CN115413339A - Chip, chip packaging structure and electronic equipment - Google Patents

Chip, chip packaging structure and electronic equipment Download PDF

Info

Publication number
CN115413339A
CN115413339A CN202080099575.7A CN202080099575A CN115413339A CN 115413339 A CN115413339 A CN 115413339A CN 202080099575 A CN202080099575 A CN 202080099575A CN 115413339 A CN115413339 A CN 115413339A
Authority
CN
China
Prior art keywords
chip
module
detection module
security
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080099575.7A
Other languages
Chinese (zh)
Inventor
郭子亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Shenzhen Huantai Technology Co Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Shenzhen Huantai Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd, Shenzhen Huantai Technology Co Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN115413339A publication Critical patent/CN115413339A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/16Protection against loss of memory contents
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable

Abstract

The application discloses chip, chip packaging structure and electronic equipment relates to chip technical field. The chip constructs a safe area and a non-safe area, the safe area is connected with the non-safe area, the safe area comprises a storage module, a storage protection module and a safety detection module, the storage protection module is respectively connected with the storage module and the safety detection module, the storage module stores chip data to be protected, the storage protection module is used for transmitting the chip data to be protected to the non-safe area when the received access data from the non-safe area meets the specified right, the chip data are output through the non-safe area, and the safety detection module is used for detecting power-off attack on the chip. The chip, the chip packaging structure and the electronic equipment provided by the embodiment of the application are characterized in that the chip is divided into the safe area and the non-safe area, and the chip data to be protected stored in the safe area is subjected to safety protection, so that the safety of the chip is improved.

Description

Chip, chip packaging structure and electronic equipment Technical Field
The present application relates to the field of chip technologies, and in particular, to a chip, a chip package structure, and an electronic device.
Background
At present, various attack modes aiming at the chip are available, and the safety of the chip is seriously influenced.
Disclosure of Invention
In view of the above problems, the present application provides a chip, a chip package structure and an electronic device to solve the above problems.
In a first aspect, an embodiment of the present application provides a chip, a secure area and a non-secure area are constructed by the chip, the secure area is connected to the non-secure area, the secure area includes a storage module, a storage protection module and a security detection module, the storage protection module is respectively connected to the storage module and the security detection module, the storage module stores chip data to be protected, the storage protection module is configured to transmit the chip data to be protected to the non-secure area when received access data from the non-secure area satisfies a specified right, and output the chip data through the non-secure area, and the security detection module is configured to detect a power failure attack on the chip.
Optionally, the security zone further includes an environment detection module, the environment detection module is connected to the security detection module, the environment detection module is configured to detect environment information of the security zone, and the security detection module is configured to cut off a chip clock or generate a cpu interrupt when the environment information satisfies a specified condition.
Optionally, the security area further includes a data destruction module, the security detection module is connected to the data destruction module, and the security detection module is further configured to control the data destruction module to eliminate the chip data to be protected when the environmental information meets a specified condition.
Optionally, the environment detection module includes a bite detection module, the security detection module is connected to the bite detection module and the data destruction module, the bite detection module is configured to detect a voltage jitter superimposed on a power supply or a clock signal, and the security detection module is configured to control the data destruction module to eliminate the chip data to be protected when the voltage jitter superimposed on the power supply or the clock signal is greater than a specified jitter.
Optionally, the environment detection module includes a temperature detection module, the safety detection module is connected to the temperature detection module and the data destruction module, the temperature detection module is configured to detect the temperature of the safety zone, and the safety detection module is configured to control the data destruction module to eliminate the chip data to be protected when the temperature is greater than a first specified temperature or less than a second specified temperature.
Optionally, the environment detection module includes a frequency detection module, the security detection module is connected to the frequency detection module and the data destruction module, the frequency detection module is configured to detect a clock frequency of the security area, and the security detection module is configured to control the data destruction module to eliminate the chip data to be protected when the clock frequency is greater than a first specified frequency or less than a second specified frequency.
Optionally, the environment detection module includes a photosensitive detection module, the safety detection module is connected to the photosensitive detection module and the data destruction module, the photosensitive detection module is configured to detect the illumination intensity of the safety area, and the safety detection module is configured to control the data destruction module to eliminate the chip data to be protected when the illumination intensity is greater than a specified illumination intensity.
Optionally, the safety zone further includes a battery and a real-time clock, the safety detection module is respectively connected to the battery and the real-time clock, the battery is connected to the real-time clock, and the battery provides the real-time clock with uninterrupted power supply.
Optionally, the security zone further includes a plurality of communication serial ports, and the plurality of communication serial ports are respectively connected to the security detection module.
Optionally, the storage module includes a plurality of storage units, and the plurality of storage units are used for storing the chip data to be protected differently.
Optionally, the plurality of storage units comprises at least one of a static random access memory (ARAM), an Extensible Firmware Interface (EFI), and a Read Only Memory (ROM).
Optionally, the secure area further comprises a true random generator, the true random generator is connected to the storage protection module, and the true random generator is configured to generate a true random number.
Optionally, the secure area further includes a key encryption storage module, the key encryption storage module is connected to the security detection module, the key encryption storage module stores an algorithm key, and the security detection module is further configured to encrypt the chip data to be protected by the algorithm key and transmit the encrypted chip data to the non-secure area.
Optionally, the security region further includes a power consumption anti-analysis security module, and the power consumption anti-analysis security module is configured to add a random number to the power consumption plaintext of the security region.
Optionally, the power consumption anti-analysis security module is connected to the true random generator, and the power consumption anti-analysis security module is configured to add a random number generated by the true random generator to the power consumption plaintext of the security region.
Optionally, the secure area further includes a key reactance analysis security module, and the key reactance analysis security module is configured to add a random number to the algorithm key plaintext.
Optionally, the key reactance analysis security module is connected to the true random generator, and the key reactance analysis security module is configured to add a random number generated by the true random generator to the algorithm key plaintext.
Optionally, the secure area and the non-secure area are connected by a system bus.
In a second aspect, an embodiment of the present application provides a chip packaging structure, which includes a package and the chip described above, where the chip is packaged in the package.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a device body and the chip packaging structure, where the chip packaging structure is disposed in the device body.
The embodiment of the application provides a chip, chip packaging structure and electronic equipment, the chip constructs safe district and non-safe district, safe district and non-safe district are connected, the safe district includes storage module, storage protection module and safety inspection module, storage protection module is connected with storage module and safety inspection module respectively, the chip data that waits to protect is stored to storage module, storage protection module is used for when the received access data who comes from the non-safe district satisfies the appointed right, with chip data transmission to the non-safe district that waits to protect, and export through the non-safe district, the safety inspection module is used for detecting the power-off attack to the chip, thereby divide through carrying out safe district and non-safe district to the chip, and carry out safety protection to the chip data of waiting to protect of safe district storage, promote the security of chip.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 shows a block diagram of a chip provided by an embodiment of the present application;
FIG. 2 shows a block diagram of a chip provided in accordance with yet another embodiment of the present application;
FIG. 3 shows a block diagram of a chip provided by yet another embodiment of the present application;
FIG. 4 shows a block diagram of a chip provided in another embodiment of the present application;
FIG. 5 shows a block diagram of a chip provided by yet another embodiment of the present application;
fig. 6 is a schematic structural diagram illustrating a chip package structure provided in an embodiment of the present application;
fig. 7 shows a schematic structural diagram of an electronic device provided in an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
At present, three physical attack modes aiming at a security chip mainly include non-invasive attack, invasive attack and semi-invasive attack.
Non-invasive attacks do not require the initialization of components or the de-encapsulation of the chip. During attack, the chip can be put in a test circuit for analysis, and the chip can also be connected independently. Therefore, the non-invasive attack is non-destructive, and the attacked chip has a high probability of continuing to work normally. When the chip is attacked, the chip does not need to be preprocessed, and even the chip can work normally. The non-invasive attack methods include power supply voltage or clock signal jitter, namely voltage attack, current analysis, voltage jitter glotch attack superimposed on the power supply or clock signal, thermal attack, power consumption analysis method and the like. Such attacks are easily generalized and significant overhead is not required to replay the attack. In addition, no trace is left using this attack. Therefore, this is considered to be the greatest threat to hardware security of any component. At the same time, it usually takes much time and effort to find a non-invasive method of attack on a specific component.
The invasive attack refers to an attack means for violently opening chip packaging and dissecting a chip and detecting and modifying the chip by using a probe, and mainly comprises a microprobe attack technology, FIB (Focused Ion Beam) attack and the like. This attack first requires opening the package and removing the passivation layer with a focused ion beam or laser to access the interconnects buried deep under the chip passivation layer. Such attacks require good equipment and experienced crackers. Meanwhile, as feature sizes decrease and device complexity increases, the overhead of intrusive attacks becomes more expensive.
Compared with the invasive attack, the semi-invasive attack also needs to open the chip package, and an attack means for reversely analyzing data and operation state in the chip by means of collected information such as image signals and optical signals is adopted, but the stripping of a passivation layer or the creation of internal interconnection and the like are not required, technical means such as a microprobe and an FIB are not required, and the semi-invasive attack mainly comprises an ultraviolet attack, a back imaging technology, a laser scanning technology and a defect injection attack. Semi-invasive attacks do not require expensive tools and can produce results in a shorter time than invasive attacks, making them increasingly attractive. Meanwhile, semi-invasive attack is carried out on all transistors or partial area transistors, which is suitable for modern chips with small feature size.
The inventor finds that the conventional chip setting method at present comprises the following steps: secure boot and secure coprocessor-simple cryptography function implementation; designing based on an SoC system architecture; trusted computing platform module TPM/TCM. Among them, TPM/TCM is the most important representative of high-end SoC system architecture. The traditional chip only encrypts information, provides simple data privacy protection and then provides a single safety protection function for partial units in the chip. However, with the change of microelectronic technology, new attack technology comes out endlessly, and the attack technology and the attack-resistant technology are in a process of mutual restriction and dynamic development, so the protection technology adopted by the current chip cannot solve the data protection problem of the chip once and for all.
In view of the above problems, the inventor of the present application finds and provides a chip, a chip package structure, and an electronic device, which are provided by the embodiment of the present application, and improves the security of the chip by dividing the chip into a secure area and a non-secure area and performing security protection on chip data to be protected stored in the secure area. The specific chip structure and implementation process are described in detail in the following embodiments.
Referring to fig. 1, fig. 1 shows a block diagram of a chip according to an embodiment of the present disclosure. As shown in fig. 1, the present embodiment provides a chip 10, the chip 10 constructs a secure area 100 and an insecure area 200, and the secure area 100 is connected to the insecure area 200, that is, based on the connection between the secure area 100 and the insecure area 200, the secure area 100 may transmit data to the insecure area 200, and the insecure area 200 may also transmit data to the secure area 100.
In some embodiments, the secure area 100 and the non-secure area 200 may be connected by a wire, for example, the secure area 100 and the non-secure area 200 may be connected by a system bus.
In some embodiments, the secure area 100 may store chip data to be protected, where the chip data to be protected may include core data of a chip (i.e., data to be acquired by an attack chip), for example, the chip data to be protected may include a key algorithm, an algorithm key, and the like. The non-secure area 200 may include other data of the chip besides the chip data to be protected, for example, may include a communication module, etc., and is not limited herein.
In some embodiments, the secure area 100 may include a storage module 101, a storage protection module 102, and a security detection module 103, wherein the storage protection module 102 is connected to the storage module 101 and the security detection module 103, respectively. The storage protection module 102 may be connected to the storage module 101 by a wire, and the storage protection module 102 may also be connected to the security detection module 103 by a wire, for example, the storage protection module 102 and the security detection module 103 may be connected by a security control bus.
In some embodiments, the memory module 101 may store chip data to be protected. For example, the storage module 101 may store a key algorithm, and the key algorithm stored by the storage module may include a symmetric key algorithm and an asymmetric key algorithm, where the stored symmetric key algorithm may include, for example, an AES key algorithm, a DES key algorithm, a national key algorithm, and the like, and the stored asymmetric key algorithm may include, for example, an SM2 key algorithm, an RSA key algorithm, and the like, which is not limited herein.
In some embodiments, the memory module 101 may include a plurality of memory units, and the plurality of memory units are used to store the chip data to be protected differently. For example, the plurality of storage units may include an sram (static random access memory), an extensible firmware interface EFI, a ROM, and the like, which are not limited herein. The plurality of memory units may be connected to the memory protection module 102, respectively, so as to protect the chip data to be protected, which is stored in the plurality of memory units, through the memory protection module 102, respectively. For example, when the plurality of storage units include ARAM, EFI, ROM, then ARAM, EFI, ROM may be connected to the storage protection module 102, respectively.
In some embodiments, the storage protection module 102 may be a software module or a hardware module, and is not limited herein. The memory protection module 102 is configured to, when the received access data from the non-secure area 200 satisfies a specified right, transmit the chip data to be protected to the non-secure area 200, and output the chip data through the non-secure area 200. As an embodiment, the chip 10 may receive the access data through the non-secure area 200 and transmit the received access data to the secure area 100 through the non-secure area 200, and the storage protection module 102 of the secure area 100, after receiving the access data transmitted by the non-secure area 200, analyzes the access number to determine whether the received access data satisfies the specified authority, wherein, when the analysis result indicates that the access data satisfies the specified authority, it may consider that the access data is authentic, and then may transmit the chip data to be protected requested by the access data stored in the storage module 101 to the non-secure area 200 and output the chip data to be protected through the non-secure area 200, for example, receive the access number and output the chip data to be protected through the communication module of the non-secure area 200.
In some embodiments, the storage protection module 102 analyzing the access data to determine whether the access data satisfies the specified permission may include: the storage protection module 102 analyzes the access data (e.g., firmware, algorithm, etc.) to obtain a data source corresponding to the access data, and determines whether the data source is an appointed data source, where it may be determined that the access data satisfies an appointed permission when the determination result indicates that the data source corresponding to the access data is the appointed data source, and it may be determined that the access data does not satisfy the appointed permission when the determination result indicates that the data source corresponding to the access data is not the appointed data source. For example, when the data source corresponding to the access data is a system application, it may be determined that the access data satisfies the specified permission, and when the data source corresponding to the access data is an unauthorized third-party application, it may be determined that the access data does not satisfy the specified permission.
In some embodiments, the security detection module 103 may be a software module or a hardware module, and is not limited herein. The security detection module 103 may be configured to detect a power-off attack on the chip, that is, the security detection module 103 may be disposed in a high-voltage area in the chip 10, and prevent an attack when the chip 10 is not powered on by performing power supply detection on a clock of the chip 10.
Therefore, in the embodiment of the application, the chip 10 is configured into the secure area 100 and the non-secure area 200, the secure area 100 is connected to the non-secure area 200, the secure area 100 includes the storage module 101, the storage protection module 102 and the security detection module 103, and the storage protection module 102 is respectively connected to the storage module 101 and the security detection module 103, so that the security of the chip 10 is improved by dividing the secure area 100 and the non-secure area 200 of the chip 100 and performing security protection on chip data to be protected, which is stored in the secure area 100.
Referring to fig. 2, fig. 2 is a block diagram of a chip according to another embodiment of the present application. As shown in fig. 2, in some embodiments, the secure area 100 may further include a true random generator 104, the true random generator 104 is connected to the storage protection module 102, wherein the true random generator 104 and the storage protection module 102 may be connected by a wire, and in this embodiment, the true random generator 104 may be configured to generate a true random number, so as to add a true random number process to a plaintext of the protected chip data in the chip 10, so as to improve security of the chip data to be protected. As a practical matter, the true random generator 104 may be a TANG.
In some embodiments, the security zone 100 may further include a battery 105 and a real-time clock 106, the battery 105 is connected to the security detection module 103, and the real-time clock 106 is connected to the security detection module 103, wherein the battery 105 and the real-time clock 106 may be connected by a wire, the battery 105 and the security detection module 103 may be connected by a wire, and the real-time clock 106 and the security detection module 103 may be connected by a wire. In this embodiment, the battery 105 is used to provide power for the real-time clock 106 continuously to prevent the attack of powering off the chip 10, the battery 105 may also be used to provide power for the security detection module 103, and the security detection module 103 is used to detect whether the battery 105 provides power for the real-time clock 106 continuously, and detect whether the real-time clock 106 works normally, so as to prevent the physical attack on the chip 10.
In some embodiments, the security zone 100 may further include a plurality of communication serial ports 107, where the communication serial ports 107 are respectively connected to the security detection module 103, so as to perform security detection on the communication serial ports 107 through the security detection module 103, and ensure that communication of the communication serial ports 107 reaches a certain security defense measure. Wherein, a plurality of communication serial ports 107 can be connected with the safety detection module 103 through wires.
In some embodiments, the secure area 100 may further include a key encryption storage module 108, the key encryption storage module 108 is connected to the security detection module 103, the key encryption storage module 108 stores an algorithm key, and the security detection module 103 is further configured to encrypt chip data to be protected by using the algorithm key stored in the key encryption storage module 108 and transmit the encrypted chip data to the non-secure area 200, so as to further improve security of the chip data to be protected. As an embodiment, the chip 10 may receive access data through the insecure area 200, and transmit the received access data to the secure area 100 through the insecure area 200, after receiving the access data transmitted by the insecure area 200, the storage protection module 102 of the secure area 100 analyzes an access number to determine whether the received access data meets a specified right, where when an analysis result represents that the access data meets the specified right, the access data may be considered to be authentic, the chip data to be protected requested by the access data stored in the storage module 101 may be transmitted to the security detection module 103, and the security detection module 103 encrypts the chip data to be protected through an algorithm key stored in the key encryption storage module 108 and transmits the encrypted chip data to the insecure area 200, so as to improve the security of the chip data to be protected.
Referring to fig. 3, fig. 3 is a block diagram of a chip according to still another embodiment of the present disclosure. As shown in fig. 3, in some embodiments, the security region 100 may further include a power consumption anti-analysis security module 109, and the power consumption anti-analysis security module 109 is configured to add a random number to the power consumption plaintext of the security region 100 to protect against a power consumption analysis side channel attack by power consumption and random number addition. In some embodiments, the power consumption anti-analysis security module 109 may be coupled to the true random generator 104, and the power consumption anti-analysis security module 109 may add the true random number generated by the true random generator 104 to the power consumption plaintext of the security region 100. As an implementable mode, random processes of the power consumption plaintext can comprise Mask exclusive OR, S-Box processing, left half part data processing and the like, and the correlation between the power consumption plaintext and the power consumption can be covered by the random function of the power consumption plaintext, so that the function of defending side channel attacks is achieved.
Wherein, the side channel attack may also attack the power consumption of the key, and if it is not enough to only randomly process the power consumption plaintext, the plaintext random processing of the key is also needed. Therefore, in this embodiment, the secure area 100 may further include a key resistance analysis security module 110, and the key resistance analysis security module 110 is configured to add a random number to the algorithm key in the plaintext so as to be lower than the power consumption analysis side channel attack by adding the random number to the algorithm key. In some embodiments, the key anti-analysis security module 110 may be coupled to the true random generator 104, and the key anti-analysis security module 110 may add the true random numbers generated by the true random generator 104 to the algorithm key. As an implementable manner, the key generation algorithm of the Mask technology may be adopted to perform xor on the algorithm key, and the signal of the key in the whole algorithm engineering is also masked.
Two 64-bit random numbers can be designed and used in the whole random process of the power consumption anti-analysis security module 109 and the key anti-analysis security module 110, both of which can be generated by the true random generator 104, each clock generates one-bit random number, and when encryption starts each time, the true random numbers generated by the true random generator 104 are stored and kept unchanged in the whole encryption process.
Referring to fig. 4, fig. 4 is a block diagram illustrating a chip according to another embodiment of the present disclosure. As shown in fig. 4, the security zone 100 may further include an environment detection module 111, and the environment detection module 111 is connected to the security detection module 103, where the environment detection module 111 and the security detection module 103 may be connected by a wire or a wireless connection, which is not limited herein. In some embodiments, the environment detection module 111 may be disposed at a periphery of the secure area 100 to detect environment information of an environment in which the secure area 100 is located, and the security detection module 103 is configured to switch a chip clock or generate a cpu interrupt when the environment information detected by the environment detection module 111 satisfies a specified condition, so as to improve security of the chip 10.
In some embodiments, the security zone 100 further includes a data destruction module 112, and the data destruction module 112 is connected to the security detection module 103, wherein the data destruction module 112 and the security detection module 103 may be connected by a wire or a wireless connection, which is not limited herein. In this embodiment, the security detection module 103 may be further configured to control the data destruction module 112 to eliminate chip data to be protected when the environmental information detected by the environment detection module 111 meets a specified condition, so as to improve the security of the chip 10.
Referring to fig. 5, fig. 5 is a block diagram of a chip according to still another embodiment of the present application. As shown in FIG. 5, the environment detection module 111 may include a Glitch detection module 1111, a temperature detection module 1112, a frequency detection module 1113, a photosensitive detection module 1114, and the like.
In some embodiments, when the environment detection module 111 includes the splice detection module 1111, the security detection module 103 may be connected to the splice detection module 1111 and the data destruction module 112, respectively, wherein the security detection module 103 and the splice detection module 1111 may be connected by a wire or a wireless connection, which is not limited herein. In some embodiments, the bite detection module 1111 may be disposed at the periphery of the security area 100 to detect a voltage jitter superimposed on the power or clock signal, and the security detection module 103 is configured to control the data destruction module 112 to eliminate the chip data to be protected when the voltage jitter superimposed on the power or clock signal detected by the bite detection module 1111 is greater than a predetermined jitter.
The Glitch refers to voltage jitter superimposed on a power supply or a clock signal, namely, power supply Glitch attack and clock Glitch attack, or external transient electromagnetic transient or electric field pulse. The transient fluctuation of the power supply voltage can cause the drift of the threshold voltage of the transistor, so that the trigger enters an error state and is subjected to misoperation when the input time of some triggers is different during sampling. For the physical attack resistant security chip, the large jitter of the power supply voltage can cause the abnormal operation of part of analog circuits, and the chip outputs wrong early warning states.
In this embodiment, mainly detecting the glotch signal at the power end, the structure may include 3 parts: a modified inverter, a comparator and an RS latch. When VCC has no Glitch attack, reset is low level, the upper PMOS tube is conducted, voltage difference exists at two ends of the diode due to the existence of the diode, and the comparator clock outputs low level. When the VCC is high level Glitch, VCC charges the capacitor through the diode and the PMOS tube during the level rising period of the Glitch, the voltage of the capacitor quickly rises to VCC minus the voltage at two ends of the diode, when the level falling period of the Glitch, the voltage of the positive terminal of the comparator is higher than VCC due to slow discharge time of the capacitor, the comparator outputs high level, and the comparator outputs the high level to ALARM through the following RS latch, thereby detecting attack of the Glitch. The method has the advantages of simple control time sequence, compatibility with a CMOS process, insensitivity to process variation, detection of fast-changing Glitch positive pulse and fast-changing Glitch negative pulse, and strong anti-interference capability.
In some embodiments, when the environment detection module 111 includes the temperature detection module 1112, the safety detection module 103 may be connected to the temperature detection module 1112 and the data destruction module 112, respectively, where the safety detection module 103 and the temperature detection module 1112 may be connected by a wire or a wireless connection, which is not limited herein. In some embodiments, the temperature detection module 1112 may be disposed at the periphery of the security region 100, and configured to detect the temperature of the security region 100, and the security detection module 103 is configured to control the data destruction module 112 to eliminate the chip data to be protected when the temperature detected by the temperature detection module 1112 is greater than a first specified temperature or less than a second specified temperature.
The random access memory RAM is a volatile storage unit, and when a hardware circuit is powered off, data stored in the random access memory RAM disappears after being stored for a short period of time. However, if the RAM is cooled to-50 degrees celsius by a coolant, the data in the RAM can be stored for a long time like a nonvolatile memory. Then if the chip 10 has some sensitive information temporarily stored in the RAM during operation, an attacker can use the physical characteristics to attack the chip. In order to prevent an attacker from obtaining sensitive information inside the chip 10 by using such a low temperature approach, a temperature detection module 1112 is designed inside the chip 10, and the operation principle of the temperature detection module 1112 is to use the characteristic that an oscillator changes along with the temperature change. When the ambient temperature is higher than 110 ℃ or lower than minus 40 ℃, a high level signal is triggered. When the signal is high, the security detection module 103 may control the data destruction module 112 to eliminate the chip data to be protected, so as to ensure the security of each information inside the chip 10.
In some embodiments, when the environment detection module 111 includes the frequency detection module 1113, the security detection module 103 may be connected to the frequency detection module 1113 and the data destruction module 112, respectively, where the security detection module 103 and the frequency detection module 1113 may be connected by a wire or a wireless connection, which is not limited herein. In some embodiments, the frequency detection module 1113 may be disposed at the periphery of the security area 100 to detect the clock frequency of the security area 100, and the security detection module 103 is configured to control the data destruction module 112 to eliminate the chip data to be protected when the clock frequency detected by the frequency detection module 1113 is greater than a first specified frequency or less than a second specified frequency.
During the design process of the chip 10, it is necessary to prevent an attacker from maliciously cutting off or reducing the clock frequency of the high-voltage region, otherwise, the attacker can use the measures to disable the hardware security modules and units so as to implement relevant attacks on the chip 10. When the frequency detection is used, if the operating frequency of the high voltage region is lower than or higher than 32KHZ, a high level signal is generated, and therefore an interrupt signal is generated to the security detection module 103, and the security detection module 103 controls the data destruction module 112 to eliminate the chip data to be protected.
In some embodiments, when the environment detection module 111 includes the photosensitive detection module 1114, the security detection module 103 may be connected to the photosensitive detection module 1114 and the data destruction module 112, respectively, where the security detection module 103 and the photosensitive detection module 1114 may be connected by a wire or a wireless connection, which is not limited herein. In some embodiments, the photosensitive detection module 1114 may be disposed at the periphery of the security area 100 to detect the illumination intensity of the security area 100, and the security detection module 103 is configured to control the data destruction module 112 to eliminate the chip data to be protected when the illumination intensity detected by the photosensitive detection module 1114 is greater than a specified illumination intensity.
The photosensitive detection module 1114 is a photoelectric detection module designed inside the chip mainly for the light attack technology, and monitors the illumination intensity of the working environment of the chip 10. When the chip 10 is attacked by light, the change of illumination can be detected quickly and the information can be sent to the security detection module 103, so as to give an alarm. The optical attack technique is to irradiate the surface of a chip being operated with light, and due to the invasion of light, the inside of the chip 10 generates a voltage and a circuit to cause a failure behavior. In this embodiment, two types of photoelectric conversion circuits, namely, a current Comparison Type (CTIA) and a current integration type (CTIA), are designed for the photodetection module. The current comparison type does not need to add a control signal, and when the current value of the amplified photocurrent exceeds the internal current reference, the output signal is inverted. The current integration type can realize accurate detection of photocurrent by adjusting the area and clock frequency of the capacitor array, and requires a longer integration time when illumination is small.
In the chip 10 provided in the embodiment of the present application, the chip 10 constructs the secure area 100 and the non-secure area 200, the secure area 100 is connected to the non-secure area 200, the secure area 100 includes the storage module 101, the storage protection module 102, and the security detection module 113, the storage protection module 102 is respectively connected to the storage module 101 and the security detection module 103, the storage module 101 stores chip data to be protected, the storage protection module 102 is configured to transmit the chip data to be protected to the non-secure area 200 when the received access data from the non-secure area 200 meets a specified right, and output through the non-secure area 200, and the security detection module 103 is configured to detect a power-off attack on the chip 10, so that the chip 10 is divided into the secure area 100 and the non-secure area 200, and the chip data to be protected stored in the secure area 100 is securely protected, thereby improving security of the chip 10.
Namely, the chip is divided into the security zones in the embodiment of the application, each zone has the respective authority configuration, the privacy and the integrity of the chip data to be protected are protected from hardware, and the transparency between modules and between the modules and a user is achieved. In addition, hardware protection units such as environment monitoring and safety monitoring are also arranged in the safety framework, so that a reliable and private operating environment is ensured in the transmission and operation processes of data in the chip. The external physical environment of the chip is monitored in real time, various sensors are integrated, physical attacks suffered by the chip can be effectively warned, three-dimensional protection is provided for the security chip, and meanwhile, the security architecture of the chip is matched, so that the hardware protection capability of the chip can be cooperatively improved, and the security of the chip on a software level is also ensured. Aiming at the relevant safety problem of power consumption analysis attack, the method provides a simple and effective random number protection measure, simultaneously utilizes a true random number generator in the framework to carry out fuzzy processing, and through the fuzzy processing, an attacker cannot acquire the circuit state when the algorithm runs, so that the relevance between sensitive data and circuit power consumption is reduced.
Referring to fig. 6, fig. 6 is a schematic diagram illustrating a chip package structure according to an embodiment of the disclosure. As shown in fig. 6, the present embodiment provides a chip package structure 20, where the chip package structure 20 includes a chip 10 and a package 21, and the chip 10 is packaged in the package 21.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 7, the present embodiment provides an electronic device 30, where the electronic device 30 includes a chip package structure 20 and a device body 31, and the chip package structure 20 is disposed in the device body 31.
To sum up, the chip, chip packaging structure and electronic equipment that this application embodiment provided, the chip constructs safe district and non-safe district, safe district and non-safe district are connected, the safe district includes storage module, storage protection module and safety inspection module, storage protection module is connected with storage module and safety inspection module respectively, the chip data that the storage module storage was waited to protect, storage protection module is used for when the received access data who comes from the non-safe district satisfies the appointed authority, chip data transmission to be protected to the non-safe district, and export through the non-safe district, the safety inspection module is used for detecting the power-off attack to the chip, thereby divide through carrying out safe district and non-safe district to the chip, and carry out safety protection to the chip data of treating the protection of safe district storage, promote the security of chip.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not necessarily depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (20)

  1. The chip is characterized in that the chip constructs a safe area and an unsafe area, the safe area is connected with the unsafe area, the safe area comprises a storage module, a storage protection module and a safety detection module, the storage protection module is respectively connected with the storage module and the safety detection module, the storage module stores chip data to be protected, the storage protection module is used for transmitting the chip data to be protected to the unsafe area when received access data from the unsafe area meet specified rights and outputting the chip data through the unsafe area, and the safety detection module is used for detecting power-off attacks on the chip.
  2. The chip of claim 1, wherein the security zone further comprises an environment detection module, the environment detection module is connected to the security detection module, the environment detection module is configured to detect environment information of the security zone, and the security detection module is configured to cut off a chip clock or generate a cpu interrupt when the environment information satisfies a specified condition.
  3. The chip according to claim 2, wherein the security zone further comprises a data destruction module, the security detection module is connected to the data destruction module, and the security detection module is further configured to control the data destruction module to eliminate the chip data to be protected when the environmental information meets a specified condition.
  4. The chip according to claim 3, wherein the environment detection module comprises a Glitch detection module, the security detection module is respectively connected to the Glitch detection module and the data destruction module, the Glitch detection module is configured to detect a voltage jitter superimposed on a power supply or a clock signal, and the security detection module is configured to control the data destruction module to eliminate the chip data to be protected when the voltage jitter superimposed on the power supply or the clock signal is greater than a predetermined jitter.
  5. The chip according to claim 3 or 4, wherein the environment detection module comprises a temperature detection module, the safety detection module is respectively connected to the temperature detection module and the data destruction module, the temperature detection module is configured to detect a temperature of the safety area, and the safety detection module is configured to control the data destruction module to eliminate the data of the chip to be protected when the temperature is greater than a first specified temperature or less than a second specified temperature.
  6. The chip according to any one of claims 3 to 5, wherein the environment detection module comprises a frequency detection module, the security detection module is respectively connected to the frequency detection module and the data destruction module, the frequency detection module is configured to detect a clock frequency of the security zone, and the security detection module is configured to control the data destruction module to eliminate the chip data to be protected when the clock frequency is greater than a first specified frequency or less than a second specified frequency.
  7. The chip according to any one of claims 3 to 6, wherein the environment detection module comprises a photosensitive detection module, the security detection module is respectively connected to the photosensitive detection module and the data destruction module, the photosensitive detection module is configured to detect the illumination intensity of the security area, and the security detection module is configured to control the data destruction module to eliminate the data of the chip to be protected when the illumination intensity is greater than a specified illumination intensity.
  8. The chip according to any one of claims 1 to 7, wherein the security zone further comprises a battery and a real-time clock, the security detection module is respectively connected with the battery and the real-time clock, the battery is connected with the real-time clock, and the battery provides uninterrupted power for the real-time clock.
  9. The chip according to any one of claims 1 to 8, wherein the security zone further comprises a plurality of communication serial ports, and the plurality of communication serial ports are respectively connected with the security detection module.
  10. The chip according to any one of claims 1 to 9, wherein the storage module comprises a plurality of storage units, and the plurality of storage units are used for storing the chip data to be protected differently.
  11. The chip of claim 10, wherein the plurality of memory units comprises at least one of an sram (static random access memory), an extensible firmware interface, EFI, and a ROM (read only memory).
  12. The chip according to any of claims 1 to 11, wherein the security zone further comprises a true random generator, the true random generator being connected to the memory protection module, the true random generator being configured to generate true random numbers.
  13. The chip according to claim 12, wherein the secure area further includes a key encryption storage module, the key encryption storage module is connected to the security detection module, the key encryption storage module stores an algorithm key, and the security detection module is further configured to encrypt the chip data to be protected by the algorithm key and transmit the encrypted chip data to the non-secure area.
  14. The chip of claim 13, wherein the secure region further comprises a power consumption anti-analysis security module configured to add a random number to power consumption plaintext of the secure region.
  15. The chip of claim 14, wherein the power consumption anti-analysis security module is connected to the true random generator, and the power consumption anti-analysis security module is configured to add a random number generated by the true random generator to power consumption plaintext of the security region.
  16. The chip according to any one of claims 13 to 15, wherein the secure area further comprises a key anti-parsing security module for adding a random number to the algorithm key plaintext.
  17. The chip of claim 16, wherein the key antibody analysis security module is coupled to the true random generator, and wherein the key antibody analysis security module is configured to add a random number generated by the true random generator to the algorithm key plaintext.
  18. The chip of any of claims 1-17, wherein the secure region and the non-secure region are connected by a system bus.
  19. A chip package structure comprising a package and the chip of any one of claims 1 to 18, wherein the chip is packaged in the package.
  20. An electronic device comprising a device body and the chip packaging structure of claim 19, wherein the chip packaging structure is disposed in the device body.
CN202080099575.7A 2020-06-17 2020-06-17 Chip, chip packaging structure and electronic equipment Pending CN115413339A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/096462 WO2021253254A1 (en) 2020-06-17 2020-06-17 Chip, chip encapsulation structure and electronic device

Publications (1)

Publication Number Publication Date
CN115413339A true CN115413339A (en) 2022-11-29

Family

ID=79268835

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080099575.7A Pending CN115413339A (en) 2020-06-17 2020-06-17 Chip, chip packaging structure and electronic equipment

Country Status (2)

Country Link
CN (1) CN115413339A (en)
WO (1) WO2021253254A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115694813B (en) * 2022-12-30 2023-03-17 三未信安科技股份有限公司 Multi-chip key management system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101281563A (en) * 2007-04-04 2008-10-08 李代甫 Digital signing apparatus with using counter
US10223506B2 (en) * 2012-04-04 2019-03-05 Rackspace Us, Inc. Self-destructing files in an object storage system
JP5954872B2 (en) * 2012-09-20 2016-07-20 ルネサスエレクトロニクス株式会社 Semiconductor integrated circuit
KR102031661B1 (en) * 2012-10-23 2019-10-14 삼성전자주식회사 Data storage device and controller, and operation method of data storage device

Also Published As

Publication number Publication date
WO2021253254A1 (en) 2021-12-23

Similar Documents

Publication Publication Date Title
Tajik et al. Pufmon: Security monitoring of fpgas using physically unclonable functions
CA2733667C (en) Method for detecting abnormalities in a cryptographic circuit protected by differential logic, and circuit for implementing said method
Shila et al. Design, implementation and security analysis of hardware Trojan threats in FPGA
KR102492252B1 (en) Voltage-change detection under clock fluctuations
Vashistha et al. Is backside the new backdoor in modern socs?
CN107577963A (en) Detection means for chip top-layer metal screen layer
JP2007243671A (en) Logic programmable device protective circuit
CN115413339A (en) Chip, chip packaging structure and electronic equipment
Al-Anwar et al. Hardware Trojan detection methodology for FPGA
US10339979B2 (en) Secure protection block and function block system and method
Al-Anwar et al. Hardware trojan protection for third party IPs
Sami et al. Enabling security of heterogeneous integration: From supply chain to in-field operations
Polian et al. Counteracting malicious faults in cryptographic circuits
Rahimi et al. Trends and challenges in ensuring security for low-power and high-performance embedded SoCs
Tajik On the physical security of physically unclonable functions
CN109190407B (en) High-performance encryption and decryption operation capability expansion method and system
Breier et al. Extensive laser fault injection profiling of 65 nm FPGA
Farag et al. Smart employment of circuit redundancy to effectively counter trojans (SECRET) in third-party IP cores
Kaur et al. Analytical Classifications of Side Channel Attacks, Glitch Attacks and Fault Injection Techniques: Their Countermeasures
Dione et al. Hardware Security for IoT in the Quantum Era: Survey and Challenges
Koh et al. Review of Side Channel Attacks and Countermeasures of FPGA Based Systems
Francq et al. Overview of hardware trojan detection and prevention methods
Malaj et al. Review on hardware solutions for cybersecurity of communication systems
Kinzie Assessing Hardware Security Threats Posed by Hardware Trojans in Power Electronics
Grand et al. Introduction to embedded security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination