Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
METHOD FOR INCREASING SECURITY OF EMBEDDED PROCESSORS AND APPARATUS PERFORMING THE METHOD
Document Type and Number:
WIPO Patent Application WO/2021/094556
Kind Code:
A1
Abstract:
The invention discloses a method for increasing security of embedded processors and an apparatus configured to perform the method. The object to provide a method that only needs a slim hardware overhead to increase the security of embedded processors of a SoC and is completely transparent to the core logic of the processor is solved by a method using an existing debug infrastructure of a processor core of the embedded processor, wherein randomly controlled wait times or instructions, which are forming a random signal, are inserted in a program code, which is performed by the processor by using neutral instructions that do not affect an actual program code of the processor, and whereas an external logic of the processor core post-processes the random signal to ensure that the random signal is inserted within a pre-determined rate.

Inventors:
KRAUSE MARKUS (DE)
Application Number:
PCT/EP2020/082089
Publication Date:
May 20, 2021
Filing Date:
November 13, 2020
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
COMMSOLID GMBH (DE)
International Classes:
G06F21/75
Attorney, Agent or Firm:
HUDLER, Frank et al. (DE)
Download PDF:
Claims:
Method for increasing security of embedded processors and apparatus performing the method

Claims 1. A method for increasing security of an embedded processor (2) of a system-on-chip (1) by using an existing debug infrastructure of a processor core (3) of the embedded processor (2), wherein randomly controlled wait times, which are forming a random signal, are inserted in a program code, which is performed by the processor (2) by using neutral instructions that do not affect an actual program code of the processor (2), and whereas an external logic (5) out of the processor core post-processes the random signal to ensure that the random signal is inserted within a pre-determined rate.

2. The method according to claim 1, wherein the neutral instructions are standard instruction set architecture compliant breakpoint instructions and hold mechanisms of the processor core (3).

3. The method according to claims 1 or 2, wherein the neutral instructions are an addition or other arithmetics with register 0 as target of the processor core (3) if the instruction set architecture has a hard-wired register.

4. The method according to claim 1, wherein the external logic (5) intercepts debug controls of the processor core (3) and arbitrates actual debug accesses and randomly inserted wait times by multiplexing a halt signal from a debugger and from a pseudo- or from a true-random-number-generator (6).

5. The method according to claim 4, wherein the inserted randomly controlled wait times are generated by the pseudo- or the true-random-number-generator (6) using an initial seed value which is provided by a random source of the SoC and the initial seed value is used to generate the randomness of the wait times. 6. The method according to claims 4 or 5, wherein the pseudo-random-number-generator (6) is a Linear- Feedback-Shift-Register.

7. The method according to claim 5, wherein the random source is thermal noise or asynchronously captured ring-oscillators.

8. An apparatus configured to perform the method according to claim 1 to 7, comprising an embedded processor (2), a pseudo- or a true-random-number- generator (6), a random source for generating an initial seed value for the random-number-generator

(6), and logic (5) configured to post-process the random signal to ensure that the random signal is inserted within a pre-determined rate.

Description:
Method for increasing security of embedded processors and apparatus performing the method

The invention relates to a method for increasing security of embedded processors and an apparatus performing the method.

The starting point of the present invention can be any embedded processor core in a System-on-Chip (SoC), which is used to perform some safety-critical tasks. The only requirement is the availability of debug/halt instructions and the license to modify the core in a way that allows this.

Monitoring power consumption and core activity over time to gain knowledge about program branches („if-then-else"), in particular to find out which branch of the program („then" or „else") has been taken, is a common technique by attackers. This information can then be used e. g. to do crypto-analysis to retrieve encryption keys and other information that shall be protected. To avoid or prevent this, instructions or wait times without functional meaning are inserted to overlay the actual program execution.

There are several approaches known to do this, one effective approach with a slim hardware overhead is presented in the present invention.

Therefore, it is an objective of the present invention to provide a method that only needs a slim hardware overhead to increase the security of embedded processors of a SoC and is completely transparent to the core logic of the processor. The objective of the present invention is solved by a method for increasing security of an embedded processor of a system-on-chip by using an existing debug infrastructure of a processor core of the embedded processor, wherein randomly controlled wait times or instructions, which are forming a random signal, are inserted in a program code, which is performed by the processor by using neutral instructions that do not affect an actual program code of the processor, and whereas an external logic out of the processor core post-processes the random signal to ensure that the random signal is inserted within a pre-determined rate.

The external post-processing logic ensures that the randomness is designed to be relatively evenly distributed so that there are no very long halts or even no longer halts over a longer period of time.

The pre-determined rate should be calculated in a way that the inserted halts or neutral instructions are mostly evenly distributed and that insertion of the gaps does not slow down the actual program too much. It depends very much on the use case how much interruption the function code of the processor core can tolerate. So, the size of the rate at which halts or the neutral instructions are inserted into the functional code depends on the use case. For example, the rate could be set so that the maximum slowdown of the program is 50%, more preferred between 15%-30% in comparison to a program running without the additional halts or neutral insertions.

The central idea is to use existing debug infrastructure within the processor core of the embedded processor of the SoC to implement the insertion of randomly controlled wait times by using neutral instructions that do not affect an actual program code of the processor. By inserting instructions or wait times without functional meaning the actual program code is overlaid and hence it becomes much more complicated for an attacker to find out which branch of the program ("then" or "else") has been taken. The insertion of neutral instructions in the program code is complemented by some external logic to shape the rate of interruptions, so that the wait event insertion does not fall below or rises above a pre-determined rate in order to still ensure a certain runtime performance of the processor as defined above. At the same time, the implementations hardware remains small without too much overhead in terms of power or silicon area of the SoC.

With other words, the essential progress of the inventive method compared to the previously known state of the art is the compactness of the solution, since a random source (also pseudo-random) of any kind can be used and the existing processor core architecture can be retained. Since the already existing debug interface is used, no additional logic has to be implemented in the processor core itself, which would not be available anyway. Furthermore, the debug logic is given a meaning in productive use, normally it would be 'dead logic' in the truest sense; so far, debug logic is really only used for debugging, i.e. for diagnosing and finding errors. This is advantageous in terms of power consumption as well as space consumption on the chip. In a variant of the inventive method, the neutral instructions are standard instruction set architecture (ISA)- compliant breakpoint instruction and hold mechanisms of the processor core. The ISA includes privileged instructions as well as additional functionality required for running operating systems and attaching external devices. This has the advantage that the method is completely transparent to the core logic of the processor itself as it only builds on existing debug infrastructure.

In another variant of the inventive method, the neutral instructions are an addition or other arithmetics with register 0 as target of the processor core if the instruction set architecture has a hard-wired register. Hence, the usage of 'neutral' instructions that do not affect the actual program depends on the architecture, which is used. For a RISC-V architecture it is a valid approach using an addition or other arithmetics with register 0 as target, as this is a fixed, read-only static 0 value register, so essentially any arithmetic operation with this register as a result target would do ,something', but not change anything. For that to work, the core itself would require additional sideband-signals to enable this instruction insertion, sidelining the normal path through instruction calls from memory.

In a variant of the inventive method, the external logic intercepts debug controls of the processor core and arbitrates actual debug accesses and randomly inserted wait times by multiplexing a halt signal from a debugger and from a pseudo-random-number-generator or from a true-random- number-generator. The pseudo- or the true-random-number- generator generates random halts. For this to work properly, real debug signals take precedence and the interface which randomly inserts halt and continue signals is blocked as long as an external debugger is attached and halts the core. This randomized pause or halt and step signals are inserted in the program flow of the processor core.

According to a further variant of the inventive method, the inserted randomly controlled wait times are generated by the pseudo- or the true-random-number-generator using an initial seed value which is provided by a random source of the SoC and the initial seed value is used to generate the randomness of the wait times.

In its simplest form, the pseudo-random-number-generator (PRNG) can be a Linear-Feedback-Shift-Register (LFSR).

The random source providing the seed value for the random- number-generator can be thermal noise or asynchronously captured ring-oscillators or any other random source depending on what is available in the SoC. The objective of the invention will also be solved by an apparatus which is configured to and suitable to perform the inventive method described above, wherein the apparatus comprises an embedded processor, a pseudo- or a true-random- number-generator, a random source for generating an initial seed value for the random-number-generator, and logic configured to post-process randomly controlled wait times or instructions, which are forming a random signal, and to ensure that the random signal is inserted within a pre determined rate. The solution provided by the inventive method and apparatus is completely transparent to the core logic of the embedded processor of the SoC itself as it only builds on existing debug infrastructure. This way the same processor core can also be used as a non-secured variant and the modular approach can easily be combined.

The invention will be explained in more detail using exemplary embodiments. The appended drawing shows

Fig 1 Processor core with external logic for performing the inventive method.

The figure shows a processor core using exemplarily a small RSIC-V instruction set based processor core in a System-on- Chip (SoC) to perform some security critical tasks. A Pseudo-Random-Number-Generator (PRNG), designed in its simplest form as a Linear-Feedback-Shift-Register (LFSR) accepts an initial seed value provided by a true-random- number-generator register. The seed value for the PRNG, hence the LFSR, can be provided by thermal noise, asynchronously captured ring-oscillators or the like. It is important to ensure a certain runtime performance of the processor, therefore the rate of interruptions, hence the wait event insertion or the usage of an addition or other arithmetics with register 'O' as target, need to be implemented in a pre-determined rate. This rate is determined in advance by checking the requirements of the actual use-case and ensuring that the interruption rate does not exceed 50%. In practice, a rate between 15-30% has proven to be effective.

The insertion of wait events can be for example done by shifting the LFSR value and taking a 3 bit slice of it, generating an interruption rate of every 4-32 cycles. Furthermore, this can be changed arbitrarily but has to be suited to the performance requirements of the application. The external logic intercepts debug controls of the processor core and arbitrates actual debug accesses and randomly inserted wait times by a multiplexer which gives precedence to the real external debugger.

Method for increasing security of embedded processors and apparatus performing the method

List of Reference Signs

1 system-on-chip

2 processor

3 processor core

4 Memory

5 external logic

6 pseudo-random-number-generator, e.g. a Linear-Feedback- Shift-Register

7 debug infrastructure