Experimental EMFI detection on a RISC-V core using the Trace Verifier solution

Abstract

Physical attacks are powerful threats that can cause changes in the execution behavior of a program. Control-Flow Integrity (CFI) is used to check the program’s flow execution, ensuring that it remains unaltered by these attacks. The RISC-V Trace Encoder (TE) provides valuable information about the user program’s execution path, and is used as part of a CFI solution. An enhanced version of the TE specifications permits detecting intricate fault models such as the corruption of any discontinuity instruction, using an additional Trace Verifier (TV) hardware module. In this paper, we present a buffer overflow software attack simulation and experimental ElectroMagnetic Fault Injection (EMFI) attacks conducted on an Field Programmable Gate Array (FPGA) board that implements a RISC-V core linked to the enhanced TE and TV modules. Unlike existing CFI solutions, our proposed approach does not require modifications to the RISC-V compiler, user application code or the RISC-V core. The average overhead of our solution in terms of hardware area, memory and power consumption are equal to 13.6%, 3.5% and 9% respectively.