CN112114248A - Chip security simulation analysis method and device for preventing differential time attack - Google Patents
Chip security simulation analysis method and device for preventing differential time attack Download PDFInfo
- Publication number
- CN112114248A CN112114248A CN202011097214.7A CN202011097214A CN112114248A CN 112114248 A CN112114248 A CN 112114248A CN 202011097214 A CN202011097214 A CN 202011097214A CN 112114248 A CN112114248 A CN 112114248A
- Authority
- CN
- China
- Prior art keywords
- key
- information
- unit
- test
- signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01R—MEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
- G01R31/00—Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
- G01R31/28—Testing of electronic circuits, e.g. by signal tracer
- G01R31/317—Testing of digital circuits
- G01R31/31706—Testing of digital circuits involving differential digital signals, e.g. testing differential signal circuits, using differential signals for testing
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01R—MEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
- G01R31/00—Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
- G01R31/28—Testing of electronic circuits, e.g. by signal tracer
- G01R31/317—Testing of digital circuits
- G01R31/3181—Functional testing
- G01R31/3183—Generation of test inputs, e.g. test vectors, patterns or sequences
- G01R31/318307—Generation of test inputs, e.g. test vectors, patterns or sequences computer-aided, e.g. automatic test program generator [ATPG], program translations, test program debugging
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01R—MEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
- G01R31/00—Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
- G01R31/28—Testing of electronic circuits, e.g. by signal tracer
- G01R31/317—Testing of digital circuits
- G01R31/3181—Functional testing
- G01R31/319—Tester hardware, i.e. output processing circuits
- G01R31/31917—Stimuli generation or application of test patterns to the device under test [DUT]
- G01R31/31919—Storing and outputting test patterns
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a chip security simulation analysis method and a chip security simulation analysis device for preventing differential time attack, wherein the device comprises the following steps: the key information storage unit is used for storing the key signals and path information corresponding to the key signals; the simulation circuit unit is used for receiving the test excitation information to perform multiple simulation tests; the key signal monitoring unit is used for monitoring the key signals according to the path information corresponding to the key signals during each simulation test and recording the current timestamp information when the key signals change; and the differential time analysis unit is used for acquiring the operation time value corresponding to the key signal in the current simulation test and the operation time value corresponding to the key signal in the last simulation test, calculating the difference value of the two values to obtain the key signal differential time, analyzing whether the differential time of each key signal is correlated or not, and sending prompt information if the differential time of each key signal is correlated. By the scheme, the chip can automatically complete differential time attack analysis.
Description
Technical Field
The invention relates to the field of chip circuit design, in particular to a chip security simulation analysis method and device for preventing differential time attack.
Background
SSD data storage has gradually become the primary storage medium for consumer device data storage and cloud storage. For SSD data storage, data error correction is of great importance, particularly for personal critical data and government agency related data. The SSD master control chip is used as the brain of the SSD storage device, and the safety performance of the SSD master control chip directly determines the final overall safety performance of the SSD hard disk.
Side channel attacks, in which differential time attacks are again the most common one, are the main hacking means. And a hacker deduces the operation content of the chip by analyzing the operation time information of the main control chip when the key information is operated. The differential analysis calculation is to count the values of the data operation time of two times, then to perform differential subtraction operation to obtain a differential value which has a positive sign and a negative sign, and then to analyze the differential value and find out a correlation rule from the differential value, thereby realizing the deciphering of the key data.
In the prior art, a plurality of algorithms and methods for defending differential time attacks exist, but the detailed verification is performed after the chip is designed. Therefore, it is very meaningful to design a verification simulation platform capable of rapidly preventing time attack.
Disclosure of Invention
Therefore, a technical scheme of chip security simulation analysis for preventing differential time attack is required to be provided, so as to solve the problem that simulation defense cannot be performed against differential time attack in the chip design process.
In order to achieve the above object, a first aspect of the present invention provides a chip security simulation analysis apparatus for preventing differential time attack, the apparatus comprising:
the key information storage unit is used for storing the key signals and path information corresponding to the key signals;
the simulation circuit unit is used for receiving the test excitation information to perform multiple simulation tests; the excitation information corresponding to each simulation test comprises the key signal;
the key signal monitoring unit is used for monitoring the key signals according to the path information corresponding to the key signals during each simulation test and recording the current timestamp information when the key signals change;
the operation time analysis unit is used for calculating operation time values corresponding to the key signals, and the operation time values refer to the difference values of timestamp information of the current key signal changing and timestamp information of the key signal changing last time;
and the differential time analysis unit is used for acquiring the operation time value corresponding to the key signal in the current simulation test and the operation time value corresponding to the key signal in the last simulation test, calculating the difference value of the two values to obtain the key signal differential time, analyzing whether the differential time of each key signal is correlated or not, and sending prompt information if the differential time of each key signal is correlated.
Further, the apparatus comprises:
the operation time storage unit is used for storing the operation time value corresponding to the key signal in the last simulation test;
the signal waveform storage unit is used for storing the values of all key signals when the operation time value is recorded during the last simulation test;
and the differential time analysis unit is used for generating an analysis result data table according to the operation time value corresponding to the key signal in the current simulation test, the operation time value corresponding to the key signal in the last simulation test, the values of the key signals in the operation time value recorded in the last simulation test and the values of the key signals in the operation time value recorded in the current simulation test.
Further, the apparatus further comprises:
and the drawing unit is used for generating a corresponding curve graph according to the analysis result data table.
Further, the key signal monitoring unit includes a marker insertion unit;
the mark insertion unit is used for setting a mark signal, inserting the mark signal into the path information corresponding to the key signal, and recording the current timestamp information when the value of the mark signal changes; the value of the marker signal is equal to the value of the key signal in real time;
the operation time analysis unit is used for extracting the marking signals and determining operation time values corresponding to the key signals according to the timestamp information of the marking signals.
Further, the variations of the key signal include a plurality of different variation types;
the operation time analysis unit is used for calculating the time difference value of each identical key signal during the current simulation test and the last simulation test, so as to obtain the operation time difference value of each variable type of key signal;
and when the difference between the corresponding operation time difference value of a certain change type and the operation time difference values of other change types is larger than a preset error, judging that the key signal is associated with the operation time value of the change type.
Further, the key information includes test key information; the device comprises:
a key generation unit for generating the test key information;
the key recording unit is used for storing the test key information;
and the operation time analysis unit is used for acquiring the test key information and judging whether the operation time values of the test key information are related or not.
Further, the key generation unit includes:
the source data storage unit is used for storing encrypted source data, and the source data comprises a source key and a hierarchical encryption and decryption algorithm;
the source data decryption unit is used for acquiring and decrypting the encrypted source data to obtain a decrypted source key and a decrypted hierarchical encryption and decryption algorithm, sending the decrypted source key to the root key operation unit, and storing the decrypted hierarchical encryption and decryption algorithm in the algorithm information storage unit;
a hierarchy information storage unit for storing hierarchy key information and user identification information;
a root key operation unit, configured to obtain the user identification information and the decrypted source key, and perform hash operation on the user identification information according to the decrypted source key to obtain root key information;
and the hierarchical operation decryption unit is used for acquiring the hierarchical key encryption and decryption algorithm, the hierarchical key information and the root key information, and decrypting the hierarchical key information by applying the root key information through the hierarchical key encryption and decryption algorithm to obtain the test key information.
Further, the hierarchy information storage unit is further configured to store handshake request information and handshake response information;
the key generation unit includes:
the handshake decryption operation circuit is used for decrypting the test key information by adopting the test key information to obtain handshake encryption key information;
the handshake encryption operation circuit is used for receiving the handshake request information and encrypting the handshake request information by adopting the handshake encryption key information to obtain handshake encryption information;
the handshake information checking circuit is used for acquiring the handshake response information and the handshake encryption information, judging whether the handshake response information and the handshake encryption information are matched, and if the handshake response information and the handshake encryption information are matched, passing the checking and storing the test key information in the key recording unit; otherwise, the verification is not passed, and the test key information is not stored in the key recording unit.
The second aspect of the present invention further provides a chip security simulation analysis method for preventing differential time attack, where the method is applied to the apparatus according to the first aspect of the present application, and the method includes the following steps:
the key information storage unit stores the key signals and path information corresponding to the key signals;
the simulation circuit unit receives the test excitation information to carry out multiple simulation tests; the excitation information corresponding to each simulation test comprises the key signal;
the method comprises the following steps that a key signal monitoring unit monitors a key signal according to path information corresponding to the key signal during each simulation test, and records current timestamp information when the key signal changes;
the operation time analysis unit calculates operation time values corresponding to the key signals, wherein the operation time values refer to the difference value between timestamp information of the current key signal changing and timestamp information of the key signal changing last time;
the differential time analysis unit acquires an operation time value corresponding to the key signal in the current simulation test and an operation time value corresponding to the key signal in the last simulation test, calculates the difference value of the two values to obtain the key signal differential time, analyzes whether the differential time of each key signal is correlated or not, and sends prompt information if the differential time of each key signal is correlated.
Further, the key signal includes test key information, the test key information is generated by a key generation unit, and the key generation unit includes a source data storage unit, a source data decryption unit, a hierarchy information storage unit, a root key operation unit, and a hierarchy operation decryption unit;
the method comprises the following steps:
the source data storage unit stores encrypted source data, wherein the source data comprises a source key and a hierarchical encryption and decryption algorithm;
the source data decryption unit obtains the encrypted source data for decryption to obtain a decrypted source key and a decrypted hierarchical encryption and decryption algorithm, sends the decrypted source key to the root key operation unit, and stores the decrypted hierarchical encryption and decryption algorithm in the algorithm information storage unit;
a hierarchy information storage unit stores hierarchy key information and user identification information;
a root key operation unit acquires the user identification information and the decrypted source key, and performs hash operation on the user identification information according to the decrypted source key to obtain root key information;
and the hierarchical operation decryption unit acquires the hierarchical key encryption and decryption algorithm, the hierarchical key information and the root key information, and decrypts the hierarchical key information by applying the root key information through the hierarchical key encryption and decryption algorithm to obtain the test key information.
Different from the prior art, the chip security simulation analysis method and device for preventing differential time attack in the technical scheme comprise: the key information storage unit is used for storing the key signals and path information corresponding to the key signals; the simulation circuit unit is used for receiving the test excitation information to perform multiple simulation tests; the key signal monitoring unit is used for monitoring the key signals according to the path information corresponding to the key signals during each simulation test and recording the current timestamp information when the key signals change; the operation time analysis unit is used for calculating operation time values corresponding to the key signals; and the differential time analysis unit is used for acquiring the operation time value corresponding to the key signal in the current simulation test and the operation time value corresponding to the key signal in the last simulation test, calculating the difference value of the two values to obtain the key signal differential time, analyzing whether the differential time of each key signal is correlated or not, and sending prompt information if the differential time of each key signal is correlated. By the scheme, the safety simulation test of the chip can be simulated in the chip design stage, and the differential time attack analysis can be automatically completed.
Drawings
Fig. 1 is a schematic diagram of a chip security simulation analysis apparatus for preventing differential time attack according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a chip security simulation analysis apparatus for preventing differential time attack according to another embodiment of the present invention;
FIG. 3 is a schematic diagram of a key generation unit according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a key generation unit according to another embodiment of the present invention;
fig. 5 is a flowchart of a chip security simulation analysis method for preventing differential time attack according to an embodiment of the present invention;
fig. 6 is a flowchart of a chip security simulation analysis method for preventing differential time attack according to another embodiment of the present invention;
FIG. 7 is a pictorial representation of a drawing unit according to an embodiment of the present invention.
Description of reference numerals:
101. a key information storage unit;
102. a simulation circuit unit;
103. a key signal monitoring unit; 201. a marker insertion unit;
104. an operation time analysis unit;
105. a random number generation unit;
106. a simulation excitation generating unit;
107. a drawing unit;
108. a key generation unit;
109. a key recording unit;
110. a differential time analysis unit;
111. an operation time storage unit;
112. a signal waveform storage unit;
301. a source data storage unit;
302. a source data decryption unit;
303. an algorithm information storage unit;
304. a hierarchy information storage unit;
305. a root key operation unit;
306. a hierarchical decryption operation unit; 3061. a first-level decryption operation unit; 3062. a secondary decryption operation unit; 3063. a third-level decryption operation unit;
307. a handshake decryption operational circuit; 3071. a first-stage handshake decryption operation circuit; 3072. a second-stage handshake decryption operation circuit; 3073. a three-stage handshake decryption operation circuit;
308. a handshake encryption arithmetic circuit; 3081. a first-stage handshake encryption operation circuit; 3082. a second-stage handshake encryption operation circuit; 3083. a three-stage handshake encryption operation circuit;
309. a handshake information check circuit;
310. a key selection unit;
311. an algorithm selection unit; 3111. a first-level algorithm selection unit; 3112. a secondary algorithm selection unit; 3113. and a three-level algorithm selection unit.
Detailed Description
To explain technical contents, structural features, and objects and effects of the technical solutions in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
As shown in fig. 1, a first aspect of the present invention provides a chip security simulation analysis apparatus for preventing differential time attacks, where the apparatus includes:
the key information storage unit 101 is configured to store a key signal and path information corresponding to the key signal. The key signal refers to data to be monitored safely, and for a computer, the key signal is generally a string of machine codes composed of "0" or "1", and may be key information or security data with strong importance. The path information refers to a set of executable paths of the key signals, and the change condition of the key signals can be detected in time by selecting a proper test case, so as to be collected and analyzed.
In this embodiment, the key signal and the path information corresponding to the key signal may be obtained by: before the simulation test is started, firstly, an RTL test design is completed on a main control chip to be tested, a circuit to be tested of the RTL design is used as an input file to enable a simulation analysis platform to start working, and key signals in the RTL design and path information corresponding to the signals are written into a key information storage unit.
The simulation circuit unit 102 is used for receiving test excitation information to perform simulation test; the test stimulus information includes the key signal. The test stimulus information refers to a test case, which refers to a set of test inputs, execution conditions, and expected results compiled for a particular target to verify whether a particular software requirement is met. The simulation circuit unit 102 may be implemented by a simulation circuit tool, such as a VCS simulation tool and a modelsim simulation tool.
And the key signal monitoring unit 103 is configured to monitor the key signal according to the path information corresponding to the key signal during each simulation test, and record current timestamp information when the key signal changes. When the key signals are executed according to the corresponding path information, if the numerical value of the key signals changes (such as changing from '0' to '1' or changing from '1' to '0'), current timestamp information is recorded at the moment, and the relevance of the key signals on each type of change can be analyzed by screening the timestamp information of the key signal change for analysis at the later stage, so that whether the key signals are attacked at present can be judged.
And the operation time analysis unit 104 is configured to calculate an operation time value corresponding to each key signal, where the operation time value is a time span of the key signal in a change time zone, and the change time zone is a difference time zone between timestamp information of a current change of the key signal and timestamp information of a last change of the key signal.
The differential time analysis unit 110 is configured to obtain an operation time value corresponding to a key signal during the current simulation test and an operation time value corresponding to the key signal during the last simulation test, calculate a difference between the two values, obtain a key signal differential time, analyze whether the differential time of each key signal is associated, and send a prompt message if the differential time of each key signal is associated.
For example, when the difference between the operation time value corresponding to the key signal in the current simulation test and the operation time value corresponding to the key signal in the last simulation test, which is calculated by the difference time analysis unit 110, is significantly higher or lower than the difference corresponding to other variation types, it may be determined that the key signal has a correlation in the variation type, that is, the key signal has a possibility of being attacked in the simulation process, and then the difference time values of the variation type are uniformly recorded for further analysis by a technician.
By the scheme, the safety simulation test of the chip can be simulated at the early stage of chip design, specifically, the performance of the main control chip is detected through various test cases, and the detection mainly comprises the differential time detection of key signal change, so that a hacker can effectively early warn in a time attack mode, and the analysis efficiency is greatly improved.
As shown in fig. 2, the key signal monitoring unit 103 includes a marker inserting unit 201. The marker inserting unit 201 is configured to set a marker signal, insert the marker signal into path information corresponding to the key signal, and record current timestamp information when a value of the marker signal changes; the value of the marker signal is equal to the value of the key signal in real time; the computation time analysis unit 104 is configured to extract the tag signals, and determine a computation time value corresponding to the key signal according to timestamp information of each tag signal.
In practical applications, the critical signal monitoring unit 103 adds a monitoring component of the critical signal, such as the critical signal a with path _ x, to the verification platform of the circuit simulation (i.e. the aforementioned "simulation circuit unit"), according to the current location of the critical signal, and the monitoring component may be configured to:
wait(path_x.a==1’b1)$display_time;
this allows the critical signal a in path _ x to print the current emulation time at a value of 1. Of course, the determination condition in the path information may be changed to (path _ x.a ═ 0' b1) $ display _ time, which indicates that the current simulation time is printed when the value of the key signal a is 0.
Then, the tag insertion unit 201 is responsible for performing time tag insertion on the key signal, and the specific component configuration is as follows:
wait(path_x.a==1’b1)set flag_a=1’b1;
this allows a of path _ x to mark the identification signal a as 1 if a has a value of 1, i.e. the value of the mark signal equals the value of the key signal in real time. After the excitation information to be tested is traversed, the values of all the marker signals are searched and called, and the change conditions of the values of all the key signals can be clearly obtained.
