TRANSPOSE: Transitional Approaches for Spatially-Aware LFI Resilient FSM Encoding

Muhtadi Choudhury,Minyan Gao,Avinash Varna,Elad Peer,Domenic Forte
2024-11-05
Abstract:Finite state machines (FSMs) regulate sequential circuits, including access to sensitive information and privileged CPU states. Courtesy of contemporary research on laser attacks, laser-based fault injection (LFI) is becoming even more precise where an adversary can thwart chip security by altering individual flip-flop (FF) values. Different laser models, e.g., bit flip, bit set, and bit reset, have been developed to appreciate LFI on practical targets. As traditional approaches may incorporate substantial overhead, state-based SPARSE and transition-based TAMED countermeasures were proposed in our prior work to improve FSM resiliency efficiently. TAMED overcame SPARSE's limitation of being too conservative, and generating multiple LFI resilient encodings for contemporary LFI models on demand. SPARSE, however, incorporated design layout information into its vulnerability estimation which makes its vulnerability estimation metric more accurate. In this paper, we extend TAMED by proposing a transition-based encoding CAD framework (TRANSPOSE), that incorporates spatial transitional vulnerability metrics to quantify design susceptibility of FSMs based on both the bit flip model and the set-reset models. TRANSPOSE also incorporates floorplan optimization into its framework to accommodate secure spatial inter-distance of FF-sensitive regions. All TRANSPOSE approaches are demonstrated on 5 multifarious benchmarks and outperform existing FSM encoding schemes/frameworks in terms of security and overhead.
Cryptography and Security
What problem does this paper attempt to address?
The problem that this paper attempts to solve is: how to improve the robustness and security of finite - state machines (FSMs) in the face of laser fault injection (LFI) attacks while minimizing the design overhead. Specifically, the authors propose a new framework named TRANSPOSE to address the limitations of existing methods, and in combination with the spatial transformation vulnerability metric (STV M), optimize the layout and coding scheme to ensure that the FSM has higher resistance to LFI attacks. ### Problem Background With the development of laser fault injection (LFI) technology, attackers can change the value of a single flip - flop (FF) in a chip by precisely controlling the laser beam, thus undermining the security of the chip. Traditional defense methods have a large design overhead or are unable to effectively deal with different types of LFI attack models (such as bit - flipping, bit - setting, and bit - resetting). Therefore, a new method is needed to improve the resistance of FSMs to LFI attacks while maintaining a low design overhead. ### Limitations of Existing Methods 1. **SPARSE**: It evaluates vulnerability through design layout information. Although it is more accurate, it is too conservative and limits flexibility. 2. **TAMED**: It focuses on the protection of specific authorized transformations but does not consider the spatially sensitive areas of FF, resulting in inaccurate evaluations in some cases. ### Solution: TRANSPOSE To overcome the limitations of the above - mentioned methods, the authors propose the TRANSPOSE framework, and its main contributions are as follows: 1. **Automated LFI - resistant state - code generation**: Through linear programming (LP), TRANSPOSE can automatically generate LFI - resistant state codes in commercial CAD tools without manual intervention. 2. **Introduction of the spatial transformation vulnerability metric (STV M)**: STV M can identify vulnerabilities ignored by previously proposed vulnerability metrics (such as V M, SV M, TV M), especially for data - dependent and non - data - dependent fault models. 3. **Extension of LP criteria**: Protect more critical transformations while optimizing area overhead, switching activity (dynamic power consumption), and security, which is suitable for multi - laser attack scenarios. 4. **Verification and comparison**: Through five different controller benchmarks, it shows that TRANSPOSE has superior performance in terms of security and overhead compared to other existing coding techniques. ### Summary This paper aims to solve the limitations of existing FSM coding methods in dealing with LFI attacks by proposing the TRANSPOSE framework, providing a more efficient, safer, and lower - cost solution. By introducing the spatial transformation vulnerability metric (STV M), TRANSPOSE not only improves the security of FSMs but also optimizes the design layout, ensuring better robustness and reliability in practical applications.