WO2012111872A1 - 물리적 공격을 방어하는 암호화 장치 및 암호화 방법 - Google Patents
물리적 공격을 방어하는 암호화 장치 및 암호화 방법 Download PDFInfo
- Publication number
- WO2012111872A1 WO2012111872A1 PCT/KR2011/001376 KR2011001376W WO2012111872A1 WO 2012111872 A1 WO2012111872 A1 WO 2012111872A1 KR 2011001376 W KR2011001376 W KR 2011001376W WO 2012111872 A1 WO2012111872 A1 WO 2012111872A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- encryption key
- encryption
- module
- key module
- inverter
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
Definitions
- It relates to the field of digital security, and more particularly to cryptographic devices and methods for managing encryption keys to protect against physical attacks in IC security modules such as smart cards.
- Smart cards are plastic cards the size of a credit card and include an integrated circuit (IC) that can process and process data.
- IC integrated circuit
- Such a smart card has various advantages over a conventional magnetic card, has a data storage capacity of its own, and has a processing unit such as a co-processor along with a microprocessor.
- an encryption operation is performed by using an encryption algorithm for handling personal information for identification and handling financial settlement information.
- Some of the known physical attacks include bus probing, test-mode probing, overwriting ROM or EEPROM, depending on the memory characteristics and data storage methods of the EEPROM and ROM used in the hardware security module. (overwriting) attack methods.
- An encryption apparatus and method that are robust against physical attacks on smart cards are provided.
- cryptographic devices and methods are provided in which the generated or stored cryptographic keys are not extracted directly in memory. Also provided are cryptographic devices and methods that do not leak through a bus in the IC chip of a smart card.
- an encryption apparatus for receiving an input data to be encrypted and performing an encryption algorithm using an encryption key, comprising: an encryption key module for providing an encryption key therein, the encryption provided by the encryption key module There is provided an encryption device comprising an encryption module for performing the encryption algorithm using a key.
- the encryption module may include a plurality of encryption key modules, each providing a different encryption key therein, in this case, the encryption module encryption key module selection unit for selecting any one of the plurality of encryption key modules And an encryption unit that performs the encryption algorithm using an encryption key provided by the selected encryption key module.
- the encryption key module selecting unit may select an encryption key module corresponding to a predetermined identification index among the plurality of encryption key modules.
- the encryption module includes a plurality of standard cells, and the plurality of encryption key modules are disposed at random positions during the layout of the plurality of standard cells included in the encryption module.
- the standard cell may be a standardized element or element block used in the implementation of an encryption module.
- the encryption module performs the encryption algorithm using an encryption key provided by the encryption key module included in the encryption module, and the encryption key provided by the encryption key module is the encryption. It does not leak out of the module, and no additional encryption key is introduced into the encryption module to perform the encryption algorithm.
- the encryption key module is a nonvolatile memory module that stores the encryption key generated in advance.
- the encryption key module is a non-memory module for generating and providing the encryption key.
- the cryptographic key module intentionally violates the design rules provided in the semiconductor manufacturing process, thereby probablely determining whether a short circuit between nodes in the cryptographic key module is determined, and the cryptographic key module reads whether the short circuit between the nodes exists.
- the encryption key can be generated and provided according to the result.
- the node in the cryptographic key module is a conductive layer of a semiconductor, and the design rule is related to the size of a contact or via formed between the conductive layers of the semiconductor, and the cryptographic key module is a conductive layer of the semiconductor.
- the encryption key may be generated and provided using whether or not a contact or via formed between them shorts the conductive layer.
- the encryption key module the probability that the contact or via formed between the conductive layers of the semiconductor intentionally violates the design rules provided in the semiconductor manufacturing process and the probability of not shorting the conductive layer. It can have a size of the contact or via, such that the difference is within a predetermined error range.
- the cryptographic key module has N unit structures for generating a 1-bit digital value using a pair of conductive layers and a contact or via connecting therebetween , N is a natural number.-Generates the N-bit digital value generated through the N unit structures as the encryption key.
- the cryptographic key module groups the generated N-bit digital values in k units, where k is a natural number, and compares the first group and the second group of the plurality of grouped groups.
- the digital value representing the first group and the second group is determined as 1 when a value composed of k digital bits included in the first group is greater than a value comprised of k digital bits included in the second group.
- a digital value representing the first group and the second group may be determined as 0, and a digital value of N / k bits may be generated as the encryption key.
- the node in the cryptographic key module is a conductive layer of a semiconductor
- the design rule is associated with a gap between the conductive layers of the semiconductor
- the cryptographic key module is the semiconductor
- the encryption key may be generated and provided by using whether or not the conductive layers of the substrate are short-circuited.
- the cryptographic key module includes N unit cells each outputting a digital value of 1 bit, where N is a natural number, each of the N unit cells
- the encryption key module may generate and provide an N-bit encryption key by generating a 1-bit digital value based on a semiconductor manufacturing process variation.
- a first unit cell of the N unit cells includes a first inverter having a first logic threshold and a second inverter having a second logic threshold, wherein the input terminal of the first inverter and the second inverter are provided.
- the output terminal of the inverter is connected to the first node, the output terminal of the first inverter and the input terminal of the second inverter are connected to the second node, forming a feedback structure, and the first logic threshold and the second logic
- the thresholds are different from each other based on the semiconductor manufacturing process variation, and a 1-bit digital value corresponding to the first unit cell may be determined according to the logic level of the first node and the logic level of the second node.
- the cryptographic key module includes N (where N is a natural number) differential amplifiers, wherein the first differential amplifier of the N differential amplifiers comprises: When two input terminals of the first differential amplifier are shorted, the logic levels of the two output terminals of the first differential amplifier are different from each other based on the semiconductor manufacturing process deviation, and the logic levels of the two output terminals are different from each other.
- a one-bit digital value corresponding to one differential amplifier may be determined so that the cryptographic key module generates and provides an N-bit cryptographic key.
- the step of receiving the data to be encrypted into the encryption module including an encryption key module for providing an encryption key therein, and performing the encryption algorithm using the encryption key provided by the encryption key module
- an encryption method comprising the step of encrypting the data.
- an IC chip for receiving an input data to be encrypted and performing an encryption algorithm using an encryption key includes an encryption key module for providing an encryption key therein, the encryption key module providing An IC chip including an encryption module for performing the encryption algorithm using an encryption key is provided.
- the IC chip may be embedded in a smart card to perform the encryption algorithm in the application example of the smart card.
- FIG 1 illustrates an encryption apparatus according to an embodiment of the present invention.
- FIG 2 illustrates an encryption module according to an embodiment of the present invention.
- FIG. 3 is a block diagram illustrating an exemplary configuration of an encryption module according to an embodiment of the present invention.
- FIG. 4 is an exemplary circuit diagram illustrating a concept of a unit cell constituting an encryption key module having a PUF (Physical Unclonable Functions) type that generates an encryption key using a process deviation according to an embodiment of the present invention.
- PUF Physical Unclonable Functions
- FIG. 5 is a reference graph for understanding the embodiment of FIG. 4.
- FIG. 6 is a block diagram illustrating an exemplary implementation of a cryptographic key module according to one embodiment of the invention.
- FIG. 7 illustrates a unit cell of a cryptographic key module that generates a digital value using process deviations of a differential amplifier, in accordance with an embodiment of the invention.
- FIG 8 shows an exemplary circuit diagram in which an encryption key module is implemented according to an embodiment of the present invention.
- FIG. 9 is a conceptual diagram illustrating a principle of generating an encryption key module intentionally violating a semiconductor design rule according to an embodiment of the present invention.
- FIG. 10 is a graph illustrating a configuration of an encryption key module implemented intentionally in violation of semiconductor design rules according to an embodiment of the present invention.
- FIG. 11 is a conceptual diagram illustrating a process of generating an encryption key module by adjusting a gap between conductive layers according to an embodiment of the present invention.
- FIG. 12 is a conceptual diagram illustrating an exemplary structure of a via or contact array formed in a semiconductor layer for implementing an encryption key module according to an embodiment of the present invention.
- FIG. 13 is a conceptual diagram illustrating a post-processing process for balancing 0 and 1 without using a digital value generated in the embodiment of FIG. 12 as an encryption key according to an embodiment of the present invention.
- FIG 1 illustrates an encryption apparatus 100 according to an embodiment of the present invention.
- the encryption apparatus 100 may be a component included in an IC chip of a smart card, and may have an EEPROM 120, a CPU 130, and optionally an SDRAM 140 for storing data. Communicate with the outside via the I / O interface 101.
- the encryption apparatus 100 includes an encryption module 110.
- the encryption module 110 may be a crypto co-processor for encryption.
- the I / O interface 101 is an input / output route of data entering and exiting the encryption apparatus 100 regardless of any method such as contact and / or contactless.
- the encryption module 110 of the encryption apparatus 100 may use the encryption key in the process of performing the encryption algorithm.
- Such an encryption key may be a concept including a public key, a secret key, and the like.
- an encryption key for performing an encryption algorithm is stored in the form of a digital value outside the encryption module 110, and the encryption module 110 performs the encryption algorithm to encrypt and / or decrypt the data.
- the key was input via bus 102.
- Such a physical attack may directly attack an area where an encryption key is located in a memory such as the EEPROM 120 to extract an encryption key in a memory by a method such as probing or memory scan.
- a method such as probing or memory scan.
- an encryption key can be extracted by artificially executing a specific instruction and performing a bus probing using a micro-probe. have.
- the encryption key is generated by the encryption key module 111 included in the encryption module 110 directly, and / or the encryption key module 111 stores and encrypts a previously generated encryption key. Provided when module 110 performs an encryption algorithm.
- the encryption key to be used in the process of performing the encryption algorithm by the encryption module 110 is not stored outside the encryption module 110 in the form of a digital value, and the encryption key is transmitted through the bus 102. Therefore, a physical attack on the encryption algorithm of the encryption module 110 may be prevented.
- the encryption key module 111 that generates and / or stores the encryption key and provides the encryption key 110 when performing the encryption algorithm may be physically included in the encryption module 110. Exemplary embodiments will be described below with reference to FIG. 2 or below.
- FIG 2 illustrates an encryption module 110 according to an embodiment of the present invention.
- the encryption module 110 may be connected to other components in the encryption apparatus 100 through the bus 102.
- the encryption module 110 includes at least one encryption key module (210, 220, 230, 240 and 250, etc.).
- Each cipher key module 210, 220, 230, 240, 250, etc. illustrated by way of example may be independently or correlated to each other to generate and / or store cipher keys required for performing an encryption algorithm, and the encryption module 110. To provide.
- only one encryption key module may be included in the encryption module 110, but in another embodiment, a plurality of encryption key modules are included in the encryption module 110.
- the encryption module 110 when a plurality of cryptographic key modules are included in the encryption module 110, at least some of the plurality of cryptographic key modules 210, 220, 230, 240, and 250 may not actually provide an encryption key. dummy).
- the cryptographic key modules 210, 220, 230, 240, and 250 may be different from those of a memory device. In the case of a memory device (non-memory device) and the like.
- cryptographic key modules 210, 220, 230, 240, 250, etc. may be embodiments in which some are memory elements and others are non-memory elements, and the present invention is not limited to the embodiments.
- the encryption key modules 210, 220, 230, 240, and 250 are constituted by a memory device
- the encryption key modules 210 may include a cryptographic key in the form of a digital value generated in advance. 220, 230, 240, 250, etc.), the encryption module 110 can read and write them as needed in the process of performing the encryption algorithm.
- PEF physically unclonable function
- the cryptographic key modules 210, 220, 230, 240, and 250 are constituted by non-memory elements such as PUF
- the cryptographic key modules 210, 220, 230, 240, and 250 are constituted by non-memory elements such as PUF
- PUF non-memory elements
- FIG. 3 is a block diagram illustrating an exemplary configuration of an encryption module 110 according to an embodiment of the present invention.
- the cryptographic key module 320 physically included in the encryption module 110 may be one or more.
- the encryption key module selector 330 may actually encrypt an encryption key to be used for the encryption algorithm. Select the key module.
- This selection may be index information of the cryptographic key module to be actually selected among the indices that identify the cryptographic key modules 320 or the process by which the cryptographic key modules 320 are designed and manufactured together with the cryptographic module 110. It may be predetermined by the wiring (wiring) in.
- the encryption unit 340 encrypts the input data by performing an encryption algorithm using the encryption key, which is via the bus 102 via the data output unit 350. Passed to other configurations.
- the encryption key Since the management of the encryption key is performed by itself in the encryption module 110, the encryption key is not transmitted to the outside of the encryption module 110 or externally to the encryption module 110, so that the physical attack is successful. The probability is significantly lower. In particular, physical attacks such as probing bus 102 will have a very low probability of success.
- the encryption key modules are memory elements
- the encryption key modules are implemented as a PUF that is a non-memory element
- the PUF referred to herein generates a cryptographic key that is not physically replicable and that once produced, at least theoretically does not change.
- FIGS. 4 to 8 illustrate encryption key modules that generate an encryption key using a process deviation in a semiconductor process. Correspond to examples of implementation.
- 9 to 13 correspond to implementation examples of generating cryptographic key modules by intentionally violating a design rule when designing a circuit.
- FIG. 4 is an exemplary circuit diagram illustrating a concept of a unit cell constituting an encryption key module having a PUF type for generating an encryption key using process deviation according to an embodiment of the present invention.
- a first inverter 410 and a second inverter 420 are shown.
- Process deviations in semiconductor processes are due to a variety of reasons. For example, when manufacturing a transistor, parameters such as an effective gate length, an index of doping concentration, an index of oxide thickness, or a threshold voltage may be a cause of the process deviation.
- the first inverter 410 has a first logic threshold and the second inverter 420 has a second logic threshold.
- the logic threshold is a voltage value when the input voltage and the output voltage of the inverter have the same value, which will be described later in more detail with reference to FIG. 5.
- the logic threshold of the inverter element may be measured as a voltage value when the output terminal and the input terminal of the inverter in operation are shorted.
- Inverters manufactured in the same process are theoretically designed to have the same logic threshold, but as described above, due to process deviations in the actual manufacturing process, no two inverters can actually have exactly the same logic threshold.
- the first inverter 410 and the second inverter 420 are manufactured in the same manufacturing process, and have a difference in logic threshold due to process deviation.
- the difference in logic threshold may vary depending on the process, but may be on the order of several to tens of millivolts, for example. Therefore, measuring the logic threshold of the first inverter 410 and the logic threshold of the second inverter 420 using separate comparator circuits may not be accurate due to measurement errors.
- the logic threshold between two inverters can be compared relatively (by itself without using a separate comparator circuit) to determine which logic threshold is large.
- the output voltage of the first inverter 410 is a logic threshold of the first inverter 410.
- the output voltage of the second inverter 420 is the logic of the second inverter 420. Will be equal to the threshold.
- the input terminal of the first inverter 410 and the output terminal of the second inverter 420 are short-circuited and connected to the first node, and the output terminal of the first inverter 410 and the second inverter ( When the input terminal of 420 is shorted and connected to the second node, the result is different from the above cases.
- the voltage values of the shorted two nodes are determined by the logic threshold of the first inverter 410 and the second inverter 420. Values between logical thresholds (may be non-average, equals below).
- the value of the output voltage becomes a value between the logic thresholds of the two inverters.
- the switch 430 is closed so that the first node (the opposite node of Out) and the second node ( The voltage at the first node while the Out node is shorted is higher than the logic threshold of the first inverter 410.
- the first inverter 410 sets the voltage of the first node (which is its input terminal) to a logical level high. Therefore, the voltage of the second node, which is an output terminal of the first inverter 210, is made to be a logical level low.
- the second inverter 420 recognizes the voltage of the second node (which is its input terminal) as a logical level low, and therefore, the voltage of the first node, which is the output terminal of the second inverter 220, is logically leveled. Make it high
- the switch 430 is closed so that the first node and the second node are shorted.
- the voltage at the node is lower than the logic threshold of the first inverter 410.
- the first inverter 410 recognizes the voltage of the first node (which is its input terminal) as a logical level low. Therefore, the voltage of the second node, which is the output terminal of the first inverter 410, is made logical level high.
- the second inverter 420 recognizes the voltage of the second node (which is its input terminal) as a logical level high, and thus, logically leveles the voltage of the first node, which is an output terminal of the second inverter 420. Make it low
- the output terminal (“Out”) after short-opening of the switch 430 As described above, depending on which of the logic threshold of the first inverter 410 and the logic threshold of the second inverter 420 is high, the output terminal (“Out”) after short-opening of the switch 430.
- the logical level of is high (or “1"), or low (or "0").
- the embodiment of FIG. 4 may generate a one-bit digital value (a value that is equal to "1" or "0", but hardly changed once determined).
- FIG. 5 is a reference graph for understanding the embodiment of FIG. 4.
- Curve 510 is a voltage characteristic curve of the first inverter 410
- curve 520 is a voltage characteristic curve of the second inverter 420. According to an embodiment of the present invention, when the first inverter 210 and the second inverter 420 are manufactured in the same manufacturing process, the curve 510 and the curve 520 are almost identical, but due to the process deviation, there are some differences. Has
- V1 which is a logic threshold of the first inverter 410
- V2 which is a logic threshold of the second inverter 420
- V1 is lower than V2 in this embodiment. Therefore, when the switch 430 of FIG. 4 is closed and the first node and the second node are shorted (also referred to as "Reset"), the voltage VReset of the first node and the second node is between V1 and V2. Which is the value of.
- the first inverter 410 recognizes the voltage VReset of the first node as a logical level high. 1
- the voltage of the second node which is an output terminal of the inverter 410, is made low.
- the second inverter 420 recognizes the voltage VReset of the second node as a logical level low, and therefore, makes the voltage of the first node, which is an output terminal of the second inverter 420, to a logical level high.
- the logical level of the voltage at the second terminal which is the output terminal " Out " in FIG. 2, is high.
- the unit cell shown in FIG. 4 produces a digital value of 1 bit
- the digital value of N bits may generate an encryption key
- cryptographic key modules 320 may be implemented in this manner.
- An implementation of an encryption key module for generating an encryption key in the form of a digital value by using a logic threshold difference of an inverter device using a semiconductor process deviation may be configured as shown in FIG. 6.
- FIG. 6 is a block diagram illustrating an exemplary implementation of an encryption key module 600 in accordance with an embodiment of the present invention.
- the encryption key module 600 includes five inverters, the selection unit 620 and the comparator 630 of the inverters 611 to 615.
- the selector 620 selects any two of the five inverters shown in FIG. 6. For example, inverter 612 and inverter 613 may be selected.
- the comparator 630 compares the logic threshold of the inverter 612 with the logic threshold of the inverter 613, and provides an output voltage to the Out terminal according to the comparison result.
- a digital value of 1 bit may be generated according to the logical level of the output voltage of the out terminal.
- the comparator 630 may again generate a 1-bit digital value.
- the selector 620 selects two of the five inverters 611 to 615 and the comparator 630 generates a digital value by comparing the logic thresholds of the two selected inverters, the maximum value is 10.
- the digital value of the bit can be obtained.
- inverters In the present embodiment, five inverters are included, but the present invention is not limited thereto, and various changes may be made in consideration of the number of bits of a digital value to be generated, the area of a circuit, and the like.
- the area of the comparator 630 that can be integrated in the semiconductor chip is considerably larger than the areas of the inverters 631 to 635, in the present embodiment, the plurality of inverters and one inverter are selected through the selector 620.
- the comparator 630 of is connected.
- one comparator per two inverters can be paired to produce N bits of digital value.
- an implementation of an encryption key module for generating an encryption key in the form of a digital value by using a logic threshold difference of an inverter device using a semiconductor process deviation may be configured as shown in FIG. 7.
- FIG. 7 illustrates a unit cell 700 of a cryptographic key module that generates digital values using process deviations of a differential amplifier, in accordance with an embodiment of the present invention.
- the unit cell 700 is a differential amplifier circuit.
- the unit cell 700 which is a differential amplifier circuit composed of at least one element of a transistor and a resistor, amplifies a difference between voltages of the first input terminal 711 and the second input terminal 712, and thus, the first output terminal 721. ) And the second output terminal 722.
- the voltage of the first output terminal 721 and the voltage of the second output terminal 722 are not exactly the same.
- the digital value It can be recognized as "1" and vice versa as a digital value "0".
- an encryption key may be provided in the form of N-bit digital values, and an encryption key module according to some embodiments of the present invention may be implemented. This implementation is shown in FIG. 8 below.
- FIG. 8 shows an exemplary circuit diagram in which an encryption key module 800 is implemented in accordance with one embodiment of the present invention.
- the cryptographic key module 800 includes six differential amplifiers 811 to 816, a selector 820 for selecting any one of the six differential amplifiers, and a differential selected by the selector 820. Comparing unit 830 for comparing the two output voltage of the amplifier to generate a digital value of 1 bit.
- the selector 820 may be a 6: 1 MUX device.
- the selector 820 may be another device other than the MUX device.
- the 6: 1 MUX device outputs output voltages of six differential amplifiers inputted through twelve input terminals to two output terminals. The two output terminals are connected to two input terminals of the comparator 830.
- the encryption key module 800 may generate an encryption key that is a 6-bit digital value.
- FIG. 9 is a conceptual diagram illustrating a principle of generating an encryption key module intentionally violating a semiconductor design rule according to an embodiment of the present invention.
- the contacts or vias are designed to connect between conductive layers, so typically the contact or via size is determined to short between the conductive layers. And in conventional design rules, a minimum contact or via size is specified to ensure shorting between conductive layers.
- some contacts or vias are shorted between the conductive layers, and others are intentionally smaller than those specified in the design rules. Some contacts or vias do not short between the conductive layers, and whether or not such a short is determined probabilisticly.
- vias are formed between the metal 1 layer 902 and the metal 2 layer 901 in a semiconductor manufacturing process.
- the group 920 having the via size between the groups 910 and 930 some vias short the metal 1 layer 902 and the metal 2 layer 901, and some of the vias are metal 1.
- the layer 902 and the metal 2 layer 901 are not shorted.
- the via size is set so that the metal 1 layer 902 and the metal 2 layer 901 are not shorted.
- the design rule for the via size is different according to the semiconductor manufacturing process.
- the design rule of the via is set to 0.25 micron in a Complementary Metal Oxide SEMiconductor (CMOS) process of 0.18 micron (um).
- CMOS Complementary Metal Oxide SEMiconductor
- the via size is set to 0.19 micron intentionally violating the design rule, so that the presence or absence of short circuits between the metal layers is probabilistic.
- the probability distribution of such a short circuit should have a short probability of 50%, and in the implementation of cryptographic key modules according to an embodiment of the present invention, the probability distribution is configured by setting the via size as close to 50% as possible. In the via size setting, the via size may be determined by experiments according to the process.
- FIG. 10 is a graph illustrating a configuration of an encryption key module implemented intentionally in violation of semiconductor design rules according to an embodiment of the present invention.
- the via size according to the design rule is Sd, a value at which a short between the metal layers is sufficiently guaranteed.
- 9 to 10 illustrate an embodiment in which the cryptographic key module is implemented intentionally violating the design rule regarding the via size, but according to another embodiment of the present invention, the cryptographic key modules may be formed in a gap between conductive layers. It is also implemented by intentionally violating design rules.
- FIG. 11 is a conceptual diagram illustrating a process of generating an encryption key module by adjusting a gap between conductive layers according to an embodiment of the present invention.
- the metal lines were shorted in the group 1110 where the metal line spacing was small so that a short between the metal lines was sufficiently ensured.
- the metal lines are not shorted in all cases.
- the metal line spacing which is shorted probabilistic is set such that some of the metal lines are shorted and some are not shorted.
- FIG. 12 is a conceptual diagram illustrating an exemplary structure of a via or contact array formed in a semiconductor layer to implement an encryption key module 1200 according to an embodiment of the present invention.
- M and N vias (where M and N are natural numbers) and a total of M * N vias are formed between the metal layers stacked on the semiconductor substrate.
- the cryptographic key module 1200 may determine whether each of the M * N vias shorts between the metal layers (digital value 0) or not (digital value 1). Generate and provide an encryption key.
- FIG. 13 is a conceptual diagram illustrating a post-processing process for balancing 0 and 1 without using a digital value generated in the embodiment of FIG. 12 as an encryption key according to an embodiment of the present invention.
- the digital values of the M * N bits generated by the encryption key module 1200 are grouped into predetermined k units, where k is a natural number.
- FIG. 13 is merely an exemplary diagram for convenience of explanation. In an actual implementation, a method of grouping registers or flip flops in the cryptographic key module 1200 may be used.
- the encryption key module 1200 compares the sizes of the 4-bit digital values generated by the group 1310 and the group 1320, respectively. If the 4-bit digital value of the group 1310 is larger than the 4-bit digital value of the group 1320, the digital value representing the group 1310 and the group 1320 is determined as 1.
- the digital values representing the group 1310 and the group 1320 are determined to be zero.
- Method according to an embodiment of the present invention is implemented in the form of program instructions that can be executed by various computer means may be recorded on a computer readable medium.
- the computer readable medium may include program instructions, data files, data structures, etc. alone or in combination.
- Program instructions recorded on the media may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts.
- Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic disks, such as floppy disks.
- Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like.
- the hardware device described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Semiconductor Integrated Circuits (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (20)
- 암호화할 입력 데이터를 입력 받아 암호 키를 이용한 암호화 알고리즘을 수행하는 암호화 장치에 있어서,암호 키를 제공하는 암호 키 모듈을 내부에 포함하며, 상기 암호 키 모듈이 제공하는 암호 키를 이용하여 상기 암호화 알고리즘을 수행하는 암호화 모듈을 포함하는 암호화 장치.
- 제1항에 있어서,상기 암호화 모듈은, 각각 서로 다른 암호 키를 제공하는 복수 개의 암호 키 모듈을 내부에 포함하며,상기 암호화 모듈은,상기 복수 개의 암호 키 모듈 중 어느 하나를 선택하는 암호 키 모듈 선택부; 및상기 선택된 암호 키 모듈이 제공하는 암호 키를 이용하여 상기 암호화 알고리즘을 수행하는 암호화부를 포함하는, 암호화 장치.
- 제2항에 있어서,상기 암호 키 모듈 선택부는,상기 복수 개의 암호 키 모듈 중, 미리 부여된 식별 인덱스에 대응하는 암호 키 모듈을 선택하는, 암호화 장치.
- 제2항에 있어서,상기 암호화 모듈은 복수 개의 표준 셀을 포함하며, 상기 복수 개의 암호 키 모듈은 상기 암호화 모듈에 포함되는 복수 개의 표준 셀의 레이 아웃 중에 무작위의 위치에 배치되는, 암호화 장치.
- 제1항에 있어서,상기 암호화 모듈은, 상기 암호화 모듈의 내부에 포함된 상기 암호 키 모듈이 제공하는 암호 키를 이용하여 상기 암호화 알고리즘을 수행하며,상기 암호 키 모듈이 제공하는 암호 키는 상기 암호화 모듈 외부로 유출되지 않고, 상기 암호화 알고리즘을 수행하기 위해 다른 추가적 암호화 키가 상기 암호화 모듈로 유입되지 않는, 암호화 장치.
- 제1항에 있어서,상기 암호 키 모듈은 미리 생성된 상기 암호 키를 저장하는 비휘발성 메모리 모듈인, 암호화 장치.
- 제1항에 있어서,상기 암호 키 모듈은 상기 암호 키를 생성하여 제공하는 비메모리 모듈인, 암호화 장치.
- 제7항에 있어서,상기 암호 키 모듈은, 반도체 제조 공정에서 제공되는 디자인 룰을 의도적으로 위반하여 상기 암호 키 모듈 내의 노드 간의 단락여부가 확률적으로 결정되며, 상기 암호 키 모듈은 상기 노드 간의 단락여부를 독출한 결과에 따라 상기 암호 키를 생성하여 제공하는, 암호화 장치.
- 제8항에 있어서,상기 암호 키 모듈 내의 노드는 반도체의 전도성 레이어이고,상기 디자인 룰은 상기 반도체의 전도성 레이어 사이에 형성되는 콘택 또는 비아(via)의 사이즈에 연관된 것이며, 상기 암호 키 모듈은, 상기 반도체의 전도성 레이어 사이에 형성되는 콘택 또는 비아(via)가 상기 전도성 레이어를 단락 하는지의 여부를 이용하여 상기 암호 키를 생성하여 제공하는, 암호화 장치.
- 제9항에 있어서,상기 암호 키 모듈은, 반도체 제조 공정에서 제공되는 디자인 룰을 의도적으로 위반하여 상기 반도체의 전도성 레이어 사이에 형성되는 상기 콘택 또는 비아(via)가 상기 전도성 레이어를 단락 하는 확률과 단락 하지 못하는 확률의 차이가 소정의 오차 범위 내에 있도록 하는, 상기 콘택 또는 비아(via)의 사이즈를 갖는, 암호화 장치.
- 제8항에 있어서,상기 암호 키 모듈은, 한 쌍의 전도성 레이어와 그 사이를 연결하는 하나의 콘택 또는 비아를 이용하여 1 비트의 디지털 값을 생성하는 단위 구조를 N 개 가지고 - 단, N은 자연수임 -, 상기 N 개의 단위 구조를 통해 생성한 N 비트의 디지털 값을 상기 암호 키로 생성하는, 암호화 장치.
- 제11항에 있어서,상기 암호 키 모듈은, 상기 생성된 N 비트의 디지털 값을 k 개 단위로 그룹핑 하고 - 단, k는 자연수임 -, 그룹핑된 복수 개의 그룹들 중 제1 그룹 및 제2 그룹을 비교하여, 상기 제1 그룹에 포함된 k개의 디지털 비트로 구성된 값이 상기 제2 그룹에 포함된 k개의 디지털 비트로 구성된 값보다 큰 경우에 상기 제1 그룹과 상기 제2 그룹을 대표하는 디지털 값을 1로 결정하고, 반대의 경우에 상기 제1 그룹과 상기 제2 그룹을 대표하는 디지털 값을 0으로 결정하여, N/k 비트의 디지털 값을 상기 암호 키로 생성하는, 암호화 장치.
- 제8항에 있어서,상기 암호 키 모듈 내의 노드는 반도체의 전도성 레이어이고,상기 디자인 룰은 상기 반도체의 전도성 레이어 사이의 간격(gap)에 연관된 것이며, 상기 암호 키 모듈은, 상기 반도체의 전도성 레이어 사이가 단락되는지의 여부를 이용하여 상기 암호 키를 생성하여 제공하는, 암호화 장치.
- 제7항에 있어서,상기 암호 키 모듈은,각각 1 비트 - 단, N은 자연수임 - 의 디지털 값을 출력하는 N 개의 단위 셀을 포함하고,상기 N 개의 단위 셀의 각각은, 반도체 제조 공정 편차(Process variation)에 기반하여 1 비트의 디지털 값을 생성하여,상기 암호 키 모듈이 N 비트의 암호 키를 생성하여 제공하는, 암호화 장치.
- 제14항에 있어서,상기 N 개의 단위 셀 중 제1 단위 셀은,제1 논리 임계치를 갖는 제1 인버터; 및제2 논리 임계치를 갖는 제2 인버터;를 포함하고,상기 제1 인버터의 입력 단자 및 상기 제2 인버터의 출력 단자는 제1 노드에 연결되고, 상기 제1 인버터의 출력 단자 및 상기 제2 인버터의 입력 단자는 제2 노드에 연결되어, 피드백 구조를 이루고,상기 제1 논리 임계치와 상기 제2 논리 임계치는 반도체 제조 공정 편차에 기반하여 서로 상이하며, 상기 제1 노드의 논리 레벨과 상기 제2 노드의 논리 레벨에 따라 상기 제1 단위 셀에 대응하는 1 비트 디지털 값이 결정되는, 암호화 장치.
- 제7항에 있어서,상기 암호 키 모듈은,N 개(단, N은 자연수)의 차동 증폭기를 포함하고,상기 N 개의 차동 증폭기 중 제1 차동 증폭기에 있어서, 상기 제1 차동 증폭기의 두 개의 입력 단자가 단락되는 경우, 상기 제1 차동 증폭기의 두 개의 출력 단자의 논리 레벨은 반도체 제조 공정 편차에 기반하여 서로 상이하며, 상기 두 개의 출력 단자의 논리 레벨에 따라 상기 제1 차동 증폭기에 대응하는 1 비트 디지털 값이 결정되어,상기 암호 키 모듈이 N 비트의 암호 키를 생성하여 제공하는, 암호화 장치.
- 암호화 할 데이터를 암호 키를 제공하는 암호 키 모듈을 내부에 포함하는 암호화 모듈 내로 입력 받는 단계; 및상기 암호 키 모듈이 제공하는 암호 키를 이용하여 상기 암호화 알고리즘을 수행하여 상기 데이터를 암호화 하는 단계를 포함하는 암호화 방법.
- 제17항에 있어서,상기 암호화 방법은,상기 암호화 모듈이 각각 서로 다른 암호 키를 제공하는 복수 개의 암호 키 모듈을 내부에 포함하는 경우, 상기 암호화 하는 단계에 앞서서 상기 복수 개의 암호 키 모듈 중 어느 하나를 선택하는 단계를 더 포함하고,상기 암호화 하는 단계는, 상기 선택된 암호 키 모듈이 제공하는 암호 키를 이용하여 상기 암호화 알고리즘을 수행하여 상기 데이터를 암호화 하는, 암호화 방법.
- 암호화할 입력 데이터를 입력 받아 암호 키를 이용한 암호화 알고리즘을 수행하는 IC 칩에 있어서,암호 키를 제공하는 암호 키 모듈을 내부에 포함하며, 상기 암호 키 모듈이 제공하는 암호 키를 이용하여 상기 암호화 알고리즘을 수행하는 암호화 모듈을 포함하는 IC 칩.
- 제19항에 있어서,상기 IC 칩은 스마트 카드에 내장되어 상기 스마트 카드의 응용예 있어서 상기 암호화 알고리즘을 수행하는, IC 칩.
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP11858891.2A EP2677452B1 (en) | 2011-02-15 | 2011-02-28 | Encryption device and method for defending a physical attack |
ES11858891.2T ES2685758T3 (es) | 2011-02-15 | 2011-02-28 | Dispositivo de encriptación y método para la defensa contra un ataque físico |
CN201180070008.XA CN103621006B (zh) | 2011-02-15 | 2011-02-28 | 防止物理性攻击的加密装置及方法 |
US13/985,765 US9014371B2 (en) | 2011-02-15 | 2011-02-28 | Encryption device and method for defending a physical attack |
JP2013554380A JP2014506095A (ja) | 2011-02-15 | 2011-02-28 | 物理的な攻撃を防御する暗号化装置及び暗号化方法 |
US14/665,599 US9397826B2 (en) | 2011-02-15 | 2015-03-23 | Encryption device and method for defending a physical attack |
US15/187,630 US20160301528A1 (en) | 2011-02-15 | 2016-06-20 | Encryption device and method for defending a physical attack |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020110013269A KR101118826B1 (ko) | 2011-02-15 | 2011-02-15 | 물리적 공격을 방어하는 암호화 장치 및 암호화 방법 |
KR10-2011-0013269 | 2011-02-15 |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/985,765 A-371-Of-International US9014371B2 (en) | 2011-02-15 | 2011-02-28 | Encryption device and method for defending a physical attack |
US14/665,599 Continuation US9397826B2 (en) | 2011-02-15 | 2015-03-23 | Encryption device and method for defending a physical attack |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012111872A1 true WO2012111872A1 (ko) | 2012-08-23 |
Family
ID=46141374
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2011/001376 WO2012111872A1 (ko) | 2011-02-15 | 2011-02-28 | 물리적 공격을 방어하는 암호화 장치 및 암호화 방법 |
Country Status (7)
Country | Link |
---|---|
US (3) | US9014371B2 (ko) |
EP (1) | EP2677452B1 (ko) |
JP (2) | JP2014506095A (ko) |
KR (1) | KR101118826B1 (ko) |
CN (2) | CN103621006B (ko) |
ES (1) | ES2685758T3 (ko) |
WO (1) | WO2012111872A1 (ko) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015034148A1 (ko) * | 2013-09-06 | 2015-03-12 | (주) 아이씨티케이 | 식별 키 생성 장치 및 방법 |
KR101801547B1 (ko) | 2015-08-25 | 2017-11-27 | 한국과학기술원 | 물리적, 영구적 파괴를 이용한 하드웨어 기반의 보안 장치 및 이를 이용한 보안 방법 |
Families Citing this family (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150071434A1 (en) * | 2011-06-07 | 2015-03-12 | Static Control Components, Inc. | Secure Semiconductor Device Having Features to Prevent Reverse Engineering |
EP3032421A4 (en) | 2013-07-26 | 2017-04-19 | ICTK Co. Ltd. | Device and method for testing randomness |
US9076003B2 (en) * | 2013-08-20 | 2015-07-07 | Janus Technologies, Inc. | Method and apparatus for transparently encrypting and decrypting computer interface data |
KR101541597B1 (ko) | 2013-09-03 | 2015-08-03 | (주) 아이씨티케이 | 식별키 생성 장치 및 방법 |
KR101489091B1 (ko) * | 2013-09-30 | 2015-02-04 | (주) 아이씨티케이 | 반도체 공정을 이용한 식별키 생성 장치 및 방법 |
KR101495448B1 (ko) | 2013-10-29 | 2015-02-26 | (주) 아이씨티케이 | 사용자 인증을 위한 ic 칩 및 인증 방법 |
KR102201642B1 (ko) | 2014-11-28 | 2021-01-13 | 삼성전자주식회사 | Puf 회로 및 그것의 키 등록 방법 |
US20170077046A1 (en) * | 2015-09-11 | 2017-03-16 | The Regents Of The University Of California | Physical unclonable functions through locally enhanced defectivity |
WO2017048257A1 (en) * | 2015-09-17 | 2017-03-23 | Hewlett Packard Enterprise Development Lp | Obscuration of a cache signal |
US10778679B2 (en) | 2016-02-12 | 2020-09-15 | Industry-University Cooperation Foundation Hanyang University | Secure semiconductor chip and operating method thereof |
WO2017138797A1 (ko) * | 2016-02-12 | 2017-08-17 | 한양대학교 산학협력단 | 시큐어 시스템 온 칩 |
WO2017138799A1 (ko) * | 2016-02-12 | 2017-08-17 | 한양대학교 산학협력단 | 하드웨어 디바이스 및 그 인증 방법 |
CN105790933A (zh) * | 2016-03-03 | 2016-07-20 | 山东超越数控电子有限公司 | 一种自动识别的光模块加密方法 |
JP6471130B2 (ja) * | 2016-09-20 | 2019-02-13 | ウィンボンド エレクトロニクス コーポレーション | 半導体装置およびセキュリティシステム |
KR102071402B1 (ko) * | 2016-11-01 | 2020-03-03 | 한국전자통신연구원 | 사물인터넷 환경 키 관리 서비스 제공 장치 |
KR102050021B1 (ko) * | 2017-04-27 | 2019-11-28 | 김태욱 | 식별키 유용성 판별장치 |
KR102071937B1 (ko) * | 2017-04-27 | 2020-01-31 | 김태욱 | 식별키 생성장치 및 식별키 생성방법 |
DE102018123103A1 (de) * | 2017-10-13 | 2019-04-18 | Samsung Electronics Co., Ltd. | Halbleitervorrichtung, die Sicherheitsschlüssel erzeugt, Verfahren zum Erzeugen eines Sicherheitsschlüssels und Verfahren zum Registrieren des Sicherheitsschlüssels |
US11108572B2 (en) * | 2018-10-11 | 2021-08-31 | Taiwan Semiconductor Manufacturing Company, Ltd. | Physically unclonable function device with a load circuit to generate bias to sense amplifier |
KR102244382B1 (ko) | 2019-06-13 | 2021-04-26 | 숭실대학교산학협력단 | Wave-chaos 기반 무선 신호 전송의 물리적 암호화 시스템 |
KR102146132B1 (ko) * | 2019-08-08 | 2020-08-20 | 주식회사 페이콕 | 보안 디바이스 및 방법 |
US11282799B2 (en) | 2020-01-14 | 2022-03-22 | United Microelectronics Corp. | Device for generating security key and manufacturing method thereof |
US11127480B1 (en) * | 2020-06-30 | 2021-09-21 | Dell Products L.P. | System and method for short circuit detection |
CN112733209B (zh) * | 2021-01-19 | 2023-08-08 | 贵州黔龙图视科技有限公司 | 一种低成本硬件加密方法及装置 |
KR20220155684A (ko) | 2021-05-17 | 2022-11-24 | 삼성전자주식회사 | Crum 칩 및 스마트 카드 |
US11574079B2 (en) * | 2021-05-27 | 2023-02-07 | Nuvoton Technology Corporation | Multi-stage provisioning of secret data |
US11791290B2 (en) | 2021-06-29 | 2023-10-17 | International Business Machines Corporation | Physical unclonable function for secure integrated hardware systems |
CN115130152B (zh) * | 2022-09-01 | 2022-11-18 | 北京紫光青藤微系统有限公司 | 一种物理不可克隆函数的生成方法及装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH08278750A (ja) * | 1995-03-31 | 1996-10-22 | Internatl Business Mach Corp <Ibm> | 公開キー暗号法を用いたデータ暗号化の装置及び方法 |
JPH10116326A (ja) * | 1996-10-11 | 1998-05-06 | Secom Co Ltd | Icカード用暗号化装置 |
KR20060051957A (ko) * | 2004-10-01 | 2006-05-19 | 히로미 후카야 | 암호화 데이터 배포 방법, 암호화 장치, 복호화 장치,암호화 프로그램 및 복호화 프로그램 |
US20090080647A1 (en) * | 2005-12-14 | 2009-03-26 | Nds Limited | Method and System for Usage of Block Cipher Encryption |
Family Cites Families (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3673015B2 (ja) | 1996-04-26 | 2005-07-20 | 沖電気工業株式会社 | 半導体装置における周辺デバイス識別方法 |
US5802592A (en) | 1996-05-31 | 1998-09-01 | International Business Machines Corporation | System and method for protecting integrity of alterable ROM using digital signatures |
US5990701A (en) | 1997-06-25 | 1999-11-23 | Sun Microsystems, Inc. | Method of broadly distributing termination for buses using switched terminators |
US6118279A (en) | 1997-07-30 | 2000-09-12 | Candescent Technologies Corporation | Magnetic detection of short circuit defects in plate structure |
JP2000122931A (ja) * | 1998-10-15 | 2000-04-28 | Toshiba Corp | デジタル集積回路 |
US6555204B1 (en) * | 2000-03-14 | 2003-04-29 | International Business Machines Corporation | Method of preventing bridging between polycrystalline micro-scale features |
JPWO2002050910A1 (ja) | 2000-12-01 | 2004-04-22 | 株式会社日立製作所 | 半導体集積回路装置の識別方法と半導体集積回路装置の製造方法及び半導体集積回路装置 |
US7085386B2 (en) | 2001-12-07 | 2006-08-01 | Activcard | System and method for secure replacement of high level cryptographic keys in a personal security device |
EP1733502B1 (fr) * | 2004-03-29 | 2009-09-30 | Stmicroelectronics Sa | Processeur d'execution d'un algorithme de type aes |
US7266661B2 (en) * | 2004-05-27 | 2007-09-04 | Silverbrook Research Pty Ltd | Method of storing bit-pattern in plural devices |
WO2006071380A2 (en) * | 2004-11-12 | 2006-07-06 | Pufco, Inc. | Securely field configurable device |
JP4524176B2 (ja) * | 2004-12-17 | 2010-08-11 | パナソニック株式会社 | 電子デバイスの製造方法 |
KR101194837B1 (ko) * | 2005-07-12 | 2012-10-25 | 삼성전자주식회사 | 멱지수를 숨기는 dpa 대책의 고속 계산을 위한 암호화장치 및 방법 |
EP1977511B1 (en) * | 2006-01-24 | 2011-04-06 | Verayo, Inc. | Signal generator based device security |
US8036379B2 (en) * | 2006-03-15 | 2011-10-11 | Microsoft Corporation | Cryptographic processing |
JP4913861B2 (ja) | 2006-04-13 | 2012-04-11 | エヌエックスピー ビー ヴィ | 半導体デバイス識別子の生成方法および半導体デバイス |
CN100568393C (zh) * | 2006-06-14 | 2009-12-09 | 国际商业机器公司 | 数据存储装置、数据存储方法以及数据读取方法 |
WO2008056612A1 (fr) | 2006-11-06 | 2008-05-15 | Panasonic Corporation | Appareil de sécurité d'informations |
EP2191410B1 (en) * | 2007-08-22 | 2014-10-08 | Intrinsic ID B.V. | Identification of devices using physically unclonable functions |
KR100969961B1 (ko) * | 2007-12-20 | 2010-07-15 | 한국전자통신연구원 | 블록 암호 아리아의 치환 연산 장치 및 방법 |
CN101498772B (zh) | 2008-01-29 | 2012-07-18 | 西门子(中国)有限公司 | 磁共振成像系统中接收线圈的识别码电路 |
US7991154B2 (en) * | 2008-05-14 | 2011-08-02 | Univeristy of Castilla-La Mancha | Exponentiation method using multibase number representation |
KR100960113B1 (ko) * | 2008-09-19 | 2010-05-27 | 한국전자통신연구원 | 고속처리 가능한 아리아 암복호화 장치 |
US8699714B2 (en) * | 2008-11-17 | 2014-04-15 | Intrinsic Id B.V. | Distributed PUF |
