Embedded systems based on lightweight microprocessors are becoming more prevalent in various applications. However, the security of them remains a significant challenge due to the limited resources and exposure to external threats. Especially, some of these devices store sensitive data and control critical devices, making them high-value targets for attackers. Software security is particularly important because attackers can easily access these devices on the internet and obtain control of them by injecting malware. Return address (RA) hijacking is a common software attack technique used to compromise control flow integrity (CFI) by manipulating memory, such as return-to-libc attacks. Several methods have been proposed to protect CFI, including RA authentication, stack canaries, and shadow stack. However, these hardware and software defense mechanisms introduce significant memory overhead and resource consumption, making them unsuitable for IoT devices with limited memory. This thesis investigates the security of embedded systems by focusing on the control flow integrity of the return address for RISC-V. This project asserts the Pointer Authentication Code (PAC) in the return address to protect the CFI by custom instructions. Compared to the previous work, this project introduces a faster cipher to improve the performance of the system. Also, a prediction mechanism is embedded into the system to reduce the latency of the authentication. This project also integrates the PAC generator into the GCC compiler to support automatic PAC generation. The overhead of this project is 4.19\% on TACleBench and 3.25\% on Coremark with the Rocket chip on the Nexys A7 board.