CN111314045B - Method, device, storage medium and terminal for identifying laser fault injection attack - Google Patents
Method, device, storage medium and terminal for identifying laser fault injection attack Download PDFInfo
- Publication number
- CN111314045B CN111314045B CN201811518931.5A CN201811518931A CN111314045B CN 111314045 B CN111314045 B CN 111314045B CN 201811518931 A CN201811518931 A CN 201811518931A CN 111314045 B CN111314045 B CN 111314045B
- Authority
- CN
- China
- Prior art keywords
- verification
- preset
- chip
- fault injection
- configuration information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000002347 injection Methods 0.000 title claims abstract description 104
- 239000007924 injection Substances 0.000 title claims abstract description 104
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000012795 verification Methods 0.000 claims abstract description 199
- 238000001514 detection method Methods 0.000 claims abstract description 26
- 238000012545 processing Methods 0.000 claims description 9
- 230000004888 barrier function Effects 0.000 claims description 2
- 230000006870 function Effects 0.000 description 8
- 239000004065 semiconductor Substances 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 description 2
- 239000003574 free electron Substances 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 229910052710 silicon Inorganic materials 0.000 description 2
- 239000010703 silicon Substances 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000010521 absorption reaction Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000003292 glue Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/004—Countermeasures against attacks on cryptographic mechanisms for fault attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Semiconductor Lasers (AREA)
Abstract
The invention discloses a method, a device, a storage medium and a terminal for identifying laser fault injection attack, wherein the method comprises the following steps: acquiring configuration information of a chip; generating verification information corresponding to the configuration information and generating a verification state signal; and detecting whether the chip is subjected to laser fault injection or not according to the verification information and the verification state signal. The device comprises: the device comprises an acquisition module, a check bit generation module and a detection verification module. According to the scheme of the invention, whether the chip is subjected to laser fault injection is detected according to the generated verification information corresponding to the configuration information and the verification state signal, and whether the chip is attacked can be identified, so that the configuration information in the chip can be protected, and the major loss is avoided.
Description
Technical Field
The invention belongs to the technical field of electronic computers, and particularly relates to a method, a device, a storage medium and a terminal for identifying laser fault injection attack, in particular to a method, a device, a storage medium and a terminal for protecting configuration information against laser attack.
Background
The application range of a chip (also called an "integrated circuit") is very wide, and in chip design, corresponding configuration information needs to be set for the chip according to the actual application scene of the chip. The configuration information is used to distinguish product directions, characteristics, and the like to be suitable for different application scenarios, and is generally stored in a Non-Volatile Memory (NVM). Some of the configuration information may be used as conditions for turning on or off the chip special function, and the configuration information corresponding to the conditions for turning on or off the chip special function may be referred to as sensitive configuration information. In the power-on process, the sensitive configuration information is acquired from the NVM through software and hardware operations and stored in the register, and if the sensitive configuration information is acquired by a hacker, attack on the chip can be realized, which causes a significant loss.
The realization material of the chip is a silicon semiconductor and a small amount of doping elements, wherein the N-type semiconductor is provided with electrons, the P-type semiconductor is provided with holes, and the electron holes are in a bound state in covalent bonds. When sufficient energy is supplied to the electrons, the electrons are unbound and become free electrons. The energy absorption of semiconductors depends on the material, wavelength of light, and intensity of light. When the silicon Semiconductor absorbs photons with specific wavelengths to a certain degree, electrons are separated from covalent bonds and bound to become free electrons, so that a CMOS (Metal-Oxide-Semiconductor) transistor of a chip is turned on, abnormal data output is generated, and the purpose of fault injection is achieved. A hacker may change the configuration information (particularly sensitive configuration information) stored in the register by means of laser fault injection, so that the system running the chip becomes weak, resulting in some of the protection functions of the chip being opened or weakened, and the configuration information is retrieved by the hacker.
However, in the process of implementing the present invention, the inventor finds that in the prior art, there is no method for identifying whether the chip is attacked by laser fault injection, and the configuration information of the chip cannot be protected.
Disclosure of Invention
The present invention aims to provide a method, an apparatus, a storage medium, and a terminal for identifying a laser fault injection attack, so as to solve the problem that in the prior art, whether a chip is attacked by laser fault injection does not exist, and achieve the effect of protecting configuration information of the chip.
The invention provides a method for identifying laser fault injection attack, which is characterized by comprising the following steps:
acquiring configuration information of a chip;
generating verification information corresponding to the configuration information and generating a verification state signal;
detecting whether the chip is subjected to laser failure or not according to the verification information and the verification state signal
And (4) barrier injection.
Further, acquiring configuration information of the chip includes:
acquiring a configuration information updating enabling signal generated by a preset enabling signal control module;
reading the configuration information of the chip from the NVM through the NVM read-write control unit;
and storing the configuration information of the chip in a preset register group.
Further, generating verification information corresponding to the configuration information and generating a verification status signal, including:
acquiring verification information generated by the preset enabling signal control module to generate an enabling signal;
generating verification information corresponding to the configuration information according to the configuration information of the preset register group;
and acquiring a verification information latch enabling signal generated by the preset enabling signal control module, latching the verification information in a preset verification information storage module, and generating the verification state signal.
Further, detecting whether the chip is subjected to laser fault injection according to the verification information and the verification state signal includes:
acquiring a verification enabling signal generated by the preset enabling signal control module;
judging whether the check state signal is valid;
when the verification state signal is valid and the verification information meets a preset first verification condition, determining that the preset register group or the preset verification information storage module in the chip is subjected to laser fault injection;
when the verification state signal is invalid and the verification information meets a preset second verification condition, determining that the preset enabling signal control module in the chip is subjected to laser fault injection;
and when the verification state signal is valid and the verification information meets a preset third verification condition, determining that the preset register group, the preset verification information storage module and the preset enable signal control module in the chip are subjected to laser fault injection.
Further, after detecting whether the chip is subjected to laser fault injection according to the verification information and the verification status signal, the method further includes:
and when the chip is detected to be injected with laser faults, the chip is enabled to enter a safe mode and reset.
In accordance with the above method, another aspect of the present invention provides an apparatus for identifying a laser fault injection attack, which is characterized in that the apparatus includes:
the acquisition module is used for acquiring configuration information of the chip;
a check bit generating module for generating check information corresponding to the configuration information and generating check
A status signal;
and the detection and verification module is used for detecting whether the chip is subjected to laser fault injection or not according to the verification information and the verification state signal.
Further, the obtaining module comprises:
the updating enabling signal acquisition unit is used for acquiring a configuration information updating enabling signal generated by the preset enabling signal control module;
the reading unit is used for reading the configuration information of the chip from the NVM through the NVM reading and writing control module;
and the storage unit is used for storing the configuration information of the chip in a preset register group.
Further, the check bit generation module includes:
the verification information generation enabling signal acquisition unit is used for acquiring the verification information generation enabling signal generated by the preset enabling signal control module;
the verification information generating unit is used for generating verification information corresponding to the configuration information according to the configuration information of the preset register group;
and the verification state signal generating unit is used for acquiring a verification information latch enabling signal generated by the preset enabling signal control module, latching the verification information in a preset verification information storage module and generating the verification state signal.
Further, the detection verification module comprises:
the verification enabling signal acquisition unit is used for acquiring the verification enabling signal generated by the preset enabling signal control module;
the judging unit is used for judging whether the check state signal is valid or not;
the first laser fault injection determining unit is used for determining that the preset register group or the preset check information storage module in the chip is subjected to laser fault injection when the check state signal is valid and the check information meets a preset first check condition;
the second laser fault injection determining unit is used for determining that the preset enabling signal control module in the chip is subjected to laser fault injection when the verification state signal is invalid and the verification information meets a preset second verification condition;
and the third laser fault injection determining unit is used for determining that the preset register group, the preset verification information storage module and the preset enabling signal control module in the chip are subjected to laser fault injection when the verification state signal is valid and the verification information meets a preset third verification condition.
Further, the apparatus further comprises:
and the processing protection module is used for enabling the chip to enter a safe mode and reset when the detection verification module detects that the chip is injected with the laser fault.
In accordance with the above apparatus, a further aspect of the present invention provides a terminal, including: the control device for identifying the laser fault injection attack is described above.
In accordance with the above method, a further aspect of the present invention provides a storage medium comprising: the storage medium has stored therein a plurality of instructions; the instructions are used for loading and executing the method for identifying the laser fault injection attack by the processor.
In accordance with the above method, a further aspect of the present invention provides a terminal, including: a processor for executing a plurality of instructions; a memory to store a plurality of instructions; wherein the instructions are stored by the memory and loaded and executed by the processor to perform the method for identifying laser fault injection attacks.
The method for identifying the laser fault injection attack according to the embodiment of the invention is based on the generated and configured information
The corresponding verification information and the verification state signal are detected, whether the chip is subjected to laser fault injection or not is detected, whether the chip is attacked or not can be identified, and therefore the configuration information in the chip can be protected, and the major loss is avoided. When the detection chip is injected by laser fault, the chip enters a safe mode and is reset, so that the chip can be simply protected, the configuration information in the chip is prevented from being attacked, and the safety is provided. The method for identifying the laser fault injection attack can be realized through the preset enabling signal control module, the preset register group, the preset verification information storage module and the like, the used resources are few, and the application range is wide.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
Fig. 1 is a schematic flowchart of a method for identifying a laser fault injection attack according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of another method for identifying a laser fault injection attack according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an example of a method for implementing identification of a laser fault injection attack according to a second embodiment of the present invention;
fig. 4 is a flowchart illustrating an example of a method for recognizing a laser fault injection attack according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of an apparatus for identifying a laser fault injection attack according to a third embodiment of the present invention;
fig. 6 is a schematic structural diagram of another apparatus for identifying a laser fault injection attack according to a third embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the specific embodiments of the present invention and the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
Referring to fig. 1, an embodiment of the present invention provides a method for identifying a laser fault injection attack, where the method for identifying a laser fault injection attack may include:
101: and acquiring configuration information of the chip.
The configuration information of the chip is used to distinguish product directions, characteristics, and the like to be suitable for different application scenarios, and the configuration information is usually stored in a Non-volatile memory (NVM). The configuration information also includes some sensitive configuration information that may be used as a condition for turning on or off a particular function of the chip.
Specifically, obtaining configuration information of the chip includes:
acquiring a configuration information updating enabling signal (cfg _ upd _ en) generated by a preset enabling signal control module;
reading the configuration information of the chip from the NVM through the NVM read-write control module;
and storing the configuration information of the chip in a preset register group.
The preset enable signal control block may generate a configuration information update enable signal (cfg _ upd _ en), a parity information generation enable signal (par _ gen _ en), a parity information latch enable signal (par _ lat _ en), a parity enable signal (par _ verify _ en), and the like, for starting an operation of the related block.
After the configuration information updating enabling signal (cfg _ upd _ en) generated by the preset enabling signal control module is obtained, the configuration information of the chip is read from the NVM through the non-volatile memory NVM reading and writing control module, and the configuration information of the chip is stored in the preset register group, so that the implementation mode is simple and quick.
102: generating verification information corresponding to the configuration information and generating a verification status signal.
Specifically, generating the check information corresponding to the configuration information and generating the check status signal includes:
acquiring verification information generated by a preset enabling signal control module to generate an enabling signal;
generating verification information corresponding to the configuration information according to the configuration information of the preset register group;
and acquiring a verification information latch enabling signal generated by the preset enabling signal control module, latching the verification information in the preset verification information storage module, and generating a verification state signal.
The method comprises the steps of reading configuration information of a chip from an NVM (non-volatile memory) through a NVM read-write control module, storing the configuration information of the chip in a preset register group to finish updating of the configuration information, latching verification information behind a preset verification information storage module to represent that the configuration of the chip is finished, generating a verification state signal (boot read done), simultaneously using the verification state signal (par _ verify _ en) as a verification enable signal, and starting to carry out attack detection of laser fault injection.
And generating verification information corresponding to the configuration information and generating a verification state signal, thereby facilitating subsequent detection and verification.
103: and detecting whether the chip is subjected to laser fault injection or not according to the verification information and the verification state signal.
Specifically, according to the verification information and the verification status signal, detecting whether the chip is subjected to laser fault injection includes:
acquiring a verification enabling signal generated by a preset enabling signal control module;
judging whether the check state signal is valid;
when the verification state signal is valid and the verification information meets a preset first verification condition, determining that a preset register group or a preset verification information storage module in the chip is subjected to laser fault injection;
when the verification state signal is invalid and the verification information meets a preset second verification condition, determining that a preset enabling signal control module in the chip is subjected to laser fault injection;
and when the verification state signal is effective and the verification information meets a preset third verification condition, determining that a preset register group, a preset verification information storage module and a preset enabling signal control module in the chip are subjected to laser fault injection.
Specific contents of the preset first check condition, the preset second check condition and the preset third check condition can be set according to specific contents of the check information.
Whether the chip is subjected to laser fault injection is detected according to the verification information and the verification state signal, specific contents of a preset first verification condition, a preset second verification condition and a preset third verification condition can be set according to specific contents of the verification information, the method is convenient to achieve, whether laser fault injection attack is received or not is convenient to identify, and configuration information is protected.
Further, referring to fig. 2, after detecting whether the chip is subjected to laser fault injection according to the verification information and the verification status signal, the method further includes:
104: when the detection chip is injected with laser faults, the chip enters a safe mode and is reset.
When the chip is determined to be injected with laser fault, the chip is enabled to enter a safe mode and reset, and the chip can be reset
The configuration information is protected.
The method for identifying the laser fault injection attack according to the embodiment of the invention is based on the generated and configured information
The corresponding verification information and the verification state signal are detected, whether the chip is subjected to laser fault injection or not is detected, whether the chip is attacked or not can be identified, and therefore the configuration information in the chip can be protected, and the major loss is avoided. When the detection chip is injected by laser fault, the chip enters a safe mode and is reset, so that the chip can be simply protected, the configuration information in the chip is prevented from being attacked, and the safety is provided. The method for identifying the laser fault injection attack can be realized through the preset enabling signal control module, the preset register group, the preset verification information storage module and the like, the used resources are few, and the application range is wide.
Example two
For ease of understanding, referring to fig. 3 and 4, the embodiment of the present invention is further illustrated by a specific example, and the meaning of each module in fig. 3 is as follows:
an NVM (non-volatile memory) 201 for storing chip configuration information and other information. Wherein the configuration information includes sensitive configuration information.
An NVM read/write control module (NVM glue logic) 202 for completing the actions of writing, erasing, reading, etc. to the NVM.
And the register group 203 is used for latching the configuration information read out from the NVM by the NVM read-write control module.
The enable signal control module 204 is configured to generate a configuration information update enable signal (cfg _ upd _ en), a parity information generation enable signal (par _ gen _ en), a parity information latch enable signal (par _ lat _ en), and a parity enable signal (par _ verify _ en), and enable operations of the related modules through the enable signals.
A check bit generating module 205 for generating check information corresponding to the configuration information and generating a check
A status signal.
The input signal of the check bit generation module 205 is the configuration information from the register set 203, and the configuration information is output
To verify information and to verify status signals. When the parity generation enable signal (par _ gen _ en) is valid, the output result of the parity generation block 205 is valid.
And the verification information storage module 206 is used for latching the verification information.
When the parity latch enable signal (par _ lat _ en) is asserted, the parity from the parity bit generation block 205, which is typically implemented as a register, is latched.
And the detection and verification module 207 is used for detecting whether the chip is subjected to laser fault injection or not according to the verification information and the verification state signal.
The detection verification module 207 is a core part for detecting whether the laser fault injection is performed. The detection and verification module 207 detects whether laser fault injection is suffered or not at any time, and once an abnormality is detected, the processing protection module 208 is informed to perform subsequent processing operation.
And the processing protection module 208 is used for enabling the chip to enter a safe mode and reset when the detection verification module 207 detects that the chip is subjected to laser fault injection.
Referring to fig. 4, the specific workflow is as follows:
301: after the chip is powered on and started, the system where the chip is located returns to an initial state.
302: the enable signal control module 204 enables the configuration information update enable signal (cfg _ upd _ en), reads the configuration information of the chip from the NVM201 through the NVM read-write control module 202, and updates the latched register set 203.
303: after the configuration update of the chip is completed, the enable signal control module 204 generates a check information generation enable signal (par _ gen _ en), and the check bit generation module 205 generates the check information according to the configuration information from the register set 203 at any time.
304: the enable signal control block 204 generates a pulse signal "parity latch enable signal (par _ lat _ en)" for one clock cycle to control the parity information storage block 206 to complete the parity bit information latch from the parity bit generation block 205.
After the step, the chip completes the updating of the configuration information and the generation of the verification information. Typically, the latching of configuration information and verification information need only be updated once at chip startup.
305: the enable signal control module 204 generates a check state signal (boot read done) at the same time
The laser fault injection attack detection formally starts using the check state signal (boot read done) as the check enable signal (par _ verify _ en).
After the updating of the configuration information and the latching of the verification information are completed, the configuration of the chip is also completed, so that
The enable signal control module 204 generates a check state signal (boot read done).
306: the detection verification module 207 performs detection of laser fault injection attacks.
Laser fault injection attacks directly affect the stable register values inside the chip, i.e. via
After an over-lasing fault injection, the value of the register may flip, possibly from 1 to 0, and possibly from 0 to 1. The hacker performs laser fault injection attack mainly by collecting the check state signals (boot read done) of the register bank 203, the check information storage module 206, and the enable signal control module 204. In this embodiment, the protection method for these modules is as follows:
1) in the case when the check status signal (boot read done) is valid, if parity! = parity', it is determined that the register group 203, or the verification information storage block 206, is subjected to laser fault injection.
2) In the case where the check state signal (boot read done) is invalid, if parity' | =0, it is determined that the enable signal control module 204 is subjected to laser fault injection.
3) In the case when the check status signal (boot read done) is valid, if parity! = parity '& & parity' | =0 & & boot read done = =0, it is determined that the register group 203, the verification information storage block 206, and the enable signal control block 204 are subjected to laser fault injection.
Wherein parity represents the check information.
307: when the detection verification module 207 detects that the chip is subject to laser fault injection, the processing protection module 208 causes the chip to enter a safe mode and reset.
It should be noted that, for updating the configuration information of the chip, the implementation manner is not limited to hardware triggering, and may also be accomplished by software triggering.
The method for identifying the laser fault injection attack according to the embodiment of the invention is based on the generated and configured information
The corresponding verification information and the verification state signal are detected, whether the chip is subjected to laser fault injection or not is detected, whether the chip is attacked or not can be identified, and therefore the configuration information in the chip can be protected, and the major loss is avoided. When the detection chip is injected by laser fault, the chip enters a safe mode and is reset, so that the chip can be simply protected, the configuration information in the chip is prevented from being attacked, and the safety is provided. The method for identifying the laser fault injection attack can be realized through the preset enabling signal control module, the preset register group, the preset verification information storage module and the like, the used resources are few, and the application range is wide.
EXAMPLE III
Referring to fig. 5, an embodiment of the present invention provides an apparatus for identifying a laser fault injection attack, where the apparatus for identifying a laser fault injection attack may include:
an obtaining module 401, configured to obtain configuration information of a chip;
a check bit generating module 402 for generating check information corresponding to the configuration information and generating
Checking the state signal;
and a detection and verification module 403, configured to detect whether the chip is subjected to laser fault injection according to the verification information and the verification status signal.
Further, the obtaining module 401 includes:
the updating enabling signal acquisition unit is used for acquiring a configuration information updating enabling signal generated by the preset enabling signal control module;
the reading unit is used for reading the configuration information of the chip from the NVM through the NVM reading and writing control module;
and the storage unit is used for storing the configuration information of the chip in a preset register group.
Further, the check bit generation module 402 includes:
the verification information generation enabling signal acquisition unit is used for acquiring a verification information generation enabling signal generated by the preset enabling signal control module;
the verification information generating unit is used for generating verification information corresponding to the configuration information according to the configuration information of the preset register group;
and the verification state signal generating unit is used for acquiring the verification information latch enabling signal generated by the preset enabling signal control module, latching the verification information in the preset verification information storage module and generating a verification state signal.
Further, the detection verification module 403 includes:
the verification enabling signal acquisition unit is used for acquiring a verification enabling signal generated by the preset enabling signal control module;
the judging unit is used for judging whether the check state signal is valid or not;
the first laser fault injection determining unit is used for determining that a preset register group or a preset check information storage module in the chip is subjected to laser fault injection when the check state signal is valid and the check information meets a preset first check condition;
the second laser fault injection determining unit is used for determining that the preset enabling signal control module in the chip is subjected to laser fault injection when the verification state signal is invalid and the verification information meets the preset second verification condition;
and the third laser fault injection determining unit is used for determining that the preset register group, the preset verification information storage module and the preset enabling signal control module in the chip are subjected to laser fault injection when the verification state signal is valid and the verification information meets the preset third verification condition.
Further, referring to fig. 6, the apparatus further includes:
and the processing protection module 404 is used for enabling the chip to enter a safe mode and reset when the detection verification module 403 detects that the chip is subjected to laser fault injection.
Since the processes and functions implemented by the apparatus of this embodiment substantially correspond to the embodiments, principles and examples of the method shown in fig. 1 to 4, the description of this embodiment is not detailed, and reference may be made to the related descriptions in the foregoing embodiments, which are not repeated herein.
The device for identifying the laser fault injection attack according to the embodiment of the invention is based on the generated and configured information
The corresponding verification information and the verification state signal are detected, whether the chip is subjected to laser fault injection or not is detected, whether the chip is attacked or not can be identified, and therefore the configuration information in the chip can be protected, and the major loss is avoided. When the detection chip is injected by laser fault, the chip enters a safe mode and is reset, so that the chip can be simply protected, the configuration information in the chip is prevented from being attacked, and the safety is provided. The method for identifying the laser fault injection attack can be realized through the preset enabling signal control module, the preset register group, the preset verification information storage module and the like, the used resources are few, and the application range is wide.
According to the embodiment of the invention, a terminal corresponding to the device for identifying the laser fault injection attack is also provided. The terminal may include: the above-mentioned device for identifying laser fault injection attack.
Since the processes and functions implemented by the terminal of this embodiment substantially correspond to the embodiments, principles, and examples of the apparatuses shown in fig. 5 and fig. 6, details are not described in the description of this embodiment, and reference may be made to the related descriptions in the foregoing embodiments, which are not described herein again.
According to an embodiment of the present invention, there is also provided a storage medium corresponding to a method of identifying a laser fault injection attack. The storage medium may include: the storage medium has stored therein a plurality of instructions; the instructions are used for loading and executing the method for identifying the laser fault injection attack by the processor.
Since the processing and functions implemented by the storage medium of this embodiment substantially correspond to the embodiments, principles, and examples of the methods shown in fig. 1 to fig. 4, details are not described in the description of this embodiment, and reference may be made to the related descriptions in the foregoing embodiments, which are not described herein again.
According to the embodiment of the invention, a terminal corresponding to the method for identifying the laser fault injection attack is also provided. The terminal can include: a processor for executing a plurality of instructions; a memory to store a plurality of instructions; the instructions are stored in the memory, and loaded by the processor and execute the control method of the voltage detection device.
Since the processing and functions implemented by the terminal of this embodiment substantially correspond to the embodiments, principles, and examples of the methods shown in fig. 1 to fig. 4, details are not described in the description of this embodiment, and reference may be made to the related descriptions in the foregoing embodiments, which are not described herein again.
In summary, it is readily understood by those skilled in the art that the advantageous modes described above can be freely combined and superimposed without conflict.
The above description is only an example of the present invention, and is not intended to limit the present invention, and it is obvious to those skilled in the art that various modifications and variations can be made in the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.
Claims (7)
1. A method of identifying a laser fault injection attack, the method comprising:
acquiring configuration information of a chip;
generating verification information corresponding to the configuration information and generating a verification state signal;
detecting whether the chip is subjected to laser failure or not according to the verification information and the verification state signal
Barrier injection;
acquiring configuration information of a chip, comprising:
acquiring a configuration information updating enabling signal generated by a preset enabling signal control module;
reading the configuration information of the chip from the NVM through the NVM read-write control unit;
storing the configuration information of the chip in a preset register group;
generating verification information corresponding to the configuration information and generating a verification status signal, including:
acquiring verification information generated by the preset enabling signal control module to generate an enabling signal;
generating verification information corresponding to the configuration information according to the configuration information of the preset register group;
acquiring a verification information latch enabling signal generated by the preset enabling signal control module, latching the verification information in a preset verification information storage module, and generating a verification state signal;
detecting whether the chip is subjected to laser fault injection or not according to the verification information and the verification state signal, wherein the method comprises the following steps:
acquiring a verification enabling signal generated by the preset enabling signal control module;
judging whether the check state signal is valid;
when the verification state signal is valid and the verification information meets a preset first verification condition, determining that the preset register group or the preset verification information storage module in the chip is subjected to laser fault injection;
when the verification state signal is invalid and the verification information meets a preset second verification condition, determining that the preset enabling signal control module in the chip is subjected to laser fault injection;
and when the verification state signal is valid and the verification information meets a preset third verification condition, determining that the preset register group, the preset verification information storage module and the preset enable signal control module in the chip are subjected to laser fault injection.
2. The method of claim 1, wherein after detecting whether the chip is subjected to laser fault injection according to the verification information and the verification status signal, the method further comprises:
and when the chip is detected to be injected with laser faults, the chip is enabled to enter a safe mode and reset.
3. An apparatus for identifying a laser fault injection attack, the apparatus comprising:
the acquisition module is used for acquiring configuration information of the chip;
a check bit generating module for generating check information corresponding to the configuration information and generating check
A status signal;
the detection and verification module is used for detecting whether the chip is subjected to laser fault injection or not according to the verification information and the verification state signal;
the acquisition module includes:
the updating enabling signal acquisition unit is used for acquiring a configuration information updating enabling signal generated by the preset enabling signal control module;
the reading unit is used for reading the configuration information of the chip from the NVM through the NVM reading and writing control module;
the storage unit is used for storing the configuration information of the chip in a preset register group;
the check bit generation module comprises:
the verification information generation enabling signal acquisition unit is used for acquiring the verification information generation enabling signal generated by the preset enabling signal control module;
the verification information generating unit is used for generating verification information corresponding to the configuration information according to the configuration information of the preset register group;
the verification state signal generating unit is used for acquiring a verification information latch enabling signal generated by the preset enabling signal control module, latching the verification information in a preset verification information storage module and generating the verification state signal;
the detection and verification module comprises:
the verification enabling signal acquisition unit is used for acquiring the verification enabling signal generated by the preset enabling signal control module;
the judging unit is used for judging whether the check state signal is valid or not;
the first laser fault injection determining unit is used for determining that the preset register group or the preset check information storage module in the chip is subjected to laser fault injection when the check state signal is valid and the check information meets a preset first check condition;
the second laser fault injection determining unit is used for determining that the preset enabling signal control module in the chip is subjected to laser fault injection when the verification state signal is invalid and the verification information meets a preset second verification condition;
and the third laser fault injection determining unit is used for determining that the preset register group, the preset verification information storage module and the preset enabling signal control module in the chip are subjected to laser fault injection when the verification state signal is valid and the verification information meets a preset third verification condition.
4. The apparatus of claim 3, further comprising:
and the processing protection module is used for enabling the chip to enter a safe mode and reset when the detection verification module detects that the chip is injected with the laser fault.
5. A terminal, comprising: the apparatus for identifying laser fault injection attacks as recited in any of claims 3-4.
6. A storage medium having a plurality of instructions stored therein; the plurality of instructions for loading and execution by a processor to implement the method of identifying a laser fault injection attack according to any of claims 1-2.
7. A terminal, comprising:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
wherein the instructions are for storage by the memory and for loading and execution by the processor to implement the method of identifying a laser fault injection attack according to any of claims 1-2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811518931.5A CN111314045B (en) | 2018-12-12 | 2018-12-12 | Method, device, storage medium and terminal for identifying laser fault injection attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811518931.5A CN111314045B (en) | 2018-12-12 | 2018-12-12 | Method, device, storage medium and terminal for identifying laser fault injection attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111314045A CN111314045A (en) | 2020-06-19 |
| CN111314045B true CN111314045B (en) | 2021-03-26 |
Family
ID=71157981
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811518931.5A Active CN111314045B (en) | 2018-12-12 | 2018-12-12 | Method, device, storage medium and terminal for identifying laser fault injection attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111314045B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763312A (en) * | 2016-03-02 | 2016-07-13 | 中国人民解放军军械工程学院 | Cryptographic chip optical fault injection system and attack method |
| CN107329746A (en) * | 2017-06-19 | 2017-11-07 | 珠海格力电器股份有限公司 | A kind of chip configuring information processing method and device |
| CN108173645A (en) * | 2017-12-27 | 2018-06-15 | 中国科学院国家空间科学中心 | The safety detection method and its device of a kind of crypto chip |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20140070776A (en) * | 2012-11-27 | 2014-06-11 | 한국전자통신연구원 | Apparatus for analyzing a laser fault |
| CN106161391B (en) * | 2015-04-17 | 2020-10-23 | 国民技术股份有限公司 | Security chip and method and device for defending error injection attack |
| CN206628275U (en) * | 2017-03-15 | 2017-11-10 | 珠海格力电器股份有限公司 | The control system and chip of configuration information are read from memory |
| CN106935266B (en) * | 2017-03-15 | 2023-08-25 | 珠海格力电器股份有限公司 | Control method, device and system for reading configuration information from memory |
-
2018
- 2018-12-12 CN CN201811518931.5A patent/CN111314045B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763312A (en) * | 2016-03-02 | 2016-07-13 | 中国人民解放军军械工程学院 | Cryptographic chip optical fault injection system and attack method |
| CN107329746A (en) * | 2017-06-19 | 2017-11-07 | 珠海格力电器股份有限公司 | A kind of chip configuring information processing method and device |
| CN108173645A (en) * | 2017-12-27 | 2018-06-15 | 中国科学院国家空间科学中心 | The safety detection method and its device of a kind of crypto chip |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111314045A (en) | 2020-06-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8176281B2 (en) | Controlling access to an embedded memory of a microcontroller | |
| US20090119646A1 (en) | Detection of a Fault by Long Disturbance | |
| EP2565810A1 (en) | Microprocessor protected against memory dump | |
| US6883075B2 (en) | Microcontroller having embedded non-volatile memory with read protection | |
| CN110020561B (en) | Semiconductor device and method of operating semiconductor device | |
| US5367149A (en) | IC card and method of checking personal identification number of the same | |
| US20090254782A1 (en) | Method and device for detecting an erroneous jump during program execution | |
| CN111314045B (en) | Method, device, storage medium and terminal for identifying laser fault injection attack | |
| US11281576B2 (en) | Memory device | |
| CN112083961B (en) | Embedded chip boot loading method | |
| US11487441B2 (en) | Managing tamper detections in secure memory devices | |
| WO2018166201A1 (en) | Data reading method, low-voltage detection logic circuit, integrated circuit and chip | |
| US7787315B2 (en) | Semiconductor device and method for detecting abnormal operation | |
| CN106935266B (en) | Control method, device and system for reading configuration information from memory | |
| RU2469384C2 (en) | Method of masking end-of-life transition of electronic device, and device including corresponding control module | |
| US7730115B2 (en) | System, microcontroller and methods thereof | |
| US7806319B2 (en) | System and method for protection of data contained in an integrated circuit | |
| JP3057326B2 (en) | IC card | |
| US12032684B2 (en) | Method for detecting a fault injection in a data processing system | |
| US20240012903A1 (en) | Method for Executing a Program on a Data Processing Device | |
| JP6387767B2 (en) | Electronic information recording medium, IC card, check method, and processing program | |
| US7822953B2 (en) | Protection of a program against a trap | |
| US20200401690A1 (en) | Techniques for authenticating and sanitizing semiconductor devices | |
| US20230229759A1 (en) | Method for detecting a fault injection in a data processing system | |
| KR100388219B1 (en) | Flash memory embeded one-chip micro controller unit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201130 Address after: 519000 Guangdong city of Zhuhai Province Qianshan Applicant after: GREE ELECTRIC APPLIANCES,Inc.OF ZHUHAI Applicant after: Zhuhai Zero Boundary Integrated Circuit Co.,Ltd. Address before: Xiangzhou District of Guangdong city in Zhuhai province 519070 Qianshan No. 789 Applicant before: GREE ELECTRIC APPLIANCES,Inc.OF ZHUHAI |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |