CN103324467A - Side-channel attack resisting processor architecture based on random instruction delay - Google Patents
Side-channel attack resisting processor architecture based on random instruction delay Download PDFInfo
- Publication number
- CN103324467A CN103324467A CN2013102028789A CN201310202878A CN103324467A CN 103324467 A CN103324467 A CN 103324467A CN 2013102028789 A CN2013102028789 A CN 2013102028789A CN 201310202878 A CN201310202878 A CN 201310202878A CN 103324467 A CN103324467 A CN 103324467A
- Authority
- CN
- China
- Prior art keywords
- random
- instruction
- module
- flowing water
- operation instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Power Sources (AREA)
- Executing Machine-Instructions (AREA)
Abstract
The invention discloses a side-channel attack resisting processor architecture based on random instruction delay. The architecture is that an instruction memory is connected with an instruction random scheduling module, a central processing unit is connected with a multi-channel selector, a random flowing water section delay module and a data memory respectively, the multi-channel selector is connected with the instruction random scheduling module and a random waste instruction injection module respectively, and a random number generating module is connected with the random waste instruction injection module, the instruction random scheduling module and the random flowing water section delay module respectively. The side-channel attack resisting processor architecture enables a specific operation execution time point of side-channel attack not to be confirmed through an instruction random scheduling and out-of-order execution mode, a random waste instruction injection mode, a random flowing water section operation delay mode and the like, accordingly enables statistic analysis to be difficult to perform, greatly enhances the side-channel attack resisting capacity of a system and avoids cryptographic algorithm decryption caused by leakage of side-channel information.
Description
Technical field
The present invention relates to information security field, relate to a kind of processor architecture of anti-bypass attack, particularly a kind of anti-bypass attack processor architecture that postpones based on stochastic instruction.
Background technology
The information security chip is widely used in every field, safe storage, data encrypting and deciphering, digital signature and the authentication of main completing user critical data and identity discriminating etc.Often as the core of security control with trust root, so the security of safety chip self plays key effect to whole system to safety chip in various application systems.
The complicacy of cryptographic algorithm in the chip and the safety of key are depended in the security of safety chip to a great extent.The cryptographic algorithm of current widespread use has all reached very high complicacy, and the cryptanalysis on the mathematical meaning is complete decryption algorithm almost.And bypass attack is a kind of a kind of attack method that utilizes the bypass information of revealing in the cryptographic algorithm specific implementation directly to obtain (comprising the execution time, power consumption, electromagnetic radiation, sound etc.) key that occurs in recent years.Studies show that, for the crypto chip without any protection, the assailant only needs a small amount of power consumption/electromagnetism curve just can crack key within a few minutes.Therefore, the appearance of bypass attack brings serious security threat to safety chip, and this just requires safety chip particularly must possess the ability of anti-bypass attack in the specific implementation of cryptographic algorithm.
The technology of the anti-bypass attack that has proposed comprises increases noise signal, insert random delay and use random mask, adopt the constant logical block of power consumption and power consumption smoothing technique etc., mainly is to eliminate the leak that can be attacked in the cryptographic algorithm specific implementation or the difficulty that increases power consumption attack.But there is a lot of shortcoming and defect in above defence method.For example, can weaken intuitively correlativity between power consumption and the key although increase noise signal, the assailant can adopt the signal processing technology such as auto adapted filtering to eliminate the impact of noise.Adopt n rank random mask can resist the n jump and divide power consumption attack, but divide power consumption attack helpless to the n+1 jump.Adopt simultaneously mask technology for the different different mask algorithms of cryptographic algorithm design, will take a large amount of resources when the construction cycle length of mask algorithm and realization.Adopt the constant logical block of power consumption can resist power consumption attack to a certain extent, but with compare based on the realization of static criteria unit, chip area and power consumption approximately double, but operational performance approximately drops to the former half.Still lack real effectively anti-bypass attack method, effective bypass attack protection can be provided under the prerequisite of low hardware and system performance expense.
The random time delay technology postpones by introduce random time in cryptographic algorithm, so that bypass attack can't be determined the execution time point of certain operations, thus the difficulty of increase statistical study.This technology easily realizes, and can be applied in the various algorithms, and fault attacks, timing attack, differential power consumption are attacked and higher difference power consumption attack etc. all has certain protective action.The random delay technology that has proposed comprises the employing multi-clock, inserts dummy instruction, inserts random no-operation instruction (no-op) etc.But single random delay method is proved to be and has limitation.Studies show that, attack for DPA (Differential Power Analysis), after inserting the random time delay, although single biasing spike is separated into the little spike on some diverse locations, significantly reduce the signal to noise ratio (S/N ratio) that DPA attacks, if the scope that the assailant can the evaluation time delay may occur, namely determine the time delay window, so by analyzing the total power consumption in this time window, the signal to noise ratio (S/N ratio) of can Effective Raise DPA attacking is so that the random delay technical failure.
Summary of the invention
The object of the invention is to overcome the shortcoming of prior art with not enough, a kind of anti-bypass attack processor architecture that postpones based on stochastic instruction is provided, the present invention is applied to safety chip, can resist the Various Complex bypass attack, avoids causing cryptographic algorithm to be cracked because of the leakage of bypass information.
Technical scheme of the present invention is:
A kind of anti-bypass attack processor architecture that postpones based on stochastic instruction, utilize multiple stochastic instruction delay technology to resist bypass attack, it is characterized in that: comprise instruction random schedule module, random no-operation instruction (no-op) injection module, random flowing water section Postponement module, MUX, CPU (central processing unit), the random number generation module, command memory and data-carrier store, wherein, command memory and instruction random schedule module links to each other, CPU (central processing unit) respectively with MUX, random flowing water section Postponement module links to each other with data-carrier store, and MUX is and instruction random schedule module respectively, random no-operation instruction (no-op) injection module links to each other.The random number generation module links to each other with random no-operation instruction (no-op) injection module, instruction random schedule module and random flowing water section Postponement module respectively.
Described instruction memory is used for all required very long instruction words of storage instruction random schedule module;
But the instruction that described instruction random schedule module can a plurality of executed in parallel of random schedule and out of order emission;
Described data-carrier store is used for the storage CPU (central processing unit) and carries out required data;
Described CPU (central processing unit) be used for to be carried out instruction, instruction execution unit namely, and instruction execution unit is divided into again n flowing water section, and n is not equal to zero natural number;
The generation no-operation instruction (no-op) that described random no-operation instruction (no-op) injection module is can be in normal execution process instruction random also is transmitted into CPU (central processing unit) and carries out;
Described random flowing water section Postponement module can carry out to the flowing water section operating unit of CPU (central processing unit) inside random delay control in the monocycle.
Described random number generation module provides random no-operation instruction (no-op) injection module, instruction random schedule module and the random required random number of flowing water section Postponement module; Described random number generation unit is true Random Number Generator.
Described instruction random schedule module comprises instruction buffer unit and random schedule unit;
At first utilize the very long instruction word technique of compiling that run time version is compiled into very long instruction word and be stored in the command memory, every very long instruction word comprises the instruction of many energy executed in parallel; Very long instruction word at first is loaded into instruction buffer unit in the process of implementation, and the random schedule unit is according to all instructions in the random sequence successively dispatch command buffer cell and be transmitted to the CPU (central processing unit) execution.After all instructions in the instruction buffer unit all are called, a new very long instruction word will be loaded from command memory automatically.
Described random no-operation instruction (no-op) injection module comprises random no-operation instruction (no-op) generation unit, random no-operation instruction (no-op) injection control module, configuration register and shadow register;
Described random no-operation instruction (no-op) generation unit can produce random no-operation instruction (no-op), and the random no-operation instruction (no-op) of generation is that the data of monocyclic not reprogramming status register are processed the class instruction;
The injection that control module is used for controlling random no-operation instruction (no-op) is injected in described random no-operation instruction (no-op), comprises the moment of selecting to inject random no-operation instruction (no-op), the quantity of the random no-operation instruction (no-op) of bolus injection;
Described configuration register is used for arranging the parameter that control module is injected in random no-operation instruction (no-op), thereby adjusts frequency and the quantity that injects random no-operation instruction (no-op); Include but not limited to following parameter in the configuration register: enable, the security protection rank; Described configuration register is addressable special register, can be arranged by software; Thereby described configuration register has the safety practice of reinforcement with the random no-operation instruction (no-op) function of injecting of the value bypass that prevents assailant's illegal modifications register;
Source-register and destination register that described shadow register provides random no-operation instruction (no-op) to use; Random no-operation instruction (no-op) uses several shadow registers as source-register, simultaneously execution result is write in the other shadow register.
Each flowing water section of described CPU (central processing unit) inside has random delay function in the monocycle; In each clock period that flowing water carries out was carried out in instruction, when the clock signal is come, each flowing water section can postpone respectively to restart behind one section random time, and finished all operations in this cycle before guaranteeing to come in the next clock period, to satisfy the sequential requirement; This random delay function is controlled realization by random flowing water section Postponement module; The delay scope of each flowing water section can be adjusted according to clock signal frequency.
