SCFI: State Machine Control-Flow Hardening Against Fault Attacks

TL;DR

SCFI introduces a probabilistic control-flow hardening method for FSMs that detects multiple faults with improved efficiency, enhancing hardware security against fault injection attacks.

Contribution

The paper presents SCFI, a novel probabilistic FSM protection mechanism that automatically hardens FSMs against multi-fault attacks, outperforming traditional redundancy methods.

Findings

SCFI effectively detects multiple simultaneous faults in FSMs.

The approach achieves better area-time efficiency compared to classical redundancy.

Formal verification confirms SCFI's resilience against fault injection.

Abstract

Fault injection (FI) is a powerful attack methodology allowing an adversary to entirely break the security of a target device. As finite-state machines (FSMs) are fundamental hardware building blocks responsible for controlling systems, inducing faults into these controllers enables an adversary to hijack the execution of the integrated circuit. A common defense strategy mitigating these attacks is to manually instantiate FSMs multiple times and detect faults using a majority voting logic. However, as each additional FSM instance only provides security against one additional induced fault, this approach scales poorly in a multi-fault attack scenario. In this paper, we present SCFI: a strong, probabilistic FSM protection mechanism ensuring that control-flow deviations from the intended control-flow are detected even in the presence of multiple faults. At its core, SCFI consists of a hardened next-state function absorbing the execution history as well as the FSM's control signals to derive the next state. When either the absorbed inputs, the state registers, or the function itself are affected by faults, SCFI triggers an error with no detection latency. We integrate SCFI into a synthesis tool capable of automatically hardening arbitrary unprotected FSMs without user interaction and open-source the tool. Our evaluation shows that SCFI provides strong protection guarantees with a better area-time product than FSMs protected using classical redundancy-based approaches. Finally, we formally verify the resilience of the protected state machines using a pre-silicon fault analysis tool.