CN111581676A - Processor DPA attack resisting system under dual-core lock step fault tolerance - Google Patents
Processor DPA attack resisting system under dual-core lock step fault tolerance Download PDFInfo
- Publication number
- CN111581676A CN111581676A CN202010376980.0A CN202010376980A CN111581676A CN 111581676 A CN111581676 A CN 111581676A CN 202010376980 A CN202010376980 A CN 202010376980A CN 111581676 A CN111581676 A CN 111581676A
- Authority
- CN
- China
- Prior art keywords
- processor
- dual
- read
- random delay
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
- G06F21/755—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention relates to the field of microcontrollers, and provides a processor DPA attack resisting system under dual-core lock-step fault tolerance, which comprises a main processor, a secondary processor, a random delay enabling module and a read operation storage area, wherein the main processor is connected with the secondary processor through a network; the random delay enabling module is used for controlling the random delay of the slave processor; the read operation storage area is used for storing the instructions and data read by the main processor and providing the correct instructions and data of the auxiliary processor; the master processor and the slave processor comprise a synchronous operation phase and an asynchronous operation phase in operation. According to the invention, through modification of a bus layer, the original dual-core lockstep normal work is ensured, and meanwhile, dual power consumption hiding in time and amplitude dimensions is carried out, so that the DPA attack resistance characteristic of the processor under the dual-core lockstep fault tolerance is realized, and the method has the advantages of high safety performance, simplicity in processing and low investment cost.
Description
Technical Field
The invention relates to the field of microcontrollers, in particular to a DPA attack resisting system of a processor under dual-core lock-step fault tolerance.
Background
With the advent of the industrial 4.0 era, microcontrollers are playing an increasingly important role in the development of industrial automation in China. The reliability and safety of a processor, which is the core of a microcontroller, are facing serious challenges due to the constantly updated process nodes and the constantly evolving attack techniques. In terms of reliability, one of the mainstream fault-tolerant methods for commercial processors at present is a dual-core lock-step fault-tolerant scheme. The technology detects the occurrence of a fault by adopting two processors to make them a self-monitoring pair. Generally, state saving and state recovery are performed on software in combination with checkpoint technology, and fault recovery can be completed while detecting a fault. In the aspect of security, a popular attack mode at present is differential power analysis attack (DPA), which is an attack mode for obtaining a secret key by analyzing power consumption information leaked during hardware operation, and since the attack mode bypasses the tedious analysis of an encryption algorithm, the correlation analysis between power consumption and data is directly performed, so that the secret key can be quickly and accurately obtained. For the processor, when the processor performs software encryption, when the internal processor executes an encryption algorithm, an attacker can acquire a key by combining statistical data analysis and correlation between power consumption and instructions and data. On unprotected devices, the attack mode can quickly obtain the key with low attack cost so as to obtain sensitive information, thereby bringing disastrous results. At present, some existing methods for protecting a processor against attacks, such as inserting some random instructions or delaying waiting modes into a pipeline architecture of a CPU, destroy the correlation between power consumption and encryption and decryption algorithms. However, for a processor that needs to implement dual core lockstep fault tolerance at the same time, these uncontrolled random delays directly result in the failure of the dual core lockstep fault tolerance function. In addition, these methods require modification of the internal architecture of the embedded CPU, and the logic inside the processor is very complex, leading to a total body movement, which is costly for those who are not familiar with the processor structure and the internal implementation details.
Disclosure of Invention
In order to solve the technical problems in the prior art, the invention provides a system for resisting DPA attack of a processor under the condition of dual-core lock-step fault tolerance, and the specific technical scheme is as follows.
A processor DPA attack resisting system under dual-core lock-step fault tolerance comprises a main processor, a slave processor, a random delay enabling module and a read operation storage area; the random delay enabling module is used for controlling the random delay of the slave processor; the read operation storage area is used for storing the instructions and data read by the main processor and providing the instructions and data to the auxiliary processor correctly; the master processor and the slave processor comprise a synchronous operation phase and an asynchronous operation phase in operation.
Furthermore, the synchronous operation phase is that the operation states of the master processor and the slave processor are consistent, and the asynchronous operation phase is that the operation states of the master processor and the slave processor are inconsistent.
Further, when the master processor and the slave processor are in an out-of-step operation stage, the slave processor inserts delay randomly, and the master processor waits to operate synchronously with the slave processor by inserting delay randomly before writing; the delay is implemented by pulling down the hready signal on the AHB bus.
Further, the delaying is realized by pulling down the hready signal on the AHB bus, and specifically includes: when the hready signal is low, the master processor and the slave processor stop in the current instruction cycle, and when the hready signal is high, the current instruction is completed, and the program is executed downwards.
Further, the random delay enable module sends out a random delay enable signal, wherein the random delay enable signal comprises a high-level random delay enable signal and a low-level random delay enable signal, and is obtained through a true random number, a counter and related control logic; the true random number is obtained through a true random number generator, and then data after mask masking is rand _ num; the control logic issues an anti-DPA enable signal.
Further, when the DPA enable signal is at a high level, the counter counts the rand _ num, and when the count reaches 0, the level of the random delay enable signal is pulled up; and then obtains rand _ num again for counting, and when the count reaches 0, the level of the random delay enable signal is pulled low.
Furthermore, the read operation storage area is provided with 6 FIFO memories with the depth of 16, the FIFO memories are divided into 3 groups, the first group is a data FIFO memory, and 2 FIFO memories are used for storing read data and corresponding addresses; the second group is an instruction FIFO memory, wherein 2 FIFO memories are used for storing read instructions and corresponding addresses; the third group is constant FIFO memories, 2 of which are used to store the constants and corresponding addresses that are read.
Further, the main processor writes the read instructions and data into the FIFO memory, and the instructions and data read from the sub-processor after out-of-step operation are obtained from the FIFO memory.
Further, when the random delay enable signal is at a high level or the running state of the slave processor catches up with the running state of the master processor, that is, when the instruction and data in the FIFO in the read operation storage area are empty, the slave processor performs a delay operation and enters an out-of-step running state; and otherwise, the slave processor resumes operation and obtains the instruction and data of the read operation request from the read operation storage area.
Further, in the out-of-step operation stage, when the FIFO in the read operation storage area is full or the master processor executes a write operation, the master processor performs a delay operation until the slave processor executes the write operation.
Has the advantages that:
according to the system for resisting the DPA attack of the processor under the dual-core lock-step fault tolerance, the normal operation of the original dual-core lock step is ensured through the modification of the bus layer, and meanwhile, the dual power consumption hiding in the time and amplitude dimension is carried out, so that the characteristic of resisting the DPA attack of the processor under the dual-core lock step fault tolerance is realized.
Drawings
FIG. 1 is a block diagram of the design of DPA attack resistance under the dual core lock-step fault tolerance of the present invention;
FIG. 2 is a diagram illustrating the operation of the master processor and the slave processor in synchronization and out of synchronization according to the present invention;
FIG. 3 is a block diagram of a random delay enable module of the present invention;
FIG. 4 is a block diagram of a read operation memory area of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings and embodiments.
As shown in fig. 1, a processor DPA attack resistant system under dual core lockstep fault tolerance includes a master processor, a slave processor, a random delay enable module and a read operation storage area; the random delay enabling module is used for controlling the random delay of the slave processor, and when the random delay enabling signal is high, the slave processor inserts delay and enters a waiting state; when the random delay enable signal is low, the processor resumes operation; the read operation storage area is used for storing the instructions and data read by the main processor and providing the correct instructions and data of the auxiliary processor.
As shown in fig. 2, the master processor and the slave processor have a synchronous operation phase and an asynchronous operation phase; the synchronous operation refers to the operation state consistency between the master processor and the slave processor, and the desynchronized operation refers to the operation state inconsistency between the master processor and the slave processor.
In the out-of-step operation stage, the slave processor randomly inserts delay, and the master processor randomly inserts delay before write operation to wait for synchronous operation with the slave processor; specifically, when the hready signal is low, the master processor and the slave processor will stop in the current instruction cycle until the hready signal is high, and the current instruction is considered to be completed, so as to continue executing the program.
As shown in fig. 3, the random delay enable signal is composed of a true random number, a counter and associated control logic; the true random number is obtained through a true random number generator, and then data after mask is rand _ num.
When the power consumption hiding mode is started, namely the DPA enable signal is high, counting rand _ num, and when the count is 0, pulling up the random delay enable signal; and then obtaining and counting rand _ num once again, when the counting reaches 0, pulling down the random delay enable signal, and repeatedly carrying out the processes to obtain the random delay enable signal with random high and low levels. The delay time and the normal operation time are controlled by configuring a mask value, the larger the effective bit width of the random number after masking is, the larger the randomness of delaying and inserting from the processor is, but the higher performance overhead is brought at the same time, so that the reasonable mask value is configured according to the actual situation.
The master processor has an external input signal and an external output signal, the input signal of the slave processor is consistent with that of the master processor, and the output signal is only used for comparing with the output signal of the master processor so as to judge the occurrence of faults. Therefore, when out of sync operation, the slave processor cannot obtain the correct input signal.
As shown in fig. 4, the read operation storage area includes 6 FIFO memories with a depth of 16, which are divided into 3 groups; the first group is a data FIFO memory, wherein 2 FIFOs are used for storing read data and corresponding addresses; the second group is an instruction FIFO memory, wherein 2 FIFOs are used for storing read instructions and corresponding addresses; the third group is a constant FIFO memory, 2 of which are used to store the constants and corresponding addresses that are read. Under the condition of correct execution of the master processor and the slave processor, even if random delay is carried out, the running states of the master processor and the slave processor are kept consistent, so that an FIFO structure is adopted, and the instructions and data read from the master processor are written into the FIFO; and instructions and data read from the processor after the desynchronized operation are obtained from the FIFO.
After the DPA attack resistance is started, the slave processor performs delay operation and enters an out-of-step operation state when the following delay conditions are met:
1. random delay enable signal is high;
2. the running state of the slave processor catches up with the master processor, namely FIFO in the read operation storage area is empty;
the main processor normally fetches instructions and runs during which the instructions and data read by the main processor are stored in the read operation buffer. Otherwise, the slave processor starts to restore the operation, and the instruction and the data of the read operation request initiated by the slave processor are obtained from the read operation storage area.
During out-of-step operation, the same delay is performed if the main processor meets the following conditions:
1. when the FIFO in the read operation storage area is full;
2. when the main processor executes the write operation;
the main processor needs to delay until the slave processor also executes the current write operation, and the check point comparison under the dual-core lock step is carried out after the main processor and the slave processor reach the consistent execution state.
Claims (10)
1. A processor DPA attack resistant system under dual-core lock-step fault tolerance comprises a master processor and a slave processor, and is characterized by further comprising a random delay enabling module and a read operation storage area; the random delay enabling module is used for controlling the random delay of the slave processor; the read operation storage area is used for storing the instructions and data read by the main processor and providing the instructions and data to the auxiliary processor correctly; the master processor and the slave processor comprise a synchronous operation phase and an asynchronous operation phase in operation.
2. The dual-core lock-step fault-tolerant system for resisting the DPA attack, according to claim 1, wherein the synchronous operation phase is that the operation states of the master processor and the slave processor are consistent, and the out-of-step operation phase is that the operation states of the master processor and the slave processor are inconsistent.
3. The dual-core lockstep fault-tolerant processor DPA attack resisting system as claimed in claim 2, wherein when the master processor and the slave processor are in the out-of-step operation stage, the slave processor inserts a delay randomly, and the master processor waits to operate synchronously with the slave processor by inserting a delay randomly before a write operation; the delay is implemented by pulling down the hready signal on the AHB bus.
4. The dual-core lock-step fault-tolerant system for processor resistance to DPA attacks according to claim 3, wherein said delaying is implemented by pulling down hready signal on AHB bus: when the hready signal is low, the master processor and the slave processor stop in the current instruction cycle, and when the hready signal is high, the current instruction is completed, and the program is executed downwards.
5. The dual-core lockstep fault-tolerant processor DPA attack resistant system according to claim 1, wherein the random delay enable module issues random delay enable signals, the random delay enable signals include a high level random delay enable signal and a low level random delay enable signal, and are obtained through a true random number, a counter and related control logic; the true random number is obtained through a true random number generator, and then data after mask masking is rand _ num; the control logic issues an anti-DPA enable signal.
6. The dual-core lock-step fault-tolerant processor system against DPA attack as claimed in claim 5, wherein said counter counts said rand _ num when said DPA enable signal is high, and pulls up the level of the random delay enable signal when the count reaches 0; and then obtains rand _ num again for counting, and when the count reaches 0, the level of the random delay enable signal is pulled low.
7. The dual-core lock-step fault-tolerant processor DPA attack resisting system as claimed in claim 1, wherein the read operation storage area is provided with 6 FIFO memories with a depth of 16, which are divided into 3 groups, the first group is a data FIFO memory, and 2 FIFO memories are used for storing read data and corresponding addresses; the second group is an instruction FIFO memory, wherein 2 FIFO memories are used for storing read instructions and corresponding addresses; the third group is constant FIFO memories, 2 of which are used to store the constants and corresponding addresses that are read.
8. The dual-core lockstep fault-tolerant system for resisting DPA attack on a processor according to claim 7, wherein the main processor writes the read instructions and data into the FIFO memory, and the instructions and data read from the processor after out-of-step operation are obtained from the FIFO memory.
9. The system of claim 8, wherein when the random delay enable signal is high or the slave processor runs to catch up with the running status of the master processor, i.e. when the instructions and data in the FIFO in the read operation storage area are empty, the slave processor performs the delay operation and enters the out-of-step running status; and otherwise, the slave processor resumes operation and obtains the instruction and data of the read operation request from the read operation storage area.
10. The dual-core lockstep fault-tolerant processor DPA attack prevention system according to claim 8, wherein in the out-of-step operation stage, when a FIFO in the read operation storage area is full or when the main processor performs a write operation, the main processor performs a delay operation until the write operation is performed from the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010376980.0A CN111581676B (en) | 2020-05-07 | 2020-05-07 | Processor DPA attack resisting system under double-core lock step fault tolerance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010376980.0A CN111581676B (en) | 2020-05-07 | 2020-05-07 | Processor DPA attack resisting system under double-core lock step fault tolerance |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111581676A true CN111581676A (en) | 2020-08-25 |
| CN111581676B CN111581676B (en) | 2023-05-23 |
Family
ID=72126288
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010376980.0A Active CN111581676B (en) | 2020-05-07 | 2020-05-07 | Processor DPA attack resisting system under double-core lock step fault tolerance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111581676B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020059424A1 (en) * | 2000-09-25 | 2002-05-16 | Ferguson Jc | Flow scheduling for network application apparatus |
| US20030229741A1 (en) * | 2002-06-10 | 2003-12-11 | Stuber Russell B. | Dynamic command buffer for a slave device on a data bus |
| WO2018090931A1 (en) * | 2016-11-15 | 2018-05-24 | 华为技术有限公司 | Security system and terminal chip |
| CN111046381A (en) * | 2019-12-27 | 2020-04-21 | 南方电网科学研究院有限责任公司 | Embedded CPU anti-differential power consumption analysis device and method |
-
2020
- 2020-05-07 CN CN202010376980.0A patent/CN111581676B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020059424A1 (en) * | 2000-09-25 | 2002-05-16 | Ferguson Jc | Flow scheduling for network application apparatus |
| US20030229741A1 (en) * | 2002-06-10 | 2003-12-11 | Stuber Russell B. | Dynamic command buffer for a slave device on a data bus |
| WO2018090931A1 (en) * | 2016-11-15 | 2018-05-24 | 华为技术有限公司 | Security system and terminal chip |
| CN111046381A (en) * | 2019-12-27 | 2020-04-21 | 南方电网科学研究院有限责任公司 | Embedded CPU anti-differential power consumption analysis device and method |
Non-Patent Citations (2)
| Title |
|---|
| YINGXI LU,ET.AL: "Evaluation of Random Delay Insertion against DPA on FPGAs" * |
| 李红;贺章擎;徐元中;: "一种基于随机指令延迟的抗旁路攻击处理器结构" * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111581676B (en) | 2023-05-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11216556B2 (en) | Side channel attack prevention by maintaining architectural state consistency | |
| KR102408053B1 (en) | System on chip, mobile terminal, and method for operating the system on chip | |
| Stefan et al. | Eliminating cache-based timing attacks with instruction-based scheduling | |
| JP2006164277A (en) | Device and method for removing error in processor, and processor | |
| Lee et al. | A recovery cache for the PDP-11 | |
| US20140223229A1 (en) | Data processing apparatus and method for analysing transient faults occurring within storage elements of the data processing apparatus | |
| CN111581003B (en) | Full-hardware dual-core lock-step processor fault-tolerant system | |
| KR20080068710A (en) | Apparatus and method for eliminating errors in a system having at least two execution units with registers | |
| JP2002041489A (en) | Synchronizing signal generation circuit, processor system using the same and synchronizing signal generating method | |
| US20210342234A1 (en) | Error recovery method and apparatus | |
| US11593241B2 (en) | Processor with debug pipeline | |
| CN103226499B (en) | A kind of method of the abnormal data recovered in internal storage and device | |
| WO2015127772A1 (en) | Key protecting method and apparatus | |
| US10915402B2 (en) | Software fault monitoring | |
| TW201835765A (en) | Deadlock detector, system including the same and method thereof | |
| US10303566B2 (en) | Apparatus and method for checking output data during redundant execution of instructions | |
| Palmer et al. | Semantics driven dynamic partial-order reduction of MPI-based parallel programs | |
| CN111581676B (en) | Processor DPA attack resisting system under double-core lock step fault tolerance | |
| US10769038B2 (en) | Counter circuitry and methods including a master counter providing initialization data and fault detection data and wherein a threshold count difference of a fault detection count is dependent upon the fault detection data | |
| Zhang et al. | A structural approach to prophecy variables | |
| Zhang et al. | Intermittent computing with efficient state backup by asynchronous dma | |
| CN114238035B (en) | Method and system for error detection through running state fingerprint | |
| CN112905995B (en) | Method and system for detecting abnormal behaviors of register group in processor in real time | |
| CN114610519A (en) | Real-time recovery method and system for abnormal errors of processor register set | |
| JPH08137751A (en) | Processor device and its control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210419 Address after: 310013 No. 866 Tong Road, Xihu District, Zhejiang, Hangzhou, Yuhang Applicant after: ZHEJIANG University Applicant after: ELECTRIC POWER Research Institute CHINA SOUTHERN POWER GRID Address before: 310013 No. 866 Tong Road, Xihu District, Zhejiang, Hangzhou, Yuhang Applicant before: ZHEJIANG University |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |