Fault Classification and Vulnerability Analysis of Microprocessors

Abstract

The adoption of Microprocessors is increasingly diversifying to several embedded and mo- bile devices. Growingly they can also be found in Smart Cards, RFID tags, SIM cards, Pay TVs, identity cards and passports. These devices store, processes and transact sensitive information like social security numbers and credit card numbers. Ensuring security of such systems is of paramount importance. Attackers use Fault injection as one of the tech- niques to induce faults into the processor in order to gain access to the sensitive information to abuse it. Vulnerability Analysis of the processors can help chip designers to counteract some of these risks. This analysis can be achieved by investigating the resulting fault space upon exhaustive simulation of fault injection attacks. Therefore, efficient tools and frame- works are needed to provide such security verification, where critical vulnerabilities can be discover and mitigated at design-time. Multiple tools and frameworks for simulation based fault injection of hardware designs are available in literature, each with their own shortcomings. Two main strategies have been proposed in literature, one based on tool manipulation while other based on code modifica- tion. Applying tool manipulation, a designer can automate the process to inject faults in the system and obtain simulation results in a fast manner. However, this approach is limited by the features provided by the tool, which makes difficult to explore many different fault models. Additionally, in most cases, results require manual inspection to be interpreted. The latter approach, which is code modification, can inserts agents to cause the faults (i.e., saboteurs) or vary the existing design (i.e., mutants). It allows designers to achieve a high degree of control in terms of the type of fault and the injection method. However, current so- lutions are limited to a specific language, design or scenario. Hence, the literature presents many different strategies and tools to apply faults to investigate hardware behavior, but still the interpretation of vulnerabilities related to processors are not considered in such tools. Moreover, a complete automated framework capable to get a design and process it to report vulnerabilities and behavior issues related to security is still needed. This thesis proposes a framework that provides a complete toolset able to evaluate vulner- abilities of processors in hardware description language. Its main steps comprises design instrumentation, simulation based fault injection and automatic fault classification. RISC-V is chosen as the target architecture due to its open source nature and its increasing adoption by academia and industry. Code profiling was carried out on the frameworks to identify bot- tlenecks to performance. The results were used to optimise execution time of simulations using the framework. Performing Fault injection campaigns requires running simulations in the order of 100k, which requires systems with high computing power to complete them in reasonable time. Therefore, multiprocessor support was implemented in simulation frame- work, which could be enabled or disabled during the injection campaign. The framework was used to perform fault injection campaigns on PicoRV32 and DarkRISCV processors. A comparison between the processors is made based on their major failure signatures. Anal- ysis of finding design constructs in the processors which cause the major failure signatures was carried out. The results from this vulnerability analysis are used to propose software and hardware countermeasures to make the design more robust against fault injection.