CN108173645A - The safety detection method and its device of a kind of crypto chip - Google Patents
The safety detection method and its device of a kind of crypto chip Download PDFInfo
- Publication number
- CN108173645A CN108173645A CN201711441238.8A CN201711441238A CN108173645A CN 108173645 A CN108173645 A CN 108173645A CN 201711441238 A CN201711441238 A CN 201711441238A CN 108173645 A CN108173645 A CN 108173645A
- Authority
- CN
- China
- Prior art keywords
- laser
- chip
- laser injection
- ciphertexts
- injection points
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 38
- 238000002347 injection Methods 0.000 claims abstract description 189
- 239000007924 injection Substances 0.000 claims abstract description 189
- 238000004458 analytical method Methods 0.000 claims description 54
- 230000033001 locomotion Effects 0.000 claims description 22
- 238000012216 screening Methods 0.000 claims description 18
- 238000004891 communication Methods 0.000 claims description 16
- 238000000034 method Methods 0.000 claims description 15
- 230000003993 interaction Effects 0.000 claims description 12
- 238000003384 imaging method Methods 0.000 claims description 10
- 230000009471 action Effects 0.000 claims description 4
- 238000005259 measurement Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000001939 inductive effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/004—Countermeasures against attacks on cryptographic mechanisms for fault attacks
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01R—MEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
- G01R31/00—Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
- G01R31/28—Testing of electronic circuits, e.g. by signal tracer
- G01R31/302—Contactless testing
- G01R31/308—Contactless testing using non-ionising electromagnetic radiation, e.g. optical radiation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Electromagnetism (AREA)
- Toxicology (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Length Measuring Devices By Optical Means (AREA)
- Lasers (AREA)
Abstract
The present invention relates to a kind of safety detection method of crypto chip, including:According to laser strikes strategy, laser injection, one or more first ciphertexts of crypto chip generation are carried out to crypto chip at one or more first laser decanting points;It analyzes it, the one or more second laser decanting points for meeting the laser strikes strategy is filtered out in the one or more first laser decanting point;First ciphertext of one or more is associated with the one or more first laser decanting point respectively;In different laser trigger times, laser injection is carried out to the crypto chip at the one or more second laser decanting point;The one or more third ciphertexts for meeting different laser trigger times are filtered out in the second ciphertext of one or more generated from the crypto chip;Second ciphertext of one or more is associated with the one or more second laser decanting point;And key distribution is carried out according to the one or more third ciphertext, obtain the key for restoring crypto chip.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a security detection method and device for a password chip.
Background
A cryptographic chip refers to an integrated circuit chip that implements one or more cryptographic algorithms, using a cryptosystem to protect keys and sensitive information. The core of a cryptographic chip is typically an intelligent CPU chip that can run cryptographic algorithms. At present, the cryptographic chip has been widely used in the fields of government affairs, finance, public security, national defense, civil affairs, communication, traffic, health, education, logistics, water, electricity and gas, etc., which are related to public safety and economic and social development and are the core foundation for maintaining and guaranteeing the safety of networks and information systems. Therefore, the development of the security detection technology of the cryptographic chip is very critical.
In the last two decades, fault attacks have been increasingly recognized as one of the important means for security detection of cryptographic chips. The fault attack is that some operation operations of encryption are wrong by some external factors in the encryption process of a chip, so that information related to passwords or keys is revealed. The effectiveness of fault attacks depends directly on the effect of fault injection. Generally determined by the location of the fault injection, the time, and the accuracy of the fault value generated. The fault injection means includes: temperature variations, electromagnetic injection, power and clock perturbations, radiation, ultraviolet light, laser, etc. Most fault injection means can only act on the whole chip or a local functional unit with larger size in a wider time window, the attack efficiency is lower, the modern laser technology has the potential of accurately attacking a single information bit unit of the chip in a nanosecond time window, and attack detection with high precision and high efficiency is expected to be realized. At present, the existing detection method for laser injection cryptographic chip lacks accurate control of laser energy, observation of internal structure of the cryptographic chip and cooperative control of laser injection time and space.
Disclosure of Invention
The invention aims to solve the defects of the existing detection method of the password chip, and provides a safety detection method of the password chip, which fully utilizes the characteristics of the triggering time of pulse laser and the high resolution of the injection point position of the pulse laser and takes the pulse laser as a means for inducing the chip fault; the method comprises the following steps:
according to a laser attack strategy, laser injection is carried out on the password chip at one or more first laser injection points; the cryptographic chip generates one or more first ciphertexts;
analyzing one or more first ciphertexts generated by the cipher chip, and screening one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points; wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points;
laser injection is carried out on the password chip at the one or more second laser injection points at different laser trigger times;
screening one or more third ciphertexts which accord with different laser trigger time from one or more second ciphertexts generated by the cipher chip; wherein the one or more second ciphertexts are associated with the one or more second laser injection points; and
and carrying out key analysis according to the one or more third ciphertexts to obtain the possibility of recovering the key of the cipher chip.
Preferably, the following steps may be repeatedly performed a plurality of times until the number of the one or more second laser injection points satisfies a predetermined threshold:
according to a laser attack strategy, laser injection is carried out on the password chip at one or more first laser injection points;
analyzing one or more first ciphertexts generated by the cipher chip, and screening one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points; wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points.
Preferably, the method further comprises:
measuring and adjusting the energy of the pulse laser beam before the laser injection to obtain a pulse laser beam with proper energy; and/or
Preferably, the spot of the pulsed laser beam is focused prior to the laser injection to a micron scale suitable for precise injection into the internal circuit nodes of the cryptographic chip.
Preferably, the laser attack strategy is determined according to a cryptosystem and an implementation manner of the cryptographic chip.
Preferably, the image data is generated in advance by observing the circuit structure of the cryptographic chip; determining a laser injection range from the image data; wherein the one or more first laser injection points are within the laser injection range.
Preferably, the cryptographic chip is carried and moved in three dimensions to coordinate the laser injection.
Preferably, the motion parameters and the motion trail of the three-dimensional movement are controlled through real-time data communication, and the position information of the three-dimensional movement is acquired.
Preferably, the pulsed laser beam required for the laser injection is generated by means of a control trigger.
Preferably, through data communication, the cryptographic chip generates ciphertext from the received encryption instruction and plaintext, and the ciphertext is fed back for analysis.
The invention also provides a security detection device of the password chip, which comprises: laser injection platform, upper computer control and analysis module, wherein:
the laser injection platform is used for performing laser injection on the password chip at one or more first laser injection points according to a laser attack strategy;
the upper computer control and analysis module is used for analyzing one or more first ciphertexts generated by the cipher chip and screening one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points; wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points;
the laser injection platform is further used for performing laser injection on the password chip at the one or more second laser injection points at different laser trigger times;
the upper computer control and analysis module is further used for screening one or more third ciphertext meeting the different laser trigger time from one or more second ciphertext generated by the password chip; wherein the one or more second ciphertexts are associated with the one or more second laser injection points and used for performing a key analysis based on the one or more third ciphertexts, resulting in a possibility to recover a key of the cryptographic chip.
Preferably, the following actions may be repeatedly performed a plurality of times until the number of the one or more second laser injection points satisfies a predetermined threshold:
the laser injection platform performs laser injection on the password chip at one or more first laser injection points according to a laser attack strategy;
and the upper computer control and analysis module analyzes one or more first ciphertexts generated by the crypto chip and screens one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points, wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points.
Preferably, the laser injection platform comprises:
the laser energy attenuation and measurement module is used for measuring and adjusting the energy of the pulse laser beam before the laser injection so as to obtain the pulse laser beam with proper energy; and/or
And the laser focusing and microscopic imaging module is used for focusing the light spot of the pulse laser beam to a magnitude suitable for accurately injecting the internal circuit node of the password chip before the laser injection.
Preferably, the laser attack strategy is determined according to a cryptosystem and an implementation manner of the cryptographic chip.
Preferably, the laser focusing and microscopic imaging module is further used for generating image data by observing the circuit structure of the password chip in advance;
the upper computer control and analysis module further comprises an imaging unit for determining a laser injection range according to the image data, wherein the one or more first laser injection points are within the laser injection range.
Preferably, the laser injection platform further comprises: and the three-dimensional mobile station is used for bearing the password chip and enabling the password chip to carry out three-dimensional movement to match the laser injection.
Preferably, the upper computer control and analysis module further includes: and the mobile station interaction unit is used for carrying out real-time data communication with the three-dimensional mobile station, controlling the motion parameters and the motion trail of the three-dimensional mobile station and acquiring the position information of the three-dimensional mobile station.
Preferably, the laser injection platform further comprises: the pulse laser is used for generating a pulse laser beam required by the laser injection;
the upper computer control and analysis module further comprises: a laser injection control unit for triggering the pulse laser to generate a pulse laser beam.
Preferably, the upper computer control and analysis module further includes: and the to-be-tested chip interaction unit is used for carrying out data communication with the password chip, and the password chip receives an encryption instruction and a plaintext from the to-be-tested chip interaction unit through the data communication to generate a ciphertext and feeds the ciphertext back to the to-be-tested chip interaction unit for analysis.
Preferably, the security detection device of the cryptographic chip further includes: a control and detection module; the system is used for carrying out data transmission with the upper computer control and analysis module, realizing read-write detection of a password chip, and controlling laser triggering and reading of position information of the three-dimensional mobile station.
The control and detection module further comprises: the system comprises a main control FPGA circuit, an upper computer interface circuit and a password chip interface circuit; wherein,
the main control FPGA circuit is used for calling the position information of the three-dimensional mobile station, sending a trigger signal to the pulse laser, sending an encryption instruction and a plaintext to a tested password chip, receiving an error ciphertext of the tested password chip and uploading the received error ciphertext of the tested password chip and the injection position information of the pulse laser to the upper computer control and analysis module by receiving an instruction and configuration data of the upper computer control and analysis module;
the upper computer interface circuit is used for realizing the analysis matching of the data transmission of the main control FPGA circuit and the upper computer control and analysis module;
and the password chip interface circuit is used for realizing the analysis and matching of the data transmission of the main control FPGA circuit and the password chip to be tested.
The invention has the advantages that:
1. the detection method and the device for laser injection of the password chip fully utilize the characteristics of high resolution of time and position of focused pulse laser and combine the characteristics of photoelectric action of the laser on an electronic chip to realize accurate laser injection of the password chip.
2. The detection method and the detection device for the laser injection password chip synchronize the laser injection time and position with the password chip detection, and realize high-efficiency laser scanning injection and ciphertext data screening.
3. The detection method and the device for the laser injection crypto chip can implement fault attack on the crypto chip adopting various types of cryptographic algorithms such as block cipher, public key cipher, sequence cipher and the like.
4. The detection method and the detection device for the laser injection password chip have strong expansibility and flexibility, and software and hardware of the device can be replaced or secondarily developed according to actual detection requirements.
Drawings
FIG. 1 is a schematic structural diagram of a detection apparatus for laser-injected cryptographic chips according to the present invention;
FIG. 2 is a schematic structural diagram of a laser injection platform of the detection apparatus for laser injection cryptographic chip according to the present invention;
FIG. 3 is a schematic structural diagram of a host computer control and analysis module of the detection apparatus for laser injection crypto chip according to the present invention;
FIG. 4 is a schematic structural diagram of a control and detection module of the detection apparatus for laser injection crypto chip according to the present invention;
FIG. 5 is a flow chart of one embodiment of a method for detecting a laser-injected cryptographic chip of the present invention;
fig. 6 is a schematic diagram of a laser attack strategy of a detection method for laser injection into a cryptographic chip according to an embodiment of the present invention.
Detailed Description
The invention provides a security detection method of a password chip, which fully utilizes the characteristics of the triggering time of pulse laser and the high resolution of the injection point position of the pulse laser and takes the pulse laser as a means for inducing the chip failure; the method comprises the following steps:
according to a laser attack strategy, laser injection is carried out on the password chip at one or more first laser injection points; generating one or more first ciphertexts of the cipher chip; wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points;
analyzing one or more first ciphertexts generated by the cipher chip, and screening one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points;
performing laser injection on the password chip at the one or more second laser injection points at different laser trigger times to generate one or more second ciphertexts of the password chip; wherein the one or more second ciphertexts are associated with the one or more second laser injection points;
screening one or more third ciphertexts which accord with laser triggering time required by a laser attack strategy from one or more second ciphertexts generated by the cipher chip; and carrying out key analysis according to the one or more third ciphertexts to obtain the possibility of recovering the key of the cipher chip.
Preferably, the following steps may be repeatedly performed a plurality of times until the number of the one or more second laser injection points satisfies a predetermined threshold:
according to a laser attack strategy, laser injection is carried out on the password chip at one or more first laser injection points;
analyzing one or more first ciphertexts generated by the cipher chip, and screening one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points; wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points.
Preferably, the method further comprises:
measuring and adjusting the energy of the pulse laser beam before the laser injection to obtain a pulse laser beam with proper energy; and/or
Preferably, the spot of the pulsed laser beam is focused prior to the laser injection to a micron scale suitable for precise injection into the internal circuit nodes of the cryptographic chip.
Preferably, the laser attack strategy is determined according to a cryptosystem and an implementation manner of the cryptographic chip.
Preferably, the image data is generated in advance by observing the circuit structure of the cryptographic chip; determining a laser injection range from the image data; wherein the one or more first laser injection points are within the laser injection range.
Preferably, the cryptographic chip is carried and moved in three dimensions to coordinate the laser injection.
Preferably, the motion parameters and the motion trail of the three-dimensional movement are controlled through real-time data communication, and the position information of the three-dimensional movement is acquired.
Preferably, the pulsed laser beam required for the laser injection is generated by means of a control trigger.
Preferably, through data communication, the cryptographic chip generates ciphertext from the received encryption instruction and plaintext, and the ciphertext is fed back for analysis.
As shown in fig. 1, the present invention also provides a security detection device for a cryptographic chip, which includes: laser injection platform, upper computer control and analysis module, wherein:
the laser injection platform is used for performing laser injection on the password chip at one or more first laser injection points according to a laser attack strategy;
the upper computer control and analysis module is used for analyzing one or more first ciphertexts generated by the cipher chip and screening one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points; wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points;
the laser injection platform is further used for performing laser injection on the password chip at the one or more second laser injection points at different laser trigger times;
the upper computer control and analysis module is further used for screening one or more third ciphertext meeting the different laser trigger time from one or more second ciphertext generated by the password chip; wherein the one or more second ciphertexts are associated with the one or more second laser injection points and used for performing a key analysis based on the one or more third ciphertexts, resulting in a possibility to recover a key of the cryptographic chip.
Preferably, the following actions may be repeatedly performed a plurality of times until the number of the one or more second laser injection points satisfies a predetermined threshold:
the laser injection platform performs laser injection on the password chip at one or more first laser injection points according to a laser attack strategy;
and the upper computer control and analysis module analyzes one or more first ciphertexts generated by the crypto chip and screens one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points, wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points.
Preferably, as shown in fig. 2, the laser injection platform includes:
the laser energy attenuation and measurement module is used for measuring and adjusting the energy of the pulse laser beam before the laser injection so as to obtain the pulse laser beam with proper energy; and/or
And the laser focusing and microscopic imaging module is used for focusing the light spot of the pulse laser beam to a magnitude suitable for accurately injecting the internal circuit node of the password chip before the laser injection.
Preferably, the laser attack strategy is determined according to a cryptosystem and an implementation manner of the cryptographic chip.
Preferably, the laser focusing and microscopic imaging module is further used for generating image data by observing the circuit structure of the password chip in advance;
as shown in fig. 3, the upper computer control and analysis module further includes an imaging unit, configured to determine a laser injection range according to the image data, where the one or more first laser injection points are within the laser injection range.
Preferably, the laser injection platform further comprises: and the three-dimensional mobile station is used for bearing the password chip and enabling the password chip to carry out three-dimensional movement to match the laser injection.
Preferably, the upper computer control and analysis module further includes: and the mobile station interaction unit is used for carrying out real-time data communication with the three-dimensional mobile station, controlling the motion parameters and the motion trail of the three-dimensional mobile station and acquiring the position information of the three-dimensional mobile station.
Preferably, the laser injection platform further comprises: the pulse laser is used for generating a pulse laser beam required by the laser injection;
the upper computer control and analysis module further comprises: a laser injection control unit for triggering the pulse laser to generate a pulse laser beam.
Preferably, the upper computer control and analysis module further includes: and the to-be-tested chip interaction unit is used for carrying out data communication with the password chip, and the password chip receives an encryption instruction and a plaintext from the to-be-tested chip interaction unit through the data communication to generate a ciphertext and feeds the ciphertext back to the to-be-tested chip interaction unit for analysis.
Preferably, the security detection device of the cryptographic chip further includes: a control and detection module; the system is used for carrying out data transmission with the upper computer control and analysis module, realizing read-write detection of a password chip, and controlling laser triggering and reading of position information of the three-dimensional mobile station.
As shown in fig. 4, the control and detection module further includes: the system comprises a main control FPGA circuit, an upper computer interface circuit and a password chip interface circuit; wherein,
the main control FPGA circuit is used for calling the position information of the three-dimensional mobile station, sending a trigger signal to the pulse laser, sending an encryption instruction and a plaintext to a tested password chip, receiving an error ciphertext of the tested password chip and uploading the received error ciphertext of the tested password chip and the injection position information of the pulse laser to the upper computer control and analysis module by receiving an instruction and configuration data of the upper computer control and analysis module;
the upper computer interface circuit is used for realizing the analysis matching of the data transmission of the main control FPGA circuit and the upper computer control and analysis module;
and the password chip interface circuit is used for realizing the analysis and matching of the data transmission of the main control FPGA circuit and the password chip to be tested.
Example 1.
The invention provides a specific embodiment, the detection device adopting the laser injection cryptographic chip of the invention is adopted to detect a tested cryptographic chip adopting a DES algorithm, a 16 th round attack strategy is supposed to be adopted, as shown in figure 6, a plurality of groups of correct-wrong ciphertext data are obtained by injecting laser into a DES logic operation area of the tested cryptographic chip at different moments, ciphertext samples conforming to the attack strategy are screened, and whether a key or a part of the key can be recovered by a corresponding differential fault analysis method is judged. The method comprises the following specific steps:
step 1) determining an attack strategy to be adopted according to a specific password system and an implementation mode of a tested password chip, wherein a sixteenth round of attack strategy aiming at a DES algorithm is adopted in the embodiment, and any bit position of a right half R15 of intermediate data before a 16 th round of operation of the DES algorithm is expected to be changed by laser injection, as shown in FIGS. 5 and 6;
step 2) fixing the tested password chip on a three-dimensional mobile platform of a laser injection platform, observing the circuit structure of the tested password chip through a laser focusing and microscopic imaging module, and determining a laser injection range, wherein the laser injection range is a digital logic area of the tested password chip;
step 3) setting a plurality of first laser injection points in a laser injection range by setting the running speed and the motion track of the three-dimensional mobile station;
step 4), the upper computer control and analysis module sends an encryption instruction and a plaintext through the main control FPGA circuit, and performs circular encryption operation on the tested password chip; injecting laser at random time according to the first laser injection point set in the step 3), receiving a plurality of first ciphertext data sent by the tested password chip by the main control FPGA circuit and uploading the first ciphertext data to the upper computer control and analysis module, wherein the first ciphertext is associated with the first laser injection point, analyzing the first ciphertext data, and screening out a second laser injection point which accords with an attack strategy;
step 5) aiming at the second laser injection point obtained in the step 4), obtaining a second ciphertext by adjusting laser trigger time, wherein the laser trigger time is a delay time after the main control FPGA circuit sends an encryption instruction;
step 6) screening out a third ciphertext meeting the attack time from the second ciphertext, verifying the third ciphertext, judging whether the third ciphertext data is enough, and repeating the steps 4) -6 if the third ciphertext data is not enough); the attack strategy of this embodiment requires that errors generated by the laser injection point can be respectively propagated to 8S boxes in the DES, and accordingly, whether the third ciphertext data is sufficient is determined; the third ciphertext data is sufficient if it can be propagated to 8S-boxes in the DES, respectively; if it is not possible to propagate to 8S-boxes in DES, respectively, the third ciphertext data is not sufficient and steps 4) -6 need to be repeated).
And 7) aiming at the third ciphertext, performing key analysis by adopting a differential fault analysis method to obtain the possibility of trying to recover the key of the tested password chip, and verifying through correct plaintext and ciphertext so as to evaluate the security of the tested password chip against laser attack.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention and are not limited. Although the present invention has been described in detail with reference to the embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (18)
1. A security detection method of a cryptographic chip is characterized by comprising the following steps:
according to a laser attack strategy, laser injection is carried out on the password chip at one or more first laser injection points, and the password chip generates one or more first ciphertexts;
analyzing the one or more first ciphertexts, and screening one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points; wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points;
laser injection is carried out on the password chip at the one or more second laser injection points at different laser trigger times;
screening one or more third ciphertexts which accord with different laser trigger time from one or more second ciphertexts generated by the cipher chip; wherein the one or more second ciphertexts are associated with the one or more second laser injection points; and
and carrying out key analysis according to the one or more third ciphertexts to obtain the possibility of recovering the key of the cipher chip.
2. The method of claim 1, wherein the following steps are repeated a plurality of times until the number of the one or more second laser injection points satisfies a predetermined threshold:
according to a laser attack strategy, laser injection is carried out on the password chip at one or more first laser injection points;
analyzing one or more first ciphertexts generated by the cipher chip, and screening one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points; wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points.
3. The method of claim 1, further comprising:
measuring and adjusting the energy of the pulse laser beam before the laser injection to obtain a pulse laser beam with proper energy; and/or
And before the laser injection, focusing the light spot of the pulse laser beam to a micrometer scale suitable for accurately injecting the internal circuit node of the password chip.
4. The method of claim 1, wherein the laser attack strategy is determined according to a cryptosystem and implementation of the cryptographic chip.
5. The method according to claim 1, characterized in that image data is generated in advance by observing a circuit structure of the cryptographic chip; determining a laser injection range from the image data; wherein the one or more first laser injection points are within the laser injection range.
6. The method of claim 1, wherein the cryptographic chip is carried and moved in three dimensions to coordinate the laser injection.
7. The method according to claim 6, characterized in that the motion parameters and motion trajectory of the three-dimensional movement are controlled by real-time data communication and position information of the three-dimensional movement is acquired.
8. The method of claim 1, wherein: and generating a pulse laser beam required by the laser injection by controlling a triggering mode.
9. The method of claim 1, wherein: through data communication, the cryptographic chip generates ciphertext from the received encryption instructions and plaintext, and the ciphertext is fed back for analysis.
10. A security detection device of a cryptographic chip is characterized by comprising: laser injection platform, upper computer control and analysis module, wherein:
the laser injection platform is used for performing laser injection on the password chip at one or more first laser injection points according to a laser attack strategy;
the upper computer control and analysis module is used for analyzing one or more first ciphertexts generated by the cipher chip and screening one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points; wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points;
the laser injection platform is further used for performing laser injection on the password chip at the one or more second laser injection points at different laser trigger times;
the upper computer control and analysis module is further used for screening one or more third ciphertext meeting the different laser trigger time from one or more second ciphertext generated by the password chip; wherein the one or more second ciphertexts are associated with the one or more second laser injection points and used for performing a key analysis based on the one or more third ciphertexts, resulting in a possibility to recover a key of the cryptographic chip.
11. The apparatus of claim 10, wherein the following actions may be repeated a plurality of times until the number of the one or more second laser injection points satisfies a predetermined threshold:
the laser injection platform performs laser injection on the password chip at one or more first laser injection points according to a laser attack strategy;
and the upper computer control and analysis module analyzes one or more first ciphertexts generated by the crypto chip and screens one or more second laser injection points which accord with the laser attack strategy from the one or more first laser injection points, wherein the one or more first ciphertexts are respectively associated with the one or more first laser injection points.
12. The apparatus of claim 10, wherein the laser injection platform comprises:
the laser energy attenuation and measurement module is used for measuring and adjusting the energy of the pulse laser beam before the laser injection so as to obtain the pulse laser beam with proper energy; and/or
And the laser focusing and microscopic imaging module is used for focusing the light spot of the pulse laser beam to a magnitude suitable for accurately injecting the internal circuit node of the password chip before the laser injection.
13. The apparatus of claim 10, wherein the laser attack strategy is determined according to a cryptosystem and implementation of the cryptographic chip.
14. The apparatus of claim 10, wherein the laser focusing and microscopic imaging module is further configured to generate image data by observing a circuit structure of the cryptographic chip in advance;
the upper computer control and analysis module further comprises an imaging unit for determining a laser injection range according to the image data, wherein the one or more first laser injection points are within the laser injection range.
15. The apparatus of claim 12, wherein the laser injection platform further comprises: and the three-dimensional mobile station is used for bearing the password chip and enabling the password chip to carry out three-dimensional movement to match the laser injection.
16. The apparatus of claim 15, wherein the upper computer control and analysis module further comprises: and the mobile station interaction unit is used for carrying out real-time data communication with the three-dimensional mobile station, controlling the motion parameters and the motion trail of the three-dimensional mobile station and acquiring the position information of the three-dimensional mobile station.
17. The apparatus of claim 10, wherein: the laser injection platform further comprises: the pulse laser is used for generating a pulse laser beam required by the laser injection;
the upper computer control and analysis module further comprises: a laser injection control unit for triggering the pulse laser to generate a pulse laser beam.
18. The apparatus of claim 10, wherein:
the upper computer control and analysis module further comprises: and the to-be-tested chip interaction unit is used for carrying out data communication with the password chip, and the password chip receives an encryption instruction and a plaintext from the to-be-tested chip interaction unit through the data communication to generate a ciphertext and feeds the ciphertext back to the to-be-tested chip interaction unit for analysis.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711441238.8A CN108173645B (en) | 2017-12-27 | 2017-12-27 | Security detection method and device for password chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711441238.8A CN108173645B (en) | 2017-12-27 | 2017-12-27 | Security detection method and device for password chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108173645A true CN108173645A (en) | 2018-06-15 |
| CN108173645B CN108173645B (en) | 2021-02-02 |
Family
ID=62521730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711441238.8A Active CN108173645B (en) | 2017-12-27 | 2017-12-27 | Security detection method and device for password chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108173645B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110598398A (en) * | 2019-08-26 | 2019-12-20 | 浙江大学 | Chip security evaluation method based on steady-state fault |
| CN111123071A (en) * | 2019-12-19 | 2020-05-08 | 江西智慧云测安全检测中心有限公司 | Single-point laser attack injection testing device for chip safety detection |
| CN111314045A (en) * | 2018-12-12 | 2020-06-19 | 珠海格力电器股份有限公司 | Method, device, storage medium and terminal for identifying laser fault injection attack |
| CN113030713A (en) * | 2021-03-05 | 2021-06-25 | 中国科学院国家空间科学中心 | System for laser detection of internal level state of integrated circuit |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5563950A (en) * | 1995-03-31 | 1996-10-08 | International Business Machines Corporation | System and methods for data encryption using public key cryptography |
| US20060059368A1 (en) * | 2004-09-10 | 2006-03-16 | International Business Machines Corporation | System and method for processing by distinct entities securely configurable circuit chips |
| US20060059345A1 (en) * | 2004-09-10 | 2006-03-16 | International Business Machines Corporation | System and method for providing dynamically authorized access to functionality present on an integrated circuit chip |
| CN103997402A (en) * | 2014-05-30 | 2014-08-20 | 中国科学院深圳先进技术研究院 | Encryption chip safety performance testing method and device |
| CN104931509A (en) * | 2015-06-19 | 2015-09-23 | 中国科学院空间科学与应用研究中心 | Focusing plane positioning device and method of laser micro-beam back irradiation chip test |
| CN105281888A (en) * | 2015-11-05 | 2016-01-27 | 工业和信息化部电信研究院 | Fault injection method and fault injection device for password chips |
| CN105763312A (en) * | 2016-03-02 | 2016-07-13 | 中国人民解放军军械工程学院 | Cryptographic chip optical fault injection system and attack method |
| CN106161391A (en) * | 2015-04-17 | 2016-11-23 | 国民技术股份有限公司 | A kind of safety chip and to error injection attack defence method and device |
| CN106326053A (en) * | 2016-08-25 | 2017-01-11 | 深圳先进技术研究院 | Chip security test method and system based on fault injection |
| CN106411495A (en) * | 2016-09-23 | 2017-02-15 | 深圳先进技术研究院 | Fault injection attacking method and device for RSA algorithm |
-
2017
- 2017-12-27 CN CN201711441238.8A patent/CN108173645B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5563950A (en) * | 1995-03-31 | 1996-10-08 | International Business Machines Corporation | System and methods for data encryption using public key cryptography |
| US20060059368A1 (en) * | 2004-09-10 | 2006-03-16 | International Business Machines Corporation | System and method for processing by distinct entities securely configurable circuit chips |
| US20060059345A1 (en) * | 2004-09-10 | 2006-03-16 | International Business Machines Corporation | System and method for providing dynamically authorized access to functionality present on an integrated circuit chip |
| CN103997402A (en) * | 2014-05-30 | 2014-08-20 | 中国科学院深圳先进技术研究院 | Encryption chip safety performance testing method and device |
| CN106161391A (en) * | 2015-04-17 | 2016-11-23 | 国民技术股份有限公司 | A kind of safety chip and to error injection attack defence method and device |
| CN104931509A (en) * | 2015-06-19 | 2015-09-23 | 中国科学院空间科学与应用研究中心 | Focusing plane positioning device and method of laser micro-beam back irradiation chip test |
| CN105281888A (en) * | 2015-11-05 | 2016-01-27 | 工业和信息化部电信研究院 | Fault injection method and fault injection device for password chips |
| CN105763312A (en) * | 2016-03-02 | 2016-07-13 | 中国人民解放军军械工程学院 | Cryptographic chip optical fault injection system and attack method |
| CN106326053A (en) * | 2016-08-25 | 2017-01-11 | 深圳先进技术研究院 | Chip security test method and system based on fault injection |
| CN106411495A (en) * | 2016-09-23 | 2017-02-15 | 深圳先进技术研究院 | Fault injection attacking method and device for RSA algorithm |
Non-Patent Citations (1)
| Title |
|---|
| 曹宇: "一种基于光攻击技术的金融IC卡芯片安全检测系统及实现", 《中国优秀硕士学位论文期刊》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111314045A (en) * | 2018-12-12 | 2020-06-19 | 珠海格力电器股份有限公司 | Method, device, storage medium and terminal for identifying laser fault injection attack |
| CN111314045B (en) * | 2018-12-12 | 2021-03-26 | 珠海格力电器股份有限公司 | Method, device, storage medium and terminal for identifying laser fault injection attack |
| CN110598398A (en) * | 2019-08-26 | 2019-12-20 | 浙江大学 | Chip security evaluation method based on steady-state fault |
| CN110598398B (en) * | 2019-08-26 | 2021-03-19 | 浙江大学 | Chip security evaluation method based on steady-state fault |
| CN111123071A (en) * | 2019-12-19 | 2020-05-08 | 江西智慧云测安全检测中心有限公司 | Single-point laser attack injection testing device for chip safety detection |
| CN113030713A (en) * | 2021-03-05 | 2021-06-25 | 中国科学院国家空间科学中心 | System for laser detection of internal level state of integrated circuit |
| CN113030713B (en) * | 2021-03-05 | 2021-11-09 | 中国科学院国家空间科学中心 | System for laser detection of internal level state of integrated circuit |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108173645B (en) | 2021-02-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108173645B (en) | Security detection method and device for password chip | |
| Ahmed et al. | Noiseprint: Attack detection using sensor and process noise fingerprint in cyber physical systems | |
| Ordas et al. | Electromagnetic fault injection: the curse of flip-flops | |
| Roscian et al. | Frontside laser fault injection on cryptosystems-Application to the AES'last round | |
| Shereen et al. | Feasibility of time-synchronization attacks against PMU-based state estimation | |
| Cui et al. | Spatio-temporal characterization of synchrophasor data against spoofing attacks in smart grids | |
| CN106326053B (en) | Chip safety testing method and system based on fault injection | |
| Ahmed et al. | Noisense print: detecting data integrity attacks on sensor measurements using hardware-based fingerprints | |
| Weerakkody et al. | A Bernoulli-Gaussian physical watermark for detecting integrity attacks in control systems | |
| CN102638445A (en) | Feedback type multistep network attack intelligent detection method and feedback type multistep network attack intelligent detection device | |
| Gómez et al. | Crafting adversarial samples for anomaly detectors in industrial control systems | |
| Matsuda et al. | On-chip substrate-bounce monitoring for laser-fault countermeasure | |
| Ahmed et al. | Scanning the cycle: Timing-based authentication on PLCs | |
| Vu et al. | On applying fault detectors against false data injection attacks in cyber-physical control systems | |
| Wang et al. | Infrastructure-enabled GPS spoofing detection and correction | |
| Ahmed et al. | NoiSense: Detecting data integrity attacks on sensor measurements using hardware based fingerprints | |
| CN104935783B (en) | A kind of safe active distorted image detection method and device | |
| CN106357378A (en) | Key detection method applied to SM2 signature and system thereof | |
| Ren et al. | Attack detection based on encoding–decoding approach for cyber–physical systems | |
| Gai et al. | Attacking the edge-of-things: A physical attack perspective | |
| Polian et al. | Counteracting malicious faults in cryptographic circuits | |
| Yamashita et al. | Redshift: Manipulating signal propagation delay via continuous-wave lasers | |
| Yang et al. | Hardware Trojan detection method based on time feature of chip temperature | |
| Akbarian et al. | Detection and mitigation of deception attacks on cloud-based industrial control systems | |
| CN109885960A (en) | A kind of embedded chip hardware Trojan horse design method based on electromagnetism bypass analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |