WO2019196672A1 - Chip security evaluation method and apparatus, and storage medium - Google Patents

Chip security evaluation method and apparatus, and storage medium Download PDF

Info

Publication number
WO2019196672A1
WO2019196672A1 PCT/CN2019/080301 CN2019080301W WO2019196672A1 WO 2019196672 A1 WO2019196672 A1 WO 2019196672A1 CN 2019080301 W CN2019080301 W CN 2019080301W WO 2019196672 A1 WO2019196672 A1 WO 2019196672A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
chip
security evaluation
leakage
security
Prior art date
Application number
PCT/CN2019/080301
Other languages
French (fr)
Chinese (zh)
Inventor
唐有
Original Assignee
国民技术股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国民技术股份有限公司 filed Critical 国民技术股份有限公司
Publication of WO2019196672A1 publication Critical patent/WO2019196672A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards

Definitions

  • Embodiments of the present invention relate to the field of chip information security technologies, and in particular, to a chip security evaluation method, apparatus, and storage medium.
  • the commonly used chip bypass analysis collects the power leakage curve or the electromagnetic radiation leakage curve during the working of the chip, and then analyzes the sensitive information such as the key by means of the traditional mathematical statistics method, but with the hardware process and protection of the security product.
  • most security chips currently use some security protection measures to protect against side channel attacks, such as power consumption smoothing, random noise sources, etc., thereby reducing the signal-to-noise ratio of energy leakage collected in the normal mode. Therefore, the signal-to-noise ratio of the waveform acquired in the above manner is very low, and in most cases, the conventional analysis method is often difficult to fully discover its potential security hole.
  • the embodiment of the invention provides a chip security evaluation method, device and storage medium, which solves the problem of chip bypass analysis by using the traditional mathematical statistics method in the prior art, which has limited applicability and low accuracy. Technical problem.
  • the embodiment of the present invention adopts the following technical solutions:
  • the embodiment of the invention provides a chip security evaluation method, and the chip security evaluation method includes:
  • the security assessment level is determined according to the leakage data and the preset security assessment model; the security assessment model is obtained by training the preset leaked sample according to the deep learning algorithm;
  • the leakage data is multi-dimensional leakage data
  • the multi-dimensional leakage data includes at least two of power consumption change data, electromagnetic signal data, instruction execution time data, and error data.
  • obtaining leakage data when the chip to be tested is currently working includes:
  • the method further includes:
  • the leakage data is preprocessed; the preprocessing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing.
  • the method further includes:
  • Sensitive data is determined by analyzing leaked data.
  • An embodiment of the present invention provides a chip security evaluation apparatus, where the chip security evaluation apparatus includes: a data acquisition module, a security evaluation module, and a leakage determination module;
  • the data acquisition module is configured to obtain leakage data when the chip to be tested is currently working
  • the security evaluation module is configured to determine a security assessment level according to the leakage data and a preset security assessment model; the security assessment model is obtained by training the preset leakage sample according to the deep learning algorithm;
  • the leak judgment module is configured to determine whether the chip to be tested leaks sensitive data according to the security evaluation level.
  • the leakage data is multi-dimensional leakage data
  • the multi-dimensional leakage data includes at least two of power consumption change data, electromagnetic signal data, instruction execution time data, and error data.
  • the data acquisition module is further configured to acquire leak data of internal traces when the chip to be tested is currently working.
  • the method further includes: a data preprocessing module
  • the data preprocessing module is configured to preprocess the leaked data; the preprocessing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing.
  • the method further includes: a data determining module
  • the data determining module is configured to determine the sensitive data by analyzing the leakage data when the leakage judgment module determines that the sensitive data of the chip to be tested is leaked according to the security evaluation level.
  • Embodiments of the present invention provide a storage medium storing one or more programs, and one or more programs may be executed by one or more processors to implement the steps of the chip security evaluation method described above.
  • the embodiment of the invention provides a chip security evaluation method, device and storage medium, and the chip bypass analysis is performed by using the traditional mathematical statistics method in the prior art, which results in limited applicability and low accuracy.
  • the chip security evaluation method includes: obtaining leakage data of the current working chip to be tested; determining a security evaluation level according to the leakage data and a preset security evaluation model; and the security evaluation model performing the predetermined leakage sample according to the deep learning algorithm Obtained by training; judge whether the chip to be tested leaks sensitive data according to the security evaluation level.
  • the leak data of the chip operation is input into the trained safety evaluation model to obtain the safety evaluation classification mark of the target analysis object, and then the target analysis object leaks sensitive data according to the safety evaluation classification mark.
  • the prediction is especially suitable for the safety evaluation of leaked samples with low SNR and complex analysis objects, which improves the accuracy of the results and can effectively reduce the manpower input.
  • FIG. 1 is a basic flowchart of a chip security evaluation method according to Embodiment 1 of the present invention.
  • FIG. 2 is a basic flowchart of acquiring leakage data of internal traces of a chip according to Embodiment 1 of the present invention
  • FIG. 3 is a detailed flowchart of a chip security evaluation method according to Embodiment 2 of the present invention.
  • FIG. 4 is a structural block diagram of a chip security evaluation apparatus according to Embodiment 3 of the present invention.
  • FIG. 5 is a structural block diagram of a data acquisition module according to Embodiment 3 of the present invention.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • FIG. 1 is a basic flowchart of a chip security evaluation method according to Embodiment 1.
  • the chip security evaluation method specifically includes the following steps:
  • the bypass signal generated by the chip during operation is leaked through the on-chip power supply network, and can be detected by the external, and the leaked bypass signal includes: power consumption change data, Electromagnetic signal data, instruction execution time data, error data, and the like.
  • a conventional way to collect power consumption change data is to build a power consumption acquisition platform by means of an oscilloscope, a PC, a communication control software, and a power consumption acquisition circuit, and connect a suitable resistor to the chip to be tested, and then externally connect by means of an oscilloscope. The voltage curve across the resistor, the power consumption curve.
  • obtaining leakage data when the chip to be tested is currently working includes: obtaining leakage data of internal traces when the chip to be tested is currently working.
  • FIG. 2 is a basic flowchart of acquiring leakage data of an internal trace of a chip in the embodiment, which specifically includes the following steps:
  • the key module, the type and location of the traces in the chip to be tested are identified, and then the position of the internal trace of the target is determined, and the power consumption change data (current or voltage information) is usually used.
  • the power consumption change data current or voltage information
  • the target internal trace in this embodiment is a power branch trace inside the chip to be tested, a cryptographic circuit signal trace or other suitable trace.
  • S202 Position the probe in the target internal routing, and send an instruction to control the chip to be tested to perform a corresponding operation.
  • the control probe detects the leakage data of the internal trace of the target chip to be tested in real time.
  • an appropriate key time point may be selected to collect the leakage data of the internal trace acquired by the probe.
  • the leakage data is multi-dimensional leakage data
  • the multi-dimensional leakage data includes at least two of power consumption change data, electromagnetic signal data, instruction execution time data, and error data.
  • the currently used chip bypass analysis is based on a single power leakage curve or an electromagnetic radiation leakage curve for sample collection, and in order to improve the comprehensiveness of the chip security evaluation, this embodiment uses multi-dimensional leakage data as The analysis object, the multi-dimensional leakage data includes at least two kinds of leakage data, for example, the power consumption change data and the electromagnetic signal data are simultaneously acquired and packaged together, so that the analysis object has more sufficient information, when the analysis object is a single leak data. A more comprehensive safety assessment can be achieved.
  • S102 Determine a security assessment level according to the leakage data and a preset security assessment model.
  • the security assessment model is obtained by training the preset leakage sample according to the deep learning algorithm.
  • the manner of establishing the security assessment model in this embodiment includes but is not limited to the following manners:
  • the training sample S is prepared, wherein the training sample may be a sample determined by collecting historical leak data of the chip to be tested, or may be a sample determined by collecting leakage data of other chips of the same type, and may be pre-predetermined.
  • the expert data is the sample with certain scientific laws provided by the engineers after repeated research.
  • the training sample may be a single sample or may be composed of multiple different types of samples.
  • the training sample S includes a feature vector F and a corresponding classification mark C.
  • the feature vector F is the leaked data when the chip is working. If the multi-dimensional leak data is used, the feature vector includes a plurality of feature parameters; the classification mark C is According to a certain classification standard, each feature vector is correspondingly graded.
  • the input data has clear classification marks and output results to train the model
  • the logistic regression, Adaboost algorithm, etc. with faster calculation speed can be used, and the accuracy can be adopted.
  • a high algorithm such as the popular Amazon MXNet framework algorithm, etc., so that the security evaluation model in this embodiment is established, and based on the established security evaluation model, the leaked data of the currently acquired chip is input to the model.
  • the corresponding classification mark can be output to represent the current safety assessment level. Since the correlation between the leakage data and the safety assessment level can be effectively summarized after being fully trained, it is more suitable for the safety assessment of leaked samples and complex analysis objects with low SNR.
  • the method further includes: preprocessing the leakage data; the preprocessing includes: data denoising processing, data compression processing, data format conversion processing, and data Select at least one of the processes.
  • the leaked data is pre-processed before the leakage data is input into the security assessment model, wherein the data denoising process can Data loss processing, such as baseline drift noise and power frequency interference, can be reduced. Data compression processing can reduce the leaked data into a desired data format, and data selection processing is obtained from the data acquisition process. Only specific data is intercepted in the leaked data as an analysis object.
  • S103 Determine, according to the security evaluation level, whether the chip to be tested leaks sensitive data.
  • the security assessment level indicates the degree of impact of the current leakage data on the security of the chip, and the difference in the leakage data corresponds to different chip security conditions.
  • the security assessment levels may be classified as: C1, C2. , C3, C4, C5, from C1 to C5, the degree of influence of leakage data on chip security increases sequentially, and C3 is set as the level threshold. That is, the impact of leakage data on C1 and C2 levels on chip security is still slight, insufficient In order to have a substantial impact on the security of the chip, that is, the leaked data is not enough to be used to analyze the sensitive data of the chip.
  • the sensitive data of the chip includes the key of the chip's cryptographic algorithm, the type of operation currently performed by the chip, and the like.
  • C3 is the critical point.
  • the data currently leaked by the chip can already be tried to analyze the sensitive data, that is, the leakage data at this level has begun to threaten the security of the chip, and exceeds the level threshold, the security of the chip.
  • the threat is gradually increasing.
  • the deep learning algorithm is used to evaluate the security of the chip, so that the judgment accuracy of the final chip whether the leakage of sensitive data is judged is greatly improved, and it can represent the current real security status of the chip.
  • the method further includes: analyzing the leakage data to determine the sensitive data.
  • the current judgment result is yes
  • an attempt is also made to recover the specific leaked sensitive data.
  • the recovery of sensitive data depends on the correlation between the leakage curve of the chip in the operation process and sensitive information such as the key.
  • a long key will be removed during the actual encryption and decryption process.
  • the 48-bit key that DES actually participates in is divided into 8 groups, each group of 6 bits, and the 128-bit AES is similar, and the 128-bit key is split into 16 Group, each group of 8 bits, and the information XOR after participating in the subsequent transformation. This can be exploited by an attacker. It is easy to traverse 6bits or 8bits subkeys, analyze based on leaked data, obtain a part of key information first, and then traverse the remaining key packets one by one to obtain the overall key information.
  • the embodiment of the invention provides a chip security evaluation method, which is directed to the chip bypass analysis by using the traditional mathematical statistics method in the prior art, which has the disadvantages of limited applicability and low accuracy, and the chip security
  • the method includes: obtaining leakage data when the chip to be tested is currently working; determining a security evaluation level according to the leakage data and a preset safety evaluation model; and the safety evaluation model is obtained by training the preset leakage sample according to the deep learning algorithm;
  • the security evaluation level determines whether the chip to be tested leaks sensitive data.
  • the safety assessment classification mark of the target analysis object is obtained by inputting the leak data of the chip work into the trained safety evaluation model, and then the target analysis object is predicted to leak sensitive data according to the safety evaluation classification mark, which is especially suitable for Leaked samples with low SNR and complex analysis objects carry out safety assessment, which improves the accuracy of results and can effectively reduce manpower input.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • FIG. 3 is a detailed flowchart of a chip security evaluation method according to Embodiment 2 of the present invention, which specifically includes the following steps:
  • the multi-dimensional leakage data includes at least two of power consumption change data, electromagnetic signal data, instruction execution time data, and error data.
  • the conventional bypass signal obtained by acquiring the chip leakage from the outside of the chip is directly obtained from the internal wiring of the chip to obtain the leaked bypass signal, thereby improving the accuracy of the attack and the signal noise of the leaked curve obtained.
  • the multi-dimensional leak data is collected and used as an analysis object, so that the analysis object has more sufficient information, and a more comprehensive security evaluation can be realized when the analysis object is a single leaked data.
  • the pre-processing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing.
  • the acquired leakage data is also preprocessed, and then the processed leakage data is input into the security assessment model.
  • S303 Determine a security assessment level according to the pre-processed multi-dimensional leakage data and a preset security assessment model.
  • the security assessment model is obtained by training the preset leakage sample according to the deep learning algorithm.
  • the correlation between the leaked data and the security assessment level can be effectively summarized after being fully trained, so that it is more suitable for the safety assessment of leaked samples and complex analysis objects with low SNR.
  • the deep learning algorithm is used to evaluate the security of the chip, so that the judgment accuracy of the final chip whether the leakage of sensitive data is judged is greatly improved, and it can represent the current real security status of the chip.
  • the embodiment of the invention provides a chip security evaluation method, which collects multi-dimensional leakage data during chip operation, and then preprocesses the multi-dimensional leakage data and inputs it into the post-training security evaluation.
  • the model outputs the corresponding security assessment level, and predicts whether the chip leaks sensitive data according to the security evaluation level, and also determines the specific sensitive data when the sensitive data is leaked.
  • the use of multi-dimensional leak data as an analysis object to improve the comprehensiveness of security assessment, and the use of deep learning algorithms for security assessment improve the applicability and accuracy of the evaluation of low SNR leaked samples, complex analysis objects Sex.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • the present embodiment provides a chip security evaluation device.
  • the chip security evaluation device includes: a data acquisition module 41, a security evaluation module 42 and a leak determination module 43.
  • the data acquisition module 41 is configured to acquire Measuring the leakage data of the current working of the chip;
  • the security evaluation module 42 is configured to determine the security evaluation level according to the leakage data and the preset security evaluation model; the security evaluation model is obtained by training the preset leakage sample according to the deep learning algorithm;
  • the module 43 is configured to determine whether the chip to be tested leaks sensitive data according to the security evaluation level.
  • the bypass signal generated by the chip during operation is leaked through the on-chip power supply network, and can be detected by the data acquisition module 41.
  • the specifically bypassed signal includes: power consumption change data and electromagnetic signal. Data, instruction execution time data, error data, and the like.
  • the security assessment module 42 determines the security assessment level corresponding to the leaked data through a deep learning algorithm.
  • the training sample S is prepared, wherein the training sample may be a sample determined by collecting historical leak data of the chip to be tested, or may be a sample determined by collecting leakage data of other chips of the same type, and may be pre-predetermined.
  • the expert data is the sample with certain scientific laws provided by the engineers after repeated research.
  • the training sample may be a single sample or may be composed of multiple different types of samples.
  • the training sample S includes a feature vector F and a corresponding classification mark C.
  • the feature vector F is the leaked data when the chip is working.
  • the feature vector includes a plurality of feature parameters; the classification mark C is Corresponding grading of each feature vector according to a certain classification criterion is used to classify the severity of the leaked data in the present embodiment.
  • the supervised learning algorithm in the deep learning algorithm that is, the input data has clear classification marks and output results to train the model, the logistic regression, Adaboost algorithm, etc. with faster calculation speed can be used, and the accuracy can be adopted.
  • High algorithms such as the now popular Amazon MXNet framework algorithm, etc., so that the security evaluation model in this embodiment is established.
  • the security evaluation module 42 will disclose the leaked data of the currently acquired chip. Entering into the model, you can output the corresponding classification mark to represent the current safety assessment level. Since the correlation between the leakage data and the safety assessment level can be effectively summarized after being fully trained, it is more suitable for the safety assessment of leaked samples and complex analysis objects with low SNR.
  • the security evaluation level in this embodiment represents the degree of impact of the current leakage data on the security of the chip, and the difference in the leakage data corresponds to different chip security conditions, and the leakage determination module 43 determines the security evaluation level.
  • the sensitive data of the chip includes the key of the chip's cryptographic algorithm, the type of operation currently performed by the chip, and the like.
  • the depth evaluation algorithm is used to evaluate the security of the chip, so that the judgment accuracy of the final chip whether the leakage of the sensitive data is judged is greatly improved, and the current real security status of the chip is more representative.
  • the leakage data is multi-dimensional leakage data
  • the multi-dimensional leakage data includes at least two of power consumption change data, electromagnetic signal data, instruction execution time data, and error data.
  • the currently used chip bypass analysis is based on a single power leakage curve or an electromagnetic radiation leakage curve for sample collection, and in order to improve the comprehensiveness of the chip security evaluation, this embodiment uses multi-dimensional leakage data as The analysis object, the multi-dimensional leakage data includes at least two kinds of leakage data, for example, the power consumption change data and the electromagnetic signal data are simultaneously acquired and packaged together, so that the analysis object has more sufficient information, when the analysis object is a single leak data. A more comprehensive safety assessment can be achieved.
  • the data obtaining module 41 is further configured to obtain leak data of internal traces when the chip to be tested is currently working.
  • the data acquisition module 41 in this embodiment includes a positioning submodule 411, a control submodule 412, and a collection submodule 413.
  • the locating sub-module 411 is configured to identify the key modules and the traces of the chip to be tested, and locate the target internal traces. Specifically, the locating sub-module 411 identifies the key modules in the chip to be tested according to the characteristics of the layers of the chip to be tested. Trace type and position, and then determine the position of the target internal trace. Usually, when collecting power consumption change data (current or voltage information), it is necessary to open the hole by focusing the ion beam to expose the internal trace. The needle is lapped to perform contact detection of the signal, and when the electromagnetic signal data (electric field or magnetic field information) is acquired, the detection can be performed by the non-contact method without performing the opening.
  • the target internal trace in this embodiment is a power branch trace inside the chip to be tested, a cryptographic circuit signal trace or other suitable trace.
  • the control sub-module 412 is configured to position the probe on the target internal trace, and send an instruction to control the chip to be tested to perform a corresponding operation, and the control probe to detect the leak data of the internal trace of the target chip to be tested in real time.
  • the collection sub-module 413 is configured to collect leakage data detected by the probe.
  • the bypass signal of the chip leakage is obtained from the outside of the chip, and the bypass signal is directly obtained from the internal wiring of the chip, even for some low-power technologies and protective measures (especially noise circuits).
  • the chip can also improve the accuracy of the attack and the signal-to-noise ratio of the leak curve obtained, and can selectively bypass some safety protection measures to achieve a more comprehensive safety assessment and more practical operability.
  • the method further includes: a data preprocessing module; the data preprocessing module is configured to perform preprocessing on the leaked data; and the preprocessing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing.
  • a data preprocessing module is configured to perform preprocessing on the leaked data; and the preprocessing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing.
  • the leaked data is preprocessed by the data preprocessing module before the leakage data is input to the security evaluation module, where
  • the data denoising process can remove the baseline drift noise and power frequency interference of the data
  • the data compression processing can reduce the data amount of the leaked data
  • the data format conversion processing can convert the obtained leaked data into a desired data format, and the data selection processing is performed. It is to analyze only the specific data from the leaked data obtained as the analysis object.
  • the method further includes: a data determining module, where the data determining module is configured to determine the sensitive data when the leakage determining module determines that the sensitive data of the chip to be tested is leaked according to the security evaluation level.
  • the data determination module is further tried to recover the specific leaked sensitive data.
  • the recovery of sensitive data depends on the correlation between the leakage curve of the chip in the operation process and sensitive information such as the key.
  • a long key will be removed during the actual encryption and decryption process.
  • the 48-bit key that DES actually participates in is divided into 8 groups, each group of 6 bits, and the 128-bit AES is similar, and the 128-bit key is split into 16 Group, each group of 8 bits, and the information XOR after participating in the subsequent transformation. This can be exploited by an attacker. It is easy to traverse 6bits or 8bits subkeys, analyze based on leaked data, obtain a part of key information first, and then traverse the remaining key packets one by one to obtain the overall key information.
  • the embodiment of the present invention provides a chip security evaluation device, which includes: a data acquisition module, a security evaluation module, and a leakage determination module; and the data acquisition module is configured to acquire leakage data when the chip to be tested is currently working;
  • the security assessment module is configured to determine a security assessment level according to the leakage data and a preset security assessment model; the security assessment model is obtained by training the preset leakage sample according to the deep learning algorithm; and the leakage determination module is configured to determine the to-be-tested according to the security assessment level Whether the chip leaks sensitive data.
  • the safety assessment classification mark of the target analysis object is obtained by inputting the leak data of the chip work into the trained safety evaluation model, and then the target analysis object is predicted to leak sensitive data according to the safety evaluation classification mark, which is especially suitable for Leaked samples with low SNR and complex analysis objects carry out safety assessment, which improves the accuracy of results and can effectively reduce manpower input.
  • the data acquisition module 41, the security evaluation module 42 and the leak determination module 43 in this embodiment may all be deployed on the terminal, or may be deployed on the server; or part of the solution is deployed on the terminal, and part of the solution is deployed on the server. on.
  • the data acquisition module 41 and the security evaluation module 42 are deployed on the terminal, the leakage determination module 43 is deployed on the server, or the data acquisition module 41 is deployed on the terminal, and the security evaluation module 42 and the leak determination module 43 are deployed on the server.
  • the functionality of each module may be implemented by a processor of the device in which it is deployed.
  • the processor for implementing the corresponding functions of the above modules includes, but is not limited to, a CPU.
  • the functions of the data acquisition module 41, the security evaluation module 42, and the leak determination module 43 may be implemented by the processor. CPU implementation.
  • Embodiment 4 is a diagrammatic representation of Embodiment 4:
  • the present embodiment provides a storage medium that can store one or more computer programs for the processor to read, compile, and execute to implement corresponding functions.
  • the storage medium stores a chip security evaluation program, and the chip security evaluation program is executable by at least one of the terminal and/or the server to implement the chip security evaluation method introduced in the foregoing embodiments.
  • the storage medium may be disposed on one hardware device or distributed on multiple hardware devices. When the storage medium is only disposed on one hardware device, it may be set on the terminal or may be set on the server. When the storage medium is disposed on the terminal, it may be a first computer readable storage medium, where the first computer readable storage medium stores one or more first programs, and the one or more first programs may be one or A plurality of processors are executed to allow the terminal to implement the steps of the chip security evaluation method exemplified in the above embodiments.
  • the storage medium When the storage medium is disposed on the server, it may be a second computer readable storage medium, the second computer readable storage medium storing one or more second programs, the one or more second programs may be one or A plurality of processors are executed to allow the server to implement the steps of the chip security evaluation method exemplified in the above embodiments.
  • the storage medium When the storage medium is distributed on at least two hardware devices, the storage medium includes at least two storage units that can be separately disposed, and some of the storage units are disposed on the terminal, and are partially disposed on the server, for example, the terminal processor.
  • the step of obtaining leakage data when the chip under test is currently working in the chip security evaluation method may be implemented; and the server processor reads the storage unit disposed thereon by reading
  • the computer program can realize the step of determining the security evaluation level according to the leakage data and the preset security evaluation model in the chip security evaluation method; and determining whether the chip to be tested leaks the sensitive data according to the security evaluation level.
  • the computer program in the storage unit disposed thereon may be read by the server processor to obtain the leaked data when the current chip of the chip to be tested is obtained in the chip security evaluation method; according to the leaked data and the preset security evaluation model The step of determining the security evaluation level; and then the step of the terminal processor determining whether the chip to be tested leaks sensitive data according to the security evaluation level is implemented by the terminal processor according to the computer program in the storage unit disposed thereon.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

Provided are a chip security evaluation method and apparatus, and a storage medium. The method comprises: acquiring leakage data when a chip to be tested is currently working (S101); determining a security evaluation level according to the leakage data and a pre-set security evaluation model, the security evaluation model being obtained by training a pre-set leakage sample according to a deep learning algorithm (S102); and determining, according to the security evaluation level, whether the chip to be tested leaks sensitive data (S103). By means of the method, leakage data when a chip is working is input into a trained security evaluation model to predict whether a target analysis object leaks sensitive data, which is particularly suitable for conducting security evaluation on a leakage sample with a low signal-to-noise ratio and a complex analysis object, so that the accuracy of results is improved and the manpower investment can be effectively reduced.

Description

               一种芯片安全性评估方法、装置及存储介质 Chip safety evaluation method, device and storage medium 技术领域Technical field
本发明实施例涉及芯片信息安全技术领域,尤其涉及一种芯片安全性评估方法、装置及存储介质。Embodiments of the present invention relate to the field of chip information security technologies, and in particular, to a chip security evaluation method, apparatus, and storage medium.
 
背景技术Background technique
随着计算机、网络、通讯和集成电路技术的快速发展,以及社会信息化的大势所趋,芯片在各种环境中得到了广泛的应用。但随着信息安全研究的深入,各种旁路攻击手段严重地威胁了芯片的安全特性,一个实际应用的芯片,其硬件部件在运行过程中不可避免要泄露一些信息,而根据泄露信息对芯片进行攻击即为旁路攻击,由此来获取芯片中的敏感信息。为了保证芯片的安全性,通常芯片会在出厂前由生产厂商自身和安全产品检测机构对其旁路安全性进行分析和评估。With the rapid development of computer, network, communication and integrated circuit technologies, as well as the general trend of social information, chips have been widely used in various environments. However, with the deepening of information security research, various bypass attacks seriously threaten the security features of the chip. For a practical application chip, its hardware components will inevitably leak some information during the operation, and the chip is leaked according to the leakage information. The attack is a bypass attack, thereby obtaining sensitive information in the chip. In order to ensure the safety of the chip, the chip will usually be analyzed and evaluated by the manufacturer and the safety product testing organization before leaving the factory.
目前常用的芯片旁路分析对芯片工作时的功耗泄露曲线或者电磁辐射泄露曲线进行样本采集,然后再借助传统的数理统计方法来分析密钥等敏感信息,但随着安全产品硬件工艺和防护策略的不断提升,目前大多数安全芯片都采用了某些安全防护措施来防护侧信道攻击,比如功耗平滑、随机噪声源等,从而降低了普通方式下采集到的能耗泄露的信噪比,使得上述方式下采集到的波形信噪比很低,从而大多数情况下传统分析方法往往难以全面发现其潜在的安全漏洞。At present, the commonly used chip bypass analysis collects the power leakage curve or the electromagnetic radiation leakage curve during the working of the chip, and then analyzes the sensitive information such as the key by means of the traditional mathematical statistics method, but with the hardware process and protection of the security product. With the continuous improvement of the strategy, most security chips currently use some security protection measures to protect against side channel attacks, such as power consumption smoothing, random noise sources, etc., thereby reducing the signal-to-noise ratio of energy leakage collected in the normal mode. Therefore, the signal-to-noise ratio of the waveform acquired in the above manner is very low, and in most cases, the conventional analysis method is often difficult to fully discover its potential security hole.
有鉴于此,业内亟需一种更加全面有效的芯片安全性评估方法来提高实际应用中芯片旁路分析的适用性和准确度。In view of this, there is a need for a more comprehensive and effective chip security evaluation method to improve the applicability and accuracy of chip bypass analysis in practical applications.
技术问题technical problem
本发明实施例提供了一种芯片安全性评估方法、装置及存储介质,以解决现有技术中借助传统的数理统计方法来进行芯片旁路分析,所导致的适用性较为局限、准确性较低的技术问题。The embodiment of the invention provides a chip security evaluation method, device and storage medium, which solves the problem of chip bypass analysis by using the traditional mathematical statistics method in the prior art, which has limited applicability and low accuracy. Technical problem.
 
技术解决方案Technical solution
为了解决上述技术问题,本发明实施例采用以下技术方案:In order to solve the above technical problem, the embodiment of the present invention adopts the following technical solutions:
本发明实施例提供了一种芯片安全性评估方法,该芯片安全性评估方法包括:The embodiment of the invention provides a chip security evaluation method, and the chip security evaluation method includes:
获取待测芯片当前工作时的泄露数据;Obtaining leak data when the chip to be tested is currently working;
根据泄露数据和预设的安全评估模型确定安全评估等级;安全评估模型根据深度学习算法对预设的泄露样本进行训练而得到;The security assessment level is determined according to the leakage data and the preset security assessment model; the security assessment model is obtained by training the preset leaked sample according to the deep learning algorithm;
根据安全评估等级判断待测芯片是否泄露敏感数据。Determine whether the chip to be tested leaks sensitive data according to the security evaluation level.
进一步地,泄露数据为多维度泄露数据,多维度泄露数据包括:功耗变化数据、电磁信号数据、指令执行时间数据、差错数据中的至少两种。Further, the leakage data is multi-dimensional leakage data, and the multi-dimensional leakage data includes at least two of power consumption change data, electromagnetic signal data, instruction execution time data, and error data.
进一步地,获取待测芯片当前工作时的泄露数据包括:Further, obtaining leakage data when the chip to be tested is currently working includes:
获取待测芯片当前工作时的内部走线的泄露数据。Obtain the leak data of the internal trace when the chip under test is currently working.
进一步地,在根据泄露数据和预设的安全评估模型确定安全评估等级之前,还包括:Further, before determining the security assessment level based on the leakage data and the preset security assessment model, the method further includes:
对泄露数据进行预处理;预处理包括:数据去噪处理、数据压缩处理、数据格式转换处理、数据选取处理中的至少一种。The leakage data is preprocessed; the preprocessing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing.
更进一步地,在根据安全评估等级判断待测芯片的敏感数据为泄露时,还包括:Further, when it is determined that the sensitive data of the chip to be tested is leaked according to the security evaluation level, the method further includes:
对泄露数据进行分析而确定敏感数据。Sensitive data is determined by analyzing leaked data.
本发明实施例提供了一种芯片安全性评估装置,该芯片安全性评估装置包括:数据获取模块、安全评估模块和泄露判断模块;An embodiment of the present invention provides a chip security evaluation apparatus, where the chip security evaluation apparatus includes: a data acquisition module, a security evaluation module, and a leakage determination module;
数据获取模块用于获取待测芯片当前工作时的泄露数据;The data acquisition module is configured to obtain leakage data when the chip to be tested is currently working;
安全评估模块用于根据泄露数据和预设的安全评估模型确定安全评估等级;安全评估模型根据深度学习算法对预设的泄露样本进行训练而得到;The security evaluation module is configured to determine a security assessment level according to the leakage data and a preset security assessment model; the security assessment model is obtained by training the preset leakage sample according to the deep learning algorithm;
泄露判断模块用于根据安全评估等级判断待测芯片是否泄露敏感数据。The leak judgment module is configured to determine whether the chip to be tested leaks sensitive data according to the security evaluation level.
进一步地,泄露数据为多维度泄露数据,多维度泄露数据包括:功耗变化数据、电磁信号数据、指令执行时间数据、差错数据中的至少两种。Further, the leakage data is multi-dimensional leakage data, and the multi-dimensional leakage data includes at least two of power consumption change data, electromagnetic signal data, instruction execution time data, and error data.
进一步地,数据获取模块还用于获取待测芯片当前工作时的内部走线的泄露数据。Further, the data acquisition module is further configured to acquire leak data of internal traces when the chip to be tested is currently working.
进一步地,还包括:数据预处理模块;Further, the method further includes: a data preprocessing module;
数据预处理模块用于对泄露数据进行预处理;预处理包括:数据去噪处理、数据压缩处理、数据格式转换处理、数据选取处理中的至少一种。The data preprocessing module is configured to preprocess the leaked data; the preprocessing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing.
更进一步地,还包括:数据确定模块;Further, the method further includes: a data determining module;
数据确定模块用于在泄露判断模块根据安全评估等级判断待测芯片的敏感数据为泄露时,对泄露数据进行分析而确定敏感数据。The data determining module is configured to determine the sensitive data by analyzing the leakage data when the leakage judgment module determines that the sensitive data of the chip to be tested is leaked according to the security evaluation level.
本发明实施例提供了一种存储介质,存储介质存储有一个或者多个程序,一个或者多个程序可被一个或者多个处理器执行,以实现上述芯片安全性评估方法的步骤。Embodiments of the present invention provide a storage medium storing one or more programs, and one or more programs may be executed by one or more processors to implement the steps of the chip security evaluation method described above.
 
有益效果Beneficial effect
本发明实施例提供了一种芯片安全性评估方法、装置及存储介质,针对现有技术中借助传统的数理统计方法来进行芯片旁路分析,所导致的适用性较为局限、准确性较低的缺陷,该芯片安全性评估方法包括:获取待测芯片当前工作时的泄露数据;根据泄露数据和预设的安全评估模型确定安全评估等级;安全评估模型根据深度学习算法对预设的泄露样本进行训练而得到;根据安全评估等级判断待测芯片是否泄露敏感数据。通过本发明实施例的实施,将芯片工作时的泄露数据输入到训练后的安全评估模型来获取目标分析对象的安全评估分类标记,再根据安全评估分类标记来对目标分析对象是否泄漏了敏感数据进行预测,尤其适用于对低信噪比的泄露样本、复杂分析对象开展安全性评估,提高了结果的准确性,并能有效降低人力投入。The embodiment of the invention provides a chip security evaluation method, device and storage medium, and the chip bypass analysis is performed by using the traditional mathematical statistics method in the prior art, which results in limited applicability and low accuracy. Defect, the chip security evaluation method includes: obtaining leakage data of the current working chip to be tested; determining a security evaluation level according to the leakage data and a preset security evaluation model; and the security evaluation model performing the predetermined leakage sample according to the deep learning algorithm Obtained by training; judge whether the chip to be tested leaks sensitive data according to the security evaluation level. Through the implementation of the embodiment of the present invention, the leak data of the chip operation is input into the trained safety evaluation model to obtain the safety evaluation classification mark of the target analysis object, and then the target analysis object leaks sensitive data according to the safety evaluation classification mark. The prediction is especially suitable for the safety evaluation of leaked samples with low SNR and complex analysis objects, which improves the accuracy of the results and can effectively reduce the manpower input.
 
附图说明DRAWINGS
图1为本发明实施例一提供的芯片安全性评估方法的基本流程图;1 is a basic flowchart of a chip security evaluation method according to Embodiment 1 of the present invention;
图2为本发明实施例一提供的获取芯片内部走线的泄露数据的基本流程图;FIG. 2 is a basic flowchart of acquiring leakage data of internal traces of a chip according to Embodiment 1 of the present invention; FIG.
图3为本发明实施例二提供的芯片安全性评估方法的细化流程图;3 is a detailed flowchart of a chip security evaluation method according to Embodiment 2 of the present invention;
图4为本发明实施例三提供的芯片安全性评估装置的结构框图;4 is a structural block diagram of a chip security evaluation apparatus according to Embodiment 3 of the present invention;
图5为本发明实施例三提供的数据获取模块的结构框图。FIG. 5 is a structural block diagram of a data acquisition module according to Embodiment 3 of the present invention.
 
本发明的实施方式Embodiments of the invention
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例只是本发明实施例中一部分实施例,而不是全部的实施例。基于本发明实施例中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明实施例保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only some embodiments of the embodiments of the present invention, but not all embodiments. . Based on the embodiments in the embodiments of the present invention, all other embodiments obtained by those skilled in the art without any inventive work are within the scope of the embodiments of the present invention.
现通过具体实施方式结合附图的方式对本发明实施例做出进一步的诠释说明。The embodiments of the present invention are further illustrated by the specific embodiments and the accompanying drawings.
实施例一:Embodiment 1:
图1为实施例一提供的芯片安全性评估方法的基本流程图,该芯片安全性评估方法具体包括以下步骤:FIG. 1 is a basic flowchart of a chip security evaluation method according to Embodiment 1. The chip security evaluation method specifically includes the following steps:
S101、获取待测芯片当前工作时的泄露数据。S101. Obtain leak data when the chip to be tested is currently working.
具体的,在实际应用中,芯片在运行时所产生的旁路信号会通过片上供电网络而传导泄露出来,进而可以被外部所检测到,具体所泄露的旁路信号包括:功耗变化数据、电磁信号数据、指令执行时间数据、差错数据等。例如对功耗变化数据的采集的一种常规方式是借助示波器、PC机、通信控制软件及功耗采集电路搭建功耗采集平台,在待测芯片外接一个合适的电阻,再借助示波器采集来外接电阻两端的电压变化曲线,即功耗曲线。Specifically, in practical applications, the bypass signal generated by the chip during operation is leaked through the on-chip power supply network, and can be detected by the external, and the leaked bypass signal includes: power consumption change data, Electromagnetic signal data, instruction execution time data, error data, and the like. For example, a conventional way to collect power consumption change data is to build a power consumption acquisition platform by means of an oscilloscope, a PC, a communication control software, and a power consumption acquisition circuit, and connect a suitable resistor to the chip to be tested, and then externally connect by means of an oscilloscope. The voltage curve across the resistor, the power consumption curve.
可选的,获取待测芯片当前工作时的泄露数据包括:获取待测芯片当前工作时的内部走线的泄露数据。Optionally, obtaining leakage data when the chip to be tested is currently working includes: obtaining leakage data of internal traces when the chip to be tested is currently working.
图2为本实施例中的获取芯片内部走线的泄露数据的基本流程图,具体包括以下步骤:FIG. 2 is a basic flowchart of acquiring leakage data of an internal trace of a chip in the embodiment, which specifically includes the following steps:
S201、识别待测芯片的关键模块和走线,并定位出目标内部走线。S201. Identify key modules and traces of the chip to be tested, and locate the target internal trace.
具体的,根据待测芯片的各层特征来识别待测芯片内的关键模块、走线类型及位置,然后确定目标内部走线的位置,通常情况下对功耗变化数据(电流或电压信息)进行采集时,需要通过聚焦离子束进行开孔来露出该内部走线,方便探针搭接进行信号的接触式探测,而若对电磁信号数据(电场或磁场信息)进行采集时,则可以不进行开孔而通过非接触方式来进行探测。优选的,本实施例中的目标内部走线为待测芯片内部的电源支路走线、密码电路信号走线或者其它适当走线。Specifically, according to the characteristics of each layer of the chip to be tested, the key module, the type and location of the traces in the chip to be tested are identified, and then the position of the internal trace of the target is determined, and the power consumption change data (current or voltage information) is usually used. When collecting, it is necessary to open the hole by focusing the ion beam to expose the internal trace, which is convenient for probe contact to detect the contact of the signal, and if the electromagnetic signal data (electric field or magnetic field information) is collected, it may not The opening is performed and the detection is performed by a non-contact method. Preferably, the target internal trace in this embodiment is a power branch trace inside the chip to be tested, a cryptographic circuit signal trace or other suitable trace.
S202、将探针定位在目标内部走线,并发送指令控制待测芯片执行相应操作。S202: Position the probe in the target internal routing, and send an instruction to control the chip to be tested to perform a corresponding operation.
S203、控制探针实时探测待测芯片目标内部走线的泄露数据。S203. The control probe detects the leakage data of the internal trace of the target chip to be tested in real time.
S204、对探针探测的泄露数据进行采集。S204. Collect leakage data detected by the probe.
具体的,在待测芯片执行相应操作时,可以选择合适的关键时间点来对探针所获取的内部走线上的泄露数据进行采集。Specifically, when the chip to be tested performs the corresponding operation, an appropriate key time point may be selected to collect the leakage data of the internal trace acquired by the probe.
应当说明的是,目前大多数安全芯片都采用了某些安全防护措施来防护旁路攻击,比如功耗平滑、随机噪声源等,从而降低了普通方式下采集到的能耗泄露的信噪比,使得上述常规方式下所采集到的波形信噪比很低,基于此,本实施例中区别于常规的从芯片外部获取芯片泄露的旁路信号,直接从芯片内部走线来获取泄露的旁路信号,即使对于某些采用低功耗技术及防护措施(尤其是噪声电路)的芯片,也可以提升攻击的精确度和所获泄露曲线的信噪比,并且可以选择性旁路掉某些安全防护措施,实现更加全面的安全性评估,更具有实际可操作性。It should be noted that most security chips currently use some security protection measures to protect against bypass attacks, such as power consumption smoothing, random noise sources, etc., thereby reducing the signal-to-noise ratio of energy leakage collected in the normal mode. Therefore, the signal-to-noise ratio of the waveform collected in the above conventional manner is very low. Based on this, in this embodiment, the bypass signal of the chip leakage is obtained from the outside of the chip, and the internal wiring of the chip is directly routed to obtain the leakage side. Road signals, even for some chips that use low-power technology and protection (especially noise circuits), can improve the accuracy of the attack and the signal-to-noise ratio of the leak curve obtained, and can selectively bypass some Safety measures to achieve a more comprehensive safety assessment, more practical.
可选的,泄露数据为多维度泄露数据,多维度泄露数据包括:功耗变化数据、电磁信号数据、指令执行时间数据、差错数据中的至少两中。Optionally, the leakage data is multi-dimensional leakage data, and the multi-dimensional leakage data includes at least two of power consumption change data, electromagnetic signal data, instruction execution time data, and error data.
具体的,目前常用的芯片旁路分析只是基于单一的功耗泄露曲线或者电磁辐射泄露曲线来进行样本采集,而为了提高芯片安全性评估的全面性,本实施例则是将多维度泄露数据作为分析对象,多维度泄露数据则至少包括两种泄露数据,例如对功耗变化数据和电磁信号数据同时获取并打包在一起,使得分析对象具有更加充分的信息,相对于分析对象为单一泄露数据时能实现更加全面的安全性评估。Specifically, the currently used chip bypass analysis is based on a single power leakage curve or an electromagnetic radiation leakage curve for sample collection, and in order to improve the comprehensiveness of the chip security evaluation, this embodiment uses multi-dimensional leakage data as The analysis object, the multi-dimensional leakage data includes at least two kinds of leakage data, for example, the power consumption change data and the electromagnetic signal data are simultaneously acquired and packaged together, so that the analysis object has more sufficient information, when the analysis object is a single leak data. A more comprehensive safety assessment can be achieved.
S102、根据泄露数据和预设的安全评估模型确定安全评估等级;安全评估模型根据深度学习算法对预设的泄露样本进行训练而得到。S102. Determine a security assessment level according to the leakage data and a preset security assessment model. The security assessment model is obtained by training the preset leakage sample according to the deep learning algorithm.
具体的,本实施例中的安全性评估模型的建立方式包括但不限于以下方式:Specifically, the manner of establishing the security assessment model in this embodiment includes but is not limited to the following manners:
首先,准备训练样本S,其中训练样本可以是采集的待测芯片的历史泄露数据而确定的样本,也可以是采集的同类型的其它芯片的泄露数据而确定的样本,当然还可以是事先预置的专家数据,即由工程师经过反复研究后所提供的具有一定科学规律的样本。其中训练样本可以是单一样本,也可以是由多个不同类型样本组成。其中,训练样本S包括特征向量F和对应的分类标记C,特征向量F即芯片工作时的泄露数据,若为多维度泄露数据,则特征向量中则包括多个特征参数;分类标记C则是根据一定的分类标准对各特征向量进行对应分级,在本实施例中则是用于对泄露数据的严重程度进行分级,例如,分为C1、C2等,可以取值C1=1,C2=2等,特征向量F与对应的分类标记C组成一个样本S,可以用下式表示:S=[F,C]。First, the training sample S is prepared, wherein the training sample may be a sample determined by collecting historical leak data of the chip to be tested, or may be a sample determined by collecting leakage data of other chips of the same type, and may be pre-predetermined. The expert data is the sample with certain scientific laws provided by the engineers after repeated research. The training sample may be a single sample or may be composed of multiple different types of samples. The training sample S includes a feature vector F and a corresponding classification mark C. The feature vector F is the leaked data when the chip is working. If the multi-dimensional leak data is used, the feature vector includes a plurality of feature parameters; the classification mark C is According to a certain classification standard, each feature vector is correspondingly graded. In this embodiment, it is used to classify the severity of the leaked data, for example, it is divided into C1, C2, etc., and can take values C1=1, C2=2. Etc., the feature vector F and the corresponding classification mark C form a sample S, which can be expressed by the following formula: S = [F, C].
然后,再通过深度学习算法中的有监督的学习算法,即输入数据有明确的分类标记和输出结果来训练模型,可以采用运算速度较快的Logistic回归、Adaboost算法等,也可以采用准确度较高的算法,例如现在流行的亚马逊MXNet框架算法等,从而使得本实施例中的安全性评估模型被确立,基于所确立的安全性评估模型,将当前获取到的芯片的泄露数据输入到该模型中,即可输出对应的分类标记,即可表征出当前的安全性评估等级。由于泄露数据与安全评估等级之间的相关性在经过充分训练后可以得到有效总结,从而更加适应于对低信噪比的泄露样本、复杂分析对象开展安全性评估。Then, through the supervised learning algorithm in the deep learning algorithm, that is, the input data has clear classification marks and output results to train the model, the logistic regression, Adaboost algorithm, etc. with faster calculation speed can be used, and the accuracy can be adopted. A high algorithm, such as the popular Amazon MXNet framework algorithm, etc., so that the security evaluation model in this embodiment is established, and based on the established security evaluation model, the leaked data of the currently acquired chip is input to the model. In the middle, the corresponding classification mark can be output to represent the current safety assessment level. Since the correlation between the leakage data and the safety assessment level can be effectively summarized after being fully trained, it is more suitable for the safety assessment of leaked samples and complex analysis objects with low SNR.
可选的,在根据泄露数据和预设的安全评估模型确定安全评估等级之前,还包括:对泄露数据进行预处理;预处理包括:数据去噪处理、数据压缩处理、数据格式转换处理、数据选取处理中的至少一种。Optionally, before determining the security assessment level according to the leakage data and the preset security assessment model, the method further includes: preprocessing the leakage data; the preprocessing includes: data denoising processing, data compression processing, data format conversion processing, and data Select at least one of the processes.
具体的,本实施例中为了进一步提高安全性评估的效率和评估结果的准确度,在将泄露数据输入到安全评估模型之前还会对获取的泄露数据进行预处理,其中,数据去噪处理能够去除数据的基线漂移噪音、工频干扰等,数据压缩处理能够降低泄露数据的数据量,数据格式转换处理能够将获取的泄露数据转换为所期望的数据格式,数据选取处理则是对从获取的泄露数据中只截取出特定数据作为分析对象。Specifically, in this embodiment, in order to further improve the efficiency of the security assessment and the accuracy of the evaluation result, the leaked data is pre-processed before the leakage data is input into the security assessment model, wherein the data denoising process can Data loss processing, such as baseline drift noise and power frequency interference, can be reduced. Data compression processing can reduce the leaked data into a desired data format, and data selection processing is obtained from the data acquisition process. Only specific data is intercepted in the leaked data as an analysis object.
S103、根据安全评估等级判断待测芯片是否泄露敏感数据。S103. Determine, according to the security evaluation level, whether the chip to be tested leaks sensitive data.
具体的,安全评估等级表征了当前泄露数据对芯片安全性的影响程度,泄露数据的情况的不同对应于不同的芯片安全情况,在一些实施例中,可以将安全评估等级分类为:C1、C2、C3、C4、C5,从C1至C5表征泄露数据对芯片安全性影响程度依次增加,并将C3设置为等级阈值,即C1、C2等级下泄露数据对芯片安全性影响程度还较为轻微,不足以对芯片安全性造成实质影响,即此时泄露的数据并不足以被利用于分析出芯片的敏感数据,芯片的敏感数据包括芯片的密码算法的密钥、芯片当前执行的运算类型等,而C3则为临界点,在这种情况下芯片当前泄露的数据已经可以被尝试分析出敏感数据,即在该等级下泄露数据已经开始威胁芯片的安全性,并且超过该等级阈值,对芯片安全性的威胁逐渐增大。通过深度学习算法来对芯片进行安全性评估,使得最终的芯片是否泄露敏感数据的判断结果的判断精度大大提高,更能代表芯片当前的真实安全状况。Specifically, the security assessment level indicates the degree of impact of the current leakage data on the security of the chip, and the difference in the leakage data corresponds to different chip security conditions. In some embodiments, the security assessment levels may be classified as: C1, C2. , C3, C4, C5, from C1 to C5, the degree of influence of leakage data on chip security increases sequentially, and C3 is set as the level threshold. That is, the impact of leakage data on C1 and C2 levels on chip security is still slight, insufficient In order to have a substantial impact on the security of the chip, that is, the leaked data is not enough to be used to analyze the sensitive data of the chip. The sensitive data of the chip includes the key of the chip's cryptographic algorithm, the type of operation currently performed by the chip, and the like. C3 is the critical point. In this case, the data currently leaked by the chip can already be tried to analyze the sensitive data, that is, the leakage data at this level has begun to threaten the security of the chip, and exceeds the level threshold, the security of the chip. The threat is gradually increasing. The deep learning algorithm is used to evaluate the security of the chip, so that the judgment accuracy of the final chip whether the leakage of sensitive data is judged is greatly improved, and it can represent the current real security status of the chip.
可选的,在根据安全评估等级判断待测芯片的敏感数据为泄露时,还包括:对泄露数据进行分析而确定敏感数据。Optionally, when the sensitive data of the chip to be tested is determined to be leaked according to the security evaluation level, the method further includes: analyzing the leakage data to determine the sensitive data.
具体的,本实施例中在得到芯片是否泄露敏感数据的判断结果后,若当前判断结果为是,则还尝试对具体所泄露的敏感数据进行恢复。对敏感数据的恢复依赖于芯片在运算过程中的泄露曲线与敏感信息如密钥之间的相关性,通常的分组密码算法中,一个长的密钥在实际加密和解密的过程中,会拆分成多个子密钥,例如DES实际参与运算的48位密钥,会拆分成8组,每一组6个bits,而128位的AES也类似,128位的密钥会拆分成16组,每组8个bits,和信息异或后参与以后的变换。这一点可以被攻击者所利用,容易遍历6bits或者8bits的子密钥,基于泄露数据进行分析,先获取一部分密钥信息,再逐一遍历分析其余的密钥分组,从而获得整体密钥信息。Specifically, in the embodiment, after obtaining the judgment result of whether the chip leaks sensitive data, if the current judgment result is yes, an attempt is also made to recover the specific leaked sensitive data. The recovery of sensitive data depends on the correlation between the leakage curve of the chip in the operation process and sensitive information such as the key. In the normal block cipher algorithm, a long key will be removed during the actual encryption and decryption process. Divided into multiple subkeys, for example, the 48-bit key that DES actually participates in is divided into 8 groups, each group of 6 bits, and the 128-bit AES is similar, and the 128-bit key is split into 16 Group, each group of 8 bits, and the information XOR after participating in the subsequent transformation. This can be exploited by an attacker. It is easy to traverse 6bits or 8bits subkeys, analyze based on leaked data, obtain a part of key information first, and then traverse the remaining key packets one by one to obtain the overall key information.
本发明实施例提供了一种芯片安全性评估方法,针对现有技术中借助传统的数理统计方法来进行芯片旁路分析,所导致的适用性较为局限、准确性较低的缺陷,该芯片安全性评估方法包括:获取待测芯片当前工作时的泄露数据;根据泄露数据和预设的安全评估模型确定安全评估等级;安全评估模型根据深度学习算法对预设的泄露样本进行训练而得到;根据安全评估等级判断待测芯片是否泄露敏感数据。通过将芯片工作时的泄露数据输入到训练后的安全评估模型来获取目标分析对象的安全评估分类标记,再根据安全评估分类标记来对目标分析对象是否泄漏了敏感数据进行预测,尤其适用于对低信噪比的泄露样本、复杂分析对象开展安全性评估,提高了结果的准确性,并能有效降低人力投入。The embodiment of the invention provides a chip security evaluation method, which is directed to the chip bypass analysis by using the traditional mathematical statistics method in the prior art, which has the disadvantages of limited applicability and low accuracy, and the chip security The method includes: obtaining leakage data when the chip to be tested is currently working; determining a security evaluation level according to the leakage data and a preset safety evaluation model; and the safety evaluation model is obtained by training the preset leakage sample according to the deep learning algorithm; The security evaluation level determines whether the chip to be tested leaks sensitive data. The safety assessment classification mark of the target analysis object is obtained by inputting the leak data of the chip work into the trained safety evaluation model, and then the target analysis object is predicted to leak sensitive data according to the safety evaluation classification mark, which is especially suitable for Leaked samples with low SNR and complex analysis objects carry out safety assessment, which improves the accuracy of results and can effectively reduce manpower input.
 
实施例二:Embodiment 2:
图3为本发明实施例二提供的芯片安全性评估方法的细化流程图,具体包括以下步骤:FIG. 3 is a detailed flowchart of a chip security evaluation method according to Embodiment 2 of the present invention, which specifically includes the following steps:
S301、获取待测芯片当前工作时的内部走线的多维度泄露数据;多维度泄露数据包括:功耗变化数据、电磁信号数据、指令执行时间数据、差错数据中的至少两种。S301. Acquire multi-dimensional leakage data of internal traces when the chip to be tested is currently working; the multi-dimensional leakage data includes at least two of power consumption change data, electromagnetic signal data, instruction execution time data, and error data.
具体的,本实施例中区别于常规的从芯片外部获取芯片泄露的旁路信号,直接从芯片内部走线来获取泄露的旁路信号,可以提升攻击的精确度和所获泄露曲线的信噪比;并且,本实施例将多维度泄露数据进行采集并作为分析对象,使得分析对象具有更加充分的信息,相对于分析对象为单一泄露数据时能实现更加全面的安全性评估。Specifically, in this embodiment, the conventional bypass signal obtained by acquiring the chip leakage from the outside of the chip is directly obtained from the internal wiring of the chip to obtain the leaked bypass signal, thereby improving the accuracy of the attack and the signal noise of the leaked curve obtained. Moreover, in this embodiment, the multi-dimensional leak data is collected and used as an analysis object, so that the analysis object has more sufficient information, and a more comprehensive security evaluation can be realized when the analysis object is a single leaked data.
S302、对多维度泄露数据进行预处理;预处理包括:数据去噪处理、数据压缩处理、数据格式转换处理、数据选取处理中的至少一种。S302. Perform pre-processing on the multi-dimensional leakage data. The pre-processing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing.
具体的,本实施例中为了进一步提高安全性评估的效率和评估结果的准确度,还会对获取的泄露数据进行预处理,然后再将处理后的泄露数据输入到安全评估模型。Specifically, in this embodiment, in order to further improve the efficiency of the security assessment and the accuracy of the evaluation result, the acquired leakage data is also preprocessed, and then the processed leakage data is input into the security assessment model.
S303、根据预处理后的多维度泄露数据和预设的安全评估模型确定安全评估等级;安全评估模型根据深度学习算法对预设的泄露样本进行训练而得到。S303. Determine a security assessment level according to the pre-processed multi-dimensional leakage data and a preset security assessment model. The security assessment model is obtained by training the preset leakage sample according to the deep learning algorithm.
具体的,泄露数据与安全评估等级之间的相关性在经过充分训练后可以得到有效总结,从而更加适应于对低信噪比的泄露样本、复杂分析对象开展安全性评估。Specifically, the correlation between the leaked data and the security assessment level can be effectively summarized after being fully trained, so that it is more suitable for the safety assessment of leaked samples and complex analysis objects with low SNR.
S304、根据安全评估等级判断待测芯片是否泄露敏感数据;若是,则执行S305,若否,则执行S301。S304. Determine, according to the security evaluation level, whether the chip to be tested leaks sensitive data; if yes, execute S305, if no, execute S301.
通过深度学习算法来对芯片进行安全性评估,使得最终的芯片是否泄露敏感数据的判断结果的判断精度大大提高,更能代表芯片当前的真实安全状况。The deep learning algorithm is used to evaluate the security of the chip, so that the judgment accuracy of the final chip whether the leakage of sensitive data is judged is greatly improved, and it can represent the current real security status of the chip.
S305、对多维度泄露数据进行分析而确定敏感数据。S305. Analyze the multi-dimensional leak data to determine the sensitive data.
本发明实施例提供了一种芯片安全性评估方法,该芯片安全性评估方法通过对芯片工作时的多维度泄露数据进行采集,然后对多维度泄露数据进行预处理后输入到训练后的安全评估模型来输出对应的安全评估等级,并根据安全评估等级来对芯片是否泄漏了敏感数据进行预测,在泄露了敏感数据的情况下还对具体的敏感数据进行确定。利用多维度泄露数据作为分析对象来提升安全性评估的全面性,并采用深度学习算法来进行安全性评估,提高了对低信噪比的泄露样本、复杂分析对象进行评估时的适用性和准确性。The embodiment of the invention provides a chip security evaluation method, which collects multi-dimensional leakage data during chip operation, and then preprocesses the multi-dimensional leakage data and inputs it into the post-training security evaluation. The model outputs the corresponding security assessment level, and predicts whether the chip leaks sensitive data according to the security evaluation level, and also determines the specific sensitive data when the sensitive data is leaked. The use of multi-dimensional leak data as an analysis object to improve the comprehensiveness of security assessment, and the use of deep learning algorithms for security assessment, improve the applicability and accuracy of the evaluation of low SNR leaked samples, complex analysis objects Sex.
 
实施例三:Embodiment 3:
本实施例提供了一种芯片安全性评估装置,具体请参见图4,该芯片安全性评估装置包括:数据获取模块41、安全评估模块42和泄露判断模块43;数据获取模块41用于获取待测芯片当前工作时的泄露数据;安全评估模块42用于根据泄露数据和预设的安全评估模型确定安全评估等级;安全评估模型根据深度学习算法对预设的泄露样本进行训练而得到;泄露判断模块43用于根据安全评估等级判断待测芯片是否泄露敏感数据。The present embodiment provides a chip security evaluation device. For details, refer to FIG. 4. The chip security evaluation device includes: a data acquisition module 41, a security evaluation module 42 and a leak determination module 43. The data acquisition module 41 is configured to acquire Measuring the leakage data of the current working of the chip; the security evaluation module 42 is configured to determine the security evaluation level according to the leakage data and the preset security evaluation model; the security evaluation model is obtained by training the preset leakage sample according to the deep learning algorithm; The module 43 is configured to determine whether the chip to be tested leaks sensitive data according to the security evaluation level.
具体的,芯片在运行时所产生的旁路信号会通过片上供电网络而传导泄露出来,进而可以被数据获取模块41所检测得到,具体所泄露的旁路信号包括:功耗变化数据、电磁信号数据、指令执行时间数据、差错数据等。Specifically, the bypass signal generated by the chip during operation is leaked through the on-chip power supply network, and can be detected by the data acquisition module 41. The specifically bypassed signal includes: power consumption change data and electromagnetic signal. Data, instruction execution time data, error data, and the like.
另外,安全评估模块42通过深度学习算法来确定泄露数据对应的安全评估等级。首先,准备训练样本S,其中训练样本可以是采集的待测芯片的历史泄露数据而确定的样本,也可以是采集的同类型的其它芯片的泄露数据而确定的样本,当然还可以是事先预置的专家数据,即由工程师经过反复研究后所提供的具有一定科学规律的样本。其中训练样本可以是单一样本,也可以是由多个不同类型样本组成。其中,训练样本S包括特征向量F和对应的分类标记C,特征向量F即芯片工作时的泄露数据,若为多维度泄露数据,则特征向量中则包括多个特征参数;分类标记C则是根据一定的分类标准对各特征向量进行对应分级,在本实施例中则是用于对泄露数据的严重程度进行分级,特征向量F与对应的分类标记C组成一个样本S,可以用下式表示:S=[F,C]。然后,再通过深度学习算法中的有监督的学习算法,即输入数据有明确的分类标记和输出结果来训练模型,可以采用运算速度较快的Logistic回归、Adaboost算法等,也可以采用准确度较高的算法,例如现在流行的亚马逊MXNet框架算法等,从而使得本实施例中的安全性评估模型被确立,基于所确立的安全性评估模型,安全评估模块42将当前获取到的芯片的泄露数据输入到该模型中,即可输出对应的分类标记,即可表征出当前的安全性评估等级。由于泄露数据与安全评估等级之间的相关性在经过充分训练后可以得到有效总结,从而更加适应于对低信噪比的泄露样本、复杂分析对象开展安全性评估。In addition, the security assessment module 42 determines the security assessment level corresponding to the leaked data through a deep learning algorithm. First, the training sample S is prepared, wherein the training sample may be a sample determined by collecting historical leak data of the chip to be tested, or may be a sample determined by collecting leakage data of other chips of the same type, and may be pre-predetermined. The expert data is the sample with certain scientific laws provided by the engineers after repeated research. The training sample may be a single sample or may be composed of multiple different types of samples. The training sample S includes a feature vector F and a corresponding classification mark C. The feature vector F is the leaked data when the chip is working. If the multi-dimensional leak data is used, the feature vector includes a plurality of feature parameters; the classification mark C is Corresponding grading of each feature vector according to a certain classification criterion is used to classify the severity of the leaked data in the present embodiment. The feature vector F and the corresponding classification mark C form a sample S, which can be expressed by the following formula. :S=[F,C]. Then, through the supervised learning algorithm in the deep learning algorithm, that is, the input data has clear classification marks and output results to train the model, the logistic regression, Adaboost algorithm, etc. with faster calculation speed can be used, and the accuracy can be adopted. High algorithms, such as the now popular Amazon MXNet framework algorithm, etc., so that the security evaluation model in this embodiment is established. Based on the established security evaluation model, the security evaluation module 42 will disclose the leaked data of the currently acquired chip. Entering into the model, you can output the corresponding classification mark to represent the current safety assessment level. Since the correlation between the leakage data and the safety assessment level can be effectively summarized after being fully trained, it is more suitable for the safety assessment of leaked samples and complex analysis objects with low SNR.
应当说明的是,本实施例中的安全评估等级表征了当前泄露数据对芯片安全性的影响程度,泄露数据的情况的不同对应于不同的芯片安全情况,泄露判断模块43通过安全评估等级来确定泄露数据是否对芯片安全性造成了实质影响,即根据泄露数据是否可以分析出芯片的敏感数据,芯片的敏感数据包括芯片的密码算法的密钥、芯片当前执行的运算类型等。本实施例通过深度学习算法来对芯片进行安全性评估,使得最终的芯片是否泄露敏感数据的判断结果的判断精度大大提高,更能代表芯片当前的真实安全状况。It should be noted that the security evaluation level in this embodiment represents the degree of impact of the current leakage data on the security of the chip, and the difference in the leakage data corresponds to different chip security conditions, and the leakage determination module 43 determines the security evaluation level. Whether the leaked data has a substantial impact on the security of the chip, that is, whether the sensitive data of the chip can be analyzed according to the leaked data, the sensitive data of the chip includes the key of the chip's cryptographic algorithm, the type of operation currently performed by the chip, and the like. In this embodiment, the depth evaluation algorithm is used to evaluate the security of the chip, so that the judgment accuracy of the final chip whether the leakage of the sensitive data is judged is greatly improved, and the current real security status of the chip is more representative.
可选的,泄露数据为多维度泄露数据,多维度泄露数据包括:功耗变化数据、电磁信号数据、指令执行时间数据、差错数据中的至少两种。Optionally, the leakage data is multi-dimensional leakage data, and the multi-dimensional leakage data includes at least two of power consumption change data, electromagnetic signal data, instruction execution time data, and error data.
具体的,目前常用的芯片旁路分析只是基于单一的功耗泄露曲线或者电磁辐射泄露曲线来进行样本采集,而为了提高芯片安全性评估的全面性,本实施例则是将多维度泄露数据作为分析对象,多维度泄露数据则至少包括两种泄露数据,例如对功耗变化数据和电磁信号数据同时获取并打包在一起,使得分析对象具有更加充分的信息,相对于分析对象为单一泄露数据时能实现更加全面的安全性评估。Specifically, the currently used chip bypass analysis is based on a single power leakage curve or an electromagnetic radiation leakage curve for sample collection, and in order to improve the comprehensiveness of the chip security evaluation, this embodiment uses multi-dimensional leakage data as The analysis object, the multi-dimensional leakage data includes at least two kinds of leakage data, for example, the power consumption change data and the electromagnetic signal data are simultaneously acquired and packaged together, so that the analysis object has more sufficient information, when the analysis object is a single leak data. A more comprehensive safety assessment can be achieved.
可选的,数据获取模块41还用于获取待测芯片当前工作时的内部走线的泄露数据。Optionally, the data obtaining module 41 is further configured to obtain leak data of internal traces when the chip to be tested is currently working.
如图5所示为本实施例提供的数据获取模块的结构框图,本实施例中的数据获取模块41具体包括:定位子模块411、控制子模块412和采集子模块413。As shown in FIG. 5, a block diagram of a data acquisition module is provided in this embodiment. The data acquisition module 41 in this embodiment includes a positioning submodule 411, a control submodule 412, and a collection submodule 413.
定位子模块411用于识别待测芯片的关键模块和走线,并定位出目标内部走线;具体的,定位子模块411根据待测芯片的各层特征来识别待测芯片内的关键模块、走线类型及位置,然后确定目标内部走线的位置,通常情况下对功耗变化数据(电流或电压信息)进行采集时,需要通过聚焦离子束进行开孔来露出该内部走线,方便探针搭接进行信号的接触式探测,而若对电磁信号数据(电场或磁场信息)进行采集时,则可以不进行开孔而通过非接触方式来进行探测。优选的,本实施例中的目标内部走线为待测芯片内部的电源支路走线、密码电路信号走线或者其它适当走线。The locating sub-module 411 is configured to identify the key modules and the traces of the chip to be tested, and locate the target internal traces. Specifically, the locating sub-module 411 identifies the key modules in the chip to be tested according to the characteristics of the layers of the chip to be tested. Trace type and position, and then determine the position of the target internal trace. Usually, when collecting power consumption change data (current or voltage information), it is necessary to open the hole by focusing the ion beam to expose the internal trace. The needle is lapped to perform contact detection of the signal, and when the electromagnetic signal data (electric field or magnetic field information) is acquired, the detection can be performed by the non-contact method without performing the opening. Preferably, the target internal trace in this embodiment is a power branch trace inside the chip to be tested, a cryptographic circuit signal trace or other suitable trace.
控制子模块412用于将探针定位在目标内部走线,并发送指令控制待测芯片执行相应操作,以及控制探针实时探测待测芯片目标内部走线的泄露数据。The control sub-module 412 is configured to position the probe on the target internal trace, and send an instruction to control the chip to be tested to perform a corresponding operation, and the control probe to detect the leak data of the internal trace of the target chip to be tested in real time.
采集子模块413用于对探针探测的泄露数据进行采集。The collection sub-module 413 is configured to collect leakage data detected by the probe.
本实施例中区别于常规的从芯片外部获取芯片泄露的旁路信号,直接从芯片内部走线来获取泄露的旁路信号,即使对于某些采用低功耗技术及防护措施(尤其是噪声电路)的芯片,也可以提升攻击的精确度和所获泄露曲线的信噪比,并且可以选择性旁路掉某些安全防护措施,实现更加全面的安全性评估,更具有实际可操作性。In this embodiment, the bypass signal of the chip leakage is obtained from the outside of the chip, and the bypass signal is directly obtained from the internal wiring of the chip, even for some low-power technologies and protective measures (especially noise circuits). The chip can also improve the accuracy of the attack and the signal-to-noise ratio of the leak curve obtained, and can selectively bypass some safety protection measures to achieve a more comprehensive safety assessment and more practical operability.
可选的,还包括:数据预处理模块;数据预处理模块用于对泄露数据进行预处理;预处理包括:数据去噪处理、数据压缩处理、数据格式转换处理、数据选取处理中的至少一种。Optionally, the method further includes: a data preprocessing module; the data preprocessing module is configured to perform preprocessing on the leaked data; and the preprocessing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing. Kind.
具体的,本实施例中为了进一步提高安全性评估的效率和评估结果的准确度,在将泄露数据输入到安全评估模块之前还会通过数据预处理模块对获取的泄露数据进行预处理,其中,数据去噪处理能够去除数据的基线漂移噪音、工频干扰等,数据压缩处理能够降低泄露数据的数据量,数据格式转换处理能够将获取的泄露数据转换为所期望的数据格式,数据选取处理则是对从获取的泄露数据中只截取出特定数据作为分析对象。Specifically, in this embodiment, in order to further improve the efficiency of the security evaluation and the accuracy of the evaluation result, the leaked data is preprocessed by the data preprocessing module before the leakage data is input to the security evaluation module, where The data denoising process can remove the baseline drift noise and power frequency interference of the data, the data compression processing can reduce the data amount of the leaked data, and the data format conversion processing can convert the obtained leaked data into a desired data format, and the data selection processing is performed. It is to analyze only the specific data from the leaked data obtained as the analysis object.
可选的,还包括:数据确定模块;数据确定模块用于在泄露判断模块根据安全评估等级判断待测芯片的敏感数据为泄露时,对泄露数据进行分析而确定敏感数据。Optionally, the method further includes: a data determining module, where the data determining module is configured to determine the sensitive data when the leakage determining module determines that the sensitive data of the chip to be tested is leaked according to the security evaluation level.
本实施例中在得到芯片是否泄露敏感数据的判断结果后,若当前判断结果为是,则还通过数据确定模块来尝试对具体所泄露的敏感数据进行恢复。对敏感数据的恢复依赖于芯片在运算过程中的泄露曲线与敏感信息如密钥之间的相关性,通常的分组密码算法中,一个长的密钥在实际加密和解密的过程中,会拆分成多个子密钥,例如DES实际参与运算的48位密钥,会拆分成8组,每一组6个bits,而128位的AES也类似,128位的密钥会拆分成16组,每组8个bits,和信息异或后参与以后的变换。这一点可以被攻击者所利用,容易遍历6bits或者8bits的子密钥,基于泄露数据进行分析,先获取一部分密钥信息,再逐一遍历分析其余的密钥分组,从而获得整体密钥信息。In the embodiment, after obtaining the judgment result of whether the chip leaks the sensitive data, if the current judgment result is yes, the data determination module is further tried to recover the specific leaked sensitive data. The recovery of sensitive data depends on the correlation between the leakage curve of the chip in the operation process and sensitive information such as the key. In the normal block cipher algorithm, a long key will be removed during the actual encryption and decryption process. Divided into multiple subkeys, for example, the 48-bit key that DES actually participates in is divided into 8 groups, each group of 6 bits, and the 128-bit AES is similar, and the 128-bit key is split into 16 Group, each group of 8 bits, and the information XOR after participating in the subsequent transformation. This can be exploited by an attacker. It is easy to traverse 6bits or 8bits subkeys, analyze based on leaked data, obtain a part of key information first, and then traverse the remaining key packets one by one to obtain the overall key information.
本发明实施例提供了一种芯片安全性评估装置,该芯片安全性评估装置包括:数据获取模块、安全评估模块和泄露判断模块;数据获取模块用于获取待测芯片当前工作时的泄露数据;安全评估模块用于根据泄露数据和预设的安全评估模型确定安全评估等级;安全评估模型根据深度学习算法对预设的泄露样本进行训练而得到;泄露判断模块用于根据安全评估等级判断待测芯片是否泄露敏感数据。通过将芯片工作时的泄露数据输入到训练后的安全评估模型来获取目标分析对象的安全评估分类标记,再根据安全评估分类标记来对目标分析对象是否泄漏了敏感数据进行预测,尤其适用于对低信噪比的泄露样本、复杂分析对象开展安全性评估,提高了结果的准确性,并能有效降低人力投入。The embodiment of the present invention provides a chip security evaluation device, which includes: a data acquisition module, a security evaluation module, and a leakage determination module; and the data acquisition module is configured to acquire leakage data when the chip to be tested is currently working; The security assessment module is configured to determine a security assessment level according to the leakage data and a preset security assessment model; the security assessment model is obtained by training the preset leakage sample according to the deep learning algorithm; and the leakage determination module is configured to determine the to-be-tested according to the security assessment level Whether the chip leaks sensitive data. The safety assessment classification mark of the target analysis object is obtained by inputting the leak data of the chip work into the trained safety evaluation model, and then the target analysis object is predicted to leak sensitive data according to the safety evaluation classification mark, which is especially suitable for Leaked samples with low SNR and complex analysis objects carry out safety assessment, which improves the accuracy of results and can effectively reduce manpower input.
应当理解的是,本实施例中的数据获取模块41、安全评估模块42和泄露判断模块43可以全部部署在终端上,也可以全部部署在服务器上;或者一部分部署在终端上,一部分部署在服务器上。例如数据获取模块41、安全评估模块42部署在终端上,泄露判断模块43部署在服务器上;或者数据获取模块41部署在终端上,安全评估模块42和泄露判断模块43部署在服务器上。针对各种部署方式的相应实现过程参见上述实施例一所示,在此也不再进行赘述。但应当理解的是,在本实施例中,各模块的功能可以由其部署的设备的处理器实现。在本实施例的一些示例中,用于实现上述各模块对应功能的处理器包括但不限于CPU,例如,数据获取模块41、安全评估模块42和泄露判断模块43的功能则可以由处理器中的CPU实现。It should be understood that the data acquisition module 41, the security evaluation module 42 and the leak determination module 43 in this embodiment may all be deployed on the terminal, or may be deployed on the server; or part of the solution is deployed on the terminal, and part of the solution is deployed on the server. on. For example, the data acquisition module 41 and the security evaluation module 42 are deployed on the terminal, the leakage determination module 43 is deployed on the server, or the data acquisition module 41 is deployed on the terminal, and the security evaluation module 42 and the leak determination module 43 are deployed on the server. For the corresponding implementation process of various deployment modes, refer to the foregoing Embodiment 1, and details are not described herein again. It should be understood, however, that in this embodiment, the functionality of each module may be implemented by a processor of the device in which it is deployed. In some examples of the present embodiment, the processor for implementing the corresponding functions of the above modules includes, but is not limited to, a CPU. For example, the functions of the data acquisition module 41, the security evaluation module 42, and the leak determination module 43 may be implemented by the processor. CPU implementation.
 
实施例四:Embodiment 4:
本实施例提供一种存储介质,该存储介质可以存储一个或多个计算机程序以供处理器读取、编译并执行从而实现对应的功能。例如在本实施例中,该存储介质中存储有芯片安全性评估程序,该芯片安全性评估程序可供终端和/或服务器中的至少一个执行实现前述各实施例介绍的芯片安全性评估方法。The present embodiment provides a storage medium that can store one or more computer programs for the processor to read, compile, and execute to implement corresponding functions. For example, in the embodiment, the storage medium stores a chip security evaluation program, and the chip security evaluation program is executable by at least one of the terminal and/or the server to implement the chip security evaluation method introduced in the foregoing embodiments.
应当理解的是,该存储介质可以设置在一个硬件设备上,也可以分布在多个硬件设备上。当该存储介质仅设置在一个硬件设备上时,可以设置于终端上,也可以设置于服务器上。当该存储介质设置于终端上时,可以为第一计算机可读存储介质,该第一计算机可读存储介质存储有一个或者多个第一程序,该一个或者多个第一程序可被一个或者多个处理器执行,以便让终端实现如上各实施例中所示例的芯片安全性评估方法的步骤。当该存储介质设置于服务器上时,可以为第二计算机可读存储介质,该第二计算机可读存储介质存储有一个或者多个第二程序,该一个或者多个第二程序可被一个或者多个处理器执行,以便让服务器实现如上各实施例中所示例的芯片安全性评估方法的步骤。当该存储介质分布在至少两个硬件设备上时,该存储介质包括至少两个可以分离设置的存储单元,这些存储单元中的部分设置在终端上,部分设置于服务器上,例如,终端处理器通过读取设置在其上的存储单元中的计算机程序,可以实现芯片安全性评估方法中获取待测芯片当前工作时的泄露数据的步骤;而服务器处理器通过读取设置在其上的存储单元中的计算机程序,可以实现芯片安全性评估方法中根据泄露数据和预设的安全评估模型确定安全评估等级;根据安全评估等级判断待测芯片是否泄露敏感数据的步骤。或者,也可以由服务器处理器读取设置在其上的存储单元中的计算机程序,实现芯片安全性评估方法中获取待测芯片当前工作时的泄露数据;根据泄露数据和预设的安全评估模型确定安全评估等级的步骤;然后由终端处理器根据设置在其上的存储单元中的计算机程序实现根据安全评估等级判断待测芯片是否泄露敏感数据的步骤。It should be understood that the storage medium may be disposed on one hardware device or distributed on multiple hardware devices. When the storage medium is only disposed on one hardware device, it may be set on the terminal or may be set on the server. When the storage medium is disposed on the terminal, it may be a first computer readable storage medium, where the first computer readable storage medium stores one or more first programs, and the one or more first programs may be one or A plurality of processors are executed to allow the terminal to implement the steps of the chip security evaluation method exemplified in the above embodiments. When the storage medium is disposed on the server, it may be a second computer readable storage medium, the second computer readable storage medium storing one or more second programs, the one or more second programs may be one or A plurality of processors are executed to allow the server to implement the steps of the chip security evaluation method exemplified in the above embodiments. When the storage medium is distributed on at least two hardware devices, the storage medium includes at least two storage units that can be separately disposed, and some of the storage units are disposed on the terminal, and are partially disposed on the server, for example, the terminal processor. By reading the computer program in the storage unit disposed thereon, the step of obtaining leakage data when the chip under test is currently working in the chip security evaluation method may be implemented; and the server processor reads the storage unit disposed thereon by reading The computer program can realize the step of determining the security evaluation level according to the leakage data and the preset security evaluation model in the chip security evaluation method; and determining whether the chip to be tested leaks the sensitive data according to the security evaluation level. Alternatively, the computer program in the storage unit disposed thereon may be read by the server processor to obtain the leaked data when the current chip of the chip to be tested is obtained in the chip security evaluation method; according to the leaked data and the preset security evaluation model The step of determining the security evaluation level; and then the step of the terminal processor determining whether the chip to be tested leaks sensitive data according to the security evaluation level is implemented by the terminal processor according to the computer program in the storage unit disposed thereon.
 
以上内容是结合具体的实施方式对本发明实施例所作的进一步详细说明,不能认定本发明实施例的具体实施只局限于这些说明。对于本发明实施例所属技术领域的普通技术人员来说,在不脱离本发明实施例构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明实施例的保护范围。The above is a detailed description of the embodiments of the present invention in conjunction with the specific embodiments, and the specific implementation of the embodiments of the present invention is not limited to the description. For a person skilled in the art to which the present invention pertains, a number of simple derivations or substitutions may be made without departing from the spirit of the embodiments of the present invention.
 

Claims (11)

  1. 一种芯片安全性评估方法,其特征在于,所述芯片安全性评估方法包括: A chip security evaluation method, characterized in that the chip security evaluation method comprises:
    获取待测芯片当前工作时的泄露数据;Obtaining leak data when the chip to be tested is currently working;
    根据所述泄露数据和预设的安全评估模型确定安全评估等级;所述安全评估模型根据深度学习算法对预设的泄露样本进行训练而得到;Determining a security assessment level according to the leakage data and a preset security assessment model; the security assessment model is obtained by training a preset leaked sample according to a deep learning algorithm;
    根据所述安全评估等级判断所述待测芯片是否泄露敏感数据。Determining, according to the security evaluation level, whether the chip to be tested leaks sensitive data.
  2. 如权利要求1所述的芯片安全性评估方法,其特征在于,所述泄露数据为多维度泄露数据,所述多维度泄露数据包括:功耗变化数据、电磁信号数据、指令执行时间数据、差错数据中的至少两种。The chip security evaluation method according to claim 1, wherein the leakage data is multi-dimensional leakage data, and the multi-dimensional leakage data comprises: power consumption variation data, electromagnetic signal data, instruction execution time data, and errors. At least two of the data.
  3. 如权利要求1所述的芯片安全性评估方法,其特征在于,所述获取待测芯片当前工作时的泄露数据包括:The chip security evaluation method according to claim 1, wherein the obtaining leakage data when the chip to be tested is currently working includes:
    获取所述待测芯片当前工作时的内部走线的泄露数据。Obtaining leak data of the internal traces when the chip to be tested is currently working.
  4. 如权利要求1所述的芯片安全性评估方法,其特征在于,在根据所述泄露数据和预设的安全评估模型确定安全评估等级之前,还包括:The chip security evaluation method according to claim 1, wherein before determining the security evaluation level according to the leakage data and the preset security evaluation model, the method further comprises:
    对所述泄露数据进行预处理;所述预处理包括:数据去噪处理、数据压缩处理、数据格式转换处理、数据选取处理中的至少一种。Pre-processing the leaked data; the pre-processing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing.
     
  5. 如权利要求1至4中任一项所述的芯片安全性评估方法,其特征在于,在根据所述安全评估等级判断所述待测芯片的敏感数据为泄露时,还包括:The chip security evaluation method according to any one of claims 1 to 4, further comprising: when determining that the sensitive data of the chip to be tested is leaked according to the security evaluation level, further comprising:
    对所述泄露数据进行分析而确定所述敏感数据。The leaked data is analyzed to determine the sensitive data.
     
  6. 一种芯片安全性评估装置,其特征在于,包括:数据获取模块、安全评估模块和泄露判断模块;A chip security evaluation device, comprising: a data acquisition module, a security evaluation module, and a leakage determination module;
    所述数据获取模块用于获取待测芯片当前工作时的泄露数据;The data acquisition module is configured to acquire leakage data when the chip to be tested is currently working;
    所述安全评估模块用于根据所述泄露数据和预设的安全评估模型确定安全评估等级;所述安全评估模型根据深度学习算法对预设的泄露样本进行训练而得到;The security evaluation module is configured to determine a security assessment level according to the leakage data and a preset security assessment model; the security assessment model is obtained by training a preset leaked sample according to a deep learning algorithm;
    所述泄露判断模块用于根据所述安全评估等级判断所述待测芯片是否泄露敏感数据。The leak determination module is configured to determine, according to the security assessment level, whether the chip to be tested leaks sensitive data.
  7. 如权利要求6所述的芯片安全性评估装置,其特征在于,所述泄露数据为多维度泄露数据,所述多维度泄露数据包括:功耗变化数据、电磁信号数据、指令执行时间数据、差错数据中的至少两种。The chip security evaluation apparatus according to claim 6, wherein the leaked data is multi-dimensional leak data, and the multi-dimensional leak data includes: power consumption change data, electromagnetic signal data, instruction execution time data, and an error. At least two of the data.
  8. 如权利要求6所述的芯片安全性评估装置,其特征在于,数据获取模块还用于获取所述待测芯片当前工作时的内部走线的泄露数据。The chip security evaluation device according to claim 6, wherein the data acquisition module is further configured to acquire leakage data of the internal traces when the chip to be tested is currently working.
  9. 如权利要求6所述的芯片安全性评估装置,其特征在于,还包括:数据预处理模块;The chip security evaluation device according to claim 6, further comprising: a data preprocessing module;
    所述数据预处理模块用于对所述泄露数据进行预处理;所述预处理包括:数据去噪处理、数据压缩处理、数据格式转换处理、数据选取处理中的至少一种。The data pre-processing module is configured to perform pre-processing on the leaked data; the pre-processing includes at least one of data denoising processing, data compression processing, data format conversion processing, and data selection processing.
  10. 如权利要求6至9中任一项所述的芯片安全性评估装置,其特征在于,还包括:数据确定模块;The chip security evaluation apparatus according to any one of claims 6 to 9, further comprising: a data determination module;
    所述数据确定模块用于在所述泄露判断模块根据所述安全评估等级判断所述待测芯片的敏感数据为泄露时,对所述泄露数据进行分析而确定所述敏感数据。The data determining module is configured to determine the sensitive data by analyzing the leaked data when the leak determination module determines that the sensitive data of the chip to be tested is leaked according to the security evaluation level.
  11. 一种存储介质,其特征在于,所述存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现如权利要求1至5中任一项所述的芯片安全性评估方法的步骤。A storage medium, characterized in that the storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement any one of claims 1 to 5. The steps of the chip security evaluation method.
     
PCT/CN2019/080301 2018-04-09 2019-03-29 Chip security evaluation method and apparatus, and storage medium WO2019196672A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810311362.0 2018-04-09
CN201810311362.0A CN110363033A (en) 2018-04-09 2018-04-09 A kind of chip security appraisal procedure and device

Publications (1)

Publication Number Publication Date
WO2019196672A1 true WO2019196672A1 (en) 2019-10-17

Family

ID=68163484

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/080301 WO2019196672A1 (en) 2018-04-09 2019-03-29 Chip security evaluation method and apparatus, and storage medium

Country Status (2)

Country Link
CN (1) CN110363033A (en)
WO (1) WO2019196672A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111614459B (en) * 2020-05-29 2021-08-06 上海交通大学 Side channel analysis method for BLE key negotiation protocol
CN111914276A (en) * 2020-08-06 2020-11-10 中国传媒大学 Chip information leakage analysis method and device
CN118013593A (en) * 2024-02-02 2024-05-10 中国电子信息产业集团有限公司第六研究所 Deep learning-based password chip information leakage detection method, system and storage medium
CN117972697A (en) * 2024-02-06 2024-05-03 中国电子信息产业集团有限公司第六研究所 Password chip ubiquitous information leakage early warning analysis method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130204553A1 (en) * 2011-08-03 2013-08-08 President And Fellows Of Harvard College System and method for detecting integrated circuit anomalies
CN103698687A (en) * 2013-12-18 2014-04-02 工业和信息化部电子第五研究所 Method and system for processing signals of hardware Trojan detection in integrated circuit
CN104850804A (en) * 2015-05-28 2015-08-19 清华大学 Hardware Trojan detecting method based on circuit characteristic analysis
CN106814257A (en) * 2016-12-07 2017-06-09 北京邮电大学 Chip type identifying system, method and device
CN106845286A (en) * 2016-12-15 2017-06-13 北京邮电大学 Hardware Trojan horse detection method, apparatus and system
CN107783023A (en) * 2016-08-31 2018-03-09 国民技术股份有限公司 Side channel leakage analysis system and method based on chip

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104330721B (en) * 2014-10-29 2017-03-08 工业和信息化部电子第五研究所 IC Hardware Trojan detecting method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130204553A1 (en) * 2011-08-03 2013-08-08 President And Fellows Of Harvard College System and method for detecting integrated circuit anomalies
CN103698687A (en) * 2013-12-18 2014-04-02 工业和信息化部电子第五研究所 Method and system for processing signals of hardware Trojan detection in integrated circuit
CN104850804A (en) * 2015-05-28 2015-08-19 清华大学 Hardware Trojan detecting method based on circuit characteristic analysis
CN107783023A (en) * 2016-08-31 2018-03-09 国民技术股份有限公司 Side channel leakage analysis system and method based on chip
CN106814257A (en) * 2016-12-07 2017-06-09 北京邮电大学 Chip type identifying system, method and device
CN106845286A (en) * 2016-12-15 2017-06-13 北京邮电大学 Hardware Trojan horse detection method, apparatus and system

Also Published As

Publication number Publication date
CN110363033A (en) 2019-10-22

Similar Documents

Publication Publication Date Title
WO2019196672A1 (en) Chip security evaluation method and apparatus, and storage medium
US10970387B2 (en) Systems, methods, and apparatuses for intrusion detection and analytics using power characteristics such as side-channel information collection
Lodhi et al. Power profiling of microcontroller's instruction set for runtime hardware Trojans detection without golden circuit models
Kaygusuz et al. Detection of compromised smart grid devices with machine learning and convolution techniques
CN108280348B (en) Android malicious software identification method based on RGB image mapping
CN108123956B (en) Password misuse vulnerability detection method and system based on Petri network
Reece et al. Analysis of data-leak hardware Trojans in AES cryptographic circuits
Barenghi et al. Information leakage discovery techniques to enhance secure chip design
Soni et al. Malicious application detection in android using machine learning
Reimann et al. Qflow: Quantitative information flow for security-aware hardware design in verilog
CN107085687B (en) Binary entropy-based fuzzy test encryption and decryption function positioning method
Andrikos et al. Location, location, location: Revisiting modeling and exploitation for location-based side channel leakages
WO2023093919A3 (en) Washing machine abnormal sound detection method and apparatus, electronic device, and storage medium
Liu et al. Wavelet-based noise reduction in power analysis attack
CN114531283B (en) Method, system, storage medium and terminal for measuring robustness of intrusion detection model
Krček et al. Deep learning on side-channel analysis
Bellizia et al. Towards a better understanding of side-channel analysis measurements setups
Dehbaoui et al. Enhancing electromagnetic analysis using magnitude squared incoherence
Zhang et al. Deep-Learning Model Extraction Through Software-Based Power Side-Channel
Obaid et al. Comprehensive Study of Side-Channel Analysis (CyberSecurity)
Zefferer et al. Power consumption-based application classification and malware detection on android using machine-learning techniques
Zhang et al. Fuzzing methods recommendation based on feature vectors
Dutta et al. Prediction and Analysis of Various Cyber Attack Models in Cyber Physical System in Virtual Environment
CN114500022B (en) Side channel protective capability detection system
Wang et al. Revisiting a Realistic EM Side-Channel Attack on a Complex Modern SoC

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19785932

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 04/02/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19785932

Country of ref document: EP

Kind code of ref document: A1