A kind of gridding detector of chip and anti-attack method thereof
Technical field
The present invention relates to a kind of chip technology of integrated circuit, the in particular a kind of gridding detector structure of outside cut attack and method of attack protection thereof resisted.
Background technology
Integrated circuit of the prior art (IC) has been widely used in each information carrier field, but in the use of reality, a lot of critical information are saved in the integrated circuit, as information such as Bank Account Number and passwords, the perhaps information of individual privacy, in the past, the security of this information is mathematical.But along with the development of reverse engineering technology after the development of technology, the particularly nineties, at present this core data and the information that is kept among the IC can obtain by the reverse engineering technology by certain technological means.
The attack technology of smart card can be divided into two big classes according to the physical package of whether destroying intelligent card chip: the destructive attack and the non-destructive attack.
The destructive attack with the chip reverse engineering is consistent on initial step: use fuming nitric aicd to remove the epoxy resin of parcel nude film; Finish cleaning with acetone/deionized water/isopropyl alcohol; The hydrofluorite ultra sonic bath is further removed each layer metal of chip.After removing Chip Packaging, recover chip functions pad and extraneous being electrically connected by gold wire bonding, can use manual microprobe to obtain interested signal at last.CMOS product for below the deep-submicron has the metal connecting line more than 3 layers usually, for understanding the inner structure of chip, successively removes possibly to obtain the required information of reconfigurable chip layout design.On the basis of understanding the internal signal cabling, focused ion beam (FIB) repairing technique even can be used for interested signal is linked the surface of chip for further observing.
Non-destructive is attacked and is primarily aimed at the product with microprocessor, and its means mainly comprise software attacks, eavesdropping technology and fault generating technique.Software attacks is used the general-purpose communication interface of microprocessor, the weakness of seeking security protocol, cryptographic algorithm and their physics realization; The eavesdropping technology adopts the method for high time domain precision, the simulation feature of the various electromagnetic radiation that the analysis power interface produces in the microprocessor course of normal operation; The fault generating technique makes processor produce fault, thereby obtains extra visit approach by producing unusual applied environment condition.
The attack of smart card is generally from destructive reverse engineering, and its conclusion can be used for the cheap and non-destructive attack means fast of exploitation, and this is one of the most effective modal smart card attack mode.
For preventing of the detection of above-mentioned microprobe to bus signals; the safety chip of prior art promptly is exclusively used in the hardware chip of structure hardware security and protection core data from having increased countermove once producing; for example on nude film, before the encapsulation the fine and closely woven metal grill of one deck is set; the fine and closely woven degree of its grid is in micron dimension; before utilizing reverse engineering to use destructive attack to demonstrate nude film; because the nude film outside also is enclosed with the layer of metal grid; can play the effect that stops direct use microprobe to read signal, and fine and closely woven metal grill has also increased the recognition difficulty to each layer architecture of chip.
But, occurred using cut to realize breaking through the technological means of metal grill at this kind metal grill at present in the prior art, therefore, core information at particular importance, use laser cutting technique can destroy each layer metal grill and the inner structure of unlikely destruction chip uses above-mentioned technological means to carry out successful attack then.
Therefore, the chip technology of prior art still can not effectively be protected the chip of preserving important core data, and there is technological deficiency in it, and awaits improving and development.
Summary of the invention
The object of the present invention is to provide a kind of gridding detector and anti-attack method thereof of chip; cut at prior art is attacked problem; be provided with a gridding detector with one deck metal grill at least with and the method for attack protection; by surveying in time core data being reset of metal grill by attack condition; to realize effective protection, prevent that the signal that the disabled user uses microprobe to monitor on the bus from obtaining important procedure and data to important core data.
Technical scheme of the present invention is as follows:
A kind of gridding detector of chip, wherein, in the outer encapsulated layer of the nude film of described chip, be provided with and have this gridding detector of one deck metal grill at least, described gridding detector comprises a voltage that applies on described metal grill, and with the signal communication situation of every layer of metal grill as detectable signal, be electrically connected and insert the triggering stitch of a control circuit, be used to trigger zero clearing or the reset operation of this control circuit storer.
Described detector, wherein, described gridding detector has double layer of metal grid at least, described gridding detector also comprises a decision circuitry, the output signal point of every layer of metal grill in the input end of this decision circuitry and the described grid of double layer of metal at least links to each other, and the output terminal of this decision circuitry links to each other with the input end of this control circuit of chip; Described decision circuitry comprises reverse components and parts, and its input end is connected the low-level output signal point in the described output signal point; High level output signal point in the output terminal of described reverse components and parts and the described output signal point together insert one with the input end of door components and parts, should be electrically connected with the input end of described control circuit with the output terminal of door components and parts.
Described detector, wherein, the metal grill of described gridding detector on described chip at random, alternately arrange.
Described detector, wherein, also be provided with a counter between described and door components and parts and the described control circuit, the input end of described counter links to each other with described output terminal with the door components and parts, and the output terminal of this counter links to each other with the input end of the control circuit of chip; This counter is used for triggering described control circuit after upset to described detectable signal count down to a predetermined number.
Described detector, wherein, described control circuit is the CPU of this storer zero clearing of control chip or the internal circuit that is used to reset.
A kind of anti-attack method of gridding detector of chip, it may further comprise the steps:
A) gridding detector is set on described chip, this gridding detector comprises a double layer of metal grid and a control circuit at least, and be included in the decision circuitry that is provided with between signal output point on the described metal grill and the described control circuit, described decision circuitry be set to one connect the reverse components and parts of the low level signal output point in the described signal output point and connect the output terminal of reverse components and parts simultaneously and the high level signal output point in the described signal output point with the door components and parts;
When b) described metal grill was subjected to cut and attacks, the level signal upset of described high or low level signal output point was carried out zero clearing to the storer of chip or is resetted by described and door components and parts output control signal trigger control circuit.
Described method, wherein, described method also comprises step:
C) between described and door components and parts and described control circuit, a counter is set, described level signal upset number of times is judged, reach behind the pre-determined number to described control circuit transmission trigger pip.
Described method, wherein, described control circuit is that the CPU or of the storer zero clearing of a control chip is used to control the internal circuit that resets.
The gridding detector of a kind of chip provided by the present invention and anti-attack method thereof; owing to adopted the metal grill that on safety chip, is provided with and disconnected or the detector circuit of short circuit and according to the technical scheme of taking guard method of result of detection to core data at this grid; increased the difficulty of reverse engineering, realized effective protection core data.
Description of drawings
Fig. 1 a is the synoptic diagram that the non-safety to chip of prior art is attacked;
Fig. 1 is the circuit theory diagrams of first preferred embodiment of gridding detector technology of the present invention;
Fig. 2 a is the circuit theory diagrams of second preferred embodiment of gridding detector technology of the present invention;
Fig. 2 b is the circuit theory diagrams of the 3rd preferred embodiment of gridding detector technology of the present invention;
Fig. 3 is the synoptic diagram of chip surface of the present invention;
Fig. 4 is the enlarged diagram of chip surface network of the present invention.
Embodiment
Below in conjunction with accompanying drawing, will carry out comparatively detailed explanation to each preferred embodiment of the present invention.
The gridding detector of described chip of the present invention and anti-attack method thereof; it is a kind of gridding detector technology that prevents that cut from attacking; it can be used in the integrated circuit (IC) design; be used for program and data storage areas are protected, prevent that the signal that the disabled user uses microprobe to monitor on the bus from obtaining significant data.The integrated circuit testing platform can link to each other the signal on the chip by microprobe with the external world, usually the target size of microprobe is generally about 1 micron, and most advanced and sophisticated probe station price less than 0.1 micron is on the hundreds of thousands dollar, and extremely difficult the acquisition.For preventing the microprobe detection, a well-designed grid covers described chip nude film skin, manual microprobe will be attacked be difficult to carry out, and general FIB repairing technique also is difficult to go beyond.What is called prevents that gridding detector technology that cut is attacked is meant the superiors' aluminium has been constituted a detector grid network, can prevent effectively that microprobe from obtaining memory data, has improved the anti-dissection ability of chip simultaneously.The present invention prevents that the gridding detector that cut is attacked from being when chip powers up, the detector grid can prevent that cut from going to obtain the content of bus, when cut, the detector grid can be continuous monitor short circuit and chopping signal and according to the output of detector, the microprocessor controller of chip trigger circuit immediately perhaps carries out chip reset with the whole zero clearings of the content in program and the data storage areas.These metal grills are also influential for the reverse extraction of each layer metal connecting line under it, because the grid etching is not uniform, in lower floor as seen the pattern of upper strata metal brings a lot of troubles can for the automatic reverse tracking of domain, has improved the anti-dissection ability of chip thus.
The gridding detector of described chip of the present invention and anti-attack method thereof in the full chip erase to program and data storage areas, add a control signal to erase operation, and this control signal comes from detector signal; When detector signal was effective, full chip erase was effective, and chip reset is effective, with the whole zero clearings of the content in program and the data storage areas, and perhaps chip reset, thereby defence program and data storage area effectively.
What the technology of the present invention was suitable for is the design of integrated circuit that has storer, the widely used integrated circuit (IC) chip that has storer is various types of IC-card integrated circuit (IC) chip and SOC integrated circuit (IC) chip at present, SIM card as GSM, usim card, bank card, social security card, and chip of various storages application or the like is arranged.
The gridding detector of chip of the present invention and anti-attack method thereof can adopt one deck safeguard procedures at least, as shown in Figure 1, promptly form single grid B0 by aluminum steel, and its signal communication situation is input among the CPU as a control signal.When its grid was cut off, circuit sent interruptive command to CPU, made chip carry out self-protection.But its shortcoming is also apparent in view; use the FIB technology can break through its protection easily: since on the grid any 2 can interconnect and CPU is produced interrupt; the assailant can connect aluminum steel in place so that wherein a part of mesh lines short circuit; can not transmit control signal to CPU this moment; and make the sub-fraction of this grid uncorrelated with whole grid; thereby can cut this part incoherent grid arbitrarily, cause its protection to be lost efficacy.
In another preferred embodiment of the present invention, be to control respectively by the microprocessor controller CPU in the chip at the full chip erase signal of normal program FLASH or EEPROM and data FLASH or EEPROM.The designed gridding detector circuit of the present invention is as Fig. 2 a or shown in Fig. 2 b, square frame B0 and B1 represent respectively is cage circuit on the IC chip layout, it adopts different trends and level, following resistance R 0, R1 are all greater than 10M ohm, be connected to decision circuitry by signal output point A point and B point, the A point under normal condition in low level, the B point is at high level, described decision circuitry comprises the reverse components and parts 110 that are connected with the A point, and one and door components and parts 120, receive on the look-at-me line of CPU by decision circuitry output.During operate as normal, the level that A is ordered is 0, and the B level point is 1; When grid was cut off, the upset of signal level that A point or B are ordered will produce detectable signal, as the A level point be 1 or the B level point be 0, promptly being output as level after handling by decision circuitry is 0, thereby causes signal to change; For preventing the generation of accidental interruption, this detectable signal is sent in the counter, have only signal to keep when the chien shih system validation is under attack rather than internal delay time really when sufficiently long, if detectable signal is sent on the CPU look-at-me of Fig. 2 a, CPU will send instruction with data erase, i.e. zero clearing in all FLASH or the eeprom memory.If detectable signal is delivered on the reset signal as circuit embodiments as described in Fig. 2 b, CPU will control internal circuit with this chip reset, guarantees that the internal core data are not read out; Be the way of realization on the concrete domain as described in Figure 3, Fig. 4 is the anti-partial enlarged drawing of surveying grid.It is noted that foregoing circuit all is arranged on the circuit of chip internal.
Design has two-grid among the present invention, every layer of grid is made up of the sub-grid of two complementary symmetries, and as shown in Figure 4, the level that every aluminum steel connected is at random, that is to say that any two aluminum steels all may belong to two different sub-grids, while two sub-grids are ground connection and power supply respectively.The assailant can only be respectively be FIB to every aluminum steel respectively guaranteeing can not to trigger detector, owing to the reason assailant of technology is difficult to simultaneously the grid location on two chips to attack grid in destructive mode then at identical coordinate.If the assailant needs the area of 10um*10um, so at least 10 aluminum steels of every layer of grid need be FIB, because the aluminum steel that upper strata grid and the grid FIB of lower floor come out can not be overlapping, this just requires area that the assailant is FIB much larger than 10um*10um, and the actual needs aluminum steel of being FIB is much larger than 20 of two-layer aluminum steel like this.So the cost that the present invention can make the assailant pay more tens times or even hundreds of times just can reach same purpose, the assailant can not be born from cost, thereby more effectively protect chip not under fire.
The gridding detector of chip of the present invention and anti-attack method thereof have prevented that the signal that the disabled user uses microprobe to monitor on the bus from obtaining important procedure and data, thereby have prevented the attack to user program and data.The microprobe technology is by semiconductor testing apparatus, the invasive attack technology that special-purpose precision equipments such as microscope and micropositioner carry out, and it need destroy encapsulation.And user's program and data are needs to be keep secret, especially user's password, data such as key, can not allow the disabled user know, many attacks at present are that illegal user connects with some circuit of laser cutting, change command decoder, programmable counter circuit, reach the signal of monitoring on the bus and obtain user's the program and the purpose of data.The disabled user reaches program and the data of usurping the user by above-mentioned means, thereby causes the infringement to validated user.Because above-mentioned attack generally is destructive to chip, therefore can directly carry out whole zero clearings to chip at this kind attack, cause this chip to destroy fully; Or chip resetted, revert to state when dispatching from the factory, also be losing of the important irrecoverable property of core data, the disabled user can't be known with technological means.
Therefore, the gridding detector of a kind of chip provided by the present invention and anti-attack method thereof, owing to adopted the especially gridding detector circuit of multi-layer net of gridding detector circuit, having improved the preventing laser attack level of safety chip, is that a novel chip with high security designs production technology.
Should be understood that above-mentioned explanation at specific embodiment is comparatively concrete, can not therefore be interpreted as the restriction to scope of patent protection of the present invention, scope of patent protection of the present invention should be as the criterion with claims.