Control the integrity of execution: a step further CFI – COFFI

The growing complexity of embedded system comes with a strong corollary: security level has to similarly increase since new and powerful attacks take advantage of any flaws, ignoring no longer pertinent frontiers such as software and hardware. Physical attacks are particularly effective threats to strike confidentiality, integrity or authenticity of systems. Traditional research works on side-channel and fault injection analysis have dealt with breaking cryptographic primitives (like guessing AES key) but the set of potential applications is wider since physical attacks - more particularly fault injection - aims at targeting the integrity of code execution. For example, an attack may entirely disrupt the authentication and encryption processes of a secure boot providing unrestricted privilege to the attacker. To thwart such worrying threat, several protections have been proposed such as software-based Control Flow Integrity (CFI) or hardware-based monitoring of the control-flow or code integrity (at the price of high overheads) but most of the proposed protection schemes do not cover all the levels of a system (hardware, ISA, software). The project COFFI aims at demonstrating how co-design approaches leveraging the interaction between software and hardware may significantly improve the Control Flow and Execution Integrity (CFEI) against powerful physical attacks. Taking advantage of the complementarity expertise of its consortium, composed by three academic partners (ARMINES, CEA, Sorbonne University) and an industrial actor in the field of secure microprocessor (ISSM/INVIA), COFFI will cover the integrity against both instruction-based and data-based obstruction paradigms with an objective of reaching the best trade-off between security properties and performance overheads. To fulfill its scientific objectives, COFFI will demonstrate its results with a set of representative and relevant use cases and by using the RISC-V platform - the open source instruction set architecture - to implement the secure components (more particularly with an FPGA prototype) as well as porting practical solutions in the proprietary microprocessor from ISSM called S8. The efficiency of the innovative solutions developed in COFFI will be evaluated using state-of-the-art fault injection (such as laser beam) and side-channel analysis equipment.
COFFI meets the ninth challenge of the ANR 2018 work program, more particularly with the development of innovative schemes for the "protection of information system" (challenge 9, axe 1.4) and will be part of the National Research Strategy (SNR) with the 41th orientation on the "resilience of the security system".