US8051097B2 (en) * | 2008-12-15 | 2011-11-01 | Apple Inc. | System and method for authentication using a shared table and sorting exponentiation |
KR100926214B1 (ko) | 2009-04-23 | 2009-11-09 | 한양대학교 산학협력단 | 공정편차를 이용한 디지털 값 생성 장치 및 방법 |
JP2011010218A (ja) * | 2009-06-29 | 2011-01-13 | Toshiba Corp | 携帯可能電子装置、及び携帯可能電子装置の制御方法 |
US20110080715A1 (en) | 2009-10-07 | 2011-04-07 | Castles Technology Co., Ltd. | Protective structure of electronic component |
US8127151B2 (en) | 2009-10-13 | 2012-02-28 | Lockheed Martin Corporation | Hardware-based key generation and recovery |
KR101139630B1 (ko) | 2010-12-09 | 2012-05-30 | 한양대학교 산학협력단 | 식별키 생성 장치 및 방법 |
-
2011
- 2011-02-15 KR KR1020110013269A patent/KR101118826B1/ko active IP Right Grant
- 2011-02-28 CN CN201180070008.XA patent/CN103621006B/zh active Active
- 2011-02-28 EP EP11858891.2A patent/EP2677452B1/en active Active
- 2011-02-28 CN CN201610621693.5A patent/CN106295408B/zh active Active
- 2011-02-28 US US13/985,765 patent/US9014371B2/en active Active
- 2011-02-28 WO PCT/KR2011/001376 patent/WO2012111872A1/ko active Application Filing
- 2011-02-28 ES ES11858891.2T patent/ES2685758T3/es active Active
- 2011-02-28 JP JP2013554380A patent/JP2014506095A/ja active Pending
-
2015
- 2015-03-23 US US14/665,599 patent/US9397826B2/en active Active
- 2015-09-28 JP JP2015189092A patent/JP2016021772A/ja active Pending
-
2016
- 2016-06-20 US US15/187,630 patent/US20160301528A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH08278750A (ja) * | 1995-03-31 | 1996-10-22 | Internatl Business Mach Corp <Ibm> | 公開キー暗号法を用いたデータ暗号化の装置及び方法 |
JPH10116326A (ja) * | 1996-10-11 | 1998-05-06 | Secom Co Ltd | Icカード用暗号化装置 |
KR20060051957A (ko) * | 2004-10-01 | 2006-05-19 | 히로미 후카야 | 암호화 데이터 배포 방법, 암호화 장치, 복호화 장치,암호화 프로그램 및 복호화 프로그램 |
US20090080647A1 (en) * | 2005-12-14 | 2009-03-26 | Nds Limited | Method and System for Usage of Block Cipher Encryption |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015034148A1 (ko) * | 2013-09-06 | 2015-03-12 | (주) 아이씨티케이 | 식별 키 생성 장치 및 방법 |
EP3043281A4 (en) * | 2013-09-06 | 2017-02-08 | ICTK Co. Ltd. | Device and method for generating identification key |
US9984982B2 (en) | 2013-09-06 | 2018-05-29 | Ictk Co., Ltd. | Device and method for generating identification key |
KR101801547B1 (ko) | 2015-08-25 | 2017-11-27 | 한국과학기술원 | 물리적, 영구적 파괴를 이용한 하드웨어 기반의 보안 장치 및 이를 이용한 보안 방법 |
Also Published As
Publication number | Publication date |
---|---|
ES2685758T3 (es) | 2018-10-11 |
US20160301528A1 (en) | 2016-10-13 |
JP2014506095A (ja) | 2014-03-06 |
JP2016021772A (ja) | 2016-02-04 |
EP2677452B1 (en) | 2018-08-22 |
US20130322624A1 (en) | 2013-12-05 |
EP2677452A4 (en) | 2014-08-06 |
CN103621006B (zh) | 2016-09-07 |
KR101118826B1 (ko) | 2012-04-20 |
CN106295408A (zh) | 2017-01-04 |
US20150195085A1 (en) | 2015-07-09 |
US9397826B2 (en) | 2016-07-19 |
CN103621006A (zh) | 2014-03-05 |
US9014371B2 (en) | 2015-04-21 |
EP2677452A1 (en) | 2013-12-25 |
CN106295408B (zh) | 2020-06-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2012111872A1 (ko) | 물리적 공격을 방어하는 암호화 장치 및 암호화 방법 | |
WO2014030911A1 (ko) | 인증 정보 처리 장치 및 방법 | |
WO2010123185A1 (en) | Semiconductor chip and method for generating digital value using process variation | |
WO2012077856A1 (ko) | 식별키 생성 장치 및 방법 | |
WO2015012667A1 (ko) | 랜덤성 테스트 장치 및 방법 | |
WO2012134239A2 (ko) | 디지털 값 생성 장치 및 방법 | |
WO2013025060A2 (ko) | 사물지능통신에서 puf에 기반한 장치간 보안 인증 장치 및 방법 | |
Maiti et al. | The impact of aging on an FPGA-based physical unclonable function | |
US9991892B2 (en) | Electronic device having a physical unclonable function identifier | |
WO2019088689A1 (ko) | Puf-qrng 양자암호 보안단말기 시스템 및 암호키 생성 방법 | |
US20100085075A1 (en) | Integrated circuit and method for preventing an unauthorized access to a digital value | |
WO2018199539A1 (ko) | 식별키 생성장치 및 식별키 생성방법 | |
KR101169172B1 (ko) | 공정편차를 이용한 식별 키 생성 장치 및 방법 | |
KR20120089607A (ko) | 식별키 생성 장치 및 방법 | |
KR101882289B1 (ko) | 인증 정보 처리 장치 및 방법 | |
WO2015034148A1 (ko) | 식별 키 생성 장치 및 방법 | |
WO2015053441A1 (ko) | 식별키 생성 장치 및 방법 | |
WO2017126900A1 (ko) | 식별키 생성 장치 및 그 관리 방법 | |
WO2015034146A1 (ko) | 식별키 생성 장치 및 방법 | |
WO2015046682A1 (ko) | 반도체 공정을 이용한 식별키 생성 장치 및 방법 | |
KR100964845B1 (ko) | 공정편차에 기반한 보안 시스템 및 방법 | |
Elgendy et al. | Impact of physical design on PUF behavior: a statistical study | |
WO2018199541A1 (ko) | 식별키 유용성 판별장치 | |
WO2015053440A1 (ko) | 식별 키 생성 장치 및 방법 | |
WO2012133965A1 (ko) | 공정편차를 이용한 식별 키 생성 장치 및 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11858891 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2013554380 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13985765 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011858891 Country of ref document: EP |