Protecting Indirect Branches against Fault Attacks using ARM Pointer Authentication

Physically exposed embedded devices used in the IoT or automotive area are frequently targeted by fault attacks. Mitigating this threat is crucial as such attacks can be used to hijack the control-flow and bypass secure boot, gain arbitrary code execution, or retrieve sensitive information. However, control-flow integrity (CFI), which aims to be an effective countermeasure thwarting fault induced control-flow hijacking attacks, do not protect addresses, allowing an attacker to still hijack the control-flow of indirect branches. To counteract unwanted bit flips, data encoding schemes are frequently used to add redundancy to these addresses. However, as software-based data encoding schemes yield large runtime overheads, encoding schemes typically require custom CPU changes, which are not feasible for off-the-shelf systems. Hence, software-based address redundancy schemes for commodity devices are needed to thwart fault attacks on indirect branches. In this paper, we utilize the ARM pointer authentication feature of recent ARM architectures to efficiently protect the target addresses of indirect calls. In addition to the address protection, we further enhance the state update function of existing CFI schemes to protect the link between indirect control-flow transfers. To demonstrate how these defense mechanisms improve the protection of state-of-the-art CFI countermeasures, we integrate our address encoding and linking strategy into a previously introduced CFI scheme. We further extend a LLVM-based toolchain to automatically thwart fault attacks on indirect branches without user interaction. Our analysis shows an negligible overhead of less than 2.34% on average for protecting target addresses of indirect branches and the link between indirect branches for SPEC2017.