Intel improves software reliability by building silicon enhancements realized through logic inside the processor. Today, the company described a new technique to complement existing software mitigations for fault injection attacks.
Tunable Replica Circuit (TRC) – Fault Injection Protection uses hardware-based sensors to explicitly detect circuit-based timing failures that occur as the result of an attack. TRC is first delivered in the 12th Gen Intel® Core™ processor family. It adds fault injection detection technology to the Intel® Converged Security and Management Engine (Intel® CSME), where it is designed to detect non-invasive physical glitch attacks on the pins supplying clock and voltage. TRC is also designed to detect electromagnetic fault injections.
“Software protections have hardened with virtualization, stack canaries and code authentication before execution,” said Daniel Nemiroff, senior principal engineer at Intel. “This has driven malicious actors to turn their attention to physically attacking computing platforms. A favorite tool of these attackers is fault injection attacks via glitching voltage, clock pins and electromagnetic radiation that cause circuit timing faults and may allow execution of malicious instructions and potential exfiltration of secrets.”
Intel’s TRC was originally developed by Intel Labs to monitor dynamic variations, such as voltage droop, temperature, and aging in circuits to improve performance and energy efficiency. As new technologies evolve, so do their applications.
“By changing the monitoring configuration and building the infrastructure to leverage the sensitivity of the TRC to fault injection attacks, the circuit was tuned for security applications,” said Carlos Tokunaga, principal engineer in Intel Labs, explaining the research approach.
Intel Labs, iSTARE-PASCAL (Physical Attack and Side Channel Analysis Lab) and Intel’s Client Computing Group partnered on testing and validating TRC for security scenarios. Together they proved that TRC can be calibrated to a point where such timing violations could only be the result of an attack. Intel applied the TRC as a hardware sensor to detect and help protect against these fault injection attack methods.
Intel’s TRC is designed to protect against certain types of physical attacks by monitoring the delay of specific types of digital circuits. When calibrated to specific expectations of the sensor sensitivity, TRC signals an error when it detects a timing failure due to a voltage, clock, temperature or electromagnetic glitch. Because the TRC is calibrated to signal an error at a voltage level beyond the nominal operating range of the CSME, any error condition from the TRC is an indication that data could be corrupted, triggering mitigation techniques to ensure data integrity.
Intel has applied the TRC to the Platform Controller Hub (PCH), a separate chipset isolated from the CPU that enhances protection of a system’s root of trust called the Intel CSME.
The most crucial aspect for productizing this type of hardware sensor is calibration. Calibrated too aggressively, the sensor would detect normal workload voltage droops as false positives. False positives create noise and could result in platform instability, bringing additional burden for already overworked cybersecurity teams.
To avoid false positives, Intel developed a feedback-based calibration flow. Minimizing the false negatives is also important, so the feedback loop uses results from false-positive and false-negative testing along with margin data from the hardware sensor. This indicates how close the sensor was to detecting a glitch as well as the accuracy of the guard bands.
Architectural advancements can often result in considerably less execution overhead compared to software-only implementations, yet physical attack methods have traditionally been outside of threat models.
As more compute is brought to the intelligent edge, Intel has invested in physical attack protection security capabilities to enhance software resilience as workloads expand and threat models evolve. Security is a system-level property rooted in the silicon. Every component in the system — from software to silicon — can help keep data secure.
Details of this research was presented at Black Hat USA 2022: Fault-Injection Detection Circuits: Design, Calibration, Validation and Tuning. Additional technical information is available in the following whitepaper: Fault-Injection Countermeasures, Deployed at Scale.