CN105224887B - A kind of anti-tamper shielded layer for safety chip - Google Patents
A kind of anti-tamper shielded layer for safety chip Download PDFInfo
- Publication number
- CN105224887B CN105224887B CN201510721372.8A CN201510721372A CN105224887B CN 105224887 B CN105224887 B CN 105224887B CN 201510721372 A CN201510721372 A CN 201510721372A CN 105224887 B CN105224887 B CN 105224887B
- Authority
- CN
- China
- Prior art keywords
- tamper
- line
- shielded layer
- chip
- safety chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Semiconductor Integrated Circuits (AREA)
Abstract
It include anti-tamper line and functional line in the anti-tamper shielded layer, anti-tamper line is mutually mixed with functional line the invention discloses a kind of anti-tamper shielded layer for safety chip.The present invention makes anti-tamper design not only comprising simple anti-tamper function, while also having other logic functions by being mutually mixed the signal wire of key modules in safety chip as functional line and anti-tamper line.This method makes attacker be difficult to that anti-tamper shielded layer is individually removed, and prevents chip interior sensitive data from improving the security performance of chip because anti-tamper shielded layer is removed and anti-tamper function is by the leakage of key message caused by except energy.
Description
Technical field
The present invention relates to chip secure technology, in particular to one kind can prevent attacker from detecting by the means such as FIB malice,
Modify the circuit structure inside safety chip.
Background technique
Safety chip has been commonly stored the confidential information of client, such as bank card password, finger print information, DTV payment
Information etc., therefore it is very important for the safety of this kind of chip.
In order to ensure the safety of this kind of chip, usually logically safety chip uses the Encryption Algorithm such as DES, AES, RSA
It is encrypted and decrypted, as shown in Figure 4;And on physical Design level, generally use complicated metal routing covering chip list
The mode of layer, constitutes anti-tamper shielded layer, detects the metal in this anti-tamper shielded layer by way of simulation or number
Cabling, and final output one or multi-bit state position are to determine whether chip is tampered.
If attacker thinks the crucial signal of detection, it is necessary to bypass or cut off these anti-tamper shieldings for being located at chip top-layer
Layer cabling, and these Wiring structures are usually relatively complex, and the spacing between metal routing is all very small.This anti-tamper screen
It covers layer structure and is causing some difficulties to attacker to a certain degree, be that comparison is effective within the quite a long time in past
A kind of guard method.
However as chip detection and the rapid development of reverse logic extractive technique, even extremely complex metal object
Manage cabling, eda tool can be accurate, quickly, batch processing and sort out its logical relation, by these means, it is above-mentioned excessively
The protected mode for relying on the complexity of anti-tamper shielded layer cabling can skip complicated physics Wiring structure, directly analyze it
Logical relation, finding these crucial flag bits is no longer a very difficult thing.Once attacker analyzes anti-tamper patrol
Volume or its final key point position, individually anti-tamper shielded layer cabling all can be removed, then force its flag bit
Except energy, anti-tamper circuit will not play any protective effect.
Also have in the prior art and protected using anti-tamper logic, this increases attacker's parsing to a certain extent
Difficulty, but after anti-tamper logic is by successful analysis, anti-tamper shielded layer can still be carried out forcing removal and will prevented
Function is distorted except energy, safety chip is caused to lose protection.
Therefore, how to provide a kind of anti-tamper shielded layer of stronger attack protection of security performance is industry skill urgently to be resolved
Art problem.
Summary of the invention
The present invention proposes a kind of anti-tamper shielded layer for safety chip to solve above-mentioned problem of the prior art,
It include anti-tamper line and functional line in the anti-tamper shielded layer, anti-tamper line is mutually mixed with functional line.The present invention pass through by
Anti-tamper line and functional line (non-tamper-resistant function) mixing, increase the difficulty that attacker releases anti-tamper function, solve mesh
The problem of preceding tamper-resistance techniques security performance declines.
In the first embodiment of the technical program, the anti-tamper line and functional line are shared by way of time-sharing multiplex
The Wiring structure of anti-tamper shielded layer.At a time, shared Wiring structure may be either anti-tamper logic, can also be other function
It can logic.If attacker removes or disconnect by force these anti-shielding shielding constructions, the logic function of chip will be also resulted in not
Correctly, some sensitive functions will be rejected execution, to achieve the purpose that protect chip interior sensitive information.
In the second embodiment of the technical program, the anti-tamper line and functional line are physics cabling independently,
Anti-tamper line is mixed with functional line using identical Wiring structure.Using same structure, make attacker is more difficult which is distinguished
It is anti-tamper line, which is other function line;Come even if analyzing, removing these physics cablings also can be very difficult, non-
It is often easy to influence other function line.And these functional lines are once moved or destroy, it is incorrect to will lead to chip logic function,
Equally can sensitive circuit not worked.
In the 3rd embodiment of the technical program, the anti-tamper shielded layer includes 3 or more mutually independent
Physics cabling, and the structure of two of them physics cabling is identical, respectively corresponds anti-tamper line and functional line, is multiplexed by score
After mode forms mixing cabling, is mixed with other physics cablings, the two ways of the first, second embodiment is combined, is made
Security performance is higher.
When the anti-tamper shielded layer includes 2 or more mutually independent physics cablings, each physics cabling is at one
Orthographic projection in plane is in square waveform, and each physics cabling intersects to form multilayered structure up and down.The functional line is safety
The signal wire of chip.The signal of the signal wire is in the reset signal, enable signal, mode select signal of safety chip
It is a kind of.
After anti-tamper line and functional line (non-tamper-resistant function) are mixed realization by the present invention, so that anti-tamper line and functional line
(non-tamper-resistant function) monitors mutually, gives mutual protection.Anti-tamper line not only protects chip, but also by functional line (non-tamper-resistant
Function) protection, even if anti-tamper circuit logic perhaps flag bit attacker is gone out by successful analysis can not easy removal or disconnected
The cabling in these shielded layers is opened, anti-tamper safety itself is not only improved, also improves the security performance of chip entirety.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of first embodiment of the invention;
Fig. 2 is the structural schematic diagram of second embodiment of the invention;
Fig. 3 is the structural schematic diagram of third embodiment of the invention;
Fig. 4 is the partial process view of prior art des encryption logic;
Fig. 5 is the anti-tamper circuit flow chart of the prior art;
Fig. 6 is concrete application schematic diagram of the invention.
Specific embodiment
Below in conjunction with drawings and examples, the course of work that the present invention will be described in detail.
Anti-tamper shielded layer proposed by the present invention for safety chip, in addition to anti-tamper line in anti-tamper shielded layer,
It is also provided with functional line, and anti-tamper line is mutually mixed with functional line.The present invention selects some key signals of safety chip
Line is as functional line, once anti-tamper shielded layer is removed, these functions of safety chip will be destroyed, and chip interior is caused
Sensitive function can not execute, thus prevent attacker attempt stolen in these function implementation procedures chip interior sensitive data or
Capture sensitive information.
Some sensitive circuits of preferred security chip of the present invention or the reset signal of Key Circuit, enable signal, mode choosing
The key signals such as signal are selected as functional line, and the signal wire of transmitting sensitive data should not be selected as functional line, present invention choosing
Select at least one safety chip this functional line and anti-tamper line mixing cabling, once functional line attacker remove it is anti-tamper
After being tampered in the operation of line, it will result directly in sensitive circuit and do not work, sensitive data is avoided to be leaked.
As shown in Figure 1, in the first embodiment of the present invention, functional line 103 and anti-tamper line in anti-tamper shielded layer
102 are logically mutually mixed, they share the Wiring structure of anti-tamper shielded layer by the way of time-sharing multiplex, i.e., anti-
Distort the anti-tamper line 102 and functional line 103(non-tamper-resistant function of logic) it is multiple by one in the front end of anti-tamper shielded layer
After logic module 104, the mixed output of physics cabling 106 is formed to anti-tamper shielded layer 101.Physics cabling after mixing
106 in the end of anti-tamper shielded layer after a demultiplexing logic module 105, distribute to anti-tamper logic 102 or function
Line (non-tamper-resistant function) 103.After the cabling in anti-tamper shielded layer 101 is tampered or removes, anti-tamper line 102 and function
Energy line (non-tamper-resistant function) 103 will be all destroyed.
As shown in Fig. 2, in the second embodiment of the present invention, anti-tamper line 202 and functional line (non-tamper-resistant function) 203
For physics cabling independently, they use same physics Wiring structure 203, and this structure plays a kind of physical mixed
Effect, attacker is difficult to remove all anti-tamper lines 202 without destroying functional line (non-tamper-resistant function) 203.Once
During removing anti-tamper line 202, functional line (non-tamper-resistant function) 203 is destroyed, chip will be unable to starting sensitive circuit
Work, to achieve the purpose that protect chip sensitive data.
As shown in figure 3, in the third embodiment of the present invention, combine physical mixed in the first, second embodiment and
Logical hybrid two ways, anti-tamper shielded layer 301 include 3 or more mutually independent physics cablings, and two of them
The structure of physics cabling is identical, respectively corresponds anti-tamper line and functional line, and mixing cabling 302 is formed in such a way that score is multiplexed
Afterwards, it is mixed with other physics cablings 303.I.e. in anti-tamper shielded layer 301, exists simultaneously and generated using logical hybrid mode
The cabling 303 for mixing physics cabling 302 and being generated using physical admixture.At a time, certain in anti-tamper shielded layer
One cabling may be anti-tamper line, it is also possible to functional line (non-tamper-resistant function), it is also possible to be always that functional line is (non-to prevent usurping
Change function).By such processing, even if attacker analyzes anti-tamper logic, can not all remove easily anti-tamper
The cabling of shielded layer.
In the above-described embodiments, when anti-tamper shielded layer includes 2 or more mutually independent physics cablings, each physics is walked
The shape of line can similar multiple zigzag shapes, i.e., orthographic projection in a plane is in square waveform, and each physics cabling phase up and down
Mutually intersect to form multilayered structure.Functional line and anti-tamper line mixing cabling, the two are mutually protected, so that attacker is difficult to individually break
Bad whole anti-tamper line is without destroying functional line, to achieve the effect that promote safety protection of chip ability.Desired value must be infused
Meaning, for the walks wire shaped in anti-tamper shielding construction, in order to increase the difficulty that attacker analyzes logic, actual cabling
Mode should be extremely complex, can choose multiple layer metal cabling, logically more than one.This example is intended merely to more clear table
Up to the principle of the present invention, it is illustrated in such a way that a kind of comparison is concise.
It is shown in the prior art from Fig. 4, Fig. 5, we can see that enciphering and deciphering algorithm and anti-tamper circuit are separately to set
Meter, for the prior art of Fig. 4 by taking des encryption as an example, DES full name is Data Encryption Standard, i.e. data encryption
Standard is a kind of block algorithm encrypted using key, is determined as federal money by the State Standard Bureau of U.S. Federal Government within 1976
Expect processing standard (FIPS), then widespread comes in the world.In safety chip, this kind of symmetrical encryption and decryption of DES is commonly used
Algorithm to carry out encrypting and decrypting to key message.Fig. 6 is illustrated of the invention specific based on the prior art of Fig. 4, Fig. 5
Application principle, it is assumed that anti-tamper shielded layer provides 32 physical shielding cablings, and principle according to the present invention will be in DES operation
32 in plain text input and anti-tamper circuit input signal carry out logical hybrid after, function select signal S be used to control what
Kind logical signal is sent into anti-tamper shielded layer, starts in chip, or before progress encrypted message key decryption, S sets 1, starting
Anti-tamper circuit logic carries out anti-tamper event detection;When needing to carry out encryption and decryption operation, S sets 0, and anti-tamper shielded layer is cut
Change the data line in 32 DES operations into.Therefore, the logic in different moments, in the anti-tamper shielded layer of top layer
It is different, for attacker, cannot simply modify final anti-tamper testing result and make its failure, because having modified most
Whole state must destroy anti-tamper shielded layer, and this will lead to sometime, and chip not can be carried out normal encryption and decryption functions
Operation, to protect key message.
It should be understood that the above-mentioned description for specific embodiment is more detailed, can not therefore be considered to this
The limitation of invention patent protection range, scope of patent protection of the invention should be determined by the appended claims.
Claims (4)
1. a kind of anti-tamper shielded layer for safety chip, which is characterized in that comprising anti-tamper in the anti-tamper shielded layer
Line and the functional line for working normally safety chip logic function for providing signal, anti-tamper line are mutually mixed with functional line;
The anti-tamper line and functional line be physics cabling independently, anti-tamper line and functional line using it is identical walk knot
Structure carries out the mixing that intersects up and down.
2. anti-tamper shielded layer described in claim 1, which is characterized in that the orthographic projection of each physics cabling in a plane is in
Square waveform, and each physics cabling intersects to form multilayered structure up and down.
3. anti-tamper shielded layer as described in claim 1, which is characterized in that the functional line is the signal wire of safety chip.
4. anti-tamper shielded layer as claimed in claim 3, which is characterized in that the signal wire is that the reset of safety chip is believed
Number, enable signal, mode select signal one of work as.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810642493.7A CN108985106B (en) | 2015-10-30 | 2015-10-30 | Tamper-proof shielding layer for security chip |
| CN201810642276.8A CN108920982B (en) | 2015-10-30 | 2015-10-30 | Tamper-proof shielding layer for security chip |
| CN201510721372.8A CN105224887B (en) | 2015-10-30 | 2015-10-30 | A kind of anti-tamper shielded layer for safety chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510721372.8A CN105224887B (en) | 2015-10-30 | 2015-10-30 | A kind of anti-tamper shielded layer for safety chip |
Related Child Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810642276.8A Division CN108920982B (en) | 2015-10-30 | 2015-10-30 | Tamper-proof shielding layer for security chip |
| CN201810642493.7A Division CN108985106B (en) | 2015-10-30 | 2015-10-30 | Tamper-proof shielding layer for security chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105224887A CN105224887A (en) | 2016-01-06 |
| CN105224887B true CN105224887B (en) | 2019-03-15 |
Family
ID=54993849
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810642493.7A Active CN108985106B (en) | 2015-10-30 | 2015-10-30 | Tamper-proof shielding layer for security chip |
| CN201810642276.8A Active CN108920982B (en) | 2015-10-30 | 2015-10-30 | Tamper-proof shielding layer for security chip |
| CN201510721372.8A Active CN105224887B (en) | 2015-10-30 | 2015-10-30 | A kind of anti-tamper shielded layer for safety chip |
Family Applications Before (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810642493.7A Active CN108985106B (en) | 2015-10-30 | 2015-10-30 | Tamper-proof shielding layer for security chip |
| CN201810642276.8A Active CN108920982B (en) | 2015-10-30 | 2015-10-30 | Tamper-proof shielding layer for security chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (3) | CN108985106B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106777678A (en) * | 2016-12-14 | 2017-05-31 | 天津蓝海微科技有限公司 | A kind of effective ways of Security Chip Physical Protection wiring |
| CN108304736A (en) * | 2018-02-09 | 2018-07-20 | 深圳国微技术有限公司 | A kind of safety chip |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1124330A2 (en) * | 2000-02-09 | 2001-08-16 | Algotronix Ltd. | Method of using a mask programmed secret key to securely configure a field programmable gate array |
| CN103646137A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | Method for designing high-safety chip active shielding physical protection structure |
| CN203535642U (en) * | 2013-11-06 | 2014-04-09 | 昆腾微电子股份有限公司 | Dynamic shielding protection device for secure chip |
| CN103779334A (en) * | 2012-10-23 | 2014-05-07 | 北京同方微电子有限公司 | Active protection device for smart card |
Family Cites Families (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5861662A (en) * | 1997-02-24 | 1999-01-19 | General Instrument Corporation | Anti-tamper bond wire shield for an integrated circuit |
| US6975777B1 (en) * | 1999-03-26 | 2005-12-13 | Victor Company Of Japan, Ltd. | Apparatus and method of block noise detection and reduction |
| US20040212017A1 (en) * | 2001-08-07 | 2004-10-28 | Hirotaka Mizuno | Semiconductor device and ic card |
| CN2634530Y (en) * | 2003-07-29 | 2004-08-18 | 上海原子核研究所日环仪器厂 | Bus interface circuit |
| CN101889344B (en) * | 2007-12-06 | 2013-04-24 | 美国博通公司 | Embedded package security tamper mesh |
| JP4468437B2 (en) * | 2007-12-27 | 2010-05-26 | フェリカネットワークス株式会社 | Information processing apparatus, communication method, and program |
| CN101477505B (en) * | 2008-12-23 | 2012-11-21 | 无锡中星微电子有限公司 | Data transmission method between master and slave equipments through bus |
| CN201477600U (en) * | 2009-07-29 | 2010-05-19 | 深圳国微技术有限公司 | Tampered detecting circuit for protecting chip |
| CN103034812B (en) * | 2011-10-08 | 2016-08-10 | 国民技术股份有限公司 | A kind of credible chip compatibility method, equipment and the using method of this equipment |
| CN202352033U (en) * | 2011-10-26 | 2012-07-25 | 北华大学 | Prisoner monitoring system based on Zigbee wireless network and GPRS (General Packet Radio Service) wireless network |
| US9716552B2 (en) * | 2012-07-31 | 2017-07-25 | Acacia Communications, Inc. | OTDM coherent transceiver |
| CN102937945B (en) * | 2012-10-24 | 2015-10-28 | 上海新储集成电路有限公司 | The method of inter-chip interconnects line is reduced during a kind of stacked on top multiple chips |
| CN103020822B (en) * | 2012-12-04 | 2017-03-01 | 武汉擎动网络科技有限公司 | Financial acquirer's method based on double escape ways |
| CN203084701U (en) * | 2013-03-01 | 2013-07-24 | 合肥京东方光电科技有限公司 | Capacitance embedded touch screen and display device |
| CN103150069B (en) * | 2013-03-01 | 2016-08-17 | 合肥京东方光电科技有限公司 | A kind of capacitance type in-cell touch panel and display device |
| US9041432B2 (en) * | 2013-09-30 | 2015-05-26 | Cavium, Inc. | Clock multiplexing and repeater network |
-
2015
- 2015-10-30 CN CN201810642493.7A patent/CN108985106B/en active Active
- 2015-10-30 CN CN201810642276.8A patent/CN108920982B/en active Active
- 2015-10-30 CN CN201510721372.8A patent/CN105224887B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1124330A2 (en) * | 2000-02-09 | 2001-08-16 | Algotronix Ltd. | Method of using a mask programmed secret key to securely configure a field programmable gate array |
| CN103779334A (en) * | 2012-10-23 | 2014-05-07 | 北京同方微电子有限公司 | Active protection device for smart card |
| CN203535642U (en) * | 2013-11-06 | 2014-04-09 | 昆腾微电子股份有限公司 | Dynamic shielding protection device for secure chip |
| CN103646137A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | Method for designing high-safety chip active shielding physical protection structure |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108985106B (en) | 2021-07-20 |
| CN105224887A (en) | 2016-01-06 |
| CN108920982B (en) | 2021-08-17 |
| CN108920982A (en) | 2018-11-30 |
| CN108985106A (en) | 2018-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3454318B1 (en) | Security system with entropy bits generated by a puf | |
| US6973570B1 (en) | Integrated circuit comprising encryption circuitry selectively enabled by verifying a device | |
| DE60101147T2 (en) | MICROPROCESSOR RESISTANT TO ENERGY ANALYSIS | |
| CN104734842B (en) | Method is resisted in circuits bypass attack based on pseudo-operation | |
| Cioranesco et al. | Cryptographically secure shields | |
| KR101185371B1 (en) | Mesh grid protection | |
| EP3147830B1 (en) | Protecting an integrated circuit | |
| US10361873B2 (en) | Test point-enhanced hardware security | |
| Wallat et al. | A look at the dark side of hardware reverse engineering-a case study | |
| US20110258459A1 (en) | Method for protecting the decrypting of the configuration files for programmable logic circuits and circuit implementing the method | |
| US10055587B2 (en) | Implementations to facilitate hardware trust and security | |
| CN105224887B (en) | A kind of anti-tamper shielded layer for safety chip | |
| US10291402B2 (en) | Method for cryptographically processing data | |
| Chen et al. | Hardware protection via logic locking test points | |
| Hamdioui et al. | Hacking and protecting IC hardware | |
| Gao et al. | iPROBE-O: FIB-aware place and route for probing protection using orthogonal shields | |
| Feix et al. | Defeating iso9797-1 mac algo 3 by combining side-channel and brute force techniques | |
| Yu et al. | Hardware obfuscation methods for hardware Trojan prevention and detection | |
| Zhang et al. | Against fault attacks based on random infection mechanism | |
| Peterson | Developing tamper-resistant designs with ultrascale and ultrascale+ FPGAs | |
| Ziad et al. | E-voting Attacks and Countermeasures | |
| CN207070061U (en) | A kind of encrypting module | |
| CN110287708A (en) | One Time Programmable encryption device and its encryption method | |
| Li et al. | Hardware threat: The challenge of information security | |
| Feng et al. | A dynamic active shield against shield rerouting attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 22A, Guoshi building, 1801 Shahe West Road, high tech Zone, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province Patentee after: Guowei group (Shenzhen) Co., Ltd. Address before: 518000 Guangdong city of Shenzhen province Nanshan District high tech Industrial Park South high SSMEC building two floor Patentee before: Guowei Teih Co., Ltd., Shenzhen |