CN107947969B - Information entropy-based integrated circuit fault injection attack resistance safety evaluation method - Google Patents
Information entropy-based integrated circuit fault injection attack resistance safety evaluation method Download PDFInfo
- Publication number
- CN107947969B CN107947969B CN201711129019.6A CN201711129019A CN107947969B CN 107947969 B CN107947969 B CN 107947969B CN 201711129019 A CN201711129019 A CN 201711129019A CN 107947969 B CN107947969 B CN 107947969B
- Authority
- CN
- China
- Prior art keywords
- fault
- circuit
- safety
- tested
- injection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/004—Countermeasures against attacks on cryptographic mechanisms for fault attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an integrated circuit fault injection attack resistance safety evaluation method based on information entropy, which uses the information entropy to represent the information amount leaked under fault injection as a quantitative index of circuit safety evaluation. The method comprises the following steps: (1) determining a password circuit to be tested, and designating a fault model; (2) calculating theoretical information leakage quantity of the fault model to the circuit according to the circuit to be tested and the fault model; (3) generating a fault value according with a fault model; (4) injecting the generated fault value into a circuit to be tested to obtain error output under the fault condition; (5) calculating actual measurement information leakage obtained by actual fault injection according to the fault value of the actual injection and the error output under the fault condition; (6) and (3) calculating to obtain a safety factor r according to the theoretical information leakage amount obtained in the step (2) and the actual measurement information leakage amount obtained in the step (5), and comparing the r with a preset safety evaluation grade to obtain the safety grade evaluation of the circuit.
Description
Technical Field
The invention relates to a hardware security direction, mainly relates to the field of security evaluation of integrated circuits, and particularly relates to a security evaluation method for resisting fault injection attack of an integrated circuit based on information entropy.
Background
Fault injection is an attack means which seriously threatens the security of a cryptographic chip. The basic principle is that the chip is abnormal in function by injecting faults into the safe weak part of the chip, the function and parameters of the chip are tested under the abnormal working state of the chip, and the chip is analyzed and compared with the conventional working state, so that the important information in the chip is obtained. Therefore, it is very important to search for design flaws of the integrated circuit and take protection measures against fault injection attacks to ensure confidentiality and integrity of information in the system in the use environment.
The basic idea of the existing integrated circuit security evaluation scheme is to inject a fault into a security chip to obtain error data under a fault condition, apply the error data to a key analysis method and try to crack a key. If the secret key is cracked, the password chip is considered to have potential safety hazard and cannot resist the attack of fault injection; otherwise, it is considered safe. This assessment method has two limitations: the first is that the assessment method has two limitations: the first is that the evaluation result only has two results of safety and non-safety, and the safety cannot be graded and quantified. The security classification helps to implement protection measures for different applications, reducing costs. Secondly, the evaluation scheme needs to apply various key analysis methods to carry out key cracking to carry out relatively comprehensive evaluation on the circuit safety, and has long evaluation time and high cost.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides an integrated circuit fault injection attack resistance safety evaluation method based on information entropy.
The purpose of the invention is realized by the following technical scheme:
the integrated circuit fault injection attack resistance safety evaluation method based on the information entropy calculates the information leaked by a circuit under the fault model in a fault injection mode, and evaluates the safety of the integrated circuit by taking the leaked information amount as an evaluation index, and specifically comprises the following steps:
(1) determining a password circuit to be tested, and designating a fault model;
(2) calculating theoretical information leakage quantity of the fault model to the circuit according to the circuit to be tested and the fault model;
(3) generating a fault value according with a fault model;
(4) injecting the generated fault value into a circuit to be tested to obtain error output under the fault condition;
(5) calculating actual measurement information leakage obtained by actual fault injection according to the fault value of the actual injection and the error output under the fault condition;
(6) and (3) calculating to obtain a safety factor r according to the theoretical information leakage amount obtained in the step (2) and the actual measurement information leakage amount obtained in the step (5), and comparing the r with a preset safety evaluation grade to obtain the safety grade evaluation of the circuit.
Compared with the prior art, the technical scheme of the invention has the following beneficial effects:
1. the invention evaluates the fault injection resistance safety of the integrated circuit based on the information entropy, and uses the information leakage amount as the evaluation standard of the safety, thereby avoiding the use of a complex key analysis algorithm in the existing evaluation method.
2. The invention can carry out quantitative grading evaluation on the safety of the integrated circuit, is beneficial to a safety circuit designer to adopt different protective measures aiming at different applications, and avoids the excessive protection of the integrated circuit.
Drawings
Fig. 1 is a schematic diagram of an evaluation flow based on information entropy.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1, the integrated circuit security evaluation method for resisting fault injection attack based on information entropy calculates information leaked by a circuit under the fault model in a fault injection manner, and evaluates the security of the integrated circuit by using the amount of the leaked information as an evaluation index, specifically including the following steps:
1. and determining the cryptographic circuit to be tested and the required fault model.
2. According to the circuit to be tested and the fault model, calculating the information of the circuit leakage caused by the fault model under the theoretical condition.
The theoretical information leakage amount is calculated by formula (1):
m=n-log|χ| (1)
wherein n represents the bit number of the key of the circuit to be tested, χ represents the size of the fault model space, and m represents the leaked information quantity.
3. A fault value is generated that conforms to the fault model.
4. And injecting the generated fault into the circuit to be tested to obtain error output under the fault condition.
5. And calculating the information leakage amount obtained by actual fault injection according to the fault value of the actual injection and the error output under the fault condition.
Information leaked after actual fault injection, namely actually-measured information leakage amount mrCan be calculated by the formula (2)
mr=n-H(ΔX|ΔY) (2)
Wherein Δ X is the injection fault in step 3, and Δ Y is the difference between the error ciphertext and the correct ciphertext obtained in step 4.
6. And calculating to obtain a safety factor r according to the theoretical leakage information amount obtained in the step 3 and the actual measurement information leakage amount obtained in the step 5. And comparing r with a preset safety evaluation grade theta to finish the safety grade evaluation of the circuit.
The safety factor r is calculated by the formula (3):
where α is a parameter related to the number of fault injections in said step 3. When r → 100%, it means that the circuit is highly safe; and when r → 0%, the leakage information amount is the theoretical information leakage amount under the fault model, the circuit safety is very low, and almost no protection exists.
The present invention is not limited to the above-described embodiments. The foregoing description of the specific embodiments is intended to describe and illustrate the technical solutions of the present invention, and the above specific embodiments are merely illustrative and not restrictive. Those skilled in the art can make many changes and modifications to the invention without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (1)
1. The integrated circuit fault injection attack resistance safety assessment method based on the information entropy is characterized in that information leaked by a to-be-tested password circuit under a fault model is calculated in a fault injection mode, and the safety of the to-be-tested password circuit is assessed by taking the leaked information amount as an evaluation index, and the integrated circuit fault injection attack resistance safety assessment method specifically comprises the following steps:
(1) determining a password circuit to be tested, and designating a fault model;
(2) calculating theoretical information leakage quantity of the fault model to the to-be-detected cryptographic circuit according to the to-be-detected cryptographic circuit and the fault model;
(3) generating a fault value according with a fault model;
(4) injecting the generated fault value into a to-be-detected password circuit to obtain error output under the fault condition;
(5) calculating actual measurement information leakage obtained by actual fault injection according to the fault value of the actual injection and the error output under the fault condition;
(6) and (3) calculating to obtain a safety factor r according to the theoretical information leakage amount obtained in the step (2) and the actual measurement information leakage amount obtained in the step (5), and comparing the r with a preset safety evaluation grade to obtain the safety grade evaluation of the to-be-tested password circuit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711129019.6A CN107947969B (en) | 2017-11-15 | 2017-11-15 | Information entropy-based integrated circuit fault injection attack resistance safety evaluation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711129019.6A CN107947969B (en) | 2017-11-15 | 2017-11-15 | Information entropy-based integrated circuit fault injection attack resistance safety evaluation method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107947969A CN107947969A (en) | 2018-04-20 |
CN107947969B true CN107947969B (en) | 2021-05-07 |
Family
ID=61931185
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711129019.6A Active CN107947969B (en) | 2017-11-15 | 2017-11-15 | Information entropy-based integrated circuit fault injection attack resistance safety evaluation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107947969B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109541444B (en) * | 2018-10-18 | 2021-11-02 | 天津大学 | Integrated circuit fault injection detection method based on mixed granularity parity check |
EP4104382A1 (en) * | 2020-02-12 | 2022-12-21 | FortifyIQ Inc | Methods and ip cores for reducing vulnerability to hardware attacks and/or improving processor performance |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9304944B2 (en) * | 2012-03-29 | 2016-04-05 | Broadcom Corporation | Secure memory access controller |
CN106777529A (en) * | 2016-11-23 | 2017-05-31 | 天津大学 | Integrated circuit fault-resistant injection attacks capability assessment method based on FPGA |
CN106771962B (en) * | 2016-11-29 | 2019-07-19 | 天津大学 | A kind of Fault of Integrated Circuits injection attacks analogy method based on partial scan |
-
2017
- 2017-11-15 CN CN201711129019.6A patent/CN107947969B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN107947969A (en) | 2018-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Sou et al. | Data attack isolation in power networks using secure voltage magnitude measurements | |
CN107947969B (en) | Information entropy-based integrated circuit fault injection attack resistance safety evaluation method | |
CN103699844B (en) | Safety protection system and method | |
Anwar et al. | A data-driven approach to distinguish cyber-attacks from physical faults in a smart grid | |
Shen et al. | A comparative investigation of approximate attacks on logic encryptions | |
Niemira et al. | Malicious data detection in state estimation leveraging system losses & estimation of perturbed parameters | |
Alenazi et al. | A novel approach to tracing safety requirements and state-based design models | |
Shiozaki et al. | Simple electromagnetic analysis attacks based on geometric leak on an ASIC implementation of ring-oscillator PUF | |
Rathmair et al. | Hardware Trojan detection by specifying malicious circuit properties | |
Hamdioui et al. | Hacking and protecting IC hardware | |
Krieg et al. | A process for the detection of design-level hardware Trojans using verification methods | |
Nejat et al. | Facilitating side channel analysis by obfuscation for Hardware Trojan detection | |
CN106156615A (en) | Based on class separability sentence away from bypass circuit sectionalizer method and system | |
Mingfu et al. | Monte Carlo based test pattern generation for hardware Trojan detection | |
CN108959980A (en) | The public key means of defence and public key guard system of safety chip | |
CN105005739A (en) | Privacy protection method based on data dyeing | |
CN116400199A (en) | Chip clock burr fault injection cross-validation test method and device | |
CN114928500B (en) | Attack detection method and device for data injection enabled power grid network parameters | |
CN114238956B (en) | Hardware Trojan horse searching and detecting method based on automatic attribute extraction and formal verification | |
Song et al. | Isolation forest based detection for false data attacks in power systems | |
Tang et al. | MPFA: an efficient multiple faults-based persistent fault analysis method for low-cost FIA | |
CN101968768B (en) | Defect-based software security test requirement acquisition and classification method | |
Darjani et al. | Discerning limitations of GNN-based attacks on logic locking | |
Guin | Establishment of trust and integrity in modern supply chain from design to resign | |
Xiong et al. | Detection of false data injection attack based on improved distortion index method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |