Code Encryption for Confidentiality and Execution Integrity down to Control Signals

Embedded devices face software and physical fault injections to either extract or tamper with code in memory. The code execution and code intellectual property are threatened. Some existing countermeasures provide Control Flow Integrity (CFI) extended with the confidentiality and integrity of the instructions by chaining all of them through a cryptographic encryption primitive. While tampering with instructions in memory is prevented, fault injection attacks can still target the microarchitecture. In this talk, we introduce a new chained instruction encryption scheme with associated control signals, to provide additional authenticity and integrity properties down to the control signals of the microarchitecture’s pipeline. The instructions are stored encrypted in memory. At runtime, prior to being executed, the fetched instructions are decrypted depending on the control signals in the pipeline and all the previously decrypted instructions. In case of fault injections, targeting either instructions or control signals, the decryption process fails and generates random instructions, instead of the original ones. This quickly leads to an invalid instruction exception: the fault attack is thwarted. Our scheme was implemented on FPGA, into the 4-stage pipeline of the RISC-V cv32e40p core, using Ascon for encryption/decryption.