Described random flowing water section Postponement module is realized the control of the flowing water section time-delay of CPU (central processing unit) inside, adopt but be not limited to following mode: 1) in each clock period that CPU (central processing unit) is carried out, after the efficient clock signal arrives, random flowing water section Postponement module is respectively the control signal after each flowing water section produces random delay independently, makes each flowing water section random start; 2) each flowing water intersegmental part adopts the register with the random delay Trigger Function; When the clock signal was effective, register in the flowing water section can trigger after random delay a period of time again, and stable the triggering to satisfy the sequential requirement before guaranteeing to come in the next clock period.
Described random no-operation instruction (no-op) injection module, instruction random schedule module and random flowing water section Postponement module all have the ability of opposing bypass attack, select the wherein combination of operational blocks which partition system to realize the ability of suitable opposing bypass attack in processor architecture according to the design needs.
The utilization of each module of the present invention makes bypass attack can't determine that thereby the execution time point of certain operations is difficult to carry out statistical study, has strengthened greatly the ability of system's opposing bypass attack.By the combination of these four kinds of technology, further strengthened the status number of time delay, so that time delay, window was difficult to determine, thereby the usefulness that total power consumption is analyzed sharply descends until complete failure.
When using the CPU (central processing unit) execution cryptographic algorithm of this structure, need to for the different protection algorithm of different cryptographic algorithm designs, not reduce design overhead.Simultaneously can choose arbitrarily in these four kinds of implementations one or more according to the design needs and make up, but the system performance expense is reduced within the tolerance range.
Each stochastic instruction Postponement module has all been realized the random delay that instruction is carried out in the processor architecture of the present invention, and the specific implementation technology is as follows:
1, instruction random schedule
Include instruction random schedule module in this processor architecture, but the out of order execution of instruction that can many executed in parallel of random schedule.The stochastic instruction scheduling has upset the execution sequence of instruction, also is the random delay technology in essence.This module comprises instruction buffer unit and random schedule unit.The CPU (central processing unit) of this structure needs the compiler support when realizing the random schedule function.Idiographic flow comprises:
1) very long instruction word compiling: carry out the stochastic instruction scheduling in order to support CPU (central processing unit), at first utilize the very long instruction word technique of compiling that cryptographic algorithm is compiled into very long instruction word, wherein each instruction word comprises the instruction that many (for example 8) can executed in parallel, and is stored in the command memory.
2) instruction buffer and random schedule: when CPU (central processing unit) is carried out, n bar instruction in very long instruction word will at first with call the instruction buffer unit from command memory, then be pressed Instruction Scheduling Algorithm according to random sequence successively scheduled for executing by the random schedule unit.After the instruction in the instruction buffer unit is all complete, automatically from command memory, read to load new very long instruction word.
2, random no-operation instruction (no-op) is injected
Comprise random no-operation instruction (no-op) injection module in this processor architecture, can in normal execution process instruction, inject at random and carry out random no-operation instruction (no-op).The execution of random no-operation instruction (no-op) has upset the execution sequential of normal instruction, makes it that random delay occur.Simultaneously, by adopting methods such as adding shadow register to guarantee that the execution of random no-operation instruction (no-op) does not affect normal instruction.Concrete technical scheme comprises:
1) random no-operation instruction (no-op) generation unit: produce random monocyclic data and process the class instruction.Guarantee that the random no-operation instruction (no-op) that produces does not affect program status register, also can not cause the redirect of program.
2) control module is injected in random no-operation instruction (no-op): be used for controlling the injection of random no-operation instruction (no-op), comprise the moment of selecting to inject random no-operation instruction (no-op), the quantity of the random no-operation instruction (no-op) of bolus injection etc.
3) the control module configuration register is injected in random no-operation instruction (no-op): in order to allow the designer can set as required the resistivity of CPU (central processing unit), will additionally add random no-operation instruction (no-op) inject the configuration register of control module, this configuration register comprise enable, class of safety protection is equivalent.By enabling to control the unlatching that control module is injected in random no-operation instruction (no-op), by the class of safety protection parameter frequency and the bolus injection transformation that random no-operation instruction (no-op) is injected is set.It is the same that this configuration register and other special uses are deposited, and can be arranged by upper layer software (applications).Simultaneously, thus this configuration register with the safety practice of strengthening to prevent the value bypass pseudoinstruction function of injecting of assailant's illegal modifications register.
4) shadow register: source-register and destination register that the shadow register unit provides random no-operation instruction (no-op) to use.Random no-operation instruction (no-op) uses several shadow registers as source-register, and execution result is write in the other shadow register simultaneously.
3, random flowing water section postpones
Usually carry out efficient in order to improve instruction, instruction general flowing water that adopts in CPU (central processing unit) is carried out.Instruction execution unit in the CPU (central processing unit) is divided into a plurality of flowing water sections, and each flowing water section realizes with corresponding hardware circuit, finishes set operation within the corresponding clock period.In execution process instruction, whenever clock signal is come, the timing unit in each flowing water section will be unified upset, drive the saltus step of combinational circuit generation state.These upsets and saltus step will cause the variation of power consumption.
The present invention has adopted time delay technology in a kind of streamline monocycle, can operate the control of delaying time to the executory flowing water section of instruction.Concrete principle is: carry out flowing water when carrying out in instruction, when the clock signal is come, the register in each flowing water section is immediately upset, but waits for again upset after the random time.That is to say, within each clock period, the start-up time of each flowing water section is different, and the time-delay be random, this will cause that instruction execution unit is in the random variation of the total power consumption curve in this cycle.Even carry out same instructions under same input, the each power consumption curve of instruction execution unit within certain clock period is not identical, and variation also is random.
It should be noted that for the time-delay that guarantees the flowing water section can not cause that system sequence is chaotic, must guarantee that each flowing water section operation within each clock period finishes before coming in the next clock period, therefore the reference time delay of flowing water section should rationally be set.
This technology is level and smooth and random variation so that the power consumption curve in each cycle of CPU (central processing unit) becomes, and can effectively reduce the signal to noise ratio (S/N ratio) of the bypass attacks such as power consumption attack, has further strengthened the attack difficulty, can not bring any loss on the performance simultaneously.
Description of drawings
Fig. 1 is the anti-bypass attack processor architecture of the present invention;
Fig. 2 is the inner structure schematic diagram of the processor architecture of the present invention with stochastic instruction delay feature;
Embodiment
So disclosed feature in this instructions, or the step in disclosed all methods or the process except mutually exclusive feature and/or step, all can make up by any way.
Below in conjunction with accompanying drawing, the present invention is described in further detail.
Figure 1 shows that processor architecture block diagram of the present invention, instruction memory of the present invention is used for all required very long instruction words of storage instruction random schedule module;
But the instruction that described instruction random schedule module can a plurality of executed in parallel of random schedule and out of order emission;
Described data-carrier store is used for the storage CPU (central processing unit) and carries out required data;
Described CPU (central processing unit) be used for to be carried out instruction, instruction execution unit namely, and instruction execution unit is divided into again n flowing water section, and n is not equal to zero natural number;
The generation no-operation instruction (no-op) that described random no-operation instruction (no-op) injection module is can be in normal execution process instruction random also is transmitted into CPU (central processing unit) and carries out;
Described random flowing water section Postponement module can carry out to the flowing water section operating unit of CPU (central processing unit) inside random delay control in the monocycle.
Described random number generation module provides random no-operation instruction (no-op) injection module, instruction random schedule module and the random required random number of flowing water section Postponement module; Described random number generation unit is true Random Number Generator.
Figure 2 shows that the inner structure schematic diagram of processor architecture of the present invention.Concrete principle and embodiment are as follows:
Very long instruction word compiling: carry out the stochastic instruction scheduling in order to support CPU (central processing unit), at first utilize the very long instruction word technique of compiling that cryptographic algorithm is compiled into very long instruction word, wherein each instruction word comprises the instruction that many (for example 8) can executed in parallel, and is stored in the command memory.
Instruction buffer: when CPU (central processing unit) is carried out, the instruction buffer unit will be at first called in many instructions in very long instruction word, press successively scheduled for executing of Instruction Scheduling Algorithm by the random schedule unit.After the instruction in the instruction buffer unit is all complete, automatically from command memory, read new very long instruction word.
The instruction random schedule: stored in the instruction buffer unit can out of order execution many instructions, the random schedule unit by Randomized scheduling algorithm in will random successively dispatch command buffer cell whole instructions and be transported in the MUX.Simultaneously, add a control signal, be used for opening and suspending the execution of random schedule unit.
Random no-operation instruction (no-op) produces: use random number generation module generation random number in the CPU (central processing unit), then use random number to consist of the part of operational code, source-register and the destination register of instruction, again according to the order format standard, other sections of instruction are filled out with fixing numerical value, produced a random no-operation instruction (no-op).Be fixed as corresponding numerical value by some section with the operational code of instruction, the random no-operation instruction (no-op) that can control generation is the data manipulation type instruction, can not affect program status register, also can not cause the redirect of program.
Random no-operation instruction (no-op) is injected and control: described random no-operation instruction (no-op) injection module comprises random no-operation instruction (no-op) generation unit, control module, configuration register and shadow register are injected in no-operation instruction (no-op) at random; Control module is injected in random no-operation instruction (no-op), is used for controlling the injection of random no-operation instruction (no-op), comprises the moment of selecting to inject random no-operation instruction (no-op), the quantity of the random no-operation instruction (no-op) of bolus injection etc.A kind of implementation is (as shown in Figure 2): the instruction that the instruction of random schedule unit emission and random no-operation instruction (no-op) generation unit produce is inputted as two-way, is input in the MUX.Random no-operation instruction (no-op) is injected control module according to corresponding algorithm, injects and can draw high by signal corresponding constantly making, and makes MUX be outputted to the instruction execution unit that random no-operation instruction (no-op) is transported to CPU (central processing unit).This signal is input to random no-operation instruction (no-op) scheduling unit and instruction execution unit equally, is used for making random no-operation instruction (no-op) scheduling to suspend, and the notification instruction performance element carries out the shadow register switching simultaneously.
Simultaneously, in order to allow the designer can set as required the opposing bypass attack ability of CPU (central processing unit), the configuration register that control module is injected in a random no-operation instruction (no-op) is set also, this configuration register can include but not limited to enable, safe class equivalent.Upper layer software (applications) can pass through configuration register value, and the material time section that has key to participate in cryptographic algorithm enables random no-operation instruction (no-op) and inserts function, can reduce greatly system overhead like this.By safe class is set, is used for adjusting instruction injection control module and calls frequency and the bolus injection instruction strip number upper limit of random no-operation instruction (no-op).
Register switches: CPU (central processing unit) namely instruction execution unit will additionally be added some shadow registers, source-register and destination register that shadow register provides random no-operation instruction (no-op) to use.Instruction is in the flowing water section is carried out, if it is random no-operation instruction (no-op) that control signal shows this instruction, read-write register all can replace to shadow register, and again switchback when carrying out normal instruction can guarantee that like this execution of random no-operation instruction (no-op) can not revise the value of general-purpose register.Simultaneously, in order further to improve anti-attack ability, can be in the value of each clock period randomly changing source shadow register.
The flowing water section postpones: CPU (central processing unit) namely instruction execution unit has adopted time delay technology in a kind of streamline monocycle, can operate the control of delaying time to the executory flowing water section of instruction.When the clock signal comes then, each flowing water section can start after a period of time by random delay, and this will cause that instruction execution unit is in the random variation of the total power consumption curve in this cycle.The time of the delay of each flowing water section should rationally arrange, and all operations before guaranteeing to come in the next clock period in this cycle can all be finished, and the delay scope of described each flowing water section can be adjusted according to clock signal frequency simultaneously.
Described random flowing water section Postponement module is realized the control of the flowing water section time-delay of CPU (central processing unit) inside, adopt but be not limited to following mode: 1) in each clock period that CPU (central processing unit) is carried out, after the efficient clock signal arrives, random flowing water section Postponement module is respectively the control signal after each flowing water section produces random delay independently, makes each flowing water section random start; 2) each flowing water intersegmental part adopts the register with the random delay Trigger Function; When the clock signal was effective, register in the flowing water section can trigger after random delay a period of time again, and stable the triggering to satisfy the sequential requirement before guaranteeing to come in the next clock period.
Required random number is provided by the random number generation unit in described random no-operation instruction (no-op) injection module, instruction random schedule module and the random flowing water section Postponement module; Described random number generation unit is true Random Number Generator.
Described random no-operation instruction (no-op) injection module, instruction random schedule module and random flowing water section Postponement module all have the ability of opposing bypass attack, select the wherein combination of operational blocks which partition system to realize the ability of suitable opposing bypass attack in processor architecture according to the design needs.
The invention is not restricted to aforesaid embodiment, other any do not deviate from change, the modification made under Spirit Essence of the present invention and the principle, substitutes, combination, simplify, and all should be considered as the substitute mode of equivalence, is included in of the present invention comprising in the scope.
Claims (6)
1. anti-bypass attack processor architecture that postpones based on stochastic instruction, utilize multiple stochastic instruction delay technology to resist bypass attack, it is characterized in that: comprise instruction random schedule module, random no-operation instruction (no-op) injection module, random flowing water section Postponement module, MUX, CPU (central processing unit), the random number generation module, command memory and data-carrier store, wherein, command memory and instruction random schedule module links to each other, CPU (central processing unit) respectively with MUX, random flowing water section Postponement module links to each other with data-carrier store, and MUX is and instruction random schedule module respectively, random no-operation instruction (no-op) injection module links to each other; The random number generation module links to each other with random no-operation instruction (no-op) injection module, instruction random schedule module and random flowing water section Postponement module respectively;
Described instruction memory is used for all required very long instruction words of storage instruction random schedule module;
But the instruction that described instruction random schedule module can a plurality of executed in parallel of random schedule and out of order emission;
Described data-carrier store is used for the storage CPU (central processing unit) and carries out required data;
Described CPU (central processing unit) be used for to be carried out instruction, instruction execution unit namely, and instruction execution unit is divided into again n flowing water section, and n is not equal to zero natural number;
The generation no-operation instruction (no-op) that described random no-operation instruction (no-op) injection module is can be in normal execution process instruction random also is transmitted into CPU (central processing unit) and carries out;
Described random flowing water section Postponement module can carry out to the flowing water section operating unit of CPU (central processing unit) inside random delay control in the monocycle;
Described random number generation module provides random no-operation instruction (no-op) injection module, instruction random schedule module and the random required random number of flowing water section Postponement module; Described random number generation unit is true Random Number Generator.
2. anti-bypass attack processor architecture according to claim 1 is characterized in that, described instruction random schedule module comprises instruction buffer unit and random schedule unit;
At first utilize the very long instruction word technique of compiling that run time version is compiled into very long instruction word and be stored in the command memory, every very long instruction word comprises the instruction of many energy executed in parallel; Very long instruction word at first is loaded into instruction buffer unit in the process of implementation, and the random schedule unit is according to all instructions in the random sequence successively dispatch command buffer cell and be transmitted to the CPU (central processing unit) execution; After all instructions in the instruction buffer unit all are called, a new very long instruction word will be loaded from command memory automatically.
3. anti-bypass attack processor architecture according to claim 1 is characterized in that, described random no-operation instruction (no-op) injection module comprises random no-operation instruction (no-op) generation unit, random no-operation instruction (no-op) injection control module, configuration register and shadow register;
Described random no-operation instruction (no-op) generation unit can produce random no-operation instruction (no-op), and the random no-operation instruction (no-op) of generation is that the data of monocyclic not reprogramming status register are processed the class instruction;
The injection that control module is used for controlling random no-operation instruction (no-op) is injected in described random no-operation instruction (no-op), comprises the moment of selecting to inject random no-operation instruction (no-op), the quantity of the random no-operation instruction (no-op) of bolus injection;
Described configuration register is used for arranging the parameter that control module is injected in random no-operation instruction (no-op), adjusts the frequency and the quantity that inject random no-operation instruction (no-op); Described configuration register is addressable special register, can be arranged by software; The safety practice that described configuration register has a reinforcement with the value that prevents assailant's illegal modifications register from the random no-operation instruction (no-op) function of injecting of bypass;
Source-register and destination register that described shadow register provides random no-operation instruction (no-op) to use; Random no-operation instruction (no-op) uses several shadow registers as source-register, simultaneously execution result is write in the other shadow register.
4. anti-bypass attack processor architecture according to claim 1 is characterized in that, each flowing water section of described CPU (central processing unit) inside has random delay function in the single clock cycle; In each clock period that flowing water carries out was carried out in instruction, when the clock signal is come, each flowing water section can postpone respectively to restart behind one section random time, and finished all operations in this cycle before guaranteeing to come in the next clock period, to satisfy the sequential requirement; This random delay function is controlled realization by random flowing water section Postponement module; The delay scope of each flowing water section is adjusted according to clock signal frequency.
5. anti-bypass attack processor architecture according to claim 4 is characterized in that, described random flowing water section Postponement module realizes the control of the flowing water section of CPU (central processing unit) inside time-delay, adopts but is not limited to following mode:
1) in each clock period that CPU (central processing unit) is carried out, after the efficient clock signal arrived, random flowing water section Postponement module was respectively the control signal after each flowing water section produces random delay independently, makes each flowing water section random start; 2) each flowing water intersegmental part adopts the register with the random delay Trigger Function; When the clock signal was effective, register in the flowing water section can trigger after random delay a period of time again, and stable the triggering to satisfy the sequential requirement before guaranteeing to come in the next clock period.
6. anti-bypass attack processor architecture according to claim 1, it is characterized in that, described random no-operation instruction (no-op) injection module, instruction random schedule module and random flowing water section Postponement module all have the ability of opposing bypass attack, select operational blocks which partition system wherein or combination to realize the ability of suitable opposing bypass attack in processor architecture according to the design needs.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310202878.9A CN103324467B (en) | 2013-05-28 | 2013-05-28 | A kind of anti-bypass attack processor architecture postponed based on stochastic instruction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310202878.9A CN103324467B (en) | 2013-05-28 | 2013-05-28 | A kind of anti-bypass attack processor architecture postponed based on stochastic instruction |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103324467A true CN103324467A (en) | 2013-09-25 |
| CN103324467B CN103324467B (en) | 2015-09-16 |
Family
ID=49193237
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310202878.9A Active CN103324467B (en) | 2013-05-28 | 2013-05-28 | A kind of anti-bypass attack processor architecture postponed based on stochastic instruction |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103324467B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104484615A (en) * | 2014-12-31 | 2015-04-01 | 清华大学无锡应用技术研究院 | Space-randomization-based fault attacking resisting method applicable to reconfigurable array framework |
| CN104866007A (en) * | 2014-02-26 | 2015-08-26 | 精工爱普生株式会社 | Microcomputer and electronic equipment |
| CN106209457A (en) * | 2016-07-14 | 2016-12-07 | 北京工业大学 | Tackle method for secret protection and the system of bypass attack in smart home environment |
| CN106462701A (en) * | 2014-06-12 | 2017-02-22 | 密码研究公司 | Performing cryptographic data processing operations in a manner resistant to external monitoring attacks |
| CN107181585A (en) * | 2016-03-13 | 2017-09-19 | 华邦电子股份有限公司 | Postponed by changing clock pulse to prevent the system and method for by-pass attack |
| CN111046381A (en) * | 2019-12-27 | 2020-04-21 | 南方电网科学研究院有限责任公司 | Embedded CPU anti-differential power consumption analysis device and method |
| CN111600873A (en) * | 2020-05-13 | 2020-08-28 | 江苏芯盛智能科技有限公司 | Method for preventing side channel attack and related device |
| CN112069514A (en) * | 2020-08-13 | 2020-12-11 | 南京低功耗芯片技术研究院有限公司 | Anti-power-consumption attack method based on register random grouping |
| CN113541922A (en) * | 2021-07-20 | 2021-10-22 | 山东大学 | Side channel attack resisting method and system for switching network and jump algorithm instruction |
| EP4086801A1 (en) | 2021-05-07 | 2022-11-09 | Commissariat à l'énergie atomique et aux énergies alternatives | Method for executing a function, secured by time desynchronisation |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7664258B2 (en) * | 2005-12-28 | 2010-02-16 | Microsoft Corporation | Randomized sparse formats for efficient and secure computation on elliptic curves |
| CN101866401A (en) * | 2010-05-17 | 2010-10-20 | 武汉大学 | Method for resisting side channel attacks by evolutive S boxes |
| US20120331309A1 (en) * | 2011-06-27 | 2012-12-27 | Scott Jeffrey W | Using built-in self test for preventing side channel security attacks on multi-processor systems |
-
2013
- 2013-05-28 CN CN201310202878.9A patent/CN103324467B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7664258B2 (en) * | 2005-12-28 | 2010-02-16 | Microsoft Corporation | Randomized sparse formats for efficient and secure computation on elliptic curves |
| CN101866401A (en) * | 2010-05-17 | 2010-10-20 | 武汉大学 | Method for resisting side channel attacks by evolutive S boxes |
| US20120331309A1 (en) * | 2011-06-27 | 2012-12-27 | Scott Jeffrey W | Using built-in self test for preventing side channel security attacks on multi-processor systems |
Non-Patent Citations (1)
| Title |
|---|
| 张涛等: "插入随机时延的高阶旁路攻击防御方法", 《计算机工程》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104866007A (en) * | 2014-02-26 | 2015-08-26 | 精工爱普生株式会社 | Microcomputer and electronic equipment |
| CN106462701A (en) * | 2014-06-12 | 2017-02-22 | 密码研究公司 | Performing cryptographic data processing operations in a manner resistant to external monitoring attacks |
| US11757617B2 (en) | 2014-06-12 | 2023-09-12 | Cryptography Research, Inc. | Performing cryptographic data processing operations in a manner resistant to external monitoring attacks |
| US10897344B2 (en) | 2014-06-12 | 2021-01-19 | Cryptography Research, Inc. | Performing cryptographic data processing operations in a manner resistant to external monitoring attacks |
| CN104484615B (en) * | 2014-12-31 | 2017-08-08 | 清华大学无锡应用技术研究院 | Suitable for reconfigurable arrays framework based on space randomization fault-resistant attack method |
| CN104484615A (en) * | 2014-12-31 | 2015-04-01 | 清华大学无锡应用技术研究院 | Space-randomization-based fault attacking resisting method applicable to reconfigurable array framework |
| CN107181585B (en) * | 2016-03-13 | 2021-04-20 | 华邦电子股份有限公司 | System and method for preventing bypass channel attack by changing clock delay |
| CN107181585A (en) * | 2016-03-13 | 2017-09-19 | 华邦电子股份有限公司 | Postponed by changing clock pulse to prevent the system and method for by-pass attack |
| CN106209457A (en) * | 2016-07-14 | 2016-12-07 | 北京工业大学 | Tackle method for secret protection and the system of bypass attack in smart home environment |
| CN106209457B (en) * | 2016-07-14 | 2019-03-12 | 北京工业大学 | Cope with the method for secret protection and system of bypass attack in smart home environment |
| CN111046381A (en) * | 2019-12-27 | 2020-04-21 | 南方电网科学研究院有限责任公司 | Embedded CPU anti-differential power consumption analysis device and method |
| CN111600873A (en) * | 2020-05-13 | 2020-08-28 | 江苏芯盛智能科技有限公司 | Method for preventing side channel attack and related device |
| CN111600873B (en) * | 2020-05-13 | 2023-03-10 | 江苏芯盛智能科技有限公司 | Method for preventing side channel attack and related device |
| CN112069514A (en) * | 2020-08-13 | 2020-12-11 | 南京低功耗芯片技术研究院有限公司 | Anti-power-consumption attack method based on register random grouping |
| EP4086801A1 (en) | 2021-05-07 | 2022-11-09 | Commissariat à l'énergie atomique et aux énergies alternatives | Method for executing a function, secured by time desynchronisation |
| FR3122747A1 (en) | 2021-05-07 | 2022-11-11 | Commissariat à l'Energie Atomique et aux Energies Alternatives | METHOD FOR EXECUTING A FUNCTION, SECURED BY TIME DESYNCHRONIZATION |
| CN113541922A (en) * | 2021-07-20 | 2021-10-22 | 山东大学 | Side channel attack resisting method and system for switching network and jump algorithm instruction |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103324467B (en) | 2015-09-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103324467B (en) | A kind of anti-bypass attack processor architecture postponed based on stochastic instruction | |
| Maistri et al. | Double-data-rate computation as a countermeasure against fault analysis | |
| US7907722B2 (en) | Protection against power analysis attacks | |
| TWI621963B (en) | System and method for protection from side-channel attacks by varying clock delays | |
| JP2006522375A (en) | Processing action masking in data processing system | |
| Agosta et al. | Record setting software implementation of DES using CUDA | |
| US11017125B2 (en) | Uniquified FPGA virtualization approach to hardware security | |
| Shahzad et al. | CoARX: a coprocessor for ARX-based cryptographic algorithms | |
| CN106200876A (en) | Applied program processing method and system | |
| CN110543766B (en) | Method for resisting control flow attack of data processor | |
| Maistri | Countermeasures against fault attacks: The good, the bad, and the ugly | |
| CN105302523A (en) | Replicating logic blocks to enable increased throughput | |
| Igarashi et al. | Concurrent faulty clock detection for crypto circuits against clock glitch based DFA | |
| Patel et al. | Shield: A software hardware design methodology for security and reliability of mpsocs | |
| Gross et al. | Fpganeedle: Precise remote fault attacks from fpga to cpu | |
| Heydemann et al. | Formal verification of a software countermeasure against instruction skip attacks. | |
| EP1728152B1 (en) | Pipeline circuit | |
| WO2021245101A1 (en) | A computing platform for preventing side channel attacks | |
| Huss et al. | A novel mutating runtime architecture for embedding multiple countermeasures against side-channel attacks | |
| Cassano et al. | On the optimization of software obfuscation against hardware trojans in microprocessors | |
| Singha et al. | Securing AES designs against power analysis attacks: a survey | |
| CN104657680A (en) | In-chip template attack resisting data transmission method | |
| Zaitsev | A small universal Petri net | |
| He et al. | ERIST: An efficient randomized instruction insertion technique to counter side-channel attacks | |
| Fujieda et al. | Enhanced instruction register files for embedded software obfuscation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |