CN102110206B - Method for defending attack and device with attack defending function - Google Patents

Method for defending attack and device with attack defending function Download PDF

Info

Publication number
CN102110206B
CN102110206B CN2010106080853A CN201010608085A CN102110206B CN 102110206 B CN102110206 B CN 102110206B CN 2010106080853 A CN2010106080853 A CN 2010106080853A CN 201010608085 A CN201010608085 A CN 201010608085A CN 102110206 B CN102110206 B CN 102110206B
Authority
CN
China
Prior art keywords
code
setting operation
interference source
execution
source code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2010106080853A
Other languages
Chinese (zh)
Other versions
CN102110206A (en
Inventor
于付真
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Co ltd
Original Assignee
Beijing WatchData System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing WatchData System Co Ltd filed Critical Beijing WatchData System Co Ltd
Priority to CN2010106080853A priority Critical patent/CN102110206B/en
Publication of CN102110206A publication Critical patent/CN102110206A/en
Application granted granted Critical
Publication of CN102110206B publication Critical patent/CN102110206B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a method for defending attack and a device with attack defending function. The method comprises the following steps of: executing a code corresponding to a set operation; and during executing the code, introducing an interference source code for the set operation at the set position of the code. The energy power consumption waveform law abided by the normal operation is disturbed by introducing the interference source code, so that an attacker cannot extract the valid operating time of the important operation of an intelligent card by energy analysis and cannot acquire private data in the intelligent card by energy analysis, and the purpose of protecting the sensitive data in the intelligent card is fulfilled.

Description

The method of defensive attack and the device with attack defending function
Technical field
The present invention relates to the smart card security technical field, relate in particular to a kind of method of the defensive attack for smart card and the device with attack defending function.
Background technology
Present SPA(Simple Power Analysis for the smart card run duration, simple and easy power analysis)/DPA(Differential Power Analysis, differential power analysis)/and the Timing(time) attack means attacked is increasingly various, the information analysis technology such as energy consumption and electromagnetic radiation that these have attacked integrated use, ultimate principle is to analyze by smart card energy in service is consumed waveform, determine start time and the termination time of important code, and the code implementation of operation in during this period attacked, obtain significant data such as safe key etc. such as the execution of upsetting normal code by the interpolation attacks program or even the code term of execution.
Lack at present a kind of effective method and can resist above-mentioned power analysis, had a strong impact on normal running and the data security of smart card.
Summary of the invention
The embodiment of the invention provides a kind of method of defensive attack and the device with attack defending function, is used for stoping the difficulty that capability analysis is attacked or increase is attacked to smart card, guarantees normal running and the data security of smart card.
The invention provides a kind of method of defensive attack, comprising:
Carry out the corresponding code of setting operation;
In carrying out the process of described code, introduce execution to the interference source code of described setting operation at the desired location of described code, the performed operation of described interference source code comprises the operation identical with the type of described setting operation at least;
The desired location of described code comprises:
Adjacent with described code reference position and be positioned at position before the described code; Perhaps
Adjacent with described EOC position and be positioned at position after the described code; Perhaps
Adjacent with described code reference position and be positioned at position before the described code, and adjacent with described EOC position and be positioned at described code position afterwards.
The present invention also provides a kind of device with attack defending function, comprising:
The code performance element is used for carrying out the corresponding code of setting operation;
Interference program is introduced the unit, be used in the process of carrying out described code, introduce execution to the interference source code of described setting operation at the desired location of described code, the performed operation of described interference source code comprises the operation identical with the type of described setting operation at least;
Interference program is introduced the unit, specifically is used for:
Adjacent with described code reference position and be positioned at described code before the position, introduce the execution to the interference source code of described setting operation; Perhaps,
Adjacent with described EOC position and be positioned at described code after the position, introduce the execution to the interference source code of described setting operation; Perhaps,
Adjacent with described code reference position and be positioned at described code before the position and adjacent with described EOC position and be positioned at described code after the position, all introduce the execution to the interference source code of described setting operation.
Utilize the method for defensive attack provided by the invention and the device with attack defending function; has following beneficial effect: by introducing interference mechanism; at smart card the operating process increase of some sensitive datas is disturbed; upset the energy power consumption waveform rule that normal running is followed; thereby make the assailant can't extract by energy spectrometer the effective run time of the important operation of smart card; thereby make it can't obtain by energy spectrometer the private data of smartcard internal, thereby play the purpose of sensitive data in the protection smart card.
Description of drawings
Fig. 1 is the method flow diagram of defensive attack provided by the invention;
Fig. 2 is process flow diagram corresponding to interference source code that operation is introduced for encryption and decryption in the embodiment of the invention;
Fig. 3 is process flow diagram corresponding to interference source code of introducing for write operation in the embodiment of the invention;
Fig. 4 is process flow diagram corresponding to interference source code that all can introduce for encryption and decryption operation and write operation in the embodiment of the invention;
Fig. 5 is the structure drawing of device with attack defending function provided by the invention.
Embodiment
Illustrate in greater detail with the device with attack defending function below in conjunction with the method for drawings and Examples to defensive attack provided by the invention.
Existing power analysis mode is utilized the information such as the energy, electromagnetic radiation of execution time, the consumption of code, instrument by the advanced person and method are obtained confidential data in the smart card such as key etc., be necessary to design one and overlap effectively method and stop this class to be attacked, increase at least to a certain extent the difficulty of attacking.
The invention provides a kind of method of imperial attack, preferably, the method is applied to smart card, and as shown in Figure 1, the method comprises:
Step S101 carries out the corresponding code of setting operation;
Above-mentioned setting operation is for needing the operation of defence power analysis;
The program that smart card is carried out can realize various operations, by can obtain the code of realizing various operational correspondences to the parsing of program, need to defend the operation of power analysis to determine as required in the present embodiment, as select some to relate to the operation that needs the defence power analysis that is operating as of sensitive data, such as encryption and decryption operation, write operation etc., and then go to analyze these and operate corresponding code.
Step S102 in carrying out the process of described code, introduces execution to the interference source code of described setting operation at the desired location of described code.
Smart card of the present invention is in carrying out the setting operation process, by introducing the interference source code at desired location, thereby upset the energy power consumption waveform that normal running is followed, thereby make the assailant can't extract by energy spectrometer the effective run time of the important operation of smart card, reach the purpose that prevents this type of attack.Preferably, above-mentioned interference source code is carried out setting process, like this because above-mentioned interference source code is to carry out setting process, therefore, for smart card, can identify these setting process, thereby the execution of these interference source codes does not affect the normal running of smart card.
During implementation, introduce execution to the interference source code of described setting operation at the desired location of described code, can adopt following any mode:
1) at least one desired location of the code of setting operation, introduces at random the execution to the interference source code of setting operation;
As beginning at the code of setting operation or end position is introduced the interference source code at random; Or begin to introduce at random the interference source code with end position at the code of setting operation.
2) according to the introducing sign that sets in advance at described desired location, determine to introduce the execution to the interference source code of setting operation;
3) set in advance function call code at described desired location by execution, introduce the execution to the interference source code of setting operation.
For 2) and 3) situation, need to be when program curing, in the smart card source program, increase above-mentioned introducing sign/function call code, specifically can adopt following method: the key word of determining the corresponding code of described setting operation; Utilize described key word to adopt matching process that the source program in the smart card memory is resolved, obtain the position of the corresponding code of described setting operation in source program; According to the position of the corresponding code of described setting operation in source program, set in advance described introducing sign/function call code at the desired location of described code.Above-mentioned coupling resolving can be that manual analysis is resolved, also can be that automatic analysis is resolved, preferably, above-mentioned key word is the code of the code starting and ending position of setting operation, if the program of employing automatic analysis is resolved, then can by carrying out the source program in the smart card one time, utilize the code of matching process location setting operation.The present invention is by when program curing; in the smart card source program, increase and introduce sign/function call code; can guarantee the operation that needs protection and/or effective protection of data; can not occur omitting; and this mode realizes by software; do not need specific hardware support, economize on hardware resource and cost.
Particular location for the interference source code can be set as required, but this desired location must be associated with above-mentioned code, so just can realize the object of the invention as long as can reach the desired location of upsetting the waveform rule that normal running follows.Preferably, above-mentioned desired location be positioned at above-mentioned code near, thereby some effective time that interference attack person determine to attack.
In the preferred embodiment of the present invention, described desired location is specially adjacent with described code reference position and is positioned at described code position before, therefore in step S 102, before the code of setting operation, introduce the interference source code, especially introduce the interference source code of realizing the operation identical with the type of described setting operation, for example: if setting operation is the encryption and decryption operation, so just introduce the interference source code of also realizing the encryption and decryption operation, thereby upset the starting point waveform of the energy power consumption waveform of normal running, made the assailant can not effectively determine the effective time of sensitive data operation; Perhaps described particular location is adjacent with described EOC position and is positioned at described code position afterwards, therefore in step S102, behind the code of setting operation, introduce the interference source code, especially introduce the interference source code of realizing the operation identical with the type of described setting operation, for example: if setting operation is the encryption and decryption operation, so just introduce the interference source code of also realizing the encryption and decryption operation, thereby upset the terminal point waveform of the energy power consumption waveform of normal running, also can make the assailant can not effectively determine the effective time of sensitive data operation; Perhaps described particular location is adjacent with described code reference position and is positioned at described code position before, and adjacent with described EOC position and be positioned at described code position afterwards, therefore in step S102, before above-mentioned code He behind the above-mentioned code, all introduce the interference source code, especially introduce the interference source code of realizing the operation identical with the type of described setting operation, for example: if setting operation is the encryption and decryption operation, so just introduce the interference source code of also realizing the encryption and decryption operation, starting point and the terminal point waveform of normal energy power consumption waveform have been changed like this, make the basic None-identified of assailant go out the sensitive data operation, even the assailant adopts the means such as statistical study to obtain effective waveform by denoising in advance, also greatly increased the difficulty of removing noise, and when the type of the type of the performed operation of described interference source code and described setting operation is identical, then can't obtain by the method for denoising effective waveform.
For the multiple operation for smart card realizes upsetting effect better, above-mentioned interference source code preferably adopts multiple, set in advance function call code at described desired location for smart card by execution, introducing is to the execution of the interference source code of setting operation, this function call code comprises input parameter, described function call code calls the interference source code corresponding with input parameter according to input parameter, wherein the corresponding interference source code of carrying out the different set flow process of different input parameters.Therefore, only needing increases identical function call code at above-mentioned desired location, and specifically call which interference source code, input parameter by this function call code determines, thereby realize introducing different interference source codes by different input parameters is set before and after the code of different operating, interference effect is better.
The operation that smart card is carried out has polytype, such as the operation that wherein relates to sensitive data the encryption and decryption operation of carrying out data encrypting and deciphering and the write operation that writes data to storer are arranged, in order further to optimize interference effect, corresponding at least one input parameter of the setting operation of each type, when the corresponding a plurality of input parameter of setting operation, the input parameter of the function call code that increases in this setting operation is chosen in described a plurality of input parameters at random.Like this can be at least a interference source code of the operational design of a certain type, can choose at random one during design interference sources code, choose at random that to carry out flow process be not reproducible so that add the operation of interference source code, thereby further increased the difficulty of attacking.
The energy power consumption waveform of dissimilar operational correspondences is different, energy power consumption waveform such as the encryption and decryption operation is followed certain rule, the energy power consumption waveform of write operation is then followed rule in another, in order to realize better upsetting effect, preferably, the performed operation of interference source code that the desired location of above-mentioned setting operation is introduced comprises the identical operation of type that is with this setting operation.Therefore, the performed setting process of interference source code of introducing at the desired location of the code of above-mentioned setting operation, can realize the operation of the same type with this setting operation, the interference source code that namely operation is introduced for encryption and decryption, performed operation also is a kind of encryption and decryption operation, interference source code for the write operation introducing, performed operation also is a kind of write operation, just the operation of the encryption and decryption of these introducings and write operation set in advance, therefore can not affected normal encryption and decryption operation and write operation by the normal identification of smart card, and because action type is identical, from waveform, thoroughly played the effect of upsetting.
Preferably, need to defend the operation of power analysis specifically to comprise the encryption and decryption operation of carrying out data encrypting and deciphering and/or the write operation that writes data to storer in the present embodiment.
Operate for encryption and decryption, the action type that the interference source code of introducing is realized is the encryption and decryption operation, concrete encryption and decryption flow process can be set flexibly, the enciphering and deciphering algorithm that adopts also can be set flexibly, preferably, the interference source code that operation is introduced for encryption and decryption, as shown in Figure 2, specifically carry out following setting process:
Step S201 uses real random number generator to generate at random the encryption and decryption times N, and described N is the integer more than or equal to 0, can limit the length of encryption and decryption times N, as is defined as 1 byte.
Step S202 uses described real random number generator to generate N random data D 1, D 2... D N
Certainly, also can limit the length of random data, be 8 bytes or other length as limiting length.
Step S203 uses described real random number generator to generate N group random key K 1, K 2... K N
The execution of step S202 and step S203 is without successively restriction.
Certainly, the data characteristic for random key should meet can produce at random according to the enciphering and deciphering algorithm that adopts, as when adopting the DES enciphering and deciphering algorithm, the above-mentioned key that produces at random meets the at random characteristic of secret of DES, certainly, also can adopt other enciphering and deciphering algorithm.
Step S204 judges whether to have carried out N encryption and decryption computing, if, finish, otherwise execution in step S205;
Step S205 takes off one group of random key K iAnd random data D i, use K iTo D iThe operation that is encrypted or deciphers, the value of each i are all different, and 1≤i≤N, return execution in step S204.
Said process has been realized N encryption and decryption computing, the random data and the random key that use in the encryption and decryption computing also produce at random, because N is the integer more than or equal to 0, so whether introducing the number of times of encryption and decryption computing and the computing of introducing encryption and decryption all produces at random, thereby can guarantee that the execution flow process of smart card when processing same encryption and decryption operation is not reproducible, smart card is attacked by approach such as energy spectrometers in order to effectively prevent.The interference source code of above-mentioned setting process is corresponding with the first input parameter, and before or after the code of encryption and decryption operation, or the function call code that front and back all increase can adopt this first input parameter.
For write operation, the action type that the interference source code of introducing is realized also is write operation, the concrete flow process of writing data can be set flexibly, in order to support that certain position has been reserved in the execution of the interference source code of write operation introducing in the embodiment of the invention in storage, the interference source code of introducing for write operation writes, preferably, for the interference source code of writing close operation introducing, as shown in Figure 3, specifically carry out following setting process:
Step S301 uses real random number generator to generate at random and writes times N ', N ' is the integer more than or equal to 0;
Certainly, also can limit the encryption and decryption times N ' length, as be defined as 1 byte.
Step S302 uses real random number generator to generate at random the individual random data R of N ' 1, R 2... R N';
Certainly, also can limit in advance the length of random data.
Step S303 judges whether to have carried out the inferior data of writing of N ', if, finish, otherwise execution in step S304;
Step S304 gets random data R iThe appointment reserved location of write store, the value of each i are all different, and 1≤i≤N ' returns execution in step S303.
Said process has been realized the inferior data of writing of N ', N ' produces at random, the random data that at every turn writes also produces at random, because N ' is the integer more than or equal to 0, so whether introducing write operation and introducing writes the number of times of data and all produces at random, thereby can guarantee that the execution flow process of smart card when processing same write operation is not reproducible, smart card is attacked by approach such as energy spectrometers in order to effectively prevent.The interference source code of above-mentioned setting process is corresponding with the second input parameter, and before or after the code of write operation, or the function call code that front and back all increase can adopt this second input parameter.
The above embodiment of the present invention to the encryption and decryption operational design interference source code of the same type with encryption and decryption operation, designed the interference source code of the same type with write operation for write operation, in another embodiment of the present invention, can introduce the combination of above-mentioned two kinds of interference source codes for encryption and decryption operation or write operation, as shown in Figure 4, at the interference source code that the desired location of the code of encryption and decryption operation or write operation is introduced, specifically carry out following setting process:
Step S401 uses real random number generator to generate at random the encryption and decryption times N, and described N is the integer more than or equal to 0, can limit the length of N;
Step S402 uses described real random number generator to generate N random data D 1, D 2... D N, can limit the length of random data,
Step S403 uses described real random number generator to generate N group random key K 1, K 2... K N
The execution of step S402 and step S403 is without successively restriction.
Step S404 uses real random number generator to generate at random and writes times N ', N ' is the integer more than or equal to 0, can limit the length of N ';
Step S404 is as long as before step S405, with the execution of step S401, step S402 and step S403 without successively limiting.
Step S405 uses real random number generator to generate at random the individual random data R of N ' 1, R 2... R N';
Step S406 determines whether i equals less among N and the N ' one, and wherein the i initial value is 1, if equal, and execution in step S408 then, if be not equal to, execution in step S407;
Step S407 uses K iTo D iBe encrypted or decipher, write R to the appointment reserved location of storer i, i increases 1;
Step S408 judges whether N equals N ', if finish, otherwise execution in step S409;
Whether step S409 judges N greater than N ', if execution in step S410, otherwise execution in step S411;
Step S410 carries out at last and once uses K iTo D iBe encrypted or decipher, finish;
Step S411, at last execution once writes R to the appointment reserved location of storer i, finish.
The interference source code of above-mentioned setting process is corresponding with the 3rd input parameter, and before or after the code of encryption and decryption operation, or the function call code that front and back all increase can be chosen from this first input parameter and the 3rd input parameter at random; Before or after the code of write operation, or the function call code that front and back all increase can be chosen from this second input parameter and the 3rd input parameter at random.
Below a preferred embodiment of defence power analysis provided by the invention.
1) program is resolved: parse the corresponding code of operation that setting operation namely needs to defend power analysis in the source program that smart card is carried out;
It can be that the program of manually smart card being carried out is analyzed that program is resolved, also can be according to the key word of the corresponding code of setting operation, the program that design one cover software or system carry out smart card adopts the keyword match method to analyze, setting operation in the program of analyzing in the present embodiment and putting in order out, be specially the encryption and decryption of carrying out the data encrypting and deciphering computing and/or EEPROM write operation from data to EEPROM (Erasable Programmable ROM, erasable programmable ROM) that write.
These operations generally all relate to the operation to sensitive data, general also is assailant's target of attack, therefore need to analyze these operations, introduce in its vicinity perturbation operation, upset original flow process, make the assailant can't locate the real initial sum termination time point to the sensitive data operation, thereby guarantee the security of sensitive data.
The assailant analyzes the current action type of card by information such as energy consumptions, and the operation that generally has obvious energy consumption to change is encryption and decryption operation and EEPROM write operation, therefore when program is carried out analysis and arrangement, focus is placed on this generic operation and gets final product.
Program structure in the present embodiment after the process analysis arrangement is as shown in table 1:
The program structure of table 1 after the process analysis arrangement
Figure BDA0000040894640000091
In the said procedure structure, sensitive data running program sequence is the corresponding code collection of setting operation, and the program between per two sensitive data running program sequences becomes the program basic sequence.
2) in program structure, increase the function call code
Increase the function call code before and after sensitive data running program sequence, the function call code calls the interference source code corresponding with input parameter according to input parameter, wherein interference source code corresponding to different input parameters.The function call code only has a kind ofly in the present embodiment for simplicity, forms dissimilar interference sources by introducing input parameter.
The function call code is specifically as follows following form:
void?intruder(int?interferon)
Wherein interferon is input parameter, and int represents integer.
As shown in table 2 in above-mentioned program structure after increasing the function call code before and after the sensitive data running program sequence in the present embodiment:
Table 2 increases the program structure behind the function call code
Figure BDA0000040894640000101
Before and after the agenda of sensitive data operation, all increased the function call code in the present embodiment, especially introduce the interference source code of realizing the operation identical with the type of described setting operation, for example: if setting operation is the encryption and decryption operation, so just introduce the interference source code of also realizing the encryption and decryption operation.As for whether having introduced at last to disturb by interference function itself determine as in the above-described embodiments, in the encryption and decryption times N that produces at random or write times N ' when being zero, be actually not to disturb and introduce, present embodiment calls different interference source codes by the function call code according to input parameter, make program really become unpredictable to the point of sensitive data operation, also can't obtain correct time point by means such as statistical study denoisings, interference is all introduced in the front and back of sensitive data operation, can greatly increase the assailant removes noise by means such as statistical study difficulty.
The below provides the design of interference source code in the embodiment of the invention.
The interference source code that different input parameters is corresponding different.And the operation that the interference source code is performed; comprise the operation identical with the type of the setting operation of actual this section sensitive data that will protect; the sensitive data running program sequence what type is arranged; just can be for the interference source code of this agenda design same type; only has in general encryption and decryption; the EEPROM write operation has obvious energy; the phenomenons such as time; just can cause assailant's attention and be used, so present embodiment is to encryption and decryption; EEPROM write operation respectively correspondence has designed the encryption and decryption interference source; EEPROM writes this two classes interference source code of interference source.
Below just write interference source for encryption and decryption interference source, EEPROM Programming Methodology be described.
Introduce the setting process that the encryption and decryption interference source is carried out as an example of the DES algorithm example:
1) using real random number generator to generate length is that the encryption number of times of 1 byte is designated as N;
2) use real random number generator to generate N the random data D that length is 8 bytes 1, D 2... D N
3) use real random number generator to generate N group DES key at random and be designated as K 1, K 2... K N
4) use successively K iTo D iBe encrypted or decipher, 1≤i≤N.
During implementation, the design of the setting process of carrying out for the encryption and decryption interference source according to the actual needs can be very flexible, and the above has only provided one with reference to example.
Write interference source for EEPROM, open up in advance one section EEPROM space and be designated as ADDRESS as the operating space of interference source, the below introduces EEPROM and writes the setting process that interference source is carried out:
1) using real random number generator to generate length is that the number of times of writing of 1 byte is designated as N ';
2) using real random number generator to generate the individual length of N ' is 1 bytes of random data R 1, R 2... R N';
3) write R to ADDRESS successively 1, R 2... R N'.
During implementation, the design of the setting process of carrying out for the EEPROM interference source according to the actual needs can be very flexible, and the above has only provided one with reference to example.
Introducing to the interference of a certain type operations in real process also can realize with the combination of polytype interference source, and the interference source that comprises this a certain type in this combination, the combination of writing interference source such as encryption and decryption interference source and EEPROM both can have been introduced the encryption and decryption operation and also can introduce write operation, specifically after the combination carried out following flow process:
1) using real random number generator to generate length is that the encryption and decryption of 1 byte disturbs number of times to be designated as N;
2) use real random number generator to generate N the random data D that length is 8 bytes 1, D 2... D N
3) use real random number generator to generate N group DES key at random and be designated as K 1, K 2... K N
4) using real random number generator to generate length is that the number of times of writing of 1 byte is designated as N ';
5) using real random number generator to generate the individual length of N ' is 1 bytes of random data R 1, R 2... R N';
6) repeat following steps and equal less among N and the N ' one to i: use K iTo D iBe encrypted or decipher, write R to the appointment reserved location of storer i, i increases 1;
7) if N=N ' then finishes, if N>N ' carries out at last and once uses K iTo D iBe encrypted or decipher, if N<N ', at last execution once writes R to the appointment reserved location of storer i
Introducing which type of interference source is determined by input parameter, when writing the corresponding input parameter A3 of interference source as writing the corresponding input parameter A2 of interference source, encryption and decryption interference source and EEPROM at the corresponding input parameter A1 of encryption and decryption interference source, EEPROM, the input parameter of the function call code that increases before and after the encryption and decryption operation can be A1 or A3, and the input parameter of the function call code that increases before and after the write operation can be A2 or A3.
The embodiment of the invention is by disturbing the mechanism of introducing, in the smart card operational process, operating process to some sensitive datas increases interference, make the assailant can't correctly locate effective time point, such as when carrying out the encryption and decryption operation, can introduce extra encryption and decryption disturbs, make the assailant can't determine which starting point is only the beginning of real encryption and decryption operation, make the assailant extract safe key in the card by energy spectrometer, reach the purpose that prevents this type of attack, and adopt too similar scrambling mode for the EEPROM write operation, make the assailant can't obtain the correct point of attack.
The invention provides a kind of device with attack defending function, as shown in Figure 5, comprising: code performance element 501 is used for carrying out the corresponding code of setting operation; Interference program is introduced unit 502, is used in the process of carrying out described code, introduces execution to the interference source code of described setting operation at the desired location of described code.
Preferably, described interference program is introduced unit 502, and concrete at least one desired location that is used at described code is introduced the execution to the interference source code of described setting operation at random; Perhaps be used for determining to introduce the execution to the interference source code of described setting operation according to the introducing sign that sets in advance at described desired location; Perhaps for the function call code that sets in advance by execution at described desired location, introduce the execution to the interference source code of described setting operation.By when the program curing; in the smart card source program, increase and introduce sign/function call code; can guarantee the operation that needs protection and/or effective protection of data; can not occur omitting; and this mode realizes by software; do not need specific hardware support, economize on hardware resource and cost.
Preferably, described interference program is introduced unit 502, concrete be used for adjacent with described code reference position and be positioned at described code before the position, introducing is to the execution of the interference source code of described setting operation, especially introduce the interference source code of realizing the operation identical with the type of described setting operation, for example: if setting operation is the encryption and decryption operation, so just introduce the interference source code of also realizing the encryption and decryption operation; Perhaps adjacent with described EOC position and be positioned at described code after the position, introducing is to the execution of the interference source code of described setting operation, especially introduce the interference source code of realizing the operation identical with the type of described setting operation, for example: if setting operation is the encryption and decryption operation, so just introduce the interference source code of also realizing the encryption and decryption operation; Perhaps adjacent with described code reference position and be positioned at position before the described code, introducing is to the execution of the interference source code of described setting operation, and adjacent with described EOC position and be positioned at described code position afterwards, introducing is to the execution of the interference source code of described setting operation, especially introduce the interference source code of realizing the operation identical with the type of described setting operation, for example: if setting operation is the encryption and decryption operation, so just introduce the interference source code of also realizing the encryption and decryption operation.
Preferably, interference program is introduced unit 502, sets in advance described introducing sign/function call code at the desired location of described code, specifically comprises: the key word of determining the corresponding code of described setting operation; Utilize described key word to adopt matching process that source program is resolved, obtain the position of the corresponding code of described setting operation in described source program; According to the position of the corresponding code of described setting operation in described source program, set in advance described introducing sign/function call code at the desired location of the corresponding code of described setting operation.
Preferably, described interference program is introduced unit 502 performed function call codes and is comprised input parameter, described function call code calls the interference source code corresponding with input parameter according to input parameter, wherein interference source code corresponding to different input parameters.
Preferably, corresponding at least one input parameter of the setting operation of each type, when the corresponding a plurality of input parameter of described setting operation, described interference program is introduced unit 502 performed function call codes and choose at random input parameter in described a plurality of input parameter.
Preferably, described interference program is introduced unit 502 and is introduced the performed operation of interference source code that the unit is introduced, and comprises the operation identical with the type of described setting operation.
Preferably, described setting operation is the encryption and decryption operation, described interference program is introduced the desired location of unit 502 concrete codes for operating in described encryption and decryption and introduced the interference source code of carrying out following setting process: use real random number generator to generate at random the encryption and decryption times N, N is the integer more than or equal to 0; Use described real random number generator to generate N random data D 1, D 2... D NUse described real random number generator to generate N group random key K 1, K 2... K NUse successively K iTo D iBe encrypted or decipher, 1≤i≤N; And/or
Described setting operation is write operation, described interference program introducing unit 502 specifically is used for introducing the interference source code of carrying out following setting process at the desired location of the code of described write operation: the use real random number generator generates at random writes times N ', N ' is the integer more than or equal to 0; Use real random number generator to generate at random the individual random data R of N ' 1, R 2... R N'; With R 1, R 2... R N' the appointment reserved location of write store successively.
Preferably, described setting operation is encryption and decryption operation or write operation, and described interference program introducing unit 502 specifically is used for all introducing the interference source code of carrying out following setting process at the desired location of the code of described encryption and decryption operation or write operation:
Use real random number generator to generate at random the encryption and decryption times N, described N is the integer more than or equal to 0;
Use described real random number generator to generate N random data D 1, D 2... D N
Use described real random number generator to generate N group random key K 1, K 2... K N
Use real random number generator to generate at random and write times N ', N ' is the integer more than or equal to 0;
Use real random number generator to generate the individual random data R of N ' 1, R 2... R N';
Repeat following steps and equal to reach one less among N and the N ' to i, wherein the i initial value is 0: use K iTo D iBe encrypted or decipher, write R to storer i, i increases 1;
If N=N ' then finishes, if N>N ' carries out at last and once uses K iTo D iBe encrypted or decipher, if N<N ', at last execution once writes R to the appointment reserved location of storer i
The device of the above-mentioned defence power analysis of the present invention, by being increased, place before and after the operation of program sensitive data disturbs, make the correctly initial sum termination locations of locator key operation of outside world person, make it obtain the inner private data of card by energy spectrometer, thereby play the purpose of sensitive data in the card.
Preferably, the device with attack defending function that the above embodiment of the present invention provides is smart card.Preferably, this smart card can also comprise in the existing smart card and installs part, as comprise the storage unit for storage data Flash; Central processing unit CPU; Internal storage access control module MAC (Memory AccessControl); The devices such as RAM can also comprise:
The USB/UART interface that is connected with BUS is used for connecting external unit;
The algorithm control module is connected with CPU by BUS, carries out when needed various algorithms according to the control of CPU, the algorithm relevant such as safety;
The clock generating control module is connected with CPU by BUS, is used for being responsible for the generation of internal clocking and the control of clock frequency, produces the required clock signal of CPU;
Interrupt control module, be connected with CPU by BUS, interrupt control and processing when needs interrupt according to being controlled at of CPU;
Randomizer is connected with CPU by BUS, according to the required random number of control generation CPU of CPU.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (11)

1. the method for a defensive attack is characterized in that, comprising:
Carry out the corresponding code of setting operation;
In carrying out the process of described code, introduce execution to the interference source code of described setting operation at the desired location of described code, the performed operation of described interference source code comprises the operation identical with the type of described setting operation at least;
The desired location of described code comprises:
Adjacent with described code reference position and be positioned at position before the described code; Perhaps
Adjacent with described EOC position and be positioned at position after the described code; Perhaps
Adjacent with described code reference position and be positioned at position before the described code, and adjacent with described EOC position and be positioned at described code position afterwards.
2. the method for claim 1 is characterized in that, described desired location at described code is introduced the execution to the interference source code of described setting operation, specifically comprises:
At at least one desired location of described code, introduce at random the execution to the interference source code of described setting operation; Perhaps
According to the introducing sign that sets in advance at described desired location, determine to introduce the execution to the interference source code of described setting operation; Perhaps
Set in advance function call code at described desired location by execution, introduce the execution to the interference source code of described setting operation.
3. method as claimed in claim 2 is characterized in that, sets in advance described introducing sign/function call code at the desired location of described code, specifically comprises:
Determine the key word of the corresponding code of described setting operation;
Utilize described key word to adopt matching process that source program is resolved, obtain the position of the corresponding code of described setting operation in described source program;
According to the position of the corresponding code of described setting operation in described source program, set in advance described introducing sign/function call code at the desired location of the corresponding code of described setting operation.
4. method as claimed in claim 2, it is characterized in that described function call code comprises input parameter, described function call code is according to input parameter, call the interference source code corresponding with described input parameter, wherein interference source code corresponding to different input parameters.
5. method as claimed in claim 4, it is characterized in that, corresponding at least one input parameter of the setting operation of each type, when the corresponding a plurality of input parameter of described setting operation, described function call code is chosen input parameter at random in described a plurality of input parameters.
6. the device with attack defending function is characterized in that, comprising:
The code performance element is used for carrying out the corresponding code of setting operation;
Interference program is introduced the unit, be used in the process of carrying out described code, introduce execution to the interference source code of described setting operation at the desired location of described code, the performed operation of described interference source code comprises the operation identical with the type of described setting operation at least;
Interference program is introduced the unit, specifically is used for:
Adjacent with described code reference position and be positioned at described code before the position, introduce the execution to the interference source code of described setting operation; Perhaps,
Adjacent with described EOC position and be positioned at described code after the position, introduce the execution to the interference source code of described setting operation; Perhaps,
Adjacent with described code reference position and be positioned at described code before the position and adjacent with described EOC position and be positioned at described code after the position, all introduce the execution to the interference source code of described setting operation.
7. device as claimed in claim 6 is characterized in that, described interference program is introduced the unit, specifically is used for:
At at least one desired location of described code, introduce at random the execution to the interference source code of described setting operation; Perhaps,
According to the introducing sign that sets in advance at described desired location, determine to introduce the execution to the interference source code of described setting operation; Perhaps,
Set in advance function call code at described desired location by execution, introduce the execution to the interference source code of described setting operation.
8. device as claimed in claim 7 is characterized in that, described interference program is introduced the unit and set in advance described introducing sign/function call code at the desired location of described code, specifically comprises:
Determine the key word of the corresponding code of described setting operation;
Utilize described key word to adopt matching process that source program is resolved, obtain the position of the corresponding code of described setting operation in described source program;
According to the position of the corresponding code of described setting operation in described source program, set in advance described introducing sign/function call code at the desired location of the corresponding code of described setting operation.
9. device as claimed in claim 7, it is characterized in that, described interference program is introduced the performed function call code in unit and is comprised input parameter, described function call code is according to input parameter, call the interference source code corresponding with described input parameter, wherein interference source code corresponding to different input parameters.
10. device as claimed in claim 9, it is characterized in that, corresponding at least one input parameter of the setting operation of each type, when the corresponding a plurality of input parameter of described setting operation, described interference program is introduced the performed function call code in unit and choose at random input parameter in described a plurality of input parameter.
11., it is characterized in that described device is smart card such as the arbitrary described device of claim 8~10.
CN2010106080853A 2010-12-27 2010-12-27 Method for defending attack and device with attack defending function Expired - Fee Related CN102110206B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010106080853A CN102110206B (en) 2010-12-27 2010-12-27 Method for defending attack and device with attack defending function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010106080853A CN102110206B (en) 2010-12-27 2010-12-27 Method for defending attack and device with attack defending function

Publications (2)

Publication Number Publication Date
CN102110206A CN102110206A (en) 2011-06-29
CN102110206B true CN102110206B (en) 2013-01-16

Family

ID=44174365

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010106080853A Expired - Fee Related CN102110206B (en) 2010-12-27 2010-12-27 Method for defending attack and device with attack defending function

Country Status (1)

Country Link
CN (1) CN102110206B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2494731B (en) * 2011-09-06 2013-11-20 Nds Ltd Preventing data extraction by sidechannel attack
CN102710413A (en) * 2012-04-25 2012-10-03 杭州晟元芯片技术有限公司 System and method with function of DPA/SPA (Differential Power Analysis/Simple Power Analysis) attack prevention
CN102946307B (en) * 2012-11-14 2015-05-13 中国地质大学(武汉) Method and system for protecting electricity consumption privacy of smart grid users
CN104657680A (en) * 2013-11-20 2015-05-27 上海华虹集成电路有限责任公司 In-chip template attack resisting data transmission method
CN108537271B (en) * 2018-04-04 2021-02-05 重庆大学 Method for defending against sample attack based on convolution denoising self-encoder

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2776410B1 (en) * 1998-03-20 2002-11-15 Gemplus Card Int DEVICES FOR MASKING THE OPERATIONS CARRIED OUT IN A MICROPROCESSOR CARD
FR2789776B1 (en) * 1999-02-17 2001-04-06 Gemplus Card Int COUNTER-MEASUREMENT METHOD IN AN ELECTRONIC COMPONENT USING A SECRET KEY CRYPTOGRAPHY ALGORITHM
DE19936529C1 (en) * 1999-08-03 2001-02-01 Orga Kartensysteme Gmbh Method for encrypting data using standard encryption in a microprocessor-based, portable data carrier
KR100373669B1 (en) * 1999-09-29 2003-02-26 가부시키가이샤 히타치세이사쿠쇼 The device for processing secret information, recording medium for storing program and system therefor
DE10101956A1 (en) * 2001-01-17 2002-07-25 Infineon Technologies Ag Method for increasing the security of a CPU by prevention of differential power analysis by insertion of a random placeholder code in a CPU pipeline decode stage that does not, however, affect the CPU state

Also Published As

Publication number Publication date
CN102110206A (en) 2011-06-29

Similar Documents

Publication Publication Date Title
EP3007093B1 (en) System and method for reducing information leakage from memory
Agosta et al. A code morphing methodology to automate power analysis countermeasures
CN102110206B (en) Method for defending attack and device with attack defending function
RU2541196C2 (en) Method of providing software integrity
EP3316177B1 (en) Attack prevention method, apparatus and chip for cipher engine
CN103903043B (en) A kind of smart card Trinity preventing side-channel attack means of defence and system
CN109462477B (en) White box encryption method based on Internet of things embedded equipment
US8301890B2 (en) Software execution randomization
CN103136458A (en) Code protection method for Linux operating system and module of method
CN111030991B (en) Method for defending control flow attack for data processor
CN104506504A (en) Security mechanism and security device for confidential information of card-free terminal
JP2015103253A (en) Method of generating structure and corresponding structure
CN112395654A (en) Storage device
CN111046381A (en) Embedded CPU anti-differential power consumption analysis device and method
EP3844647A1 (en) System and method for providing protected data storage in data memory
CN113673002A (en) Memory overflow defense method based on pointer encryption mechanism and RISC-V coprocessor
WO2008013083A1 (en) Pseudo random number generator, stream encrypting device, and program
CN109299944B (en) Data encryption method, system and terminal in transaction process
CN110543766A (en) method for resisting control flow attack of data processor
Wadi et al. A low cost implementation of modified advanced encryption standard algorithm using 8085A microprocessor
Zambreno et al. Flexible software protection using hardware/software codesign techniques
CN108121917B (en) Method and system for circuit protection
CN101281576A (en) Method and apparatus for executing protection software code
CN111538988A (en) Anti-attack program running method and device, storage medium and electronic device
US20160277361A1 (en) Control method and device for controlling authenticity of codes resulting from application of a bijective algorithm to messages

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden

Patentee after: BEIJING WATCHDATA Co.,Ltd.

Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden

Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130116

Termination date: 20211227