CN107947969B - Information entropy-based integrated circuit fault injection attack resistance safety evaluation method - Google Patents

Information entropy-based integrated circuit fault injection attack resistance safety evaluation method Download PDF

Info

Publication number
CN107947969B
CN107947969B CN201711129019.6A CN201711129019A CN107947969B CN 107947969 B CN107947969 B CN 107947969B CN 201711129019 A CN201711129019 A CN 201711129019A CN 107947969 B CN107947969 B CN 107947969B
Authority
CN
China
Prior art keywords
fault
circuit
safety
tested
injection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711129019.6A
Other languages
Chinese (zh)
Other versions
CN107947969A (en
Inventor
邓鹏杰
刘强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CN201711129019.6A priority Critical patent/CN107947969B/en
Publication of CN107947969A publication Critical patent/CN107947969A/en
Application granted granted Critical
Publication of CN107947969B publication Critical patent/CN107947969B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/004Countermeasures against attacks on cryptographic mechanisms for fault attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an integrated circuit fault injection attack resistance safety evaluation method based on information entropy, which uses the information entropy to represent the information amount leaked under fault injection as a quantitative index of circuit safety evaluation. The method comprises the following steps: (1) determining a password circuit to be tested, and designating a fault model; (2) calculating theoretical information leakage quantity of the fault model to the circuit according to the circuit to be tested and the fault model; (3) generating a fault value according with a fault model; (4) injecting the generated fault value into a circuit to be tested to obtain error output under the fault condition; (5) calculating actual measurement information leakage obtained by actual fault injection according to the fault value of the actual injection and the error output under the fault condition; (6) and (3) calculating to obtain a safety factor r according to the theoretical information leakage amount obtained in the step (2) and the actual measurement information leakage amount obtained in the step (5), and comparing the r with a preset safety evaluation grade to obtain the safety grade evaluation of the circuit.

Description

Information entropy-based integrated circuit fault injection attack resistance safety evaluation method
Technical Field
The invention relates to a hardware security direction, mainly relates to the field of security evaluation of integrated circuits, and particularly relates to a security evaluation method for resisting fault injection attack of an integrated circuit based on information entropy.
Background
Fault injection is an attack means which seriously threatens the security of a cryptographic chip. The basic principle is that the chip is abnormal in function by injecting faults into the safe weak part of the chip, the function and parameters of the chip are tested under the abnormal working state of the chip, and the chip is analyzed and compared with the conventional working state, so that the important information in the chip is obtained. Therefore, it is very important to search for design flaws of the integrated circuit and take protection measures against fault injection attacks to ensure confidentiality and integrity of information in the system in the use environment.
The basic idea of the existing integrated circuit security evaluation scheme is to inject a fault into a security chip to obtain error data under a fault condition, apply the error data to a key analysis method and try to crack a key. If the secret key is cracked, the password chip is considered to have potential safety hazard and cannot resist the attack of fault injection; otherwise, it is considered safe. This assessment method has two limitations: the first is that the assessment method has two limitations: the first is that the evaluation result only has two results of safety and non-safety, and the safety cannot be graded and quantified. The security classification helps to implement protection measures for different applications, reducing costs. Secondly, the evaluation scheme needs to apply various key analysis methods to carry out key cracking to carry out relatively comprehensive evaluation on the circuit safety, and has long evaluation time and high cost.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides an integrated circuit fault injection attack resistance safety evaluation method based on information entropy.
The purpose of the invention is realized by the following technical scheme:
the integrated circuit fault injection attack resistance safety evaluation method based on the information entropy calculates the information leaked by a circuit under the fault model in a fault injection mode, and evaluates the safety of the integrated circuit by taking the leaked information amount as an evaluation index, and specifically comprises the following steps:
(1) determining a password circuit to be tested, and designating a fault model;
(2) calculating theoretical information leakage quantity of the fault model to the circuit according to the circuit to be tested and the fault model;
(3) generating a fault value according with a fault model;
(4) injecting the generated fault value into a circuit to be tested to obtain error output under the fault condition;
(5) calculating actual measurement information leakage obtained by actual fault injection according to the fault value of the actual injection and the error output under the fault condition;
(6) and (3) calculating to obtain a safety factor r according to the theoretical information leakage amount obtained in the step (2) and the actual measurement information leakage amount obtained in the step (5), and comparing the r with a preset safety evaluation grade to obtain the safety grade evaluation of the circuit.
Compared with the prior art, the technical scheme of the invention has the following beneficial effects:
1. the invention evaluates the fault injection resistance safety of the integrated circuit based on the information entropy, and uses the information leakage amount as the evaluation standard of the safety, thereby avoiding the use of a complex key analysis algorithm in the existing evaluation method.
2. The invention can carry out quantitative grading evaluation on the safety of the integrated circuit, is beneficial to a safety circuit designer to adopt different protective measures aiming at different applications, and avoids the excessive protection of the integrated circuit.
Drawings
Fig. 1 is a schematic diagram of an evaluation flow based on information entropy.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1, the integrated circuit security evaluation method for resisting fault injection attack based on information entropy calculates information leaked by a circuit under the fault model in a fault injection manner, and evaluates the security of the integrated circuit by using the amount of the leaked information as an evaluation index, specifically including the following steps:
1. and determining the cryptographic circuit to be tested and the required fault model.
2. According to the circuit to be tested and the fault model, calculating the information of the circuit leakage caused by the fault model under the theoretical condition.
The theoretical information leakage amount is calculated by formula (1):
m=n-log|χ| (1)
wherein n represents the bit number of the key of the circuit to be tested, χ represents the size of the fault model space, and m represents the leaked information quantity.
3. A fault value is generated that conforms to the fault model.
4. And injecting the generated fault into the circuit to be tested to obtain error output under the fault condition.
5. And calculating the information leakage amount obtained by actual fault injection according to the fault value of the actual injection and the error output under the fault condition.
Information leaked after actual fault injection, namely actually-measured information leakage amount mrCan be calculated by the formula (2)
mr=n-H(ΔX|ΔY) (2)
Wherein Δ X is the injection fault in step 3, and Δ Y is the difference between the error ciphertext and the correct ciphertext obtained in step 4.
6. And calculating to obtain a safety factor r according to the theoretical leakage information amount obtained in the step 3 and the actual measurement information leakage amount obtained in the step 5. And comparing r with a preset safety evaluation grade theta to finish the safety grade evaluation of the circuit.
The safety factor r is calculated by the formula (3):
Figure GDA0002693175820000031
where α is a parameter related to the number of fault injections in said step 3. When r → 100%, it means that the circuit is highly safe; and when r → 0%, the leakage information amount is the theoretical information leakage amount under the fault model, the circuit safety is very low, and almost no protection exists.
The present invention is not limited to the above-described embodiments. The foregoing description of the specific embodiments is intended to describe and illustrate the technical solutions of the present invention, and the above specific embodiments are merely illustrative and not restrictive. Those skilled in the art can make many changes and modifications to the invention without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (1)

1. The integrated circuit fault injection attack resistance safety assessment method based on the information entropy is characterized in that information leaked by a to-be-tested password circuit under a fault model is calculated in a fault injection mode, and the safety of the to-be-tested password circuit is assessed by taking the leaked information amount as an evaluation index, and the integrated circuit fault injection attack resistance safety assessment method specifically comprises the following steps:
(1) determining a password circuit to be tested, and designating a fault model;
(2) calculating theoretical information leakage quantity of the fault model to the to-be-detected cryptographic circuit according to the to-be-detected cryptographic circuit and the fault model;
(3) generating a fault value according with a fault model;
(4) injecting the generated fault value into a to-be-detected password circuit to obtain error output under the fault condition;
(5) calculating actual measurement information leakage obtained by actual fault injection according to the fault value of the actual injection and the error output under the fault condition;
(6) and (3) calculating to obtain a safety factor r according to the theoretical information leakage amount obtained in the step (2) and the actual measurement information leakage amount obtained in the step (5), and comparing the r with a preset safety evaluation grade to obtain the safety grade evaluation of the to-be-tested password circuit.
CN201711129019.6A 2017-11-15 2017-11-15 Information entropy-based integrated circuit fault injection attack resistance safety evaluation method Active CN107947969B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711129019.6A CN107947969B (en) 2017-11-15 2017-11-15 Information entropy-based integrated circuit fault injection attack resistance safety evaluation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711129019.6A CN107947969B (en) 2017-11-15 2017-11-15 Information entropy-based integrated circuit fault injection attack resistance safety evaluation method

Publications (2)

Publication Number Publication Date
CN107947969A CN107947969A (en) 2018-04-20
CN107947969B true CN107947969B (en) 2021-05-07

Family

ID=61931185

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711129019.6A Active CN107947969B (en) 2017-11-15 2017-11-15 Information entropy-based integrated circuit fault injection attack resistance safety evaluation method

Country Status (1)

Country Link
CN (1) CN107947969B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109541444B (en) * 2018-10-18 2021-11-02 天津大学 Integrated circuit fault injection detection method based on mixed granularity parity check
EP4104382A1 (en) * 2020-02-12 2022-12-21 FortifyIQ Inc Methods and ip cores for reducing vulnerability to hardware attacks and/or improving processor performance

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9304944B2 (en) * 2012-03-29 2016-04-05 Broadcom Corporation Secure memory access controller
CN106777529A (en) * 2016-11-23 2017-05-31 天津大学 Integrated circuit fault-resistant injection attacks capability assessment method based on FPGA
CN106771962B (en) * 2016-11-29 2019-07-19 天津大学 A kind of Fault of Integrated Circuits injection attacks analogy method based on partial scan

Also Published As

Publication number Publication date
CN107947969A (en) 2018-04-20

Similar Documents

Publication Publication Date Title
Sou et al. Data attack isolation in power networks using secure voltage magnitude measurements
CN107947969B (en) Information entropy-based integrated circuit fault injection attack resistance safety evaluation method
CN103699844B (en) Safety protection system and method
Anwar et al. A data-driven approach to distinguish cyber-attacks from physical faults in a smart grid
Shen et al. A comparative investigation of approximate attacks on logic encryptions
Niemira et al. Malicious data detection in state estimation leveraging system losses & estimation of perturbed parameters
Alenazi et al. A novel approach to tracing safety requirements and state-based design models
Shiozaki et al. Simple electromagnetic analysis attacks based on geometric leak on an ASIC implementation of ring-oscillator PUF
Rathmair et al. Hardware Trojan detection by specifying malicious circuit properties
Hamdioui et al. Hacking and protecting IC hardware
Krieg et al. A process for the detection of design-level hardware Trojans using verification methods
Nejat et al. Facilitating side channel analysis by obfuscation for Hardware Trojan detection
CN106156615A (en) Based on class separability sentence away from bypass circuit sectionalizer method and system
Mingfu et al. Monte Carlo based test pattern generation for hardware Trojan detection
CN108959980A (en) The public key means of defence and public key guard system of safety chip
CN105005739A (en) Privacy protection method based on data dyeing
CN116400199A (en) Chip clock burr fault injection cross-validation test method and device
CN114928500B (en) Attack detection method and device for data injection enabled power grid network parameters
CN114238956B (en) Hardware Trojan horse searching and detecting method based on automatic attribute extraction and formal verification
Song et al. Isolation forest based detection for false data attacks in power systems
Tang et al. MPFA: an efficient multiple faults-based persistent fault analysis method for low-cost FIA
CN101968768B (en) Defect-based software security test requirement acquisition and classification method
Darjani et al. Discerning limitations of GNN-based attacks on logic locking
Guin Establishment of trust and integrity in modern supply chain from design to resign
Xiong et al. Detection of false data injection attack based on improved distortion index method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant