Proceedings Article | 22 August 2024
KEYWORDS: Computer security, Design, Defense and security, Data storage, Control systems, Clocks, Field programmable gate arrays, Instrument modeling, Embedded systems, Data privacy
The widespread deployment of IoT devices in various fields exposes them to increasing security threats. These devices often store and process large amounts of sensitive data, including personal privacy information, trade secrets, and even national security data. Attackers attempt to tamper with binaries executed by device processors or redirect jump addresses to hijack control flows and execute malicious code. In the face of this challenge, this paper discusses the current status and development trend of controller control flow integrity (CFI) protection of processor processes, and proposes a more complete control flow integrity protection strategy based on RISC-V. This strategy emphasizes that it is difficult to address complex and changing security challenges with a single solution, and it is more prudent to adopt a diversified architecture to design security strategies. Therefore, this strategy proposes an innovative encryption authentication mechanism for data and instructions and combines it with Control Flow Integrity (CFI) to effectively improve the security performance of the processor.
In this experiment, RISCY is selected as the experimental kernel, and the lightweight encryption algorithm ASCON is used as a part of the encryption authentication module, combined with the extension of the RISC-V instruction set and the support of the LLVM compiler framework. This article not only provides a detailed introduction to the cryptographic authentication process in the processor core, but also shows how to achieve control flow integrity through compiler automation. In terms of experimental validation, Embench-IoT was selected as the relevant suite of experiments and tests, and further through the performance evaluation on the FPGA platform, the overhead in terms of code size and number of cycles actually depends on the program, which drops to between 0% and 36% in the benchmark, and the integrity of the data and code sacrifices part of the memory usage, and the computation time is increased by 2 to 3 times. The experimental results show that this strategy not only provides new ideas and methods for the security protection of IoT devices, but also provides a valuable reference for the development of processor security technology in the future.
