing Non-functional Properties for Future HPC and Big-Data Clusters

High-Performance Computing (HPC) have evolved to be used to perform simulations of systems where physical experimentation is prohibitively impractical, expensive, or dangerous. This paper provides a general overview and showcases the analysis of non-functional properties in RISC-V-based platforms for HPCs. In particular, our analyses target the evaluation of power and energy control, thermal management, and reliability assessment of promising systems, structures, and technologies devised for current and future generation of HPC machines. The main set of design methodologies and technologies developed within the activities of the Future and HPC & Big Data spoke of the National Centre of HPC, Big Data and Quantum Computing project are described along with the description of the testbed for experimenting two-phase cooling approaches

Toward Fault-Tolerant Applications on Reconfigurable Systems-on-Chip

L'abstract è presente nell'allegato / the abstract is in the attachmen

Lock-V: a heterogeneous fault tolerance architecture based on Arm and RISC-V

This article presents Lock-V, a heterogeneous fault tolerance architecture that explores a dual-core lockstep (DCLS) technique to mitigate single event upset (SEU) and common-mode failure (CMF) problems. The Lock-V was deployed in two versions, Lock-VA and Lock-VM by applying design diversity in two processor architectures at the instruction set architecture (ISA)-level. Lock-VA features an Arm Cortex-A9 with a RISC-V RV64GC, while Lock-VM includes an Arm Cortex-M3 along with a RISC-V RV32IMA processor. The solution explores fieldprogrammable gate array (FPGA) technology to deploy softcore versions of the RISC-V processors, and dedicated accelerators for performing error detection and triggering the software rollback system used for error recovery. To test Lock-V in both versions, a fault-injection mechanism was implemented to cause bit-flips in the processor registers, a common problem usually present in heavy radiation environments.This work has been supported by FCT - Fundação para a Ciência e a Tecnologia within the R&D Units Project Scope: UIDB/00319/2020

Recent Trends and Perspectives on Defect-Oriented Testing

Electronics employed in modern safety-critical systems require severe qualification during the manufacturing process and in the field, to prevent fault effects from manifesting themselves as critical failures during mission operations. Traditional fault models are not sufficient anymore to guarantee the required quality levels for chips utilized in mission-critical applications. The research community and industry have been investigating new test approaches such as device-aware test, cell-aware test, path-delay test, and even test methodologies based on the analysis of manufacturing data to move the scope from OPPM to OPPB. This special session presents four contributions, from academic researchers and industry professionals, to enable better chip quality. We present results on various activities towards this objective, including device-aware test, software-based self-test, and memory test

Fault Injection on Embedded Neural Networks: Impact of a Single Instruction Skip

With the large-scale integration and use of neural network models, especially in critical embedded systems, their security assessment to guarantee their reliability is becoming an urgent need. More particularly, models deployed in embedded platforms, such as 32-bit microcontrollers, are physically accessible by adversaries and therefore vulnerable to hardware disturbances. We present the first set of experiments on the use of two fault injection means, electromagnetic and laser injections, applied on neural networks models embedded on a Cortex M4 32-bit microcontroller platform. Contrary to most of state-of-the-art works dedicated to the alteration of the internal parameters or input values, our goal is to simulate and experimentally demonstrate the impact of a specific fault model that is instruction skip. For that purpose, we assessed several modification attacks on the control flow of a neural network inference. We reveal integrity threats by targeting several steps in the inference program of typical convolutional neural network models, which may be exploited by an attacker to alter the predictions of the target models with different adversarial goals.Comment: Accepted at DSD 2023 for AHSA Special Sessio

Differential Analysis of Round-Reduced AES Faulty Ciphertexts

International audienceThis paper describes new Round Reduction analysis attacks on an Advanced Encryption Standard (AES) implemen- tation by laser fault injection. The previous round reduction attacks require both of spatial and temporal accuracies in order to execute only one, two or nine rounds. We present new attacks by more flexible fault injection conditions. Our experiments are carried out on an 8-bit microcontroller which embeds a software AES with pre-calculated round keys. Faults are injected either into the round counter itself or into the reference of its total round number. The attacks may result to the use of a faulty round key at the last one or two executed rounds. The cryptanalysis of the obtained round-reduced faulty ciphertexts resorts to the differentiation techniques used by Differential Fault Analysis

EM-Fault It Yourself: Building a Replicable EMFI Setup for Desktop and Server Hardware

EMFI has become a popular fault injection (FI) technique due to its ability to inject faults precisely considering timing and location. Recently, ARM, RISC-V, and even x86 processing units in different packages were shown to be vulnerable to electromagnetic fault injection (EMFI) attacks. However, past publications lack a detailed description of the entire attack setup, hindering researchers and companies from easily replicating the presented attacks on their devices. In this work, we first show how to build an automated EMFI setup with high scanning resolution and good repeatability that is large enough to attack modern desktop and server CPUs. We structurally lay out all details on mechanics, hardware, and software along with this paper. Second, we use our setup to attack a deeply embedded security co-processor in modern AMD systems on a chip (SoCs), the AMD Secure Processor (AMD-SP). Using a previously published code execution exploit, we run two custom payloads on the AMD-SP that utilize the SoC to different degrees. We then visualize these fault locations on SoC photographs allowing us to reason about the SoC's components under attack. Finally, we show that the signature verification process of one of the first executed firmware parts is susceptible to EMFI attacks, undermining the security architecture of the entire SoC. To the best of our knowledge, this is the first reported EMFI attack against an AMD desktop CPU.Comment: This is the authors' version of the article accepted for publication at IEEE International Conference on Physical Assurance and Inspection of Electronics (PAINE 2022

Embedded Systems Security: On EM Fault Injection on RISC-V and BR/TBR PUF Design on FPGA

With the increased usage of embedded computers in modern life and the rapid growth of the Internet of Things (IoT), embedded systems security has become a real concern. Especially with safety-critical systems or devices that communicate sensitive data, security becomes a critical issue. Embedded computers more than others are vulnerable to hardware attacks that target the chips themselves to extract the cryptographic keys, compromise their security, or counterfeit them. In this thesis, embedded security is studied through two different areas. The first is the study of hardware attacks by investigating Electro Magnetic Fault Injection (EMFI) on a RISC-V processor. And the second is the study of the countermeasures against counterfeiting and key extraction by investigating the implementation of the Bistable Ring Physical Unclonable Function (BR-PUF) and its variant the TBR-PUF on FPGA. The experiments on a 320 MHz five-stage pipeline RISC-V core showed that with the increase of frequency and the decrease of supplied voltage, the processor becomes more susceptible to EMFI. Analysis of the effect of EMFI on different types of instructions including arithmetic and logic operations, memory operations, and flow control operations showed different types of faults including instruction skips, instructions corruption, faulted branches, and exception faults with variant probabilities. More interestingly and for the first time, multiple consecutive instructions (up to six instructions) were empirically shown to be faulted at once, which can be very devastating, compromising the effect of software countermeasures such as instruction duplication or triplication. This research also studies the hardware implementation of the BR and TBR PUFs on a Spartan-6 FPGA. A comparative study on both the automatic and manual placement implementation approaches on FPGA is presented. With the use of the settling time as a randomization source for the automatic placement, this approach showed a potential to generate PUFs with good characteristics through multiple trials. The automatic placement approach was successful in generating 4-input XOR BR and TBR PUFs with almost ideal characteristics. Moreover, optimizations on the architectural and layout levels were performed on the BR and TBR PUFs to reduce their footprint on FPGA. This research aims to advance the understanding of the EMFI effect on processors, so that countermeasures may be designed for future secure processors. Additionally, this research helps to advance the understanding of how best to design improved BR and TBR PUFs for key protection in future secure devices