Exploring Fault Injection Attacks on CVA6 PMP Configuration Flow
Abstract
In this study, we analyze FIA on the Physical Memory Protection (PMP) configuration flow of a CVA6 RISC-V core. Fault injection campaigns targeting an FPGA implementation on an ARTY A7-100T board are performed to characterize the fault effects. For that purpose, we rely on clock glitches. Moreover, in order to further characterize the induced faults, Error-Correction Code (ECC) is considered. We extend the ID pipeline stage with hardware modules to filter faults using Hamming code.
Experimental results demonstrate that FIA has multiple effects on the PMP configuration registers. By classifying these effects in regards with injection parameters, we highlight that a given effect can be obtained with high probability by an attacker. Furthermore, thanks to integrated ECC modules used as filters, we confirm that single bit-flips is a prevalent effect in our experiments. Particularly, results demonstrate that numerous fault effects observed in the PMP configuration registers are caused by single bit-flips in the ID stage of the CVA6 core.
Origin | Files produced by the author(s) |
---|