Go to DBLP homepageBlockchain-Based Runtime Attestation Against Physical Fault Injection Attacks on Edge Devices
Abstract: With the ever-increasing proliferation of edge devices for applications, such as home automation and vehicle systems, their security vulnerabilities have received additional attention. A recent type of attack, physical fault injections, are particularly powerful as they can compromise these devices by skipping necessary instructions through physical methods, such as induced voltage glitches. Hence, they can trigger a wide range of software behavior anomalies and vulnerabilities not caused by the programs themselves. These attacks allow adversaries to carry out severe security breaches such as control flow hijacking and information leakage, even if the original device firmware has been well tested.To defend against physical fault injections, this paper develops an innovative approach based on a runtime attestation of code execution, i.e., given a sequence of instructions, they should be executed thoroughly and correctly in a verified manner. Hence, instruction anomalies can be detected and reported if faults are injected. This protection mechanism does not require additional hardware or specialized instructions. Instead, it leverages a lightweight virtual machine to protect critical code segments such as password-related operations. It integrates two techniques: blockchain-based instruction integrity assurance and memory randomization-based data protection. We fully implemented this framework on an AVR-based microcontroller, and our evaluation results demonstrate that our methodology is practical enough to effectively prevent a wide range of hardware-based fault injection attacks, paving the way for more secure edge applications.
Loading