CN112149065A - Software defense fault injection method - Google Patents
Software defense fault injection method Download PDFInfo
- Publication number
- CN112149065A CN112149065A CN202010974976.4A CN202010974976A CN112149065A CN 112149065 A CN112149065 A CN 112149065A CN 202010974976 A CN202010974976 A CN 202010974976A CN 112149065 A CN112149065 A CN 112149065A
- Authority
- CN
- China
- Prior art keywords
- defense
- software
- value
- backup
- power
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000007123 defense Effects 0.000 title claims abstract description 26
- 238000002347 injection Methods 0.000 title claims abstract description 23
- 239000007924 injection Substances 0.000 title claims abstract description 23
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000012550 audit Methods 0.000 claims abstract description 37
- 230000007246 mechanism Effects 0.000 claims abstract description 16
- 238000011084 recovery Methods 0.000 claims abstract description 8
- 238000004904 shortening Methods 0.000 claims description 3
- 230000000873 masking effect Effects 0.000 claims 1
- 230000000694 effects Effects 0.000 description 7
- 238000013461 design Methods 0.000 description 5
- 238000001514 detection method Methods 0.000 description 4
- 238000003780 insertion Methods 0.000 description 4
- 230000037431 insertion Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000001052 transient effect Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 230000008260 defense mechanism Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method for software defense fault injection, which comprises the following steps: the method has the advantages that the starting position of the safety defense measures is covered by randomly executing a section of application normal command flow, the power consumption of the covered safety defense measures of random chip CPU instruction operation or current operation is accumulated on the actual safety defense operation executed by software, the effectiveness of the defense measure implementation is ensured by means of redundant storage of audit data, direct writing of the audit data into a destination address without using a power failure mechanism, and recovery through power-on recovery by means of larger values in the audit data and backup data. The software defense fault injection method provided by the invention can effectively defend against error injection and improve the safety defense capability of the product.
Description
Technical Field
The invention relates to the field of smart cards, in particular to a safety defense method for defending against error injection.
Background
With the successive entry of foreign clearing institutions into China and the successive issuance of overseas bank cards by domestic financial institutions, the security threats that may be faced by smart cards are increasing, and the cards must provide better security guarantees to avoid or reduce the loss caused by the security threats.
There are many kinds of security attacks against smart cards, and a fault injection attack is an attack that is relatively easy to operate. The fault injection is to intentionally interfere the execution process of storage and/or transaction of the smart card assets through ray/electromagnetic/optical devices and the like to generate faults, and the purpose of maliciously modifying expected assets is achieved through the occurrence of the faults.
The presence of an erroneous injection is monitored by the safety programming. Adding redundant design/redundant code execution to a critical asset of software, monitoring the security of the asset or code execution, and initiating an audit when the redundant design or redundant code execution is not as expected.
A method for monitoring the safety of asset or code execution is to add redundancy design to the asset storage or code execution, including but not limited to conditional branch multiple comparisons. After entering the correct branch, performing double check again, and performing audit under the condition of detecting unexpected execution; safety reading, namely reading the assets, and verifying in a mode of reading and comparing twice; the output data address is checked for many times, and buf of the output data can only be a cache region in a certain value range; confirming a flow counter, counting in a key execution step of a program, and checking the correctness of a counting value before executing key operation; and (3) performing redundant storage on the key data, wherein original value backup, negation or XOR verification is adopted for assets with the length of 1-4 bytes, and CRC verification is adopted for assets with the length greater than 4 bytes.
And when the fault injection attack is found through software monitoring, the software starts an auditing function, accumulates the auditing times in the NVM, and takes further measures, such as locking the card, when the auditing times reach an expected upper limit. However, if an attacker executes power consumption through a command, the position of an auditing function is identified and power is cut off in advance, auditing is avoided, and the purpose of infinite attack is achieved.
An attacker loses power after attack failure by detecting the power consumption of the attack failure, and auditing is avoided; or identifying the signal (current and voltage) characteristics of the auditing function by acquiring the power consumption of the auditing function, and identifying the triggering power-off in real time by the instantaneous fluctuation of the signal through an oscilloscope or the fluctuation of signal for a period of time through implementing signal matching equipment to avoid auditing.
In order to reduce the success probability of avoiding audit of attackers, the invention aims to provide a security defense method for defending error injection. Code review and actual detection prove that the method well plays a role in protecting product assets aiming at fault injection safety design, and the safety protection effect reaches the expectation.
Disclosure of Invention
The invention aims to provide a method for software to defend fault injection.
The security defense method provided by the method comprises the following steps:
in order to reduce the success probability of avoiding the audit by an attacker, software considers from three aspects: the initial segment characteristic of the audit function is covered, the NVM writing operation characteristic of the audit function is covered, and the attack window is shortened.
1. Covering the initial segment characteristics of the audit function:
the software sets N sections of codes with power consumption close to that of command execution, and the execution time of each section is different and is within 3ms-7 ms. After the software detects the attack, 1 section of code is randomly selected to be executed.
For example, fig. 1 is a graph of power consumption for different code executions, power consumption within the rectangular box in fig. 1: where the following a) code, b) code, c) code, d) code are executed in close proximity to the command execution power, and different combinations of such operations are performed, such as a) + d), or a) + c) + d) … …, the combined code segments may result in a longer execution processing time, delaying the audit execution time.
a) for loop local variable increment
b) Ifelse statements within the For cycle
c) Call Util. makeshort ()
d) Calling Util. arraycopy (), assigning transient array
e) Des calculation
The anti-attack effect comprises the following steps: obfuscating the audited write NVM operation start time point and the normal NVM write operation time point; attacks on auditing can be completely defended against commands with write NVM operations.
2. Power consumption for operations to mask write NVM:
while the software is executing the code normally, some other operations are performed synchronously to mask the power consumption of writing the NVM by the chip, such as:
a) randomly stopping the gated clock: after the starting, the change can be seen from the power consumption, and except the transient current rise of the charge pump, other parts are covered to a certain degree; but for the power consumption matching in the charging stage of the charge pump, the template matching identification rate can still reach 90%.
b) CPU random instruction insertion: after startup, no obvious change in power consumption is seen; for power consumption matching in the charge pump charging phase, the recognition rate reaches 90%.
With the above mechanism, 4 combinations can then be generated as follows:
a) measures for preventing arbitrary opening
b) Random stopping of gated clock
c) Opening random insertion jump instruction
d) And starting the gated clock, stopping randomly and inserting a jump instruction randomly.
The audit function randomly uses one combination at a time, with the final recognition rate dropping to between 50% and 70% (associated with the matching strategy). The effect is obvious.
3. Shortening the attack window:
to shorten the time interval available to an attacker, the audit data update does not use a traditional backup mechanism. The audit data updating mechanism is to increase the backup storage of the audit data, and the audit backup are respectively distributed in the independent physical erasing units. When the auditing times are modified, the auditing result is directly written into the destination address without using a transaction backup mechanism. If power failure occurs and power-on is recovered, checking the validity and consistency of the audited value and a backup value thereof, and when the audited value and the backup value have illegal values, accumulating the audited times of the legal value and then updating the audited value; when both are legal but not consistent, recovery is performed according to the maximum value of both.
The scheme reduces the frequency of writing the NVM, shortens the whole time of writing the NVM, reduces the frequency of occurrence of characteristic power consumption and shortens an attack time window.
By simultaneously applying the three defense mechanisms, the auditing mechanism of the software has actual defense effect on the detection and processing of error injection.
Drawings
FIG. 1 Power consumption curves for different operations
FIG. 2 NVM Erase Power consumption curves for different combinations
Detailed Description
1. Intent of fault injection attack
Software still needs to face errors generated by fault injection attacks when hardware protection measures are started according to requirements of chip programming guidelines.
The chip may generate register value errors, RAM value errors, and further NVM programming errors. For software performance, it may be possible to skip a certain section of key code, perform a branch flip, read the contents of an unexpected address, and write an NVM value error.
The goal of software fault injection is the primary asset, critical data that is determined by the specific function of the application.
2. Fault injection attack security design
The software should be able to detect these errors in a defensive way:
and (5) carrying out conditional branch multiple alignments. After entering the correct branch, the double check is performed again and an audit is performed upon detection of unexpected execution.
And (6) safely reading. And (4) reading the assets, and verifying in a mode of reading and comparing twice.
The output data address is checked multiple times. The buf of the output data can only be a buffer area in a certain value range.
Flow counter validation. The critical execution steps of the program are counted and the count value is checked for correctness before the critical operation is performed.
And storing the key data in a redundant mode. And for the assets with the length of 1-4 bytes, original value backup, negation or exclusive or check is adopted, and the assets with the length greater than 4 bytes are subjected to CRC check.
For reasons of execution efficiency and protection necessity, software identifies operations that affect the primary asset and is only securely programmed for those operations.
3. Fault injection attack evading audit attack intention
After the software detects the fault injection attack, the auditing function is started, and the auditing frequency in the NVM is increased by 1. An attacker executes power consumption through a command, identifies the position of an auditing function, cuts off power in advance, avoids auditing and achieves the purpose of infinite attack.
An attacker loses power after attack failure by detecting the power consumption of the attack failure, and auditing is avoided; or identifying the signal (current and voltage) characteristics of the auditing function by acquiring the power consumption of the auditing function, and identifying the triggering power-off in real time by the instantaneous fluctuation of the signal through an oscilloscope or the fluctuation of signal for a period of time through implementing signal matching equipment to avoid auditing.
4. Fault injection attack evasion audit safety method
In order to reduce the success probability of avoiding the audit by an attacker, software considers from three aspects: the initial segment characteristic of the audit function is covered, the NVM writing operation characteristic of the audit function is covered, and the attack window is shortened.
1) Covering the initial segment characteristics of the audit function:
the software sets N sections of codes with power consumption close to that of command execution, and the execution time of each section is different and is within 3ms-7 ms.
After the software detects the attack, 1 section of code is randomly selected to be executed.
FIG. 1 is a graph of power consumption for different code executions, power consumption within the rectangular box in FIG. 1: where the following (1) code, (2) code, and (3) code are executed in close proximity to the command execution power consumption, and different combinations of such operations, e.g., (1) + (3), or (1) + (3) + (4) … …, the combined code segments may result in a longer execution processing time, delaying the audit execution time, as shown in fig. 1.
(1) Increase of local variables within for loop
(2) Ifelse statements within the For loop
(3) Call Util. makeshort ()
(4) Call Util. arraycopy (), assign the transient array
(5) Des calculation
The anti-attack effect comprises the following steps: obfuscating the audited write NVM operation start time point and the normal NVM write operation time point;
attacks on auditing can be completely defended against commands with write NVM operations.
2) Power consumption for operations to mask write NVM:
the CPU security mechanism of the chip is utilized:
gated clock random stop: after the starting, the change can be seen from the power consumption, and except the transient current rise of the charge pump, other parts are covered to a certain degree; but for the power consumption matching in the charging stage of the charge pump, the template matching identification rate can still reach 90%.
CPU random instruction insertion: after startup, no obvious change in power consumption is seen; for power consumption matching in the charge pump charging phase, the recognition rate reaches 90%.
By using the above two mechanisms, 4 combinations are generated, and the following power consumption is acquired, as shown in fig. 2:
(1) measures for preventing arbitrary opening
(2) Random stopping of gated clock
(3) Opening random insertion jump instruction
(4) And starting the gated clock, stopping randomly and inserting a jump instruction randomly.
The audit function randomly uses one combination at a time, with the final recognition rate dropping to between 50% and 70% (associated with the matching strategy). The effect is obvious.
3) Shortening the attack window:
to shorten the time interval available to an attacker, the audit data update does not use a traditional backup mechanism. The audit data updating mechanism is to increase the backup storage of the audit data, and the audit backup are respectively distributed in the independent physical erasing units. When the auditing times are modified, the auditing result is directly written into the destination address without using a transaction backup mechanism. If power failure occurs and power-on is recovered, checking the validity and consistency of the audited value and a backup value thereof, and when the audited value and the backup value have illegal values, accumulating the audited times of the legal value and then updating the audited value; when both are legal but not consistent, recovery is performed according to the maximum value of both.
The scheme reduces the frequency of writing the NVM, shortens the whole time of writing the NVM, reduces the frequency of occurrence of characteristic power consumption and shortens an attack time window.
By simultaneously applying the three defense mechanisms, the auditing mechanism of the software has actual defense effect on the detection and processing of error injection.
Claims (4)
1. A method of software defense fault injection, comprising: the method has the advantages that the starting position of the safety defense measures is covered by randomly executing a section of application normal command flow, the power consumption of the covered safety defense measures of random chip CPU instruction operation or current operation is accumulated on the actual safety defense operation executed by software, the effectiveness of the defense measure implementation is ensured by means of redundant storage of audit data, direct writing of the audit data into a destination address without using a power failure mechanism, and recovery through power-on recovery by means of larger values in the audit data and backup data.
2. The method of claim 1, wherein the step of masking the starting location of the security defense by randomly executing a segment of the application normal command flow: the template matching degree of the initial operation of the defense measure is reduced, N sections of codes with power consumption close to that of command execution are set by software, the execution time of each section is different, and within 3ms-7ms, after the software detects the attack, 1 section of codes are randomly selected and executed.
3. The method of claim 1, wherein the power consumption is reduced by a cloaking security defense measure that would accumulate random chip CPU instruction operations or current operations over software executing actual security defense operations: the template matching degree of key operation implemented by the defense measures is reduced, and when the software implements the specific defense measures, the functions of the chip or the hardware are combined, and other measures are synchronously and concurrently executed, including but not limited to gated clock random stop, gated clock random stop and the like, so that the template matching degree is reduced, and the power consumption of the defense measures is covered.
4. The method of claim 1, wherein the effectiveness of the implementation of the defensive measure is ensured by auditing the data redundant storage, directly writing the audit data to the destination address without using a power down mechanism, and recovering the audit data and the backup data by power-on recovery through a larger value: shortening an attack window, wherein an audit data updating mechanism is to increase audit data backup storage, and audit backup are respectively distributed in separate physical erasing units; when the auditing times are modified, the auditing result is directly written into the destination address without using a transaction backup mechanism. If power failure occurs and power-on is recovered, checking the validity and consistency of the audited value and a backup value thereof, and when the audited value and the backup value have illegal values, accumulating the audited times of the legal value and then updating the audited value; when both are legal but not consistent, recovery is performed according to the maximum value of both.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010974976.4A CN112149065B (en) | 2020-09-16 | 2020-09-16 | Software defense fault injection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010974976.4A CN112149065B (en) | 2020-09-16 | 2020-09-16 | Software defense fault injection method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112149065A true CN112149065A (en) | 2020-12-29 |
CN112149065B CN112149065B (en) | 2023-12-05 |
Family
ID=73892887
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010974976.4A Active CN112149065B (en) | 2020-09-16 | 2020-09-16 | Software defense fault injection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112149065B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113434332A (en) * | 2021-05-27 | 2021-09-24 | 国家信息技术安全研究中心 | Fault propagation-based key recovery method for DES/3DES middle wheel attack |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202189369U (en) * | 2011-07-18 | 2012-04-11 | 中国电力科学研究院 | Integrated circuit capable of preventing power consumption attack |
US20180114038A1 (en) * | 2016-10-25 | 2018-04-26 | Huawei Technologies Co., Ltd. | Attack prevention method, apparatus and chip for cipher engine |
CN107994980A (en) * | 2017-11-21 | 2018-05-04 | 华南理工大学 | It is a kind of using the out of order technology of clock and the anti-DPA attack methods of chaos trigger |
CN108965317A (en) * | 2018-08-02 | 2018-12-07 | 江苏政采数据科技有限公司 | A kind of network data guard system |
-
2020
- 2020-09-16 CN CN202010974976.4A patent/CN112149065B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202189369U (en) * | 2011-07-18 | 2012-04-11 | 中国电力科学研究院 | Integrated circuit capable of preventing power consumption attack |
US20180114038A1 (en) * | 2016-10-25 | 2018-04-26 | Huawei Technologies Co., Ltd. | Attack prevention method, apparatus and chip for cipher engine |
CN107994980A (en) * | 2017-11-21 | 2018-05-04 | 华南理工大学 | It is a kind of using the out of order technology of clock and the anti-DPA attack methods of chaos trigger |
CN108965317A (en) * | 2018-08-02 | 2018-12-07 | 江苏政采数据科技有限公司 | A kind of network data guard system |
Non-Patent Citations (1)
Title |
---|
张艳萍: "网络攻击源的反向追踪技术", 《微型电脑应用》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113434332A (en) * | 2021-05-27 | 2021-09-24 | 国家信息技术安全研究中心 | Fault propagation-based key recovery method for DES/3DES middle wheel attack |
Also Published As
Publication number | Publication date |
---|---|
CN112149065B (en) | 2023-12-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8566927B2 (en) | Method for detecting and reacting against possible attack to security enforcing operation performed by a cryptographic token or card | |
US7168065B1 (en) | Method for monitoring program flow to verify execution of proper instructions by a processor | |
US7516902B2 (en) | Protection of a microcontroller | |
Barbu et al. | Java card operand stack: fault attacks, combined attacks and countermeasures | |
CN110574028B (en) | Method for protecting software code | |
US7797682B2 (en) | Controlled execution of a program used for a virtual machine on a portable data carrier | |
WO2006064318A1 (en) | Method to secure writing in memory against attacks by radiation or other means | |
US8375253B2 (en) | Detection of a fault by long disturbance | |
US20050289270A1 (en) | Control of the execution of a program | |
CN107330323B (en) | Dynamic ROP and variant attack detection method based on Pin tool | |
CN102968392A (en) | Microprocessor protected against memory dump | |
CN112149065B (en) | Software defense fault injection method | |
US20060289656A1 (en) | Portable electronic apparatus and data output method therefor | |
US20150052603A1 (en) | Anti-tamper system with self-adjusting guards | |
WO2001097010A2 (en) | Data processing method and device for protected execution of instructions | |
EP1739519A1 (en) | Method to secure the execution of a program against attacks by radiation or other | |
JP2020009305A (en) | IC chip, IC card and program | |
EP4002165A1 (en) | Code flow protection with error propagation | |
US8239833B2 (en) | Statistical control of the integrity of a program | |
US11188656B2 (en) | Secure software system for microcontroller or the like and method therefor | |
EP3667533A1 (en) | Method for securing a system in case of an undesired power-loss | |
EP3460702A1 (en) | Method to detect an attack by fault injection on a sensitive operation | |
CN103455445A (en) | Method of intelligent card system for resisting to fault attack | |
US7806319B2 (en) | System and method for protection of data contained in an integrated circuit | |
CN113434247B (en) | Safety protection method for JAVA card virtual machine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |