CN111552930A - 集成电路和具有这样的集成电路的嵌入式系统 - Google Patents
集成电路和具有这样的集成电路的嵌入式系统 Download PDFInfo
- Publication number
- CN111552930A CN111552930A CN202010076274.4A CN202010076274A CN111552930A CN 111552930 A CN111552930 A CN 111552930A CN 202010076274 A CN202010076274 A CN 202010076274A CN 111552930 A CN111552930 A CN 111552930A
- Authority
- CN
- China
- Prior art keywords
- circuit
- integrated circuit
- following features
- hardware cache
- fuse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 13
- 230000008569 process Effects 0.000 claims abstract description 12
- 238000002347 injection Methods 0.000 claims abstract description 8
- 239000007924 injection Substances 0.000 claims abstract description 8
- 230000011664 signaling Effects 0.000 claims 1
- 239000000243 solution Substances 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000009849 deactivation Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 229910052710 silicon Inorganic materials 0.000 description 1
- 239000010703 silicon Substances 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C17/00—Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards
- G11C17/14—Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards in which contents are determined by selectively establishing, breaking or modifying connecting links by permanently altering the state of coupling elements, e.g. PROM
- G11C17/16—Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards in which contents are determined by selectively establishing, breaking or modifying connecting links by permanently altering the state of coupling elements, e.g. PROM using electrically-fusible links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C17/00—Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards
- G11C17/14—Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards in which contents are determined by selectively establishing, breaking or modifying connecting links by permanently altering the state of coupling elements, e.g. PROM
- G11C17/18—Auxiliary circuits, e.g. for writing into memory
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01L—SEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
- H01L23/00—Details of semiconductor or other solid state devices
- H01L23/57—Protection from inspection, reverse engineering or tampering
- H01L23/576—Protection from inspection, reverse engineering or tampering using active circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Condensed Matter Physics & Semiconductors (AREA)
- Power Engineering (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Design And Manufacture Of Integrated Circuits (AREA)
- Semiconductor Integrated Circuits (AREA)
- Memory System Of A Hierarchy Structure (AREA)
Abstract
一种集成电路(10),其特征在于以下特征:‑所述电路(10)包括用于支持安全的引导过程(23)的电子保险装置(11),其中所述保险装置(11)被查询;‑所述电路(10)具有防止电磁故障注入的保护和‑所述电路(10)这样配置,使得所述保护延伸到所述引导过程(23)。
Description
技术领域
本发明涉及一种集成电路。本发明此外涉及一种具有这样的集成电路的嵌入式系统。
背景技术
在数据处理的上下文中,术语“eFuse”、“E-Fuse(电子熔丝)”或简称“Fuse(熔丝)”表示以其原型由IBM所开发的电子保险装置,该电子保险装置实现计算机芯片的动态实时编程。US4962294A公开作为可一次性编程的非易失性存储元件而对该方案的实施。
US 2006/0136858 A1示出一种用于就地(insitu)改变集成电路的系统参数的方法。该集成电路具有被构造为半导体元件的E-Fuse,其能够在硅上的芯片制造情况下利用在芯片中的金属连接来构成,其中基于被存储在E-Fuse中的信息来编码该电路的接入可能性或运行方式。通过集成接口或者通过集成的E-Fuse控制模块来选择性地毁坏用于编码的E-Fuse。
在接下来的讲述的范畴内,术语“电子保险装置(elektronische Sicherung)”应始终以广义来解释,其明确包括每种非易失性的存储器、例如闪存或PCM在内。
发明内容
本发明根据独立权利要求提供一种集成电路、尤其是FPGA或微控制器,以及一种具有这样的电路的嵌入式系统,例如单芯片系统(即system on a chip(片上系统),SoC)。
根据本发明的方案在此情况下基于如下认识:保护IT系统免受对其固件的逆向工程(reverse engineering)或操纵是非常重要的。在嵌入式系统的情况下,攻击者可能获得对相应的系统之内的集成电路的接入,从而必须保证在所述电路之内的安全性。通过在执行、固件加密或者保护调试接口之前检验固件的真实性所确保的引导(Urladen)(securebootstrap(安全引导程序), secure boot(安全引导))表示用于如下安全性措施的示例,其中所述安全性措施在集成电路中实施。这些安全性机制必须被保护免遭物理攻击、例如激光攻击、通过电磁故障进行的注入攻击(electromagnetical fault injection(电磁故障注入),EM-FI)以及侧信道攻击。
所建议的解决方案还基于如下了解:像是例如对安全系统启动的激活所涉及的安全性信息显然必须被存储在非易失性存储器中。为此目的,通常利用已经提及的电子保险装置。在此情况下,所述电子保险装置能够典型地被设置(为1),但是并不能够被重置(为0)。在这样的保险装置中存储常常安全相关的信息,其涉及对引导的确保、对调试接口的去激活或者针对于固件加密的根密钥。然而,保险装置的读出有时是复杂的和缓慢的,从而在开始启动过程时将所述保险装置加载到用作硬件缓存的易失性存储器中,例如处理器寄存器中。因为保险装置包含针对启动过程自身的重要信息,所述保险装置在开始该过程时利用硬件式实施的有限自动机(endlichen Automaten)来被加载(图1)。在此时间点,并不执行软件。注意到:也能够使用闪存存储器或者电池缓冲的直接存取存储器(battery-buffered random access memory(电池缓冲的随机存取存储器), BBRAM),以用于存储这种安全性信息。
根据本发明的电路还考虑已经已知的针对于故障注入、尤其是电磁故障注入的应对措施。为此列举:关键操作的空间上或时间上冗余的实施,例如借助于三重模块冗余(triple modular redundancy, TMR),或者关键操作的随机变化的运行时行为(jitter(抖动)),使得攻击者并不能够确定出用于故障攻击的正确时间点。
此外有意义的是磁场探测器的实施方案:针对攻击所使用的磁场是相对强的并且能够以高可靠性来被检测。如果发现攻击,则将相应装备的设备转换成安全的锁定模式(Sperrmodus)。这样的探测器例如在以下出版物中被描述:J.Breier,S.Bhasin和W.He. Anelectromagnetic fault injection sensor using hogge phase-detector. 在18thInternational Symposium on Quality Electronic Design (ISQED)中,第307-312页,2017年3月。
接下来所描述的方案认识到:这种措施被实施在多个集成电路中,然而通常并不检测保险装置的缓存存储器(Zwischenspeicher)(技术语言:“Cachen(缓存)”)。这种薄弱点使得攻击者能够突破有关措施。
按照本发明的解决方案的优点因此在于经改善地抵御(Abwehr)EM-FI攻击。
通过在从属权利要求所列举的措施,使得在独立权利要求中所说明的基本思想的有利的扩展方案和改善方案是可能的。因此可以规定:这样构型本发明的实施方式,使得电子保险装置的查询(Abfragen)具有随机变化的运行时行为。这种变型方案能够附加地使可能的攻击困难化。
附图说明
在附图中示出并且在接下来的描述中进一步阐述本发明的实施例。其中:
图1 示出设备的引导过程。
图2示例性地示出保险装置的读过程的冗余实施。
具体实施方式
根据本发明,磁场探测器或EM-FI探测器能够在集成电路中被实施并且在保险装置(附图标记22,图1)的缓存存储之前被激活。如图2图解的那样,这种保险装置缓存过程(22)的冗余实施同样是能够设想的。因为磁场注入由于共同的起因而可能导致失效(例如考虑到采样干扰)(common cause failure(共因失效), CCF),建议的是鉴于时间和空间方面冗余的实施。
Claims (10)
1.一种集成电路(10),
其特征在于以下特征:
- 所述电路(10)包括用于支持安全的引导过程(23)的电子保险装置(11),其中所述保险装置(11)被查询(22);
- 所述电路(10)具有防止电磁故障注入的保护和
- 所述电路(10)这样配置,使得所述保护延伸到所述引导过程(23)。
2.根据权利要求1所述的集成电路(10),
其特征在于以下特征:
- 所述电路(10)包括硬件缓存(12、13、14)和
- 所述电路(10)被设立用于,在查询(22)所述保险装置(11)时将查询结果存储在所述硬件缓存(12、13、14)中。
3.根据权利要求2所述的集成电路(10),
其特征在于以下特征:
- 所述硬件缓存(12、13、14)是处理器寄存器(12、13、14)或RAM缓存。
4.根据权利要求2或3所述的集成电路(10),
其特征在于以下特征:
- 所述硬件缓存(12、13、14)是冗余地设计的并且
- 所述电路(10)被设立用于,多次地相继将所述查询结果读入到所述硬件缓存(12、13、14)中。
5.根据权利要求4所述的集成电路(10),
其特征在于以下特征:
- 所述电路(10)包括比较器(15),用于进行在所述处理器寄存器(12、13、14)之间的比较并且
-所述电路(10)被设立用于,如果所述比较失败,用信号传递警报(16)。
6.根据权利要求4或5所述的集成电路(10),
其特征在于以下特征:
- 所述处理器寄存器(12、13、14)是三重冗余地设计的并且
- 所述处理器寄存器(12、13、14)在空间上彼此偏移。
7.根据权利要求1至6其中任意一项所述的集成电路(10),
其特征在于以下特征:
- 所述电路(10)包括磁场探测器或电磁故障注入探测器和
- 所述电路(10)被设立用于,在所述引导过程(23)之前激活所述磁场探测器。
8.根据权利要求1至7其中任意一项所述的集成电路(10),
其特征在于以下特征:
- 所述电路(10)这样被设立,使得在接通(21)所述电路(10)之后首先查询(22)所述保险装置(11),然后继续所述引导过程(23)并且最后实施固件(24)。
9.根据权利要求1至8其中任意一项所述的集成电路(10),
其特征在于以下特征:
- 所述电路(10)这样被设立,使得所述保险装置(11)的所述查询(22)具有随机变化的运行时行为。
10.具有根据权利要求1至9其中任意一项所述的电路(10)的嵌入式系统。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102019201096.2 | 2019-01-29 | ||
DE102019201096.2A DE102019201096A1 (de) | 2019-01-29 | 2019-01-29 | Integrierter Schaltkreis und eingebettetes System mit einem solchen integrierten Schaltkreis |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111552930A true CN111552930A (zh) | 2020-08-18 |
Family
ID=71524267
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010076274.4A Pending CN111552930A (zh) | 2019-01-29 | 2020-01-23 | 集成电路和具有这样的集成电路的嵌入式系统 |
Country Status (3)
Country | Link |
---|---|
US (1) | US11520892B2 (zh) |
CN (1) | CN111552930A (zh) |
DE (1) | DE102019201096A1 (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11379580B1 (en) * | 2020-03-16 | 2022-07-05 | Xilinx, Inc. | Mixed storage of data fields |
US20220181275A1 (en) * | 2020-12-08 | 2022-06-09 | International Business Machines Corporation | Integrated circuit security using programmable switches |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS6130428A (ja) * | 1984-07-20 | 1986-02-12 | Nissan Motor Co Ltd | 車両走行制御装置 |
US4962294A (en) | 1989-03-14 | 1990-10-09 | International Business Machines Corporation | Method and apparatus for causing an open circuit in a conductive line |
US5109273A (en) * | 1990-05-11 | 1992-04-28 | Eastman Kodak Company | Signal processing circuit for performing a pipelined matrix multiplication upon signals from several linear sensors |
US20060136858A1 (en) | 2004-12-17 | 2006-06-22 | International Business Machines Corporation | Utilizing fuses to store control parameters for external system components |
JP2010507227A (ja) * | 2006-10-16 | 2010-03-04 | トムソン ライセンシング | フィールド・プログラマブル・ゲート・アレイ(fpga)のトレラントなシステム内プログラミング |
WO2012122994A1 (en) * | 2011-03-11 | 2012-09-20 | Kreft Heinz | Off-line transfer of electronic tokens between peer-devices |
EP2806786B1 (en) * | 2012-01-25 | 2018-05-09 | Varian Medical Systems, Inc. | Remote control system and method |
US9740798B2 (en) * | 2013-03-15 | 2017-08-22 | Micron Technology, Inc. | Inexact search acceleration |
US11556396B2 (en) * | 2015-05-08 | 2023-01-17 | Seth Lytle | Structure linked native query database management system and methods |
-
2019
- 2019-01-29 DE DE102019201096.2A patent/DE102019201096A1/de active Pending
-
2020
- 2020-01-23 CN CN202010076274.4A patent/CN111552930A/zh active Pending
- 2020-01-28 US US16/774,271 patent/US11520892B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
DE102019201096A1 (de) | 2020-07-30 |
US11520892B2 (en) | 2022-12-06 |
US20200242248A1 (en) | 2020-07-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8583880B2 (en) | Method for secure data reading and data handling system | |
US8239963B2 (en) | Method of protecting a password from unauthorized access and data processing unit | |
US6934887B1 (en) | Method for protecting a program flow | |
EP2943908B1 (en) | One-time programmable integrated circuit security | |
US20070226551A1 (en) | Apparatus and method for checking an error recognition functionality of a memory circuit | |
KR20000070127A (ko) | 소프트웨어 프로그램의 규정된 실행을 모니터링하기 위한 방법 | |
CN111552930A (zh) | 集成电路和具有这样的集成电路的嵌入式系统 | |
KR20090046910A (ko) | 데이터 저장 디바이스의 데이터 무결성 검증 | |
US20150324583A1 (en) | Method for operating a control unit | |
JP6518798B2 (ja) | 安全な集積回路状態を管理する装置およびその方法 | |
US20130275817A1 (en) | Register protected against fault attacks | |
US8495734B2 (en) | Method and device for detecting an erroneous jump during program execution | |
US10846421B2 (en) | Method for protecting unauthorized data access from a memory | |
JP2002334317A (ja) | 情報処理装置 | |
US20210407610A1 (en) | Integrity Verification of Lifecycle-State Memory using Multi-Threshold Supply Voltage Detection | |
CN111104662B (zh) | 用于对程序进行认证的方法和对应的集成电路 | |
WO2001097010A2 (en) | Data processing method and device for protected execution of instructions | |
CN106935266B (zh) | 从存储器中读取配置信息的控制方法、装置和系统 | |
US20060107133A1 (en) | Tampering-protected microprocessor system and operating procedure for same | |
US20050041803A1 (en) | On-device random number generator | |
US11281576B2 (en) | Memory device | |
EP3667533A1 (en) | Method for securing a system in case of an undesired power-loss | |
US7806319B2 (en) | System and method for protection of data contained in an integrated circuit | |
US20230139634A1 (en) | Electronic fuse (efuse) designs for enhanced chip security | |
US10148671B2 (en) | Method for protecting a chip card against a physical attack intended to modify the logical behaviour of a functional program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |