A kind of multi layer gridding detector of chip and anti-attack method thereof
Technical field
The present invention relates to a kind of chip technology of integrated circuit, the in particular a kind of gridding detector structure of outside cut attack and method of attack protection thereof resisted.
Background technology
Integrated circuit of the prior art (IC) has been widely used in each information carrier field, but in the use of reality, a lot of critical information are saved in the integrated circuit, as information such as Bank Account Number and passwords, the perhaps information of individual privacy, in the past, the security of this information is mathematical.But along with the development of reverse engineering technology after the development of technology, the particularly nineties, at present this core data and the information that is kept among the IC can obtain by the reverse engineering technology by certain technological means.
The attack technology of smart card can be divided into two big classes according to the physical package of whether destroying intelligent card chip: the destructive attack and the non-destructive attack.
The destructive attack with the chip reverse engineering is consistent on initial step: use fuming nitric aicd to remove the epoxy resin of parcel nude film; Finish cleaning with acetone/deionized water/isopropyl alcohol; The hydrofluorite ultra sonic bath is further removed each layer metal of chip.After removing Chip Packaging, recover chip functions pad and extraneous being electrically connected by gold wire bonding, can use manual microprobe to obtain interested signal at last.CMOS product for below the deep-submicron has the metal connecting line more than 3 layers usually, for understanding the inner structure of chip, successively removes possibly to obtain the required information of reconfigurable chip layout design.On the basis of understanding the internal signal cabling, focused ion beam (FIB) repairing technique even can be used for interested signal is linked the surface of chip for further observing.
Non-destructive is attacked and is primarily aimed at the product with microprocessor, and its means mainly comprise software attacks, eavesdropping technology and fault generating technique.Software attacks is used the general-purpose communication interface of microprocessor, the weakness of seeking security protocol, cryptographic algorithm and their physics realization; The eavesdropping technology adopts the method for high time domain precision, the simulation feature of the various electromagnetic radiation that the analysis power interface produces in the microprocessor course of normal operation; The fault generating technique makes processor produce fault, thereby obtains extra visit approach by producing unusual applied environment condition.
The attack of smart card is generally from destructive reverse engineering, and its conclusion can be used for the cheap and non-destructive attack means fast of exploitation, and this is one of the most effective modal smart card attack mode.
For preventing of the detection of above-mentioned microprobe to bus signals; the safety chip of prior art promptly is exclusively used in the hardware chip of structure hardware security and protection core data from having increased countermove once producing; for example on nude film, before the encapsulation the fine and closely woven metal grill of one deck is set; the fine and closely woven degree of its grid is in micron dimension; before utilizing reverse engineering to use destructive attack to demonstrate nude film; because the nude film outside also is enclosed with the layer of metal grid; can play the effect that stops direct use microprobe to read signal, and fine and closely woven metal grill has also increased the recognition difficulty to each layer architecture of chip.
But, occurred using cut to realize breaking through the technological means of metal grill at this kind metal grill at present in the prior art, therefore, core information at particular importance, use laser cutting technique can destroy each layer metal grill and the inner structure of unlikely destruction chip uses above-mentioned technological means to carry out successful attack then.
Therefore, the chip technology of prior art still can not effectively be protected the chip of preserving important core data, and there is technological deficiency in it, and awaits improving and development.
Summary of the invention
The object of the present invention is to provide a kind of multi layer gridding detector and anti-attack method thereof of chip; cut at prior art is attacked problem; the gridding detector that is provided with a multilayer with and the method for attack protection; by surveying in time core data being reset of metal grill by attack condition; to realize effective protection, prevent that the signal that the disabled user uses microprobe to monitor on the bus from obtaining important procedure and data to important core data.
Technical scheme of the present invention is as follows:
A kind of multi layer gridding detector of chip, wherein, in the outer encapsulated layer of the nude film of described chip, be provided with one deck gridding detector at least, described gridding detector comprises a voltage that increases on described metal grill, and the detectable signal that generates according to this voltage, be electrically connected and insert the triggering stitch of a CPU, be used to trigger zero clearing or the reset operation of this CPU storer.
Described detector, wherein, described gridding detector is set to two-grid at least, and described gridding detector also comprises a decision circuitry, is connected between described two-layer output signal point and the control circuit; Described decision circuitry comprises reverse components and parts, is connected described low-level output signal point; The output terminal of described reverse components and parts and described high level output signal point together insert one with the door components and parts after, be electrically connected with described control circuit.
Described detector, wherein, the grid of described gridding detector on described chip at random, alternately arrange.
Described detector wherein, also is provided with a counter between described and door components and parts and the described control circuit, is used for upset to described control signal and count down to the described control circuit of triggering behind the predetermined number.
Described detector, wherein, described control circuit is the CPU of control store zero clearing or the internal circuit that is used to reset.
A kind of anti-attack method of multi layer gridding detector of chip, it may further comprise the steps:
A) two-grid at least is set on described chip, and between signal output point on the described grid and described control circuit, decision circuitry being set, described decision circuitry is set to that connect the reverse components and parts of low level signal output point and connect the high level signal output point simultaneously and door components and parts;
When b) described grid was subjected to cut and attacks, the level signal upset of described high or low level signal output point was carried out zero clearing with a door components and parts output control signal trigger control circuit to storer or is resetted by described.
Described method, wherein, described method also comprises step:
C) between described and door components and parts and described control circuit, a counter is set, described level signal upset number of times is judged, reach behind the pre-determined number to described control circuit transmission trigger pip.
Described method, wherein, the CPU or that described control circuit also is included as a control store zero clearing is used to control the internal circuit that resets.
The multi layer gridding detector of a kind of chip provided by the present invention and anti-attack method thereof; owing to adopted the metal grill that on safety chip, is provided with and disconnected or the detector circuit of short circuit and according to the technical scheme of taking guard method of result of detection to core data at this grid; increased the difficulty of reverse engineering, realized effective protection core data.
Description of drawings
Fig. 1 a is the synoptic diagram that the non-safety to chip of prior art is attacked;
Fig. 1 is the circuit theory diagrams of first preferred embodiment of gridding detector technology of the present invention;
Fig. 2 a is the circuit theory diagrams of second preferred embodiment of gridding detector technology of the present invention;
Fig. 2 b is the circuit theory diagrams of the 3rd preferred embodiment of gridding detector technology of the present invention;
Fig. 3 is the synoptic diagram of chip surface of the present invention;
Fig. 4 is the enlarged diagram of chip surface network of the present invention.
Embodiment
Below in conjunction with accompanying drawing, will carry out comparatively detailed explanation to each preferred embodiment of the present invention.
The multi layer gridding detector of described chip of the present invention and anti-attack method thereof; it is a kind of multi layer gridding detector technology that prevents that cut from attacking; it can be used in the integrated circuit (IC) design; be used for program and data storage areas are protected, prevent that the signal that the disabled user uses microprobe to monitor on the bus from obtaining significant data.The integrated circuit testing platform can link to each other the signal on the chip by microprobe with the external world, usually the target size of microprobe is generally about 1 micron, and most advanced and sophisticated probe station price less than 0.1 micron is on the hundreds of thousands dollar, and extremely difficult the acquisition.For preventing the microprobe detection, a well-designed grid covers described chip nude film skin, manual microprobe will be attacked be difficult to carry out, and general FIB repairing technique also is difficult to go beyond.What is called prevents that gridding detector technology that cut is attacked is meant the superiors' aluminium has been constituted a detector grid network, can prevent effectively that microprobe from obtaining memory data, has improved the anti-dissection ability of chip simultaneously.The present invention prevents that the gridding detector that cut is attacked from being when chip powers up, the detector grid can prevent that cut from going to obtain the content of bus, when cut, the detector grid can be continuous monitor short circuit and chopping signal and according to the output of detector, the microprocessor controller of chip trigger circuit immediately perhaps carries out chip reset with the whole zero clearings of the content in program and the data storage areas.These metal grills are also influential for the reverse extraction of each layer metal connecting line under it, because the grid etching is not uniform, in lower floor as seen the pattern of upper strata metal brings a lot of troubles can for the automatic reverse tracking of domain, has improved the anti-dissection ability of chip thus.
The multi layer gridding detector of described chip of the present invention and anti-attack method thereof in the full chip erase to program and data storage areas, add a control signal to erase operation, and this control signal comes from detector signal; When detector signal was effective, full chip erase was effective, and chip reset is effective, with the whole zero clearings of the content in program and the data storage areas, and perhaps chip reset, thereby defence program and data storage area effectively.
What the technology of the present invention was suitable for is the design of integrated circuit that has storer, the widely used integrated circuit (IC) chip that has storer is various types of IC-card integrated circuit (IC) chip and SOC integrated circuit (IC) chip at present, SIM card as GSM, usim card, bank card, social security card, and chip of various storages application or the like is arranged.
The multi layer gridding detector of chip of the present invention and anti-attack method thereof can adopt one deck safeguard procedures at least, as shown in Figure 1, promptly form single grid B0 by aluminum steel, and its signal communication situation is input among the CPU as a control signal.When its grid was cut off, circuit sent interruptive command to CPU, made chip carry out self-protection.But its shortcoming is also apparent in view; use the FIB technology can break through its protection easily: since on the grid any 2 can interconnect and CPU is produced interrupt; the assailant can connect aluminum steel in place so that wherein a part of mesh lines short circuit; can not transmit control signal to CPU this moment; and make the sub-fraction of this grid uncorrelated with whole grid; thereby can cut this part incoherent grid arbitrarily, cause its protection to be lost efficacy.
In another preferred embodiment of the present invention, be to control respectively by the microprocessor controller CPU in the chip at the full chip erase signal of normal program FLASH or EEPROM and data FLASH or EEPROM.The designed gridding detector circuit of the present invention is as Fig. 2 a or shown in Fig. 2 b, square frame B0 and B1 represent respectively is cage circuit on the IC chip layout, it adopts different trends and level, following resistance R 0, R1 are all greater than 10M ohm, be connected to decision circuitry by signal output point A point and B point, the A point under normal condition in low level, the B point is at high level, described decision circuitry comprises the reverse components and parts 110 that are connected with the A point, and one and door components and parts 120, receive on the look-at-me line of CPU by decision circuitry output.During operate as normal, the level that A is ordered is 0, and the B level point is 1; When grid was cut off, the upset of signal level that A point or B are ordered will produce detectable signal, as the A level point be 1 or the B level point be 0, promptly being output as level after handling by decision circuitry is 0, thereby causes signal to change; For preventing the generation of accidental interruption, this detectable signal is sent in the counter, have only signal to keep when the chien shih system validation is under attack rather than internal delay time really when sufficiently long, if detectable signal is sent on the CPU look-at-me of Fig. 2 a, CPU will send instruction with data erase, i.e. zero clearing in all FLASH or the eeprom memory.If detectable signal is delivered on the reset signal as circuit embodiments as described in Fig. 2 b, CPU will control internal circuit with this chip reset, guarantees that the internal core data are not read out; Be the way of realization on the concrete domain as described in Figure 3, Fig. 4 is the anti-partial enlarged drawing of surveying grid.It is noted that foregoing circuit all is arranged on the circuit of chip internal.
Design has two-grid among the present invention, every layer of grid is made up of the sub-grid of two complementary symmetries, and as shown in Figure 4, the level that every aluminum steel connected is at random, that is to say that any two aluminum steels all may belong to two different sub-grids, while two sub-grids are ground connection and power supply respectively.The assailant can only be respectively be FIB to every aluminum steel respectively guaranteeing can not to trigger detector, owing to the reason assailant of technology is difficult to simultaneously the grid location on two chips to attack grid in destructive mode then at identical coordinate.If the assailant needs the area of 10um*10um, so at least 10 aluminum steels of every layer of grid need be FIB, because the aluminum steel that upper strata grid and the grid FIB of lower floor come out can not be overlapping, this just requires area that the assailant is FIB much larger than 10um*10um, and the actual needs aluminum steel of being FIB is much larger than 20 of two-layer aluminum steel like this.So the cost that the present invention can make the assailant pay more tens times or even hundreds of times just can reach same purpose, the assailant can not be born from cost, thereby more effectively protect chip not under fire.
The multi layer gridding detector of chip of the present invention and anti-attack method thereof have prevented that the signal that the disabled user uses microprobe to monitor on the bus from obtaining important procedure and data, thereby have prevented the attack to user program and data.The microprobe technology is by semiconductor testing apparatus, the invasive attack technology that special-purpose precision equipments such as microscope and micropositioner carry out, and it need destroy encapsulation.And user's program and data are needs to be keep secret, especially user's password, data such as key, can not allow the disabled user know, many attacks at present are that illegal user connects with some circuit of laser cutting, change command decoder, programmable counter circuit, reach the signal of monitoring on the bus and obtain user's the program and the purpose of data.The disabled user reaches program and the data of usurping the user by above-mentioned means, thereby causes the infringement to validated user.Because above-mentioned attack generally is destructive to chip, therefore can directly carry out whole zero clearings to chip at this kind attack, cause this chip to destroy fully; Or chip resetted, revert to state when dispatching from the factory, also be losing of the important irrecoverable property of core data, the disabled user can't be known with technological means.
Therefore, the multi layer gridding detector of a kind of chip provided by the present invention and anti-attack method thereof, owing to adopted especially multi layer gridding detector circuit of gridding detector circuit, having improved the preventing laser attack level of safety chip, is that a novel chip with high security designs production technology.
Should be understood that above-mentioned explanation at specific embodiment is comparatively concrete, can not therefore be interpreted as the restriction to scope of patent protection of the present invention, scope of patent protection of the present invention should be as the criterion with claims.