Research And Implementation Of Fault Injection Attacks Based On Instructions Introduced Voltage Noise

Fault injection is a technique for artificially introducing faults or errors into a system to test and evaluate its reliability and robustness.As a mature reliability enhancement technology,fault injection is also highly effective in malicious attacks.Recently discovered vulnerabilities such as VoltJockey and VoltPillager use the low-power characteristics of processors to perform voltage fault injection.These types of vulnerabilities can directly disrupt the normal execution of secure loads,allowing attackers to achieve their goals with minimal attack attempts.However,these attacks usually require attackers to have system privileges to reduce processor voltage,resulting in limited security threats and few effective attack targets.To minimize the conditions required to implement voltage fault injection attacks,this paper focuses on studying and implementing fault injection based on instruction-induced voltage noise,while providing research support for discovering new voltage fault injection methods.Instruction-induced voltage noise refers to the fact that the execution of an instruction can change the activity state of the microarchitecture within a processor,and microarchitecture events can have an instantaneous effect on the supply voltage of the processor.Firstly,the vulnerability principles and exploitation methods of hardware fault injection vulnerabilities such as VoltJockey,VoltPillager,and RowHammer were studied and analyzed.The VoltJockey vulnerability was verified on multiple hardware platforms from Intel and AMD,and the under-voltage conditions required to reproduce this vulnerability on different platforms were summarized.Secondly,in order to automate the construction of instruction-induced voltage noise and apply it to fault injection,this paper built an automatic fault injection framework based on instruction-induced voltage noise.Two types of instruction-induced voltage noise were characterized through this framework and applied to the reproduction process of the VoltJockey vulnerability,revealing that using instruction-induced voltage noise can reduce the under-voltage conditions required to implement the attack.Finally,a processor pipeline design based on arithmetic errorcorrecting code was proposed.Based on the traditional five-stage instruction pipeline of a processor,this design adds data integrity checking for certain storage components of the processor and fault-tolerant calculation logic for common arithmetic operations during the instruction execution stage to reinforce the pipeline against fault injection attacks and improve the hardware reliability of the processor.