In certain embodiments, the apparatus further comprises:
a random number generation unit 105 for generating a random number. Preferably, the random number generating unit generates a random number at regular intervals, and the generated random number is random, so that the excitation generated by the simulation excitation generating unit is completely random.
And the simulation excitation generating unit 106 is configured to generate test excitation information according to the random number generated by the random number generating unit, and transmit the test excitation information to the simulation circuit unit. The random number is used as an influence factor influencing the generation of the test excitation information, and the randomness of the generation of the test excitation information can be ensured, so that the operation process of the main control chip under each application scene is simulated and simulated. In order to ensure that the test stimulus information covers all possible situations as much as possible, the number of random numbers generated by the random number generation unit 105 is also sufficiently large (exceeding a preset number) in the present embodiment.
In certain embodiments, the apparatus further comprises:
an operation time storage unit 104, configured to store an operation time value corresponding to the key signal during the last simulation test;
a signal waveform storage unit 112, configured to store values of each key signal when the operation time value is recorded during a last simulation test;
the differential time analysis unit 110 is configured to generate an analysis result data table according to the obtained operation time value corresponding to the key signal during the current simulation test, the obtained operation time value corresponding to the key signal during the last simulation test, and the obtained values of the key signals during the operation time value recorded during the last simulation test and the obtained values of the key signals during the operation time value recorded during the current simulation test.
In certain embodiments, the apparatus further comprises: and the drawing unit 107 is used for generating a corresponding graph according to the analysis result data table. Therefore, a tester can visually see whether the operation time of each current key signal has relevance through the generated chart, and further analyze whether the current circuit has the possibility of being attacked by time when the operation time of each key signal has relevance, so that the test analysis efficiency is effectively improved.
For example, the key information is test key information, the test key information is a numerical value of 8 bits, and the operation time value of each bit in the change time zone corresponding to each bit in the 2-time simulation test process is shown in the following table:
| |
0 | 1 | 0 | 1 | 1 | 0 | 0 | 1 |
| Time (ms) | 3.9 | 8 | 3 | 8.5 | 7.8 | 3.2 | 2.5 | 9 |
TABLE 1
| |
1 | 1 | 0 | 0 | 1 | 0 | 0 | 1 |
| Time (ms) | 8.6 | 8.1 | 2.9 | 3 | 8 | 3 | 2.7 | 8.5 |
TABLE 2
| Key change | 0->1 | 1->1 | 0->0 | 1->0 | 1->1 | 0->0 | 0->0 | 1->1 |
| Differential time (ms) | 4.7 | 0.1 | -0.1 | -5.5 | 0.2 | -0.2 | 0.2 | -0.5 |
TABLE 3
Table 1 shows the operation time value of the test key information on each bit during the first simulation test, table 2 shows the operation time value of the test key information on each bit during the second simulation test, and table 3 shows the difference between the operation time value of the first simulation test and the operation time value of the second simulation test. As can be seen from table 3, when the variation type of the bits of the key information is 0 to 1 or 0 to 1, the corresponding delta time is significantly higher than that of other variation types (e.g., 1 to 1 or 0 to 0). Therefore, the testing key information can be judged to be associated when the change type 0 is changed into 1, and a tester can further analyze the possibility that the current main control chip is attacked by the differential time.
In order to enable the tester to obtain the simulation result more intuitively, as shown in fig. 7, a polygonal line change diagram is generated according to each Bit value of the key information in the current simulation process recorded in table 3 and the difference time (i.e., the difference time in fig. 7) of the corresponding bits, the horizontal axis in fig. 7 represents the type change of the key signal, and the vertical axis represents the corresponding difference time. From fig. 7, it can be seen that whether the change of the key value is linearly related to the time or not can be seen visually, and if there is a correlation, it is indicated that the current chip to be tested is easy to find a rule by a hacker during the operation process, so as to crack the security information, and the tester can further optimize the related design to improve the overall security performance of the chip.
Preferably, the variations in the key signal comprise a plurality of different variation types. The operation time analysis unit is used for calculating the time difference value of each identical key signal during the current simulation test and the last simulation test, so as to obtain the operation time difference value of each variable type of key signal; and when the difference between the corresponding operation time difference value of a certain change type and the operation time difference values of other change types is larger than a preset error, judging that the key signal is associated with the operation time value of the change type.
For example, the preset error may be set to be 30% of the ratio of the average value of the operation time difference of a certain variation type to the average value of the operation time difference of other variation types, taking the data in table 3 as an example, when the key value in table 3 is in the variation type of 0 to 1 (or 1 to 0), the difference time is about 5mS, while the average difference time of the key value in other types is only about 0.2mS, and the ratio between the two is 2500% different, that is, far greater than the preset error, so that it can be assumed that when the variation type is in the variation type of 1 to 0 (or 0 to 1), the key signal has significant correlation on the variation types. Of course, the preset error can be set according to actual needs, for example, the difference between the difference values of the two operation time of the variation type is set to be within 2ms, or the ratio between the two operation time of the variation type is set to be below 50%, and the like.
In some embodiments, the key information includes test key information; the device comprises:
a key generation unit 108 for generating the test key information;
a key recording unit 109 for storing the test key information;
and an operation time analysis unit 104, configured to obtain the test key information, and determine whether an operation time value of each test key information is associated.
The key information is used as a tool for encrypting and decrypting data and is a key ring for chip security simulation. Therefore, in the embodiment, besides monitoring some key data, key monitoring is also performed on the change of the key information, so that the testing personnel can timely monitor the key when the key is possibly attacked by time. The specific method is that the operation time value of each test key information is also monitored, and when the operation time value of a certain type of key information is judged to be associated, prompt information is output. The prompt message comprises one or more of sound prompt message, image prompt message, light prompt message and video prompt message.
In order to further improve the security of the key information used by the chip in the operation process, the application designs a special key generation unit 108 to generate the key information required by the operation. As shown in fig. 3, the key generation unit 108 according to the present application includes:
a source data storage unit 301, configured to store encrypted source data, where the source data includes a source key and a hierarchical encryption/decryption algorithm. In this embodiment, the source data storage unit 301 is an OTP storage unit (i.e., a one-time programmable unit), so that source data can be effectively prevented from being tampered. In order to prevent a hacker from directly obtaining the source data from the source data storage unit 301, in the present application, the source data is encrypted and then stored in the OTP storage unit, and an initial key used for encryption may be stored in another storage unit, so as to improve the security of storing the source data. The hierarchical encryption and decryption algorithm is an algorithm selected when data encryption and decryption are performed subsequently, and specifically may include any one or more of an aes algorithm, a tdes algorithm, and an sm4 algorithm.
A source data decrypting unit 302, configured to obtain the encrypted source data, decrypt the encrypted source data to obtain a decrypted source key and a decrypted hierarchical encryption/decryption algorithm, send the decrypted source key to a root key computing unit, and store the decrypted hierarchical key encryption/decryption algorithm in an algorithm information storage unit 303.
A hierarchy information storage unit 304 for storing hierarchy key information and user identification information.
A root key operation unit 305, configured to obtain the user identifier information and the decrypted source key, and perform a hash operation on the user identifier information according to the decrypted source key to obtain root key information. Because the root key information is obtained by carrying out hash operation on the user identification information through the decrypted source key, the bit number of the source key and the generated root key can be kept consistent, and simultaneously, the adopted keys are different after the chip receives login of different users, so that the safety is further improved. The user identification information is an ID for distinguishing different users, and may be a string of characters, for example.
A hierarchical decryption operation unit 306, configured to obtain the hierarchical key encryption and decryption algorithm, the hierarchical key information, and the root key information, and decrypt the hierarchical key information by using the hierarchical key encryption and decryption algorithm and applying the root key information to obtain the test key information. Thus, the decryption algorithm in the test key information generation process is derived from the hierarchical key encryption/decryption algorithm in the algorithm information storage unit 303, and is screened by the algorithm selection unit 311. The decrypted object is hierarchical key information, the decrypted key is root key information, and the three are respectively from different units, so that the safety of the generated test key information is further improved.
In order to prevent the test key information from being intercepted and tampered during the generation process, in this embodiment, the hierarchical information storage unit is further configured to store handshake request information and handshake response information, and the key generation unit 108 includes:
and a handshake decryption operation circuit 307, configured to decrypt the test key information by using the test key information to obtain handshake encryption key information. The test key information is easy to intercept or tamper in the transmission process, but the difficulty of reverse cracking of a hacker is exponentially increased after the test key information is decrypted by the test key information, so that the test key information is decrypted by the test key information before data verification is carried out, and handshake encryption key information is obtained.
And the handshake encryption operation circuit 308 is configured to receive the handshake request information, and encrypt the handshake request information by using the handshake encryption key information to obtain handshake encryption information. Handshake request information, which refers to information to be verified and is encrypted by handshake encryption key information, may be stored in the handshake information storage unit 304 in advance, so as to obtain handshake encryption information.
A handshake information check circuit 309, configured to obtain the handshake response information and the handshake encryption information, determine whether the handshake response information and the handshake encryption information are matched, and if yes, pass the check, and store the test key information in the key recording unit; otherwise, the verification is not passed, and the test key information is not stored in the key recording unit. The handshake response information refers to check standard information which is pre-stored in the handshake information storage unit 304 and is obtained by encrypting the handshake request information. By comparing the handshake response information with the handshake encryption information, whether the current test key information is tampered or not can be deduced, and if the two are matched, the test key information can be output.
As shown in fig. 4, in order to use functions with different permissions when different users use the chip to be tested, in this embodiment, different levels may also be set for the key information when different users use the chip to be tested, that is, the key generation unit may generate the key information to be tested at corresponding levels according to the security levels of the users, and the higher the level is, the higher the security of the key information to be tested is.
Taking the key level as three security levels as an example, the apparatus includes a key selection unit 310. The decryption operation unit includes a primary decryption operation unit 3061, a secondary decryption operation unit 3062, and a tertiary decryption operation unit 3063. The handshake decryption operation circuit comprises a first-stage handshake decryption operation circuit 3071, a second-stage handshake decryption operation circuit 3072 and a third-stage handshake decryption operation circuit 3073. The handshake encryption operation circuit comprises a first-stage handshake encryption operation circuit 3081, a second-stage handshake encryption operation circuit 3082 and a third-stage handshake encryption operation circuit 3083. The algorithm information storage unit 303 is provided with a plurality of encryption and decryption algorithms, including a first-level encryption and decryption algorithm, a second-level encryption and decryption algorithm, and a third-level encryption and decryption algorithm, and sequentially selects the algorithms through a first-level algorithm selection unit 3111, a second-level algorithm selection unit 3112, and a third-level algorithm selection unit 3113. The hierarchical key information includes a first layer source key, a second layer source key, and a third layer source key.
The key generation unit 108 described in fig. 4 operates as follows: the key generation unit 108 obtains the current user level, and outputs the test key matched with the user level to the key recording unit 109 through the key selection unit 310, and if the user level has three levels, the key selection unit 310 sequentially selects a primary key, a secondary key, and a tertiary key for output, where the security level of the tertiary key is greater than that of the secondary key, and the security level of the secondary key is greater than that of the primary key.
The primary key is generated as follows:
the source data decryption unit 302 obtains the encrypted source key and the hierarchical encryption/decryption algorithm in the source data storage unit 301 for decryption, obtains a decrypted source key and a hierarchical encryption/decryption algorithm, sends the decrypted source key to the root key operation unit 305, and stores the decrypted hierarchical key encryption/decryption algorithm in the algorithm information storage unit 303. And the root key operation unit acquires the user identification information and the decrypted source key, and performs hash operation on the user identification information according to the decrypted source key to obtain root key information.
The next-level decryption operation unit 3061 receives the first-level source key of the level information storage unit 304, and the first-level algorithm selection unit 3111 selects the first-level key encryption and decryption algorithm to the first-level decryption operation unit 3061, so that the first-level decryption operation unit 3061 decrypts the first-level source key by applying the root key information through the first-level key encryption and decryption algorithm to obtain the first-level key. If the security level of the current user is one level, the key selection unit 310 may select the one level key output.
Before output, in order to prevent the first-level key from being tampered in the transmission process, the generated first-level key needs to be verified, specifically, the first-level key is encrypted once by using the first-level key through the first-level handshake decryption operation circuit 3071, so that first-level handshake encryption key information is obtained. And then, the first-level handshake request data transmitted by the hierarchical information storage unit 304 is received through the first-level handshake encryption operation circuit 3081, and the first-level handshake request data is encrypted by using the first-level handshake encryption key information, so as to obtain first-level handshake encryption information. And then, receiving the first layer handshake response data transmitted by the hierarchical information storage unit 304, comparing the first layer handshake response data with the first layer handshake encryption information, and if the first layer handshake response data and the first layer handshake encryption information are matched, indicating that the first-level key is not tampered, outputting the first layer handshake response data through the key selection unit 310, otherwise, sending a prompt message.
The secondary key is generated as follows:
the generation process of the secondary key is similar to that of the primary key, and the difference is that the primary key is used as an input parameter (equivalent to a root key input when the primary key is generated) for generating the secondary key, specifically, the secondary decryption operation unit 3062 receives the second-layer source key of the hierarchical information storage unit 304, and the secondary algorithm selection unit 3112 selects the secondary key encryption/decryption algorithm to the secondary decryption operation unit 3062, so that the secondary decryption operation unit 3062 applies the primary key to decrypt the second-layer source key by using the secondary key encryption/decryption algorithm, and a secondary key is obtained. If the security level of the current user is secondary, key selection unit 310 may select the secondary key output.
Before output, in order to prevent the second-level key from being tampered in the transmission process, the generated second-level key needs to be verified, specifically, the second-level key is encrypted once by using the second-level key through the second-level handshake decryption operation circuit 3072, so that the second-level handshake encryption key information is obtained. And then, the second-level handshake request data transmitted by the hierarchical information storage unit 304 is received through the second-level handshake encryption operation circuit 3082, and the second-level handshake request data is encrypted by using the second-level handshake encryption key information, so as to obtain second-level handshake encryption information. And then receiving second-layer handshake response data transmitted by the hierarchical information storage unit 304, comparing the second-layer handshake response data with the second-layer handshake encryption information, and if the two match, indicating that the secondary key is not tampered, outputting the second-layer handshake response data through the key selection unit 310, otherwise, sending a prompt message.
The generation process of the tertiary key is as follows:
the generation process of the third-level key is similar to that of the second-level key, and the difference is that the second-level key is used as an input parameter for generating the third-level key (equivalent to the first-level key input during generation of the second-level key), specifically, the third-level decryption operation unit 3063 receives the third-level source key of the hierarchical information storage unit 304, and the third-level algorithm selection unit 3113 selects the third-level key encryption/decryption algorithm to the third-level decryption operation unit 3062, so that the third-level decryption operation unit 3063 decrypts the third-level source key by using the second-level key using the third-level key encryption/decryption algorithm, and. If the security level of the current user is three levels, the key selection unit 310 may select the three levels of key outputs.
Before output, in order to prevent the third-level key from being tampered in the transmission process, the generated third-level key needs to be verified, specifically, the third-level key is encrypted once by using the third-level key through the third-level handshake decryption operation circuit 3073, so that the third-level handshake encryption key information is obtained. And then, the third-level handshake request data transmitted by the hierarchical information storage unit 304 is received through the three-level handshake encryption operation circuit 3083, and the third-level handshake request data is encrypted by using the three-level handshake encryption key information, so as to obtain third-level handshake encryption information. And then, receiving third-layer handshake response data transmitted by the hierarchical information storage unit 304, comparing the third-layer handshake response data with the third-layer handshake encryption information, and if the third-layer handshake response data and the third-layer handshake encryption information are matched, indicating that the third-layer key is not tampered, outputting the third-layer handshake response data through the key selection unit 310, otherwise, sending a prompt message.
Of course, in other embodiments, the number of the user levels may also be other numbers, such as two security levels or more than four security levels, and correspondingly, the hierarchy of the test key information may also be other numbers, which are specifically set according to actual needs. When the levels of the test key information are other numbers, the generation manner thereof can refer to the circuit application process shown in fig. 4, which is not described herein again.
As shown in fig. 5, the second aspect of the present application further provides a chip security simulation analysis method for preventing differential time attacks, where the method is applied to the apparatus according to the first aspect of the present application, and the method includes the following steps:
firstly, entering a step S501 that a key information storage unit stores key signals and path information corresponding to the key signals;
then, the simulation circuit unit receives the test excitation information to carry out multiple simulation tests in step S502; the test stimulus information includes the key signal. The test excitation information received by each simulation test may be the same or different, and preferably, the test excitation information received by each simulation test is different.
And then, in each simulation test, the key signal monitoring unit monitors the key signal according to the path information corresponding to the key signal, and records the current timestamp information when the key signal changes in the step S503.
And then, step S504 is performed to calculate an operation time value corresponding to each key signal, where the operation time value is a difference between timestamp information of a current key signal that changes and timestamp information of a previous key signal that changes.
And then, step S505 is carried out, wherein the differential time analysis unit acquires the operation time value corresponding to the key signal in the current simulation test and the operation time value corresponding to the key signal in the last simulation test, calculates the difference value of the two values to obtain the differential time of the key signal, analyzes whether the differential time of each key signal is correlated, and sends out prompt information if the differential time of each key signal is correlated.
In certain embodiments, the key signal includes test key information generated by a key generation unit including a source data storage unit, a source data decryption unit, a hierarchy information storage unit, a root key operation unit, and a hierarchy decryption operation unit.
As shown in fig. 6, the method comprises the steps of:
the method first proceeds to step S601, where the source data storage unit stores encrypted source data, where the source data includes a source key and a hierarchical encryption/decryption algorithm.
Then, in step S602, the source data decryption unit may obtain the encrypted source data for decryption, to obtain a decrypted source key and a decrypted hierarchical encryption/decryption algorithm, send the decrypted source key to the root key operation unit, and store the decrypted hierarchical key encryption/decryption algorithm in the algorithm information storage unit.
In parallel with step S601 and step S602, it may be proceeded to step S603 where the hierarchy information storage unit stores hierarchy key information and user identification information;
after step S602 and step S603, step S604 may be performed by the root key operation unit to obtain the user identifier information and the decrypted source key, and perform hash operation on the user identifier information according to the decrypted source key to obtain root key information.
After step S604, step S605 may be performed by the hierarchical decryption operation unit to obtain the hierarchical key encryption and decryption algorithm, the hierarchical key information, and the root key information, and the hierarchical key encryption and decryption algorithm is used to decrypt the hierarchical key information using the root key information, so as to obtain the test key information.
It should be noted that, although the above embodiments have been described herein, the invention is not limited thereto. Therefore, based on the innovative concepts of the present invention, the technical solutions of the present invention can be directly or indirectly applied to other related technical fields by making changes and modifications to the embodiments described herein, or by using equivalent structures or equivalent processes performed in the content of the present specification and the attached drawings, which are included in the scope of the present invention.
Claims (10)
1. A chip security simulation analysis device for preventing differential time attack, which is characterized by comprising:
the key information storage unit is used for storing the key signals and path information corresponding to the key signals;
the simulation circuit unit is used for receiving the test excitation information to perform multiple simulation tests; the excitation information corresponding to each simulation test comprises the key signal;
the key signal monitoring unit is used for monitoring the key signals according to the path information corresponding to the key signals during each simulation test and recording the current timestamp information when the key signals change;
the operation time analysis unit is used for calculating operation time values corresponding to the key signals, and the operation time values refer to the difference values of timestamp information of the current key signal changing and timestamp information of the key signal changing last time;
and the differential time analysis unit is used for acquiring the operation time value corresponding to the key signal in the current simulation test and the operation time value corresponding to the key signal in the last simulation test, calculating the difference value of the two values to obtain the key signal differential time, analyzing whether the differential time of each key signal is correlated or not, and sending prompt information if the differential time of each key signal is correlated.
2. The apparatus for chip security simulation analysis against differential time attacks according to claim 1, wherein the apparatus comprises:
the operation time storage unit is used for storing the operation time value corresponding to the key signal in the last simulation test;
the signal waveform storage unit is used for storing the values of all key signals when the operation time value is recorded during the last simulation test;
and the differential time analysis unit is used for generating an analysis result data table according to the operation time value corresponding to the key signal in the current simulation test, the operation time value corresponding to the key signal in the last simulation test, the values of the key signals in the operation time value recorded in the last simulation test and the values of the key signals in the operation time value recorded in the current simulation test.
3. The apparatus for chip security simulation analysis against differential time attacks according to claim 2, wherein the apparatus further comprises:
and the drawing unit is used for generating a corresponding curve graph according to the analysis result data table.
4. The apparatus for chip security simulation analysis against differential time attacks according to claim 1, wherein the key signal monitoring unit includes a marker insertion unit;
the mark insertion unit is used for setting a mark signal, inserting the mark signal into the path information corresponding to the key signal, and recording the current timestamp information when the value of the mark signal changes; the value of the marker signal is equal to the value of the key signal in real time;
the operation time analysis unit is used for extracting the marking signals and determining operation time values corresponding to the key signals according to the timestamp information of the marking signals.
5. The apparatus for chip security simulation analysis against differential time attacks according to claim 1, wherein the variation of the key signal comprises a plurality of different variation types;
the operation time analysis unit is used for calculating the time difference value of each identical key signal during the current simulation test and the last simulation test, so as to obtain the operation time difference value of each variable type of key signal;
and when the difference between the corresponding operation time difference value of a certain change type and the operation time difference values of other change types is larger than a preset error, judging that the key signal is associated with the operation time value of the change type.
6. The apparatus for chip security simulation analysis against differential time attacks according to claim 1, wherein the key information includes test key information; the device comprises:
a key generation unit for generating the test key information;
the key recording unit is used for storing the test key information;
and the operation time analysis unit is used for acquiring the test key information and judging whether the operation time values of the test key information are related or not.
7. The apparatus for chip security simulation analysis against differential time attacks according to claim 6, wherein the key generation unit comprises:
the source data storage unit is used for storing encrypted source data, and the source data comprises a source key and a hierarchical encryption and decryption algorithm;
the source data decryption unit is used for acquiring and decrypting the encrypted source data to obtain a decrypted source key and a decrypted hierarchical encryption and decryption algorithm, sending the decrypted source key to the root key operation unit, and storing the decrypted hierarchical encryption and decryption algorithm in the algorithm information storage unit;
a hierarchy information storage unit for storing hierarchy key information and user identification information;
a root key operation unit, configured to obtain the user identification information and the decrypted source key, and perform hash operation on the user identification information according to the decrypted source key to obtain root key information;
and the hierarchical operation decryption unit is used for acquiring the hierarchical key encryption and decryption algorithm, the hierarchical key information and the root key information, and decrypting the hierarchical key information by applying the root key information through the hierarchical key encryption and decryption algorithm to obtain the test key information.
8. The apparatus for chip security simulation analysis against differential time attacks according to claim 7, wherein the hierarchical information storage unit is further configured to store handshake request information and handshake response information;
the key generation unit includes:
the handshake decryption operation circuit is used for decrypting the test key information by adopting the test key information to obtain handshake encryption key information;
the handshake encryption operation circuit is used for receiving the handshake request information and encrypting the handshake request information by adopting the handshake encryption key information to obtain handshake encryption information;
the handshake information checking circuit is used for acquiring the handshake response information and the handshake encryption information, judging whether the handshake response information and the handshake encryption information are matched, and if the handshake response information and the handshake encryption information are matched, passing the checking and storing the test key information in the key recording unit; otherwise, the verification is not passed, and the test key information is not stored in the key recording unit.
9. A chip security simulation analysis method for preventing differential time attack, which is applied to the device according to any one of claims 1 to 8, and comprises the following steps:
the key information storage unit stores the key signals and path information corresponding to the key signals;
the simulation circuit unit receives the test excitation information to carry out multiple simulation tests; the excitation information corresponding to each simulation test comprises the key signal;
the method comprises the following steps that a key signal monitoring unit monitors a key signal according to path information corresponding to the key signal during each simulation test, and records current timestamp information when the key signal changes;
the operation time analysis unit calculates operation time values corresponding to the key signals, wherein the operation time values refer to the difference value between timestamp information of the current key signal changing and timestamp information of the key signal changing last time;
the differential time analysis unit acquires an operation time value corresponding to the key signal in the current simulation test and an operation time value corresponding to the key signal in the last simulation test, calculates the difference value of the two values to obtain the key signal differential time, analyzes whether the differential time of each key signal is correlated or not, and sends prompt information if the differential time of each key signal is correlated.
10. The method for chip security simulation analysis for preventing differential time attack according to claim 9, wherein the key signal includes test key information, the test key information is generated by a key generation unit, and the key generation unit includes a source data storage unit, a source data decryption unit, a hierarchical information storage unit, a root key operation unit, and a hierarchical operation decryption unit;
the method comprises the following steps:
the source data storage unit stores encrypted source data, wherein the source data comprises a source key and a hierarchical encryption and decryption algorithm;
the source data decryption unit obtains the encrypted source data for decryption to obtain a decrypted source key and a decrypted hierarchical encryption and decryption algorithm, sends the decrypted source key to the root key operation unit, and stores the decrypted hierarchical encryption and decryption algorithm in the algorithm information storage unit;
a hierarchy information storage unit stores hierarchy key information and user identification information;
a root key operation unit acquires the user identification information and the decrypted source key, and performs hash operation on the user identification information according to the decrypted source key to obtain root key information;
and the hierarchical operation decryption unit acquires the hierarchical key encryption and decryption algorithm, the hierarchical key information and the root key information, and decrypts the hierarchical key information by applying the root key information through the hierarchical key encryption and decryption algorithm to obtain the test key information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011097214.7A CN112114248A (en) | 2020-10-14 | 2020-10-14 | Chip security simulation analysis method and device for preventing differential time attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011097214.7A CN112114248A (en) | 2020-10-14 | 2020-10-14 | Chip security simulation analysis method and device for preventing differential time attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112114248A true CN112114248A (en) | 2020-12-22 |
Family
ID=73793901
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011097214.7A Pending CN112114248A (en) | 2020-10-14 | 2020-10-14 | Chip security simulation analysis method and device for preventing differential time attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112114248A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113359014A (en) * | 2021-08-11 | 2021-09-07 | 深圳英集芯科技股份有限公司 | Fool-proof method and system for chip test |
-
2020
- 2020-10-14 CN CN202011097214.7A patent/CN112114248A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113359014A (en) * | 2021-08-11 | 2021-09-07 | 深圳英集芯科技股份有限公司 | Fool-proof method and system for chip test |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chatzikonstantinou et al. | Evaluation of cryptography usage in android applications | |
| US10462170B1 (en) | Systems and methods for log and snort synchronized threat detection | |
| CN110011794B (en) | Cipher machine key attribute testing method | |
| Shafique et al. | Detecting the security level of various cryptosystems using machine learning models | |
| CN108199832B (en) | Detection method for CLOC authentication encryption algorithm to resist differential fault attack | |
| CN112115657A (en) | Chip security simulation analysis method and device for preventing single time attack | |
| WO2016083864A1 (en) | Methods for recovering secret data of a cryptographic device and for evaluating the security of such a device | |
| JP7040992B2 (en) | Vulnerability information generator and vulnerability evaluation device | |
| Hurley-Smith et al. | On the unbearable lightness of FIPS 140–2 randomness tests | |
| JP5413010B2 (en) | Analysis apparatus, analysis method, and program | |
| CN213028070U (en) | DPA attack prevention to-be-tested circuit safety simulation analysis device | |
| Camacho et al. | A cloud-oriented integrity verification system for audio forensics | |
| CN112134685B (en) | DPA attack-preventing circuit to be tested safety simulation analysis method and device | |
| CN213547530U (en) | SPA attack prevention to-be-detected circuit safety simulation analysis device | |
| CN112114248A (en) | Chip security simulation analysis method and device for preventing differential time attack | |
| CN112152780B (en) | SEMA attack-preventing circuit to be tested safety simulation analysis method and device | |
| Mather et al. | Pinpointing side-channel information leaks in web applications | |
| WO2016063512A1 (en) | Mac tag list generating apparatus, mac tag list verifying apparatus, mac tag list generating method, mac tag list verifying method and program recording medium | |
| CN104935783B (en) | A kind of safe active distorted image detection method and device | |
| CN213276647U (en) | Safety simulation analysis device for preventing time attack | |
| CN112532374A (en) | Method for detecting SILC authentication encryption algorithm to resist differential fault attack | |
| CN112104447B (en) | SPA attack-preventing circuit to be tested safety simulation analysis method and device | |
| CN112104448B (en) | DEMA attack prevention circuit to be tested safety simulation analysis method and device | |
| Craiger et al. | Law enforcement and digital evidence | |
| CN112511291A (en) | Method for detecting OCB authentication encryption algorithm to resist differential fault attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |