CN105391542B - Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit - Google Patents
Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit Download PDFInfo
- Publication number
- CN105391542B CN105391542B CN201510695426.8A CN201510695426A CN105391542B CN 105391542 B CN105391542 B CN 105391542B CN 201510695426 A CN201510695426 A CN 201510695426A CN 105391542 B CN105391542 B CN 105391542B
- Authority
- CN
- China
- Prior art keywords
- detector
- integrated circuit
- combinational logic
- fault injection
- injection attacks
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/08—Error detection or correction by redundancy in data representation, e.g. by using checking codes
- G06F11/10—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
- G06F11/1008—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
- G06F11/1012—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices using codes or arrangements adapted for a specific type of error
- G06F11/1032—Simple parity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/004—Countermeasures against attacks on cryptographic mechanisms for fault attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
- H04L2209/046—Masking or blinding of operations, operands or results of the operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/34—Encoding or coding, e.g. Huffman coding or error correction
Abstract
The present invention relates to information security, cryptography and encrypted circuits, provide the detection for electromagnetism fault injection attacks for the information securities integrated circuit related with same such as encrypted circuit, guarantee to be responded in time when attacking and occurring.Thus, the technical solution adopted by the present invention is that, electromagnetism fault injection attacks detector is detected for integrated circuit, structure are as follows: A1, A2, A3, A4, A5 are 5 phase inverters, cascade forms ring oscillator, the oscillator signal exported after the inverted device B buffering of ring oscillator is directly inputted to all the way in combinational logic delay comparative structure Detector1, and another way is reversed by phase inverter C's, is input in another combinational logic delay comparative structure Detector2;The input signal of two Detector passes through the Combinational logic output of the Detector to the trigger input end of clock of the Detector.Present invention is mainly applied to Research on Integrated Circuit Security designs.
Description
Technical field
The present invention relates to information security, cryptography and encrypted circuits, specifically, are related to for integrated circuit detection electromagnetism event
Hinder injection attacks detector.
Technical background
With the development of information-intensive society, information security is increasingly valued by people.Cryptography and encrypted circuit are existing
For the important leverage of information security, it can prevent unwarranted access from obtaining with invalid information, and in current scientific and technological water
Under flat, it can not theoretically be cracked by mathematical analysis and violent means.However the realization of Encryption Algorithm be unable to do without actual chip
Circuit, such as using the side-channel attack of the sides channel informations such as power consumption, the electromagnetism of ciphering process generation, or utilize ciphering process
The middle fault attacks that mistake occurs can be analyzed by subsequent mathematical and obtain the sensitive informations [1] such as key.
Fault injection attacks are a kind of side-channel attack modes of active, and circuit is caused to generate there are many means of mistake,
Such as electromagnetic pulse, laser irradiation, clock bur, voltage glitch etc., have become at present and attack is implemented most to safety chip
Effective means [2].On the basis of this attack pattern Encryption Algorithm used in known encryption circuit, in being currently running
Encrypted circuit specifically interfered, make it that operation mistake occur at the time of specific, then attacker is by collected
The encrypted result of mistake records and analyzes the performance after circuit computing mistake, finally can by means such as differential fault analysis
With information such as the keys that obtains encrypted circuit.
Electromagnetism fault injection attacks as the high-precision attack means of a kind of locality [3], due to its operation is relatively easy,
The advantages that success attack rate is high, circuit coverage is small, has obtained the extensive concern of people.This attack pattern is by by electric field
Probe or magnet field probe are placed in encrypted circuit nearby [4], run to a certain moment in circuit and are triggered, and pass through probe and generate
One pulse signal, so that electromagnetic interference, power supply line or pass of the electromagnetic field couples of variation to chip cause in portion in the chip
Key signals line, so that circuit operation error.
The safety of encrypted circuit essentially consists in the safety of key in protection circuit, and in recent years, electromagnetism fault injection attacks
The it is proposed of technology causes great threat to information security, it is therefore desirable to carry out the defensive measure for being directed to electromagnetism direct fault location.
In this respect, a part of researcher is studied in terms of algorithm improvement, some in terms of changing circuit structure into
It has gone research [5].By the retrieval of pertinent literature and patent, at present very about the research of detection electromagnetism fault injection attacks structure
Few, there has been no a kind of effective detection methods.The structure cooperation annular vibration based on combinational logic delay that this patent proposes
Swinging device can find to attack in time as embedded detection structure, and generate pre-warning signal.
Bibliography
1, Liu Huizhi, Zhao Dongyan, Zhang Haifeng wait near-infrared laser fault injection system answering in crypto chip attack
With [J] science and technology and engineering, 2014,14 (22): 225-230.DOI:10.3969/j.issn.1671-
1815.2014.22.043.
2、Zhou Y B,Feng D G,Zhou Y B,et al.Side-Channel Attacks:Ten Years
After Its Publication and the Impacts on Cryptographic Module Security
Testing.[J].Cryptology Eprint Archive,2005,2005.
3、Dehbaoui,A,Dutertre,J.-M,Robisson,B,et al.Electromagnetic Transient
Faults Injection on a Hardware and a Software Implementations of AES[C]//
2013Workshop on Fault Diagnosis and Tolerance in Cryptography.IEEE,2012:7-15.
4、Omarouayache R,Raoult J,Jarrix S,et al.Magnetic microprobe design
for EM fault attack[C]//Electromagnetic Compatibility(EMC EUROPE),
2013International Symposium on.IEEE,2013:949-954.
5、Moro N,Heydemann K,Dehbaoui A,et al.Experimental evaluation of two
software countermeasures against fault attacks[C]//Hardware-Oriented Security
and Trust(HOST),2014IEEE International Symposium on.IEEE,2014:112-117。
Summary of the invention
In order to overcome the deficiencies of the prior art, it provides for the information securities integrated circuit related with same such as encrypted circuit for electromagnetism failure
The detection of injection attacks guarantees to be responded in time when attacking and occurring.For this reason, the technical scheme adopted by the present invention is that
Electromagnetism fault injection attacks detector, structure are detected for integrated circuit are as follows: A1, A2, A3, A4, A5 are 5 phase inverters, cascade
Ring oscillator is formed, the oscillator signal exported after the inverted device B buffering of ring oscillator is directly inputted to combinational logic all the way
It is delayed in comparative structure Detector1, another way is reversed by phase inverter C's, is input to the delay of another combinational logic and compares
In structure Detector2;Realize that the combinational logic D1 and trigger E1 of delay function constitute Detector1, combinational logic D2
Detector2 is constituted with trigger E2;The input signal of two Detector is connected to the trigger input of the Detector
End;The input signal of two Detector passes through the Combinational logic output of the Detector to the trigger clock of the Detector
Input terminal;The output of two Detector obtains final alarm signal A larm by one or F.
By the channel width W for increasing transistor in phase inverter in ring oscillatoreff, reduce the number of transistors of phase inverter
Mesh N improves sensitivity.
Electromagnetism fault injection attacks detection method is detected for integrated circuit, is realized by foregoing detection device, and including under
Column step,
Combinational logic the time delay module D1 and D2 of detector are debugged first, so that its delay is equal to ring oscillator defeated
The 3/4 of signal period out;Then according to the demand of circuit area and safety, a certain number of detectors is embedded in and need to protect
Among the integrated circuit of shield.
For needing integrated circuit inner core sensitive blocks to be protected, the layout of detector is relatively closeer, for circuit
The layout of rest part, detector is relatively lax.
The features of the present invention and beneficial effect are:
Using the structure of injection attacks of the invention, the generation of electromagnetism fault injection attacks can be effectively detected, it should
Structure is easy to use, and area is small, can need to select the detecting structure of different number to be laid out in different positions according to circuit
It sets, realizes the protection different degrees of to chip.
Detailed description of the invention:
The structure of Fig. 1 detection electromagnetism fault injection attacks.
Fig. 2 combinational logic delay comparative structure schematic illustration one.
Fig. 3 combinational logic delay comparative structure schematic illustration two.
Fig. 4 combinational logic delay comparative structure schematic illustration three.
Fig. 5 combinational logic delay comparative structure schematic illustration four.
Fig. 6 entirety detecting structure schematic diagram.
Specific embodiment
The present invention provides the detection for electromagnetism fault injection attacks for the information securities integrated circuit related with same such as encrypted circuit,
It can be merged well, be guaranteed with original circuit according to the quantity for needing to change detection structure of circuit area and position
Attack can be responded in time when occurring.
The present invention uses a kind of structure based on combinational logic delay to cooperate ring oscillator as embedded detection structure, if
The structure that electromagnetism fault injection attacks can be detected for safety chips such as encrypted circuits is counted.
1. the structure of detection electromagnetism fault injection attacks proposed by the present invention is with combinational logic delay comparative structure and annular
Oscillator is core, is embedded in ifq circuit and constitutes final structure.
As shown in Figure 1, being the structure for detecting electromagnetism fault injection attacks detector (hereinafter referred to as EMP attack N detector)
Figure, A1, A2, A3, A4, A5 are 5 phase inverters, and cascade forms ring oscillator.Phase inverter B plays the role of buffering, output
Oscillator signal is directly inputted to all the way in combinational logic delay comparative structure Detector1, and another way is anti-by phase inverter C's
To, be input to another combinational logic delay comparative structure Detector2 in.Realize combinational logic D1 and the triggering of delay function
Device E1 constitutes Detector1, combinational logic D2 and trigger E2 and constitutes Detector2.The output warp of two Detector
It crosses one or F and obtains final alarm signal A larm.
2. influence principle of the electromagnetism direct fault location to circuit
Electromagnetism direct fault location generally utilizes the pulse current in coil by rising edge for nanosecond, in swashing for pulse current
It encourages down, inductive impulse magnetic field is generated in coil, which propagates outward in such a way that medium is magnetized, thus to the electricity near coil
Road chip impacts.When passing to steady current in coil, according to biot savart's law, coil, which is taken up an official post, takes a point Q, electric current
Density is(unit A/m2), then the magnetic field of space any point P:
WhereinIt is space permeability for magnetic induction intensity (unit T), μ 0, value is 4 π × 10-7H/m, dUQExist for coil
Differential at Q point,For the distance vector of Q to P.Although carry out direct fault location, what is be passed through is pulse current, continuous current excitation
Magnetic field conditions can represent pulse excitation stablize when the case where, stablize when hub of a spool magnetic field are as follows:
WhereinAnd μ0It is same as above, a be coil radius (electric current (unit A) when unit m), I are pulse stabilization,
Z is length (the unit m) apart from hub of a spool.
By above formula as it can be seen that after flowing through electric current in coil, the magnetic induction in coil is directly proportional to electric current, thus, electric current
Equation and waveform and magnetic field equation and waveform an only poor scale factor.Scale factor is only related with the structure of coil, when
After coil is fixed, this factor is a constant.Therefore, magnetic field is an aperiodic impulse waveform.
Any conductor in electromagnetic field can induce voltage.When circuit chip is placed in such electromagnetic environment
When, the energy of electromagnetic field for being coupled to circuit will cause a big voltage or current impulse, and power supply line's composition in chip
Ring be the main part by electromagnetic effect.Magnet field probe near field direct fault location is substantially a coaxial line, it
Be it is perceptual, have a low series resistance.Inductive coupling between magnet field probe and circuit can be indicated with mutual inductance:
M12 is mutual inductance (unit H), φ in above formula2For across the magnetic flux (unit Wb) of conductor 2, I1 is conductor 1
Electric current (unit A), I2 are the electric current (unit A) of conductor 2, and μ is magnetic conductivity (unit H/m),For the magnetic field perpendicular to conductor 2
Strength component (unit H),For the face element differential of conductor 2.
It is assumed that being coupled to power supply line, the jump for exporting and having between a height will cause, and then lead to entire functional module
Correct information can not be exported.Here, the concept of " coupling " refers to circuit, equipment, system and other circuits, equipment, system
Between electric flux connection, coupling play an electromagnetic energy from a circuit, equipment, system " transmission " to another circuit, set
Standby, system effect.Electric power network in circuit is the part for being most susceptible to electromagnetic interference, they are also used as antenna to receive line
The magnetic flux generated is enclosed, which can generate induced electromotive force on electric power network.Such a electromagnetic coil can be in circuit
Middle generation voltage drop (IR drop).
In addition, when electromagnetic pulse couples voltage or electric current that channels are generated in chip input terminal and is up to certain journey by different
When spending, the change of output end logical value can lead to, i.e., become 0 or on the contrary, to generate error code from 1.
3. ring oscillator detects EMP attack N principle
For the single-ended CMOS ring oscillator being made of N number of phase inverter, it is assumed that the channel length of NMOS and PMOS is identical,
The absolute value of threshold voltage is identical, then frequency of oscillation are as follows:
Wherein Cox is gate oxide capacitance (the unit F/m of unit area2), VDD is supply voltage (unit V), and VT is brilliant
The threshold voltage (unit V) of body pipe, L are channel length (the unit m), q of transistormaxIt is transistors transition period node
Received total charge dosage (unit C), N are the phase inverter numbers (unit is dimensionless) for forming ring oscillator, η be one about etc.
In 1 constant (unit is dimensionless), WeffBe equivalent channel width (unit m), expression formula are as follows:
Weff=Wn+Wp
Wherein Wn is that (unit m), Wp are channel width (the unit m) of PMOS tube for the channel width of NMOS tube.μeffIt is equivalent
Carrier mobility (unit m2/ Vs), expression formula are as follows:
Wherein μnIt is electron mobility (unit m2/ Vs), μpIt is hole mobility (unit m2/V·s)。
Electromagnetism direct fault location mainly influences the electric power network of integrated circuit, will lead to supply voltage raising, and then generate
A series of influence, for example the delay of CMOS gate circuit is caused to reduce.According to this principle, within the short time of pulsing effect,
The frequency of ring oscillator can change due to electromagnetism direct fault location.
In addition the strongest place of electromagnetic radiation also tends to be that (such as metal wire is mutual in the place most sensitive to electromagnetic interference
The position of X-shape cyclization is equivalent to the probe for receiving electromagnetic signal).And ring oscillator can radiate stronger and oscillator signal
With the electromagnetic signal of frequency, therefore design detects the influence of electromagnetism fault injection attacks using ring oscillator.
4. the working principle of combinational logic delay comparative structure
Above-mentioned ring oscillator, or since EMP Coupling to power supply line causes the variation of voltage, in turn result in defeated
Waveform changes out;Or since electromagnetic pulse is directly coupled to output end, in the output signal, have with interference signal with frequency
Signal averaging get on.It is this to change the form for being presented as burr, and this burr can be by being patrolled in the present invention based on combination
The delay comparative structure collected detects.
It is assumed that the output frequency of ring oscillator is f0, therefore its period is 1/ when circuit normal work is not affected by attack
f0.The delay for adjusting combinational logic D1 and D2 in Fig. 1 is the 3/4 of the period, that is, 3/4f0.Therefore it is attacked when circuit chip is not affected by
When hitting, for Detector1, the clock of d type flip flop is 3/4 delay to input signal, so the rising edge of clock signal is adopted
Sample to data be low level, the output of d type flip flop is low level.For Detector2, in the same way, output is also low
Level.Therefore after process or door F, alarm signal A larm is also low level.Circuit detects this signal, does not take movement.
It is then assumed that electromagnetism direct fault location has occurred, due to aforementioned two kinds, it will cause output signal and generate burr.By
The relative positional relationship of original oscillating signal will be different in the burr of the difference of attack time, generation.Fig. 2 is illustrated
Burr is located at the case where original oscillating signal low level first half, and D1 is the input data of the d type flip flop of Detector1 in figure
Signal, C1 are the input clock signals of the d type flip flop of Detector1, and D2 is the input data letter of the d type flip flop of Detector2
Number, C2 is the input clock signal of the d type flip flop of Detector2.If not specified otherwise below, is all made of this representation method.
From Figure 2 it can be seen that being located at original oscillating signal low level first half such case for burr, by dotted line institute in figure
Show, the rising edge of C1 can adopt the high level of D1 signal, therefore Detector1 can detecte, and the rising edge of C2 is adopted
D1 signal be low level, therefore Detector2 can't detect.
As seen from Figure 3, original oscillating signal low level latter half such case is located at for burr, by dotted line institute in figure
Show, the D1 signal that the rising edge of C1 is adopted is low level, therefore Detector1 can't detect, and the rising edge of C2 can be adopted
To the high level of D1 signal, therefore Detector2 can detecte.
From fig. 4, it can be seen that being located at original oscillating signal high level first half such case for burr, by dotted line institute in figure
Show, the D1 signal that the rising edge of C1 is adopted is low level, therefore Detector1 can't detect, and the rising edge of C2 can be adopted
To the high level of D1 signal, therefore Detector2 can detecte.
As seen from Figure 5, original oscillating signal high level latter half such case is located at for burr, by dotted line institute in figure
Show, the rising edge of C1 can adopt the high level of D1 signal, therefore Detector1 can detecte, and the rising edge of C2 is adopted
D1 signal be low level, therefore Detector2 can't detect.
In conclusion for burr be located at original oscillating signal low level first half and high level latter half both
Situation, Detector1 can detecte, and Detector2 can't detect;After being located at original oscillating signal low level for burr
Half part and high level first half both of these case, Detector2 can detecte, and Detector1 can't detect.Therefore
In EMP attack N detector simultaneously use Detector1 and Detector2, and by their output signal carry out or operation,
Final alarm signal is obtained, the burr at original oscillating signal difference relative position will all can be detected in this way,
It ensure that verification and measurement ratio.
5. the sensitivity of detection structure in actual use
By above-mentioned principle analysis it is found that needing to improve the sensitivity of the detection structure in actual use by electricity
When magnetic fault injection attacks cause supply voltage to change, the output frequency variation of ring oscillator is the bigger the better, to make
The oscillator signal of output generates a burr, to facilitate the comparative structure of combinational logic delay below to detect.According to ring oscillation
The frequency formula of device output signal is it is found that the variation of frequency opposed power voltage is:
Therefore in actual use, the channel width W of increase transistor can be passed througheff, reduce the transistor size of phase inverter
N improves sensitivity.
If electromagnetic interference signal is weaker, so that the variation of supply voltage is smaller, when detector being insufficient to allow to detect, due to
Attack at this time can not similarly cause circuit computing to malfunction, therefore may not necessarily consider such case.
6. constructing circuit entirety detecting structure using core detection structure
As shown in fig. 6, being embedded among ifq circuit using core detection structure (EMP attack N detector), realize most
The schematic diagram of final inspection geodesic structure.
Outermost box represents entire circuit chip in figure, and the open squares in the lower right corner represent the sensitivity of the core in circuit
Unit (such as S box of AES encryption module), remaining solid black box represents above-mentioned EMP attack N detector.It is using
Before, it is necessary first to combinational logic the time delay module D1 and D2 of the detector be debugged, its delay is made to be equal to ring oscillation
The 3/4 of device output signal period.Then according to the demand of circuit area and safety, a certain number of detectors are embedded in
Among ifq circuit.Such as the area of circuit chip is enough, and it is higher to security requirement when, can be with multi-embedding certain amount
Detector.
It is best in order to achieve the effect that, it not only needs to keep lesser area, but also have enough safeties, it can be selectively
Carry out detector layout.For core sensitive blocks, the layout of detector is relatively closeer, for circuit rest part, detection
The layout of device can be relatively lax.
Example of the present invention is as shown in fig. 6, (attacker is most using the preceding core sensing unit for first determining circuit
The position that may be attacked), then according to this three circuit total area, the vacant area of circuit and required chip secure degree ginsengs
The quantity of EMP attack N detector, is uniformly distributed among ifq circuit needed for number determines, then sensitive for core single
Member, suitably increase a certain number of EMP attack N detectors it is embedded with wherein.Protection scope of the present invention is not with above-mentioned implementation
Mode is limited, and those of ordinary skill in the art's equivalent modification or variation made by disclosure according to the present invention should be all included in
Protection scope.
Claims (3)
1. one kind for integrated circuit detect electromagnetism fault injection attacks detector, characterized in that structure are as follows: A1, A2, A3, A4,
A5 is 5 phase inverters, and cascade forms ring oscillator, and the oscillator signal exported after the inverted device B buffering of ring oscillator is all the way
It is directly inputted in combinational logic delay comparative structure Detector1, another way is reversed by phase inverter C's, is input to another
In a combinational logic delay comparative structure Detector2;Realize that the combinational logic D1 and trigger E1 of delay function are constituted
Detector1, combinational logic D2 and trigger E2 constitute Detector2;The input signal of Detector1 is connected to its triggering
Device input terminal, the input signal of Detector1 are output to the trigger input end of clock of Detector1 by a combination thereof logic;
The input signal of Detector2 is connected to its trigger input, and the input signal of Detector2 is exported by a combination thereof logic
To the trigger input end of clock of Detector2;The output of two Detector obtains final alarm signal by one or F
Number Alarm.
2. detecting electromagnetism fault injection attacks detector for integrated circuit as described in claim 1, characterized in that pass through increasing
In big ring oscillator in phase inverter transistor channel width Weff, the transistor size N for reducing phase inverter is sensitive to improve
Degree.
3. one kind detects electromagnetism fault injection attacks detection method for integrated circuit, characterized in that detected for integrated circuit
Electromagnetism fault injection attacks detection method, is realized, and include the following steps by detector described in claim 1, first to spy
The combinational logic D1 and D2 for surveying device are debugged, its delay is made to be equal to the 3/4 of the ring oscillator output signal period;Then basis
The demand of circuit area and safety, detector, which is embedded in, to be needed among integrated circuit to be protected.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510695426.8A CN105391542B (en) | 2015-10-22 | 2015-10-22 | Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510695426.8A CN105391542B (en) | 2015-10-22 | 2015-10-22 | Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105391542A CN105391542A (en) | 2016-03-09 |
CN105391542B true CN105391542B (en) | 2019-01-18 |
Family
ID=55423397
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510695426.8A Active CN105391542B (en) | 2015-10-22 | 2015-10-22 | Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105391542B (en) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9697310B2 (en) * | 2015-11-02 | 2017-07-04 | Winbond Electronics Corporation | Level faults interception in integrated circuits |
CN105933108B (en) * | 2016-05-30 | 2019-04-12 | 清华大学 | A kind of pair of SM4 algorithm realizes the method cracked |
CN106203183B (en) * | 2016-07-25 | 2019-03-26 | 天津大学 | A kind of IP kernel guard method based on electromagnetic spectrum watermark |
CN106301292A (en) * | 2016-08-16 | 2017-01-04 | 天津大学 | The device of hardware Trojan horse is remotely activated based on electromagnetic signal |
CN106568994A (en) * | 2016-11-11 | 2017-04-19 | 上海华虹集成电路有限责任公司 | Contact type smart card chip burr attack circuit |
CN108073818B (en) * | 2016-11-14 | 2021-07-09 | 华为技术有限公司 | Data protection circuit of chip, chip and electronic equipment |
CN106656460A (en) * | 2016-11-22 | 2017-05-10 | 浙江大学 | Defense device for electromagnetic pulse fault analysis of password chip |
FR3070092A1 (en) * | 2017-08-11 | 2019-02-15 | Stmicroelectronics (Rousset) Sas | PROTECTION OF AN INTEGRATED CIRCUIT |
CN107944309A (en) * | 2017-10-31 | 2018-04-20 | 北京中电华大电子设计有限责任公司 | A kind of shield detection circuit of resistance against physical attack |
US10990682B2 (en) * | 2017-12-18 | 2021-04-27 | Nuvoton Technology Corporation | System and method for coping with fault injection attacks |
CN109992959A (en) * | 2017-12-29 | 2019-07-09 | 国民技术股份有限公司 | Direct fault location resists method and device, chip and computer readable storage medium |
JP7046324B2 (en) * | 2018-02-15 | 2022-04-04 | 株式会社吉川システック | Semiconductor devices and semiconductor device design methods |
CN108664815A (en) * | 2018-05-18 | 2018-10-16 | 国民技术股份有限公司 | A kind of safety protection of chip method and IC chip |
EP3584737B1 (en) * | 2018-06-19 | 2022-02-23 | Secure-IC SAS | Improved detection of laser fault injection attacks on cryptographic devices |
CN109541444B (en) * | 2018-10-18 | 2021-11-02 | 天津大学 | Integrated circuit fault injection detection method based on mixed granularity parity check |
CN110096397B (en) * | 2019-03-27 | 2022-10-25 | 天津大学 | Multi-ring oscillator FPGA configuration circuit robustness detection method |
WO2021030958A1 (en) | 2019-08-16 | 2021-02-25 | 深圳市汇顶科技股份有限公司 | Detection circuit for electromagnetic fault injection, security chip, and electronic device |
US11244046B2 (en) * | 2019-09-16 | 2022-02-08 | Nuvoton Technology Corporation | Data-sampling integrity check using gated clock |
US11366899B2 (en) * | 2020-02-18 | 2022-06-21 | Nuvoton Technology Corporation | Digital fault injection detector |
CN113125941B (en) * | 2021-04-19 | 2022-09-09 | 海光信息技术股份有限公司 | Detection method, detection system and detection device for chip design |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008198700A (en) * | 2007-02-09 | 2008-08-28 | Renesas Technology Corp | Semiconductor integrated circuit device |
JP2009289104A (en) * | 2008-05-30 | 2009-12-10 | Dainippon Printing Co Ltd | Security device with function for detecting trouble attack |
CN102034688A (en) * | 2009-10-05 | 2011-04-27 | 意法半导体(胡希)公司 | Method of protecting an integrated circuit chip against spying by laser attacks |
CN103679011A (en) * | 2012-09-20 | 2014-03-26 | 瑞萨电子株式会社 | Semiconductor integrated circuit |
CN104484627A (en) * | 2014-12-31 | 2015-04-01 | 清华大学无锡应用技术研究院 | Design method of randomized anti-fault-attack measures for reconfigurable array architecture |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5519308B2 (en) * | 2010-02-05 | 2014-06-11 | ルネサスエレクトロニクス株式会社 | Semiconductor integrated circuit and data processing system |
-
2015
- 2015-10-22 CN CN201510695426.8A patent/CN105391542B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008198700A (en) * | 2007-02-09 | 2008-08-28 | Renesas Technology Corp | Semiconductor integrated circuit device |
JP2009289104A (en) * | 2008-05-30 | 2009-12-10 | Dainippon Printing Co Ltd | Security device with function for detecting trouble attack |
CN102034688A (en) * | 2009-10-05 | 2011-04-27 | 意法半导体(胡希)公司 | Method of protecting an integrated circuit chip against spying by laser attacks |
CN103679011A (en) * | 2012-09-20 | 2014-03-26 | 瑞萨电子株式会社 | Semiconductor integrated circuit |
CN104484627A (en) * | 2014-12-31 | 2015-04-01 | 清华大学无锡应用技术研究院 | Design method of randomized anti-fault-attack measures for reconfigurable array architecture |
Non-Patent Citations (3)
Title |
---|
"边信道攻击及防御的研究与实现";孙春辉;《中国优秀硕士学位论文全文数据库信息科技辑》;20090815;第I136-127页 |
"近红外激光故障注入系统在密码芯片攻击中的应用";刘辉志;《科学技术与工程》;20140808;第14卷(第22期);第225-230页 |
"针对高级加密标准算法的光故障注入攻击";王红胜;《计算机工程》;20111105;第37卷(第21期);第97-99页 |
Also Published As
Publication number | Publication date |
---|---|
CN105391542A (en) | 2016-03-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105391542B (en) | Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit | |
Liu et al. | Silicon demonstration of hardware Trojan design and detection in wireless cryptographic ICs | |
Zussa et al. | Efficiency of a glitch detector against electromagnetic fault injection | |
Nguyen et al. | Creating a backscattering side channel to enable detection of dormant hardware trojans | |
Ghosh | Spintronics and security: Prospects, vulnerabilities, attack models, and preventions | |
Narasimhan et al. | Improving IC security against Trojan attacks through integration of security monitors | |
CN103034804B (en) | Safety chip and attack detecting circuit thereof | |
Ordas et al. | Evidence of a larger EM-induced fault model | |
CN106872876B (en) | Hardware Trojan horse side channel detection method based on electromagnetism and delay | |
Miura et al. | A local EM-analysis attack resistant cryptographic engine with fully-digital oscillator-based tamper-access sensor | |
Nagata et al. | Physical attack protection techniques for IC chip level hardware security | |
Wang et al. | Malicious circuitry detection using transient power analysis for IC security | |
Homma et al. | Design methodology and validity verification for a reactive countermeasure against EM attacks | |
WO2015114944A1 (en) | Side-channel attack detection device and side-channel attack detection method by side-channel attack detection device | |
Japa et al. | Hardware security exploiting post-CMOS devices: fundamental device characteristics, state-of-the-art countermeasures, challenges and roadmap | |
He et al. | EM Side Channels in Hardware Security: Attacks and Defenses. | |
WO2021030958A1 (en) | Detection circuit for electromagnetic fault injection, security chip, and electronic device | |
Miura et al. | An intermittent-driven supply-current equalizer for 11x and 4x power-overhead savings in CPA-resistant 128bit AES cryptographic processor | |
Ni et al. | The influence on sensitivity of hardware trojans detection by test vector | |
Miura et al. | EM attack sensor: Concept, circuit, and design-automation methodology | |
Mai | Side channel attacks and countermeasures | |
Deyati et al. | High resolution pulse propagation driven Trojan detection in digital logic: optimization algorithms and infrastructure | |
Limaye et al. | PolyWorm: Leveraging polymorphic behavior to implant hardware trojans | |
Breier et al. | Extensive laser fault injection profiling of 65 nm FPGA | |
CN106301292A (en) | The device of hardware Trojan horse is remotely activated based on electromagnetic signal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |