CN105391542B - Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit - Google Patents

Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit Download PDF

Info

Publication number
CN105391542B
CN105391542B CN201510695426.8A CN201510695426A CN105391542B CN 105391542 B CN105391542 B CN 105391542B CN 201510695426 A CN201510695426 A CN 201510695426A CN 105391542 B CN105391542 B CN 105391542B
Authority
CN
China
Prior art keywords
detector
integrated circuit
combinational logic
fault injection
injection attacks
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510695426.8A
Other languages
Chinese (zh)
Other versions
CN105391542A (en
Inventor
赵毅强
刘阿强
何家骥
李跃辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CN201510695426.8A priority Critical patent/CN105391542B/en
Publication of CN105391542A publication Critical patent/CN105391542A/en
Application granted granted Critical
Publication of CN105391542B publication Critical patent/CN105391542B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1008Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
    • G06F11/1012Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices using codes or arrangements adapted for a specific type of error
    • G06F11/1032Simple parity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/004Countermeasures against attacks on cryptographic mechanisms for fault attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • H04L2209/046Masking or blinding of operations, operands or results of the operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/34Encoding or coding, e.g. Huffman coding or error correction

Abstract

The present invention relates to information security, cryptography and encrypted circuits, provide the detection for electromagnetism fault injection attacks for the information securities integrated circuit related with same such as encrypted circuit, guarantee to be responded in time when attacking and occurring.Thus, the technical solution adopted by the present invention is that, electromagnetism fault injection attacks detector is detected for integrated circuit, structure are as follows: A1, A2, A3, A4, A5 are 5 phase inverters, cascade forms ring oscillator, the oscillator signal exported after the inverted device B buffering of ring oscillator is directly inputted to all the way in combinational logic delay comparative structure Detector1, and another way is reversed by phase inverter C's, is input in another combinational logic delay comparative structure Detector2;The input signal of two Detector passes through the Combinational logic output of the Detector to the trigger input end of clock of the Detector.Present invention is mainly applied to Research on Integrated Circuit Security designs.

Description

Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit
Technical field
The present invention relates to information security, cryptography and encrypted circuits, specifically, are related to for integrated circuit detection electromagnetism event Hinder injection attacks detector.
Technical background
With the development of information-intensive society, information security is increasingly valued by people.Cryptography and encrypted circuit are existing For the important leverage of information security, it can prevent unwarranted access from obtaining with invalid information, and in current scientific and technological water Under flat, it can not theoretically be cracked by mathematical analysis and violent means.However the realization of Encryption Algorithm be unable to do without actual chip Circuit, such as using the side-channel attack of the sides channel informations such as power consumption, the electromagnetism of ciphering process generation, or utilize ciphering process The middle fault attacks that mistake occurs can be analyzed by subsequent mathematical and obtain the sensitive informations [1] such as key.
Fault injection attacks are a kind of side-channel attack modes of active, and circuit is caused to generate there are many means of mistake, Such as electromagnetic pulse, laser irradiation, clock bur, voltage glitch etc., have become at present and attack is implemented most to safety chip Effective means [2].On the basis of this attack pattern Encryption Algorithm used in known encryption circuit, in being currently running Encrypted circuit specifically interfered, make it that operation mistake occur at the time of specific, then attacker is by collected The encrypted result of mistake records and analyzes the performance after circuit computing mistake, finally can by means such as differential fault analysis With information such as the keys that obtains encrypted circuit.
Electromagnetism fault injection attacks as the high-precision attack means of a kind of locality [3], due to its operation is relatively easy, The advantages that success attack rate is high, circuit coverage is small, has obtained the extensive concern of people.This attack pattern is by by electric field Probe or magnet field probe are placed in encrypted circuit nearby [4], run to a certain moment in circuit and are triggered, and pass through probe and generate One pulse signal, so that electromagnetic interference, power supply line or pass of the electromagnetic field couples of variation to chip cause in portion in the chip Key signals line, so that circuit operation error.
The safety of encrypted circuit essentially consists in the safety of key in protection circuit, and in recent years, electromagnetism fault injection attacks The it is proposed of technology causes great threat to information security, it is therefore desirable to carry out the defensive measure for being directed to electromagnetism direct fault location. In this respect, a part of researcher is studied in terms of algorithm improvement, some in terms of changing circuit structure into It has gone research [5].By the retrieval of pertinent literature and patent, at present very about the research of detection electromagnetism fault injection attacks structure Few, there has been no a kind of effective detection methods.The structure cooperation annular vibration based on combinational logic delay that this patent proposes Swinging device can find to attack in time as embedded detection structure, and generate pre-warning signal.
Bibliography
1, Liu Huizhi, Zhao Dongyan, Zhang Haifeng wait near-infrared laser fault injection system answering in crypto chip attack With [J] science and technology and engineering, 2014,14 (22): 225-230.DOI:10.3969/j.issn.1671- 1815.2014.22.043.
2、Zhou Y B,Feng D G,Zhou Y B,et al.Side-Channel Attacks:Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing.[J].Cryptology Eprint Archive,2005,2005.
3、Dehbaoui,A,Dutertre,J.-M,Robisson,B,et al.Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES[C]// 2013Workshop on Fault Diagnosis and Tolerance in Cryptography.IEEE,2012:7-15.
4、Omarouayache R,Raoult J,Jarrix S,et al.Magnetic microprobe design for EM fault attack[C]//Electromagnetic Compatibility(EMC EUROPE), 2013International Symposium on.IEEE,2013:949-954.
5、Moro N,Heydemann K,Dehbaoui A,et al.Experimental evaluation of two software countermeasures against fault attacks[C]//Hardware-Oriented Security and Trust(HOST),2014IEEE International Symposium on.IEEE,2014:112-117。
Summary of the invention
In order to overcome the deficiencies of the prior art, it provides for the information securities integrated circuit related with same such as encrypted circuit for electromagnetism failure The detection of injection attacks guarantees to be responded in time when attacking and occurring.For this reason, the technical scheme adopted by the present invention is that Electromagnetism fault injection attacks detector, structure are detected for integrated circuit are as follows: A1, A2, A3, A4, A5 are 5 phase inverters, cascade Ring oscillator is formed, the oscillator signal exported after the inverted device B buffering of ring oscillator is directly inputted to combinational logic all the way It is delayed in comparative structure Detector1, another way is reversed by phase inverter C's, is input to the delay of another combinational logic and compares In structure Detector2;Realize that the combinational logic D1 and trigger E1 of delay function constitute Detector1, combinational logic D2 Detector2 is constituted with trigger E2;The input signal of two Detector is connected to the trigger input of the Detector End;The input signal of two Detector passes through the Combinational logic output of the Detector to the trigger clock of the Detector Input terminal;The output of two Detector obtains final alarm signal A larm by one or F.
By the channel width W for increasing transistor in phase inverter in ring oscillatoreff, reduce the number of transistors of phase inverter Mesh N improves sensitivity.
Electromagnetism fault injection attacks detection method is detected for integrated circuit, is realized by foregoing detection device, and including under Column step,
Combinational logic the time delay module D1 and D2 of detector are debugged first, so that its delay is equal to ring oscillator defeated The 3/4 of signal period out;Then according to the demand of circuit area and safety, a certain number of detectors is embedded in and need to protect Among the integrated circuit of shield.
For needing integrated circuit inner core sensitive blocks to be protected, the layout of detector is relatively closeer, for circuit The layout of rest part, detector is relatively lax.
The features of the present invention and beneficial effect are:
Using the structure of injection attacks of the invention, the generation of electromagnetism fault injection attacks can be effectively detected, it should Structure is easy to use, and area is small, can need to select the detecting structure of different number to be laid out in different positions according to circuit It sets, realizes the protection different degrees of to chip.
Detailed description of the invention:
The structure of Fig. 1 detection electromagnetism fault injection attacks.
Fig. 2 combinational logic delay comparative structure schematic illustration one.
Fig. 3 combinational logic delay comparative structure schematic illustration two.
Fig. 4 combinational logic delay comparative structure schematic illustration three.
Fig. 5 combinational logic delay comparative structure schematic illustration four.
Fig. 6 entirety detecting structure schematic diagram.
Specific embodiment
The present invention provides the detection for electromagnetism fault injection attacks for the information securities integrated circuit related with same such as encrypted circuit, It can be merged well, be guaranteed with original circuit according to the quantity for needing to change detection structure of circuit area and position Attack can be responded in time when occurring.
The present invention uses a kind of structure based on combinational logic delay to cooperate ring oscillator as embedded detection structure, if The structure that electromagnetism fault injection attacks can be detected for safety chips such as encrypted circuits is counted.
1. the structure of detection electromagnetism fault injection attacks proposed by the present invention is with combinational logic delay comparative structure and annular Oscillator is core, is embedded in ifq circuit and constitutes final structure.
As shown in Figure 1, being the structure for detecting electromagnetism fault injection attacks detector (hereinafter referred to as EMP attack N detector) Figure, A1, A2, A3, A4, A5 are 5 phase inverters, and cascade forms ring oscillator.Phase inverter B plays the role of buffering, output Oscillator signal is directly inputted to all the way in combinational logic delay comparative structure Detector1, and another way is anti-by phase inverter C's To, be input to another combinational logic delay comparative structure Detector2 in.Realize combinational logic D1 and the triggering of delay function Device E1 constitutes Detector1, combinational logic D2 and trigger E2 and constitutes Detector2.The output warp of two Detector It crosses one or F and obtains final alarm signal A larm.
2. influence principle of the electromagnetism direct fault location to circuit
Electromagnetism direct fault location generally utilizes the pulse current in coil by rising edge for nanosecond, in swashing for pulse current It encourages down, inductive impulse magnetic field is generated in coil, which propagates outward in such a way that medium is magnetized, thus to the electricity near coil Road chip impacts.When passing to steady current in coil, according to biot savart's law, coil, which is taken up an official post, takes a point Q, electric current Density is(unit A/m2), then the magnetic field of space any point P:
WhereinIt is space permeability for magnetic induction intensity (unit T), μ 0, value is 4 π × 10-7H/m, dUQExist for coil Differential at Q point,For the distance vector of Q to P.Although carry out direct fault location, what is be passed through is pulse current, continuous current excitation Magnetic field conditions can represent pulse excitation stablize when the case where, stablize when hub of a spool magnetic field are as follows:
WhereinAnd μ0It is same as above, a be coil radius (electric current (unit A) when unit m), I are pulse stabilization, Z is length (the unit m) apart from hub of a spool.
By above formula as it can be seen that after flowing through electric current in coil, the magnetic induction in coil is directly proportional to electric current, thus, electric current Equation and waveform and magnetic field equation and waveform an only poor scale factor.Scale factor is only related with the structure of coil, when After coil is fixed, this factor is a constant.Therefore, magnetic field is an aperiodic impulse waveform.
Any conductor in electromagnetic field can induce voltage.When circuit chip is placed in such electromagnetic environment When, the energy of electromagnetic field for being coupled to circuit will cause a big voltage or current impulse, and power supply line's composition in chip Ring be the main part by electromagnetic effect.Magnet field probe near field direct fault location is substantially a coaxial line, it Be it is perceptual, have a low series resistance.Inductive coupling between magnet field probe and circuit can be indicated with mutual inductance:
M12 is mutual inductance (unit H), φ in above formula2For across the magnetic flux (unit Wb) of conductor 2, I1 is conductor 1 Electric current (unit A), I2 are the electric current (unit A) of conductor 2, and μ is magnetic conductivity (unit H/m),For the magnetic field perpendicular to conductor 2 Strength component (unit H),For the face element differential of conductor 2.
It is assumed that being coupled to power supply line, the jump for exporting and having between a height will cause, and then lead to entire functional module Correct information can not be exported.Here, the concept of " coupling " refers to circuit, equipment, system and other circuits, equipment, system Between electric flux connection, coupling play an electromagnetic energy from a circuit, equipment, system " transmission " to another circuit, set Standby, system effect.Electric power network in circuit is the part for being most susceptible to electromagnetic interference, they are also used as antenna to receive line The magnetic flux generated is enclosed, which can generate induced electromotive force on electric power network.Such a electromagnetic coil can be in circuit Middle generation voltage drop (IR drop).
In addition, when electromagnetic pulse couples voltage or electric current that channels are generated in chip input terminal and is up to certain journey by different When spending, the change of output end logical value can lead to, i.e., become 0 or on the contrary, to generate error code from 1.
3. ring oscillator detects EMP attack N principle
For the single-ended CMOS ring oscillator being made of N number of phase inverter, it is assumed that the channel length of NMOS and PMOS is identical, The absolute value of threshold voltage is identical, then frequency of oscillation are as follows:
Wherein Cox is gate oxide capacitance (the unit F/m of unit area2), VDD is supply voltage (unit V), and VT is brilliant The threshold voltage (unit V) of body pipe, L are channel length (the unit m), q of transistormaxIt is transistors transition period node Received total charge dosage (unit C), N are the phase inverter numbers (unit is dimensionless) for forming ring oscillator, η be one about etc. In 1 constant (unit is dimensionless), WeffBe equivalent channel width (unit m), expression formula are as follows:
Weff=Wn+Wp
Wherein Wn is that (unit m), Wp are channel width (the unit m) of PMOS tube for the channel width of NMOS tube.μeffIt is equivalent Carrier mobility (unit m2/ Vs), expression formula are as follows:
Wherein μnIt is electron mobility (unit m2/ Vs), μpIt is hole mobility (unit m2/V·s)。
Electromagnetism direct fault location mainly influences the electric power network of integrated circuit, will lead to supply voltage raising, and then generate A series of influence, for example the delay of CMOS gate circuit is caused to reduce.According to this principle, within the short time of pulsing effect, The frequency of ring oscillator can change due to electromagnetism direct fault location.
In addition the strongest place of electromagnetic radiation also tends to be that (such as metal wire is mutual in the place most sensitive to electromagnetic interference The position of X-shape cyclization is equivalent to the probe for receiving electromagnetic signal).And ring oscillator can radiate stronger and oscillator signal With the electromagnetic signal of frequency, therefore design detects the influence of electromagnetism fault injection attacks using ring oscillator.
4. the working principle of combinational logic delay comparative structure
Above-mentioned ring oscillator, or since EMP Coupling to power supply line causes the variation of voltage, in turn result in defeated Waveform changes out;Or since electromagnetic pulse is directly coupled to output end, in the output signal, have with interference signal with frequency Signal averaging get on.It is this to change the form for being presented as burr, and this burr can be by being patrolled in the present invention based on combination The delay comparative structure collected detects.
It is assumed that the output frequency of ring oscillator is f0, therefore its period is 1/ when circuit normal work is not affected by attack f0.The delay for adjusting combinational logic D1 and D2 in Fig. 1 is the 3/4 of the period, that is, 3/4f0.Therefore it is attacked when circuit chip is not affected by When hitting, for Detector1, the clock of d type flip flop is 3/4 delay to input signal, so the rising edge of clock signal is adopted Sample to data be low level, the output of d type flip flop is low level.For Detector2, in the same way, output is also low Level.Therefore after process or door F, alarm signal A larm is also low level.Circuit detects this signal, does not take movement.
It is then assumed that electromagnetism direct fault location has occurred, due to aforementioned two kinds, it will cause output signal and generate burr.By The relative positional relationship of original oscillating signal will be different in the burr of the difference of attack time, generation.Fig. 2 is illustrated Burr is located at the case where original oscillating signal low level first half, and D1 is the input data of the d type flip flop of Detector1 in figure Signal, C1 are the input clock signals of the d type flip flop of Detector1, and D2 is the input data letter of the d type flip flop of Detector2 Number, C2 is the input clock signal of the d type flip flop of Detector2.If not specified otherwise below, is all made of this representation method.
From Figure 2 it can be seen that being located at original oscillating signal low level first half such case for burr, by dotted line institute in figure Show, the rising edge of C1 can adopt the high level of D1 signal, therefore Detector1 can detecte, and the rising edge of C2 is adopted D1 signal be low level, therefore Detector2 can't detect.
As seen from Figure 3, original oscillating signal low level latter half such case is located at for burr, by dotted line institute in figure Show, the D1 signal that the rising edge of C1 is adopted is low level, therefore Detector1 can't detect, and the rising edge of C2 can be adopted To the high level of D1 signal, therefore Detector2 can detecte.
From fig. 4, it can be seen that being located at original oscillating signal high level first half such case for burr, by dotted line institute in figure Show, the D1 signal that the rising edge of C1 is adopted is low level, therefore Detector1 can't detect, and the rising edge of C2 can be adopted To the high level of D1 signal, therefore Detector2 can detecte.
As seen from Figure 5, original oscillating signal high level latter half such case is located at for burr, by dotted line institute in figure Show, the rising edge of C1 can adopt the high level of D1 signal, therefore Detector1 can detecte, and the rising edge of C2 is adopted D1 signal be low level, therefore Detector2 can't detect.
In conclusion for burr be located at original oscillating signal low level first half and high level latter half both Situation, Detector1 can detecte, and Detector2 can't detect;After being located at original oscillating signal low level for burr Half part and high level first half both of these case, Detector2 can detecte, and Detector1 can't detect.Therefore In EMP attack N detector simultaneously use Detector1 and Detector2, and by their output signal carry out or operation, Final alarm signal is obtained, the burr at original oscillating signal difference relative position will all can be detected in this way, It ensure that verification and measurement ratio.
5. the sensitivity of detection structure in actual use
By above-mentioned principle analysis it is found that needing to improve the sensitivity of the detection structure in actual use by electricity When magnetic fault injection attacks cause supply voltage to change, the output frequency variation of ring oscillator is the bigger the better, to make The oscillator signal of output generates a burr, to facilitate the comparative structure of combinational logic delay below to detect.According to ring oscillation The frequency formula of device output signal is it is found that the variation of frequency opposed power voltage is:
Therefore in actual use, the channel width W of increase transistor can be passed througheff, reduce the transistor size of phase inverter N improves sensitivity.
If electromagnetic interference signal is weaker, so that the variation of supply voltage is smaller, when detector being insufficient to allow to detect, due to Attack at this time can not similarly cause circuit computing to malfunction, therefore may not necessarily consider such case.
6. constructing circuit entirety detecting structure using core detection structure
As shown in fig. 6, being embedded among ifq circuit using core detection structure (EMP attack N detector), realize most The schematic diagram of final inspection geodesic structure.
Outermost box represents entire circuit chip in figure, and the open squares in the lower right corner represent the sensitivity of the core in circuit Unit (such as S box of AES encryption module), remaining solid black box represents above-mentioned EMP attack N detector.It is using Before, it is necessary first to combinational logic the time delay module D1 and D2 of the detector be debugged, its delay is made to be equal to ring oscillation The 3/4 of device output signal period.Then according to the demand of circuit area and safety, a certain number of detectors are embedded in Among ifq circuit.Such as the area of circuit chip is enough, and it is higher to security requirement when, can be with multi-embedding certain amount Detector.
It is best in order to achieve the effect that, it not only needs to keep lesser area, but also have enough safeties, it can be selectively Carry out detector layout.For core sensitive blocks, the layout of detector is relatively closeer, for circuit rest part, detection The layout of device can be relatively lax.
Example of the present invention is as shown in fig. 6, (attacker is most using the preceding core sensing unit for first determining circuit The position that may be attacked), then according to this three circuit total area, the vacant area of circuit and required chip secure degree ginsengs The quantity of EMP attack N detector, is uniformly distributed among ifq circuit needed for number determines, then sensitive for core single Member, suitably increase a certain number of EMP attack N detectors it is embedded with wherein.Protection scope of the present invention is not with above-mentioned implementation Mode is limited, and those of ordinary skill in the art's equivalent modification or variation made by disclosure according to the present invention should be all included in Protection scope.

Claims (3)

1. one kind for integrated circuit detect electromagnetism fault injection attacks detector, characterized in that structure are as follows: A1, A2, A3, A4, A5 is 5 phase inverters, and cascade forms ring oscillator, and the oscillator signal exported after the inverted device B buffering of ring oscillator is all the way It is directly inputted in combinational logic delay comparative structure Detector1, another way is reversed by phase inverter C's, is input to another In a combinational logic delay comparative structure Detector2;Realize that the combinational logic D1 and trigger E1 of delay function are constituted Detector1, combinational logic D2 and trigger E2 constitute Detector2;The input signal of Detector1 is connected to its triggering Device input terminal, the input signal of Detector1 are output to the trigger input end of clock of Detector1 by a combination thereof logic; The input signal of Detector2 is connected to its trigger input, and the input signal of Detector2 is exported by a combination thereof logic To the trigger input end of clock of Detector2;The output of two Detector obtains final alarm signal by one or F Number Alarm.
2. detecting electromagnetism fault injection attacks detector for integrated circuit as described in claim 1, characterized in that pass through increasing In big ring oscillator in phase inverter transistor channel width Weff, the transistor size N for reducing phase inverter is sensitive to improve Degree.
3. one kind detects electromagnetism fault injection attacks detection method for integrated circuit, characterized in that detected for integrated circuit Electromagnetism fault injection attacks detection method, is realized, and include the following steps by detector described in claim 1, first to spy The combinational logic D1 and D2 for surveying device are debugged, its delay is made to be equal to the 3/4 of the ring oscillator output signal period;Then basis The demand of circuit area and safety, detector, which is embedded in, to be needed among integrated circuit to be protected.
CN201510695426.8A 2015-10-22 2015-10-22 Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit Active CN105391542B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510695426.8A CN105391542B (en) 2015-10-22 2015-10-22 Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510695426.8A CN105391542B (en) 2015-10-22 2015-10-22 Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit

Publications (2)

Publication Number Publication Date
CN105391542A CN105391542A (en) 2016-03-09
CN105391542B true CN105391542B (en) 2019-01-18

Family

ID=55423397

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510695426.8A Active CN105391542B (en) 2015-10-22 2015-10-22 Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit

Country Status (1)

Country Link
CN (1) CN105391542B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9697310B2 (en) * 2015-11-02 2017-07-04 Winbond Electronics Corporation Level faults interception in integrated circuits
CN105933108B (en) * 2016-05-30 2019-04-12 清华大学 A kind of pair of SM4 algorithm realizes the method cracked
CN106203183B (en) * 2016-07-25 2019-03-26 天津大学 A kind of IP kernel guard method based on electromagnetic spectrum watermark
CN106301292A (en) * 2016-08-16 2017-01-04 天津大学 The device of hardware Trojan horse is remotely activated based on electromagnetic signal
CN106568994A (en) * 2016-11-11 2017-04-19 上海华虹集成电路有限责任公司 Contact type smart card chip burr attack circuit
CN108073818B (en) * 2016-11-14 2021-07-09 华为技术有限公司 Data protection circuit of chip, chip and electronic equipment
CN106656460A (en) * 2016-11-22 2017-05-10 浙江大学 Defense device for electromagnetic pulse fault analysis of password chip
FR3070092A1 (en) * 2017-08-11 2019-02-15 Stmicroelectronics (Rousset) Sas PROTECTION OF AN INTEGRATED CIRCUIT
CN107944309A (en) * 2017-10-31 2018-04-20 北京中电华大电子设计有限责任公司 A kind of shield detection circuit of resistance against physical attack
US10990682B2 (en) * 2017-12-18 2021-04-27 Nuvoton Technology Corporation System and method for coping with fault injection attacks
CN109992959A (en) * 2017-12-29 2019-07-09 国民技术股份有限公司 Direct fault location resists method and device, chip and computer readable storage medium
JP7046324B2 (en) * 2018-02-15 2022-04-04 株式会社吉川システック Semiconductor devices and semiconductor device design methods
CN108664815A (en) * 2018-05-18 2018-10-16 国民技术股份有限公司 A kind of safety protection of chip method and IC chip
EP3584737B1 (en) * 2018-06-19 2022-02-23 Secure-IC SAS Improved detection of laser fault injection attacks on cryptographic devices
CN109541444B (en) * 2018-10-18 2021-11-02 天津大学 Integrated circuit fault injection detection method based on mixed granularity parity check
CN110096397B (en) * 2019-03-27 2022-10-25 天津大学 Multi-ring oscillator FPGA configuration circuit robustness detection method
WO2021030958A1 (en) 2019-08-16 2021-02-25 深圳市汇顶科技股份有限公司 Detection circuit for electromagnetic fault injection, security chip, and electronic device
US11244046B2 (en) * 2019-09-16 2022-02-08 Nuvoton Technology Corporation Data-sampling integrity check using gated clock
US11366899B2 (en) * 2020-02-18 2022-06-21 Nuvoton Technology Corporation Digital fault injection detector
CN113125941B (en) * 2021-04-19 2022-09-09 海光信息技术股份有限公司 Detection method, detection system and detection device for chip design

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008198700A (en) * 2007-02-09 2008-08-28 Renesas Technology Corp Semiconductor integrated circuit device
JP2009289104A (en) * 2008-05-30 2009-12-10 Dainippon Printing Co Ltd Security device with function for detecting trouble attack
CN102034688A (en) * 2009-10-05 2011-04-27 意法半导体(胡希)公司 Method of protecting an integrated circuit chip against spying by laser attacks
CN103679011A (en) * 2012-09-20 2014-03-26 瑞萨电子株式会社 Semiconductor integrated circuit
CN104484627A (en) * 2014-12-31 2015-04-01 清华大学无锡应用技术研究院 Design method of randomized anti-fault-attack measures for reconfigurable array architecture

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5519308B2 (en) * 2010-02-05 2014-06-11 ルネサスエレクトロニクス株式会社 Semiconductor integrated circuit and data processing system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008198700A (en) * 2007-02-09 2008-08-28 Renesas Technology Corp Semiconductor integrated circuit device
JP2009289104A (en) * 2008-05-30 2009-12-10 Dainippon Printing Co Ltd Security device with function for detecting trouble attack
CN102034688A (en) * 2009-10-05 2011-04-27 意法半导体(胡希)公司 Method of protecting an integrated circuit chip against spying by laser attacks
CN103679011A (en) * 2012-09-20 2014-03-26 瑞萨电子株式会社 Semiconductor integrated circuit
CN104484627A (en) * 2014-12-31 2015-04-01 清华大学无锡应用技术研究院 Design method of randomized anti-fault-attack measures for reconfigurable array architecture

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"边信道攻击及防御的研究与实现";孙春辉;《中国优秀硕士学位论文全文数据库信息科技辑》;20090815;第I136-127页
"近红外激光故障注入系统在密码芯片攻击中的应用";刘辉志;《科学技术与工程》;20140808;第14卷(第22期);第225-230页
"针对高级加密标准算法的光故障注入攻击";王红胜;《计算机工程》;20111105;第37卷(第21期);第97-99页

Also Published As

Publication number Publication date
CN105391542A (en) 2016-03-09

Similar Documents

Publication Publication Date Title
CN105391542B (en) Electromagnetism fault injection attacks detection method and detector are detected for integrated circuit
Liu et al. Silicon demonstration of hardware Trojan design and detection in wireless cryptographic ICs
Zussa et al. Efficiency of a glitch detector against electromagnetic fault injection
Nguyen et al. Creating a backscattering side channel to enable detection of dormant hardware trojans
Ghosh Spintronics and security: Prospects, vulnerabilities, attack models, and preventions
Narasimhan et al. Improving IC security against Trojan attacks through integration of security monitors
CN103034804B (en) Safety chip and attack detecting circuit thereof
Ordas et al. Evidence of a larger EM-induced fault model
CN106872876B (en) Hardware Trojan horse side channel detection method based on electromagnetism and delay
Miura et al. A local EM-analysis attack resistant cryptographic engine with fully-digital oscillator-based tamper-access sensor
Nagata et al. Physical attack protection techniques for IC chip level hardware security
Wang et al. Malicious circuitry detection using transient power analysis for IC security
Homma et al. Design methodology and validity verification for a reactive countermeasure against EM attacks
WO2015114944A1 (en) Side-channel attack detection device and side-channel attack detection method by side-channel attack detection device
Japa et al. Hardware security exploiting post-CMOS devices: fundamental device characteristics, state-of-the-art countermeasures, challenges and roadmap
He et al. EM Side Channels in Hardware Security: Attacks and Defenses.
WO2021030958A1 (en) Detection circuit for electromagnetic fault injection, security chip, and electronic device
Miura et al. An intermittent-driven supply-current equalizer for 11x and 4x power-overhead savings in CPA-resistant 128bit AES cryptographic processor
Ni et al. The influence on sensitivity of hardware trojans detection by test vector
Miura et al. EM attack sensor: Concept, circuit, and design-automation methodology
Mai Side channel attacks and countermeasures
Deyati et al. High resolution pulse propagation driven Trojan detection in digital logic: optimization algorithms and infrastructure
Limaye et al. PolyWorm: Leveraging polymorphic behavior to implant hardware trojans
Breier et al. Extensive laser fault injection profiling of 65 nm FPGA
CN106301292A (en) The device of hardware Trojan horse is remotely activated based on electromagnetic signal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant