CN117932626A

CN117932626A - Security protection method and system for password IP core

Info

Publication number: CN117932626A
Application number: CN202211258461.XA
Authority: CN
Inventors: 李莹; 周崟灏
Original assignee: Institute of Microelectronics of CAS
Current assignee: Institute of Microelectronics of CAS
Priority date: 2022-10-14
Filing date: 2022-10-14
Publication date: 2024-04-26

Abstract

The invention discloses a security protection method and a security protection system for a password IP core, wherein the security protection method and the security protection system comprise the following steps: monitoring an interface signal of a password IP core to obtain a real-time interface signal of the password IP core; detecting the state of the password IP core based on the real-time interface signal to obtain a detection result; and determining a target response mode aiming at the password IP core according to the detection result, so that the password IP core is processed based on the target response mode. The invention can realize the integrated protection of the detection and response of the password IP core, and improves the security protection accuracy of the password IP core.

Description

Security protection method and system for password IP core

Technical Field

The invention relates to the technical field of chips, in particular to a security protection method and system for a password IP core.

Background

In a System on Chip (SoC) design process, a large number of IP (Intellectual Property ) cores are generally used according to the functional requirements of the SoC. Because the SoC often contains sensitive information of a system or a user, the SoC usually contains one or more cryptographic IP cores, which are used for providing integrity and confidentiality protection for the sensitive information, performing services such as identity authentication and establishing a trusted environment, and the like, and has wide application in the scenes such as sensitive content protection, storage encryption, network security, and the like. The password IP cores are integrated in the SoC through a bus interface, and the processor core can send data to be encrypted or verified to the password IP cores through a system bus or an independent communication channel, and the operation result of the password IP cores is read after execution is completed.

The cryptographic IP cores can be classified according to the implemented cryptographic algorithm into an IP core implementing a symmetric encryption algorithm and an IP core implementing an asymmetric encryption algorithm. With the continuous advancement of deep submicron technologies, the complexity and design cost of integrated circuits are continuously increasing, and in order to shorten the SoC development period and reduce the cost, soC designers often outsource the cryptographic IP core to a third party provider, and design and verification are performed by the third party provider. The third party cryptographic IP core may be subject to hardware Trojan or hardware vulnerabilities, as these suppliers themselves may be untrusted, or malicious designers may be present therein, or design automation tools may be used that are subject to vulnerabilities or maliciousness, even introduced by an untrusted supply chain during manufacturing. Researchers have considered how to use the hardware Trojan or the hardware bug in the cryptographic IP or the encryption device to launch an attack, thereby causing serious consequences of destroying the data being processed, revealing confidential information, even damaging the chip, etc. For example, the attack is performed by means of hardware trojans, and the hardware trojans can be triggered by physical access of an attacker or can be triggered inside a chip, so that the purpose of acquiring a key of an encryption chip or replacing a plaintext is achieved.

The current pre-silicon security verification technology and the post-silicon test technology have limitations, and can not completely detect all hardware Trojan and hardware loopholes possibly existing in the password IP core. The existing protection technology of the SoC taking the IP as the center comprises methods of perfecting an access control strategy, monitoring interface signals of the IP core and the like, but the methods lack the targeted detection measures of the password IP core and the multi-level response measures for processing the security threat according to the detection result, so that the security protection of the password IP core is reduced.

Disclosure of Invention

Aiming at the problems, the invention provides a security protection method and a security protection system for a password IP core, which improve the security protection accuracy of the password IP core.

In order to achieve the above object, the present invention provides the following technical solutions:

A security protection method for a cryptographic IP core, the method comprising:

monitoring an interface signal of a password IP core to obtain a real-time interface signal of the password IP core;

detecting the state of the password IP core based on the real-time interface signal to obtain a detection result;

and determining a target response mode aiming at the password IP core according to the detection result, so that the password IP core is processed based on the target response mode.

Optionally, the detecting the state of the cryptographic IP core based on the real-time interface signal to obtain a detection result includes:

Obtaining target information based on the real-time interface information, wherein the target information comprises at least one of a numerical signal output by the password IP core, duration time of a transaction execution state of the password IP core and a processing result of the password IP core for input information;

And determining the detection result of the password IP core according to the target information and the detection conditions corresponding to the target information.

Optionally, the determining, according to the target information and the detection condition corresponding to the target information, a detection result of the cryptographic IP core includes:

detecting the numerical value signal output by the password IP core based on an error of a preset error type corresponding to the numerical value signal output by the password IP core, and determining that the password IP core is abnormal if the numerical value signal output by the password IP core is the same as the error of the preset error type;

Determining whether the duration of the transaction execution state of the password IP core is within the preset time range based on a preset time range corresponding to the duration of the transaction execution state of the password IP core, and if not, determining that the password IP core is abnormal;

And determining whether the processing result meets the expected result or not based on the expected result corresponding to the processing result of the password IP core aiming at the input information, and if not, determining that the password IP core is abnormal.

Optionally, the target response mode includes: one of a signal level response mode, a transaction level response mode, and a system level response mode;

The signal level response mode represents a mode for covering abnormal signals of the password IP core in real time; the transaction-level response mode represents a mode of rolling back the password IP core to an initial state and re-executing a current encryption and decryption task; the system level response mode characterization isolates the cryptographic IP core and controls disabling the cryptographic IP core.

Optionally, the detecting the state of the cryptographic IP core to obtain a detection result includes:

Detecting the state of the password IP core based on a target security policy to obtain a detection result;

The target security policy comprises at least one of confidentiality policy, integrity policy and availability policy of the password IP core; the confidentiality strategy is used for ensuring that confidential data is not revealed or stolen when the password IP core receives a data reading request sent by the host; the integrity strategy is used for ensuring the reliability of the output result of the password IP core; the availability policy is used to ensure that the cryptographic IP core is correctly invoked by the system.

A security protection system for a cryptographic IP core, the system comprising:

The monitoring unit is used for monitoring the interface signal of the password IP core to obtain a real-time interface signal of the password IP core;

The detection unit is used for detecting the state of the password IP core based on the real-time interface signal to obtain a detection result;

and the response unit is used for determining a target response mode aiming at the password IP core according to the detection result so as to process the password IP core based on the target response mode.

Optionally, the detection unit includes:

An obtaining subunit, configured to obtain target information based on the real-time interface information, where the target information includes at least one of a numerical signal output by the cryptographic IP core, a duration of a transaction execution state of the cryptographic IP core, and a processing result of the cryptographic IP core for input information;

And the first determination subunit is used for determining the detection result of the password IP core according to the target information and the detection condition corresponding to the target information.

Optionally, the first determining subunit is specifically configured to:

Optionally, the detection unit is further configured to:

the target security policy comprises at least one of confidentiality policy, integrity policy and availability policy of the password IP core; the confidentiality strategy is used for ensuring that confidential data is revealed or stolen when the password IP core receives a data reading request sent by the host; the integrity strategy is used for ensuring the reliability of the output result of the password IP core; the availability policy is used to ensure that the cryptographic IP core is correctly invoked by the system.

Compared with the prior art, the invention provides a security protection method and a security protection system for a password IP core, wherein the security protection method and the security protection system comprise the following steps: monitoring an interface signal of a password IP core to obtain a real-time interface signal of the password IP core; detecting the state of the password IP core based on the real-time interface signal to obtain a detection result; and determining a target response mode aiming at the password IP core according to the detection result, so that the password IP core is processed based on the target response mode. The invention can realize the integrated protection of the detection and response of the password IP core, and improves the security protection accuracy of the password IP core.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic flow chart of a security protection method for a cryptographic IP core according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of a cooperative processing according to an embodiment of the present invention;

FIG. 3 is a schematic diagram illustrating an application of a response mode according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of a circuit architecture for a protection method according to an embodiment of the present invention;

fig. 5 is a schematic circuit diagram of a protection method according to an embodiment of the present invention;

fig. 6 is a schematic workflow diagram of an overall protection method in a practical application process according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of a security protection system for a cryptographic IP core according to an embodiment of the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The terms first and second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to the listed steps or elements but may include steps or elements not expressly listed.

In an embodiment of the present invention, a security protection method for a cryptographic IP core is provided, referring to fig. 1, the method may include the following steps:

S101, monitoring interface information of a password IP core to obtain real-time interface information of the password IP core.

S102, detecting the state of the password IP core based on the real-time interface information to obtain a detection result.

The detection result can be determined by deducing the state of the IP core by monitoring the interface signal of the password IP core through a preset detection mechanism and determining whether the input and output behaviors are consistent with the known error symptoms according to the state of the IP core. In one embodiment, the detecting the state of the cryptographic IP core based on the real-time interface signal to obtain a detection result includes: obtaining target information based on the real-time interface information, wherein the target information comprises at least one of a numerical signal output by the password IP core, duration time of a transaction execution state of the password IP core and a processing result of the password IP core for input information; and determining the detection result of the password IP core according to the target information and the detection conditions corresponding to the target information.

Further, the determining, according to the target information and the detection condition corresponding to the target information, the detection result of the cryptographic IP core includes: detecting the numerical value signal output by the password IP core based on an error of a preset error type corresponding to the numerical value signal output by the password IP core, and determining that the password IP core is abnormal if the numerical value signal output by the password IP core is the same as the error of the preset error type; determining whether the duration of the transaction execution state of the password IP core is within the preset time range based on a preset time range corresponding to the duration of the transaction execution state of the password IP core, and if not, determining that the password IP core is abnormal; and determining whether the processing result meets the expected result or not based on the expected result corresponding to the processing result of the password IP core aiming at the input information, and if not, determining that the password IP core is abnormal.

S103, determining a target response mode aiming at the password IP core according to the detection result so as to enable the password IP core to be processed based on the target response mode.

After the target response mode is determined, the password IP core is subjected to safety protection according to the target response mode, such as disabling the password IP core when the password IP core is abnormal, so that the safety of data is ensured. Specifically, the target response mode includes: one of a signal level response mode, a transaction level response mode, and a system level response mode; the signal level response mode represents a mode for covering abnormal signals of the password IP core in real time; the transaction-level response mode represents a mode of rolling back the password IP core to an initial state and re-executing a current encryption and decryption task; the system level response mode characterization isolates the cryptographic IP core and controls disabling the cryptographic IP core.

In the process of detecting the state of the password IP core to obtain a detection result, the state of the password IP core may be detected based on a target security policy to obtain a detection result. The target security policy comprises at least one of confidentiality policy, integrity policy and availability policy of the password IP core; the confidentiality strategy is used for ensuring that confidential data is not revealed or stolen when the password IP core receives a data reading request sent by the host; the integrity strategy is used for ensuring the reliability of the output result of the password IP core; the availability policy is used to ensure that the cryptographic IP core is correctly invoked by the system. In the embodiment of the invention, the security policy is the basis for detection and can be understood as the specific content of detection.

In order to achieve protection of confidentiality, functional integrity and availability of the cryptographic IP core runtime data, a corresponding security policy may be formulated. The security policy is divided into three types, namely a confidentiality policy, an integrity policy and an availability policy of the password IP, and the security policy is specifically as follows:

Confidentiality policy of cryptographic IP: during the operation of the cryptographic IP core, the input text data, secret information such as a secret key and the like cannot be leaked or partially leaked, and the operation result of the cryptographic IP can only be read once after the operation is completed. Any act of revealing text data and keys, or reading data while the cryptographic IP core is idle and during operation, is considered illegal, which cannot be output. This policy ensures that the cryptographic IP core does not reveal or steal confidential data when it receives a read data request sent by the host.

Integrity policy of cryptographic IP core: the actual operation result of the password IP core is consistent with the ideal result obtained by calculation according to the password algorithm and the working mode, and cannot be illegally tampered or destroyed. This strategy ensures that the output of the cryptographic IP is efficient and reliable.

Availability policy of cryptographic IP core: all functions of the password IP core can be correctly called by the system during the running of the system, and the password IP core can complete the whole encryption and decryption transaction within a limited time. If all or part of the functions can not be called by the system or the execution time of the single encryption and decryption transaction is too long, the usability policy of the password IP core is considered to be violated. This policy ensures that the cryptographic IP core can be correctly invoked by the system.

Referring to fig. 2, a schematic diagram of cooperative processing provided in an embodiment of the present invention may detect a state of a cryptographic IP core by presetting a detection mechanism in an actual application scenario. And a cooperative mechanism is arranged to judge according to the detection result, so as to determine a target response mode. And finally, executing corresponding response processing on the password IP core by setting a response mechanism.

The method comprises the steps of detecting the state of the password IP core to obtain a detection result, and setting a corresponding detection mechanism according to different detection conditions, wherein the numerical detection comprises numerical detection, time sequence detection and active detection, the numerical detection is carried out on a numerical signal output by the password IP core, the time sequence detection is carried out on the duration of the transaction execution state of the password IP core, and the active detection is carried out on the processing result of the password IP core on input information. Specifically, the method comprises the following steps:

Checking numerical values: it is checked whether the value signal output by the cryptographic IP core is identical to a preset error. Here, the preset error includes a case where data is read out when the password IP is in an idle state or the operation is not yet completed, and a case where an input text or a key is read out. The numerical check is a check measure of the confidentiality policy of the corresponding password IP.

And (3) time sequence checking: it is checked whether the duration of the respective states of the cryptographic IP core is within a defined range. The transaction execution time of the cipher IP core (the time from the completion of data input to the completion of encryption and decryption result output) and the actual operation time of the cipher IP core (the time from the completion of data input to the completion of operation waiting for the host to read the encryption and decryption result) are respectively timed. Considering that the host computer may not read the encryption and decryption results at the first time after the operation is completed, the transaction execution time has a relatively tolerant threshold value; whereas the number of rounds of transformation and the number of clock cycles required for each round of transformation for the cryptographic IP core to process a block of data in a certain mode of operation is an accurate value, the actual computation time is thus limited to a precise range. The timing check is one of the checking measures of the integrity policy and the availability policy of the corresponding cryptographic IP.

Actively checking: it is checked whether the result of the cryptographic IP core meets expectations. Since an attacker may destroy the integrity of the cryptographic IP core, resulting in an error in the operation result, which cannot be detected by numerical inspection and timing inspection, an inspection mechanism is required to initiate active inspection of the cryptographic IP core. In the active inspection, the information such as input text, key, initial vector, working mode and the like is sent to the password IP core by an inspection mechanism, and the operation result of the password IP core is compared with the ideal operation result. Active checking is one of the checking measures of the integrity policy and availability policy of the corresponding cryptographic IP core.

The collaboration mechanism determines according to the detection results of the above three inspection modes, and confirms a response mode to be executed by the response mechanism, where the response mode includes different levels such as a signal level, a transaction level, and a system level, referring to fig. 3, an application schematic diagram of the response mode provided by the embodiment of the present invention specifically includes:

Signal level response mode: and (5) covering the abnormal signals in real time. To prevent erroneous data and sensitive data output, the signal level response would override the abnormal signal to 0 in real time. The signal level response is a response measure to the confidentiality policy of the cryptographic IP.

Transaction level response mode: and rolling the password IP core back to an initial state and re-executing the encryption and decryption task. Considering that the actual operation time of the password IP core exceeds the expected condition and the like may be a result caused by accidental factors, the result of the operation is not approved, and the corresponding transaction level response rolls back the password IP and re-executes the encryption and decryption tasks. If the detection result of the plurality of anomalies causes the rollback times of the password IP core to reach a threshold value, the response measure is upgraded from the transaction-level response to the system-level response.

System level response mode: the cipher IP core is forbidden to be used and isolated, and the system level response is the highest-level response measure in response to the conditions of multiple occurrences of encryption and decryption results, key leakage and abnormal detection results corresponding to errors.

Referring to fig. 4 and fig. 5, the specific circuit architecture of the protection method according to the present invention is composed of functions and structural diagrams. The entire architecture consists of two parts, a Security Wrapper (SPC) and a Security policy controller (Security Policy Controller) of the cryptographic IP. The Security Wrapper is located at the interface of the password IP, monitors the interface signal of the password IP and presumes the working state of the password IP, and can execute timing sequence checking, numerical value checking and signal level response measures. SPC is an IP with a separate address that can interact with the host over the bus, can initiate active checking, and performs transaction-level and system-level response actions. The Security Wrapper and the SPC can communicate directly, the Security Wrapper notifies the SPC of the detection result in the form of an alarm signal, the SPC can configure the Security Wrapper, and test data required for active inspection is written to the password IP through the Security Wrapper.

Compared with other security architectures, the invention has the advantages of no need of knowing the internal circuit structure of the password IP, diversified online detection means, multi-level response means, good universality, easy transplantation and the like.

Referring to fig. 6, the workflow of the whole protection method in the practical application process is shown. The method specifically comprises the following steps: the checking trigger counts the idle state of the password IP, and when the timer reaches a threshold value and the data storage module is not updated by the host, the active checking module acquires the control right of the password IP through the Security Wrapper and initiates active checking. Because the password IP has a plurality of working modes, the active checking module determines the working modes and the encryption and decryption transaction times contained in one active checking task through the built-in pseudo-random number generator. In each encryption and decryption transaction, the active checking module reads the secret key, the initial vector and the input text data from the data storage module and transmits the secret key, the initial vector and the input text data to the password IP. And waiting until the password IP finishes operation to generate an interrupt signal, and then respectively reading an actual operation result and an ideal result from the password IP and the data storage module by the active checking module. When the actual operation result is inconsistent with the ideal result, the active checking module reports the abnormality to the error log module. If the SPC receives the alarm signal sent by the Security Wrapper during the active checking period and determines that the transaction level response measure needs to be executed, the active checking module waits for the current encryption and decryption transaction to be executed again after the current encryption and decryption transaction is completed. After all encryption and decryption transactions are completed, the active checking task is completed, and the active checking module waits for a next checking trigger signal.

The embodiment of the invention provides a security protection method for a password IP core, which comprises the following steps: monitoring an interface signal of a password IP core to obtain a real-time interface signal of the password IP core; detecting the state of the password IP core based on the real-time interface signal to obtain a detection result; and determining a target response mode aiming at the password IP core according to the detection result, so that the password IP core is processed based on the target response mode. The invention can realize the integrated protection of the detection and response of the password IP core, has the advantages of no need of knowing the internal circuit structure of the password IP, diversified online detection means, multi-level response means, good universality, easy transplantation and the like, and improves the security protection precision of the password IP core.

In another embodiment of the present invention, there is also provided a security protection system for a cryptographic IP core, see fig. 7, the system including:

the monitoring unit 701 is configured to monitor an interface signal of the cryptographic IP core, so as to obtain a real-time interface signal of the cryptographic IP core;

The detecting unit 702 is configured to detect, based on the real-time interface signal, a state of the cryptographic IP core to obtain a detection result;

and a response unit 703, configured to determine a target response mode for the cryptographic IP core according to the detection result, so that the cryptographic IP core is processed based on the target response mode.

Optionally, the detection unit includes:

Optionally, the first determining subunit is specifically configured to:

Optionally, the detection unit is further configured to:

The invention provides a security protection system for a password IP core, which comprises: the monitoring unit monitors the interface signal of the password IP core to obtain a real-time interface signal of the password IP core; the detection unit detects the state of the password IP core based on the real-time interface signal to obtain a detection result; and the determining unit determines a target response mode aiming at the password IP core according to the detection result so as to process the password IP core based on the target response mode. The invention can realize the integrated protection of the detection and response of the password IP core, and improves the security protection accuracy of the password IP core.

Based on the foregoing embodiments, embodiments of the present application provide a computer-readable storage medium storing one or more programs executable by one or more processors to implement the steps of the security protection method for a cryptographic IP core as in any of the above.

The embodiment of the invention also provides electronic equipment, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the steps of security protection for the password IP core.

It should be noted that, the specific implementation process of the above processor is referred to the description of the foregoing embodiments, and will not be described in detail herein.

The Processor or CPU may be at least one of an Application SPECIFIC INTEGRATED Circuit (ASIC), a digital signal Processor (DIGITAL SIGNAL Processor, DSP), a digital signal processing device (DIGITAL SIGNAL Processing Device, DSPD), a programmable logic device (Programmable Logic Device, PLD), a field programmable gate array (Field Programmable GATE ARRAY, FPGA), a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, and a microprocessor. It will be appreciated that the electronic device implementing the above-mentioned processor function may be other, and embodiments of the present application are not limited in detail.

In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A method of security protection for a cryptographic IP core, the method comprising:

2. The method according to claim 1, wherein detecting the state of the cryptographic IP core based on the real-time interface signal to obtain a detection result includes:

3. The method according to claim 2, wherein the determining the detection result of the cryptographic IP core according to the target information and the detection condition corresponding to the target information includes:

4. The method of claim 1, wherein the target response pattern comprises: one of a signal level response mode, a transaction level response mode, and a system level response mode;

5. The method according to claim 1, wherein the detecting the state of the cryptographic IP core to obtain a detection result includes:

6. A security protection system for a cryptographic IP core, the system comprising:

7. The system of claim 6, wherein the detection unit comprises:

8. The system according to claim 7, wherein the first determining subunit is specifically configured to:

9. The system of claim 6, wherein the target response mode comprises: one of a signal level response mode, a transaction level response mode, and a system level response mode;

10. The system of claim 6, wherein the detection unit is further configured to: