Securing Conditional Branches in the Presence of Fault Attacks

TL;DR

This paper introduces a generic, encoding-based method to secure critical conditional branches against fault attacks, enhancing control-flow integrity with lower overhead than existing duplication schemes.

Contribution

It proposes a novel approach linking encoding-based comparisons with CFI protections, applicable to all data encodings and maintaining error detection during branches.

Findings

Effective protection of conditional branches demonstrated

Lower size and runtime overhead compared to duplication schemes

Automatic protection integrated into LLVM compiler

Abstract

In typical software, many comparisons and subsequent branch operations are highly critical in terms of security. Examples include password checks, signature checks, secure boot, and user privilege checks. For embedded devices, these security-critical branches are a preferred target of fault attacks as a single bit flip or skipping a single instruction can lead to complete access to a system. In the past, numerous redundancy schemes have been proposed in order to provide control-flow-integrity (CFI) and to enable error detection on processed data. However, current countermeasures for general purpose software do not provide protection mechanisms for conditional branches. Hence, critical branches are in practice often simply duplicated. We present a generic approach to protect conditional branches, which links an encoding-based comparison result with the redundancy of CFI protection mechanisms. The presented approach can be used for all types of data encodings and CFI mechanisms and maintains their error-detection capabilities throughout all steps of a conditional branch. We demonstrate our approach by realizing an encoded comparison based on AN-codes, which is a frequently used encoding scheme to detect errors on data during arithmetic operations. We extended the LLVM compiler so that standard code and conditional branches can be protected automatically and analyze its security. Our design shows that the overhead in terms of size and runtime is lower than state-of-the-art duplication schemes.