CN111581676B - Processor DPA attack resisting system under double-core lock step fault tolerance - Google Patents
Processor DPA attack resisting system under double-core lock step fault tolerance Download PDFInfo
- Publication number
- CN111581676B CN111581676B CN202010376980.0A CN202010376980A CN111581676B CN 111581676 B CN111581676 B CN 111581676B CN 202010376980 A CN202010376980 A CN 202010376980A CN 111581676 B CN111581676 B CN 111581676B
- Authority
- CN
- China
- Prior art keywords
- processor
- random delay
- read
- slave processor
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
- G06F21/755—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Hardware Redundancy (AREA)
Abstract
The invention relates to the field of microcontrollers and provides a processor DPA attack resisting system under double-core lock step fault tolerance, which comprises a main processor, a slave processor, a random delay enabling module and a read operation storage area, wherein the random delay enabling module is used for enabling the slave processor to execute the random delay enabling operation; the random delay enabling module is used for controlling the random delay of the slave processor; the read operation memory area is used for storing the instructions and data read by the main processor and providing correct instructions and data for the auxiliary processor; the master processor and the slave processor include a synchronous operation stage and an out-of-step operation stage in operation. The invention carries out double power consumption hiding in time and amplitude dimension by modifying the bus layer while ensuring the normal work of the original double-core lock step so as to realize the DPA attack resistance of the processor under the fault tolerance of the double-core lock step, and has the advantages of high safety performance, simple processing and low input cost.
Description
Technical Field
The invention relates to the field of microcontrollers, in particular to a processor DPA attack resisting system under double-core lock step fault tolerance.
Background
With the advent of the 4.0 era of industry, microcontrollers are playing an increasingly important role in the development of industrial automation in China. The processor, as the core of the microcontroller, has a significant challenge in reliability and security due to the ever-updating process nodes and the ever-evolving attack techniques. One of the mainstream fault-tolerant methods currently directed to commercial processors is a dual-core lockstep fault-tolerant scheme in terms of reliability. The technology detects the occurrence of faults by adopting two processors, so that the two processors become self-monitoring pairs. In general, the checkpointing technique is combined to perform state saving and state recovery on software, and can complete fault recovery while detecting faults. In terms of security, one of the currently popular attack modes is differential power consumption analysis attack (DPA), which is an attack mode for acquiring a key by analyzing power consumption information revealed during hardware operation, and because the attack mode bypasses complicated analysis on an encryption algorithm, correlation analysis between power consumption and data is directly carried out, the key can be acquired rapidly and accurately. When the processor is used for software encryption, an attacker can acquire a key through the correlation between power consumption and instructions and data and the combination of statistical data analysis when the internal processor executes an encryption algorithm. On unprotected equipment, the attack mode can quickly acquire the secret key with low attack cost, and further acquire sensitive information, thereby bringing disastrous results. At present, some existing methods in the anti-attack protection of the processor, such as inserting some random instructions or delaying waiting in the pipeline architecture of the CPU, destroy the correlation between the power consumption and the encryption and decryption algorithm. However, for processors that require simultaneous dual-core lockstep fault tolerance, these uncontrolled random delays can directly result in the failure of the dual-core lockstep fault tolerance function. In addition, these methods require modification of the internal architecture of the embedded CPU, the logic within the processor is extremely complex, and the pulling of the whole body is costly to those who are unfamiliar with the processor architecture and internal implementation details.
Disclosure of Invention
In order to solve the technical problems in the prior art, the invention provides a DPA attack resistant system for a processor under double-core lock step fault tolerance, which has the following specific technical scheme.
A processor DPA attack resisting system under double-core lock step fault tolerance comprises a main processor, a slave processor, a random delay enabling module and a read operation storage area; the random delay enabling module is used for controlling the random delay of the slave processor; the read operation memory area is used for storing the instructions and data read by the main processor and providing the correct instructions and data for the auxiliary processor; the master processor and the slave processor include a synchronous operation stage and an out-of-step operation stage in operation.
Further, the synchronous operation stage is that the operation states of the main processor and the slave processor are consistent, and the out-of-step operation stage is that the operation states of the main processor and the slave processor are inconsistent.
Further, when the master processor and the slave processor are in an out-of-step operation stage, the slave processor randomly inserts a delay, and the master processor waits for synchronous operation with the slave processor by randomly inserting the delay before writing operation; the delay is achieved by pulling down the hready signal on the AHB bus.
Further, the delay is implemented by pulling down the hready signal on the AHB bus, and specifically includes: when the hready signal is low, the master processor and the slave processor will stop in the current instruction cycle, and when the hready signal is high, the current instruction is completed, and the program is executed downwards.
Further, the random delay enabling module sends out a random delay enabling signal, wherein the random delay enabling signal comprises a high-level random delay enabling signal and a low-level random delay enabling signal, and the random delay enabling signal is obtained through a true random number, a counter and related control logic; the true random number is obtained by a true random number generator, and then the data after being masked is rand_num; the control logic issues an anti-DPA enable signal.
Further, when the anti-DPA enable signal is at a high level, the counter counts the rand_num, and when the count reaches 0, the random delay enable signal level is pulled up; the rand_num is then again obtained for counting, and when the count reaches 0, the random delay enable signal level is pulled low.
Further, the read operation memory area is provided with 6 FIFO memories with depth of 16, and is divided into 3 groups, wherein the first group is a data FIFO memory, and 2 FIFO memories are used for storing read data and corresponding addresses; the second group is an instruction FIFO memory, wherein 2 FIFO memories are used for storing read instructions and corresponding addresses; the third group is constant FIFO memories, 2 of which are used to store the read constants and corresponding addresses.
Further, the main processor writes the read instruction and data into the FIFO memory, and the instruction and data read from the processor after the step-out operation are obtained from the FIFO memory.
Further, when the random delay enabling signal is in a high level or the running state of the slave processor catches up with the running state of the master processor, namely when the instruction and the data in the FIFO in the read operation storage area are empty, the slave processor carries out delay operation and enters a step-out running state; and otherwise, the slave processor resumes operation and obtains the instruction and the data of the read operation request from the read operation storage area.
Further, in the out-of-step operation stage, when the FIFO in the read operation storage area is full or when the main processor performs a write operation, the main processor performs a delay operation until the slave processor performs the write operation.
The beneficial effects are that:
the DPA attack resistance system of the processor under the double-core lockstep fault tolerance of the invention ensures the normal work of the original double-core lockstep and simultaneously carries out double power consumption hiding in time and amplitude dimension by modifying the bus layer so as to realize the DPA attack resistance characteristic of the processor under the double-core lockstep fault tolerance.
Drawings
FIG. 1 is a block diagram of a dual core lockstep fault tolerant DPA attack resistant design of the present invention;
FIG. 2 is a schematic diagram of the synchronization and out-of-sync operation of a master processor and a slave processor according to the present invention;
FIG. 3 is a block diagram of a random delay enable module of the present invention;
FIG. 4 is a block diagram of a read operation memory area of the present invention.
Detailed Description
The present invention will be further described in detail with reference to the drawings and examples, for the purpose of clarity and understanding of the invention.
As shown in fig. 1, a system for resisting DPA attack by a processor under dual-core lock-step fault tolerance comprises a master processor, a slave processor, a random delay enabling module and a read operation memory area; the random delay enabling module is used for controlling random delay of the slave processor, and when the random delay enabling signal is high, the slave processor inserts delay and enters a waiting state; when the random delay enable signal is low, resuming operation from the processor; the read operation memory area is used for storing instructions and data read by the main processor and providing correct instructions and data for the slave processor.
As shown in fig. 2, the master processor and the slave processor have a synchronous operation phase and an out-of-step operation phase; the synchronous operation is that the operation states between the main processor and the slave processor are consistent, and the out-of-step operation is that the operation states between the main processor and the slave processor are inconsistent.
In the step-out operation stage, the slave processor randomly inserts a delay, and the master processor randomly inserts the delay before writing operation so as to wait for synchronous operation with the slave processor; the delay is achieved by pulling low the hready signal on the AHB bus, and specifically, when the hready signal is low, the master and slave will stop at the current instruction cycle until the hready signal is high, and the current instruction is considered complete, thereby continuing to execute the program down.
As shown in fig. 3, the random delay enable signal is composed of a true random number, a counter and related control logic; the true random number is obtained by a true random number generator, and then the masked data is rand_num.
Counting the rand_num when the power consumption hiding mode is started, namely the DPA resistant enabling signal is high, and pulling up the random delay enabling signal when the count reaches 0; then, the rand_num is acquired again and counted, when the count reaches 0, the random delay enabling signal is pulled down, and the process is repeated to obtain the random delay enabling signal with random high and low levels. The delay time and the normal running time are controlled by configuring the mask value, the larger the effective bit width of the masked random number is, the larger the randomness of the delay insertion of the slave processor is, but the higher the performance cost is brought, so that the reasonable mask value is configured according to the actual situation.
The main processor is provided with an external input signal and an external output signal, the input signal of the auxiliary processor is consistent with the output signal of the main processor, and the output signal is only used for comparing with the output signal of the main processor so as to judge the occurrence of faults. Thus, the slave processor cannot obtain the correct input signal after the out-of-sync operation.
As shown in fig. 4, the read operation memory area includes 6 FIFO memories with depth of 16, and is divided into 3 groups; a first group of data FIFO memories, 2 FIFOs of which are used for storing read data and corresponding addresses; the second group is an instruction FIFO memory, wherein 2 FIFOs are used for storing read instructions and corresponding addresses; the third group is a constant FIFO memory, 2 FIFOs of which are used to store read constants and corresponding addresses. Because the running states of the main processor and the slave processor are consistent even if random delay is carried out under the condition of correct execution of the main processor and the slave processor, the read instructions and data in the main processor are written into the FIFO by adopting a FIFO structure; instructions and data read from the processor after out-of-sync operation are obtained from the FIFO.
When the anti-DPA attack enabling is started, the slave processor performs delay operation and enters an out-of-step running state when the following delay conditions are met:
1. when the random delay enable signal is high;
2. the running state of the slave processor catches up with the main processor, namely when the FIFO in the read operation storage area is empty;
the main processor operates with normal instruction fetching, during which both instructions and data read by the main processor will be stored in the read operation buffer. Otherwise, the slave processor starts to resume operation, and the instruction and data of the slave processor initiating the read operation request are obtained from the read operation memory area.
During out-of-sync operation, the main processor also performs a deferred operation if:
1. when the FIFO in the read operation memory area is full;
2. when the main processor executes the writing operation;
the master processor needs to delay until the slave processor also executes the current write operation, and the master processor and the slave processor perform checkpoint comparison under the dual-core lockstep after reaching a consistent execution state.
Claims (5)
1. The processor DPA attack resisting system under the double-core lock step fault tolerance comprises a master processor and a slave processor, and is characterized by further comprising a random delay enabling module and a read operation storage area; the random delay enabling module is used for controlling the random delay of the slave processor; the read operation memory area is used for storing the instructions and data read by the main processor and providing the correct instructions and data for the auxiliary processor; the main processor and the slave processor comprise a synchronous operation stage and an out-of-step operation stage in operation;
the synchronous operation phase is the operation state between the main processor and the slave processor is consistent, and the out-of-step operation phase is the operation state between the main processor and the slave processor is inconsistent;
when the main processor and the slave processor are in an out-of-step operation stage, the slave processor randomly inserts a delay, and the main processor waits for synchronous operation with the slave processor by randomly inserting the delay before writing operation; the delay is achieved by pulling down the hready signal on the AHB bus;
the delay is implemented by pulling down the hready signal on the AHB bus specifically as: when the hready signal is low, the main processor and the slave processor stop in the current instruction cycle, and when the hready signal is high, the current instruction is completed, and the program is executed downwards;
the random delay enabling module sends out a random delay enabling signal, wherein the random delay enabling signal comprises a high-level random delay enabling signal and a low-level random delay enabling signal, and the random delay enabling signal is obtained through a true random number, a counter and related control logic; the true random number is obtained by a true random number generator, and then the data after being masked is rand_num; the control logic issues an anti-DPA enable signal;
when the DPA resistant enabling signal is in a high level, the counter counts the rand_num, and when the count reaches 0, the level of the random delay enabling signal is pulled up; the rand_num is then again obtained for counting, and when the count reaches 0, the random delay enable signal level is pulled low.
2. The system for resisting DPA attack by a processor under double-core lock-step fault tolerance according to claim 1, wherein the read operation memory area is provided with 6 FIFO memories with depth of 16, and the read operation memory area is divided into 3 groups, wherein the first group is a data FIFO memory, and 2 FIFO memories are used for storing read data and corresponding addresses; the second group is an instruction FIFO memory, wherein 2 FIFO memories are used for storing read instructions and corresponding addresses; the third group is constant FIFO memories, 2 of which are used to store the read constants and corresponding addresses.
3. The system of claim 2, wherein the main processor writes the read instructions and data into the FIFO memory, and the instructions and data read from the processor after the out-of-sync operation are obtained from the FIFO memory.
4. The system for resisting DPA attack by a processor under double-core lock-step fault tolerance according to claim 3, wherein when the random delay enabling signal is at a high level or the running state of the slave processor catches up with the running state of the master processor, namely when the instruction and the data in the FIFO in the read operation memory area are empty, the slave processor performs delay operation and enters the out-of-step running state; and otherwise, the slave processor resumes operation and obtains the instruction and the data of the read operation request from the read operation storage area.
5. A dual core lockstep fault tolerant processor DPA attack resistant system as claimed in claim 3, wherein during the out-of-sync operation phase, when the FIFO in the read store is full or when the main processor performs a write operation, the main processor performs a deferred operation until the slave processor performs the write operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010376980.0A CN111581676B (en) | 2020-05-07 | 2020-05-07 | Processor DPA attack resisting system under double-core lock step fault tolerance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010376980.0A CN111581676B (en) | 2020-05-07 | 2020-05-07 | Processor DPA attack resisting system under double-core lock step fault tolerance |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111581676A CN111581676A (en) | 2020-08-25 |
| CN111581676B true CN111581676B (en) | 2023-05-23 |
Family
ID=72126288
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010376980.0A Active CN111581676B (en) | 2020-05-07 | 2020-05-07 | Processor DPA attack resisting system under double-core lock step fault tolerance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111581676B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018090931A1 (en) * | 2016-11-15 | 2018-05-24 | 华为技术有限公司 | Security system and terminal chip |
| CN111046381A (en) * | 2019-12-27 | 2020-04-21 | 南方电网科学研究院有限责任公司 | Embedded CPU anti-differential power consumption analysis device and method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020165947A1 (en) * | 2000-09-25 | 2002-11-07 | Crossbeam Systems, Inc. | Network application apparatus |
| US6910087B2 (en) * | 2002-06-10 | 2005-06-21 | Lsi Logic Corporation | Dynamic command buffer for a slave device on a data bus |
-
2020
- 2020-05-07 CN CN202010376980.0A patent/CN111581676B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018090931A1 (en) * | 2016-11-15 | 2018-05-24 | 华为技术有限公司 | Security system and terminal chip |
| CN111046381A (en) * | 2019-12-27 | 2020-04-21 | 南方电网科学研究院有限责任公司 | Embedded CPU anti-differential power consumption analysis device and method |
Non-Patent Citations (2)
| Title |
|---|
| YINGXI LU,et.al.Evaluation of Random Delay Insertion against DPA on FPGAs.ACM.2010,全文. * |
| 李红 ; 贺章擎 ; 徐元中 ; .一种基于随机指令延迟的抗旁路攻击处理器结构.微电子学与计算机.2016,(第05期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111581676A (en) | 2020-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10592454B2 (en) | System-on-chip, mobile terminal, and method for operating the system-on-chip | |
| US7634507B2 (en) | Ensuring data persistence and consistency in enterprise storage backup systems | |
| JP2006164277A (en) | Device and method for removing error in processor, and processor | |
| US11593241B2 (en) | Processor with debug pipeline | |
| CN101313281A (en) | Apparatus and method for eliminating errors in a system having at least two execution units with registers | |
| JP2002041489A (en) | Synchronizing signal generation circuit, processor system using the same and synchronizing signal generating method | |
| CN111581003B (en) | Full-hardware dual-core lock-step processor fault-tolerant system | |
| AU2020285262A1 (en) | Error recovery method and apparatus | |
| US10915402B2 (en) | Software fault monitoring | |
| US9594648B2 (en) | Controlling non-redundant execution in a redundant multithreading (RMT) processor | |
| US10303566B2 (en) | Apparatus and method for checking output data during redundant execution of instructions | |
| CN111581676B (en) | Processor DPA attack resisting system under double-core lock step fault tolerance | |
| Palmer et al. | Semantics driven dynamic partial-order reduction of MPI-based parallel programs | |
| CN114610519B (en) | Real-time recovery method and system for abnormal errors of processor register set | |
| Chaudhari et al. | A framework for low overhead hardware based runtime control flow error detection and recovery | |
| US20110197182A1 (en) | Debugging parallel software using speculatively executed code sequences in a multiple core environment | |
| US20200065200A1 (en) | Counter circuitry and methods | |
| Huu et al. | Low-cost recovery for the code integrity protection in secure embedded processors | |
| Amin et al. | A self-checking hardware journal for a fault-tolerant processor architecture | |
| CN104657229A (en) | Multi-core processor rollback recovering system and method based on high-availability hardware checking point | |
| Li et al. | Fault-tolerant Design of Power Edge Computing Processor Based on Full-hardware Dual-core Lockstep | |
| CN1987834A (en) | Method for protecting computer data | |
| US20240160411A1 (en) | System and Method for Providing a Programming Framework for Designing High-Performance Non-Volatile Memory Objects with High Usability | |
| CN112506701B (en) | Multiprocessor chip error recovery method based on three-mode lockstep | |
| El Salloum et al. | Recovery mechanisms for dual core architectures |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210419 Address after: 310013 No. 866 Tong Road, Xihu District, Zhejiang, Hangzhou, Yuhang Applicant after: ZHEJIANG University Applicant after: ELECTRIC POWER Research Institute CHINA SOUTHERN POWER GRID Address before: 310013 No. 866 Tong Road, Xihu District, Zhejiang, Hangzhou, Yuhang Applicant before: ZHEJIANG University |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |