A Low-cost Function Call Protection Mechanism Against Instruction Skip Fault Attacks

Fault attack is a known, dangerous threat to secure embedded systems. Function calls, including system calls, are particularly important but weak links for the integration of security components in a crypto-system. Function calls are vulnerable to an instruction skip caused by controlled fault injection such as clock glitching or power glitching. Previous work fails to address the vulnerability of function calls to instruction skip and develop corresponding countermeasures. In this paper, we provide a software fault detection mechanism to protect function calls against instruction skip attacks. Our method is generic, relies on the function output arguments, and does not require modification to the function body. We demonstrate our methodology on Gaisler's LEON3 simulator and quantify the overhead. Compared to a traditional function call duplication countermeasure, our proposed fault detection mechanism is a low-cost, low-overhead protection against instruction skip attacks.