

Damien Couroussé\* Bruno Robisson\*\* Thierno Barry\* \*Univ. Grenoble Alpes, F-38000 Grenoble, France CEA, LIST, Minatec Campus, F-38054 Grenoble, France \*\*CEA-Tech DPACA, Gardanne, France firstname.lastname@cea.fr

#### CONTEXT

The goal is to implement the instruction duplication technique as a countermeasure against Fault Attacks on an ARM 32-bit Microcontroller[1,2]. Operating inside a compiler allowed us to reduce the security overhead thanks to the flexibility and code transformations opportunities offered by compilers

## Workflow



IIC

Instruction

Selection

Register

**Allocation** 

Instruction

Scheduling

Code

**Emission** 

Binary

Code

Back-end

## The user identifies the portions of the program to protect

```
@__to_secure__("fault")
int foo(int a, int b){
  return a * b + a;
```

C source code

The user has a full control over parts of the code to protect

## Instructions cannot be duplicated at the middle-end due to the SSA form



Unused and will be removed by the **D**ead Code Elimination pass

# We only select instructions that are suitable for duplication



multiply and accumulate: mla a, a, b is matched → we separately match: a mul followed by add

destination sources

Generation of 3-address instructions:

We generate add vreg3, vreg1, vreg2

Instead of generating add vreg1, vreg2

# Registers are allocated in favor of duplication

The register allocator tends to reduce register pressure: Reusing the allocated registers as soon as possible  $\{L(vreg3)\} \cap \{L(vreg1) . L(vreg2)\} = \emptyset$ When the liveness intervals (L) of registers are disjoint:



#### Instructions are duplicated before scheduling

```
str r5, [r3, #4]
add r0, r1, r2
                                       add r0, r1, r2
                          Duplication
                                                                Scheduling
                                                                              add r0, r1, r2
                                       add r0, r1, r2
str r5, [r3, #4]
                                                                              str r5, [r3, #4]
                                       str r5, [r3, #4]
    Before duplication
                                                                              add r0, r1, r2
                                       str r5, [r3, #4]
                                           Before scheduling
                                                                                  After scheduling
```

## Comparison with assembly approach

|                 | Instruction    | Transformation | Duplication    |     | AES 8-bit N | IST on ARM C | ortex-M3 |
|-----------------|----------------|----------------|----------------|-----|-------------|--------------|----------|
|                 | add r0, r0, r2 | mov rx, r0     | mov rx, r0     |     | Unprotected | Protected    | Overhead |
| <b>Assembly</b> |                | add r0 rx r2   | mov rx, r0     |     | 8541 cycles | 17311 cycles | × 2.03   |
| approach        |                |                | add r0, rx, r2 | X 4 |             |              |          |
|                 |                |                | add r0, rx, r2 |     |             |              |          |
| Our             | add r0, r1, r2 |                | add r0, r1, r2 |     |             |              |          |
| approach        |                |                | add r0, r1, r2 | X 2 |             |              |          |

### FUTURE WORK & REFERENCES

### FUTURE WORK

- Using code annotation for more flexibility when defining the code regions to protect
- Automatic identification of the most vulnerable parts of the program
- compiler-based implementation of the masking countermeasure

#### REFERENCES

[1] Barenghi et al. Countermeasures against fault attacks on software implemented AES

[2] Moro et al. Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller

#### LEGEND





