WO2023233489A1 - Information processing device, detection method, and detection program - Google Patents

Information processing device, detection method, and detection program Download PDF

Info

Publication number
WO2023233489A1
WO2023233489A1 PCT/JP2022/022007 JP2022022007W WO2023233489A1 WO 2023233489 A1 WO2023233489 A1 WO 2023233489A1 JP 2022022007 W JP2022022007 W JP 2022022007W WO 2023233489 A1 WO2023233489 A1 WO 2023233489A1
Authority
WO
WIPO (PCT)
Prior art keywords
image data
electronic board
difference
information processing
inspected
Prior art date
Application number
PCT/JP2022/022007
Other languages
French (fr)
Japanese (ja)
Inventor
楊 鐘本
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2022/022007 priority Critical patent/WO2023233489A1/en
Publication of WO2023233489A1 publication Critical patent/WO2023233489A1/en

Links

Images

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01NINVESTIGATING OR ANALYSING MATERIALS BY DETERMINING THEIR CHEMICAL OR PHYSICAL PROPERTIES
    • G01N21/00Investigating or analysing materials by the use of optical means, i.e. using sub-millimetre waves, infrared, visible or ultraviolet light
    • G01N21/84Systems specially adapted for particular applications
    • G01N21/88Investigating the presence of flaws or contamination
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01NINVESTIGATING OR ANALYSING MATERIALS BY DETERMINING THEIR CHEMICAL OR PHYSICAL PROPERTIES
    • G01N21/00Investigating or analysing materials by the use of optical means, i.e. using sub-millimetre waves, infrared, visible or ultraviolet light
    • G01N21/84Systems specially adapted for particular applications
    • G01N21/88Investigating the presence of flaws or contamination
    • G01N21/95Investigating the presence of flaws or contamination characterised by the material or shape of the object to be examined
    • G01N21/956Inspecting patterns on the surface of objects

Definitions

  • the present invention relates to an information processing device, a detection method, and a detection program.
  • Non-Patent Document 1 As a method for detecting fraudulent circuits (hardware trojans) that invade during the design process, there is a technique that calculates the fraud score of the target electronic circuit by pattern matching based on the characteristics of past hardware trojans (for example, (See Non-Patent Document 1).
  • PUF Physical Hard to Copy Function
  • PUF Physical Hard to Copy Function
  • the present invention has been made in view of the above, and provides an information processing device, a detection method, and a detection program that can easily and accurately detect tampering with an electronic board and improve the security level.
  • the purpose is to
  • an information processing device of the present invention acquires image data of an electronic board, and stores the image data in association with identification information that uniquely identifies the electronic board.
  • a storage section to store the identification information of the electronic board to be inspected, read out image data corresponding to the acquired identification information from the storage section, and read out the read image data and an image of the electronic board to be inspected; It is characterized by having an image difference detection section that detects a difference between the image data and the data.
  • tampering with an electronic board can be detected easily and accurately, and the security level can be improved.
  • FIG. 1 is a block diagram showing an example of the configuration of a system according to an embodiment.
  • FIG. 2 is a block diagram illustrating the configuration of the information processing apparatus of this embodiment.
  • FIG. 3 is a diagram illustrating the processing of the storage unit.
  • FIG. 4 is a diagram illustrating the processing of the image difference detection section.
  • FIG. 5 is a diagram illustrating the processing of the image difference detection section.
  • FIG. 6 is a diagram illustrating the processing of the image difference detection section.
  • FIG. 7 is a diagram illustrating the processing of the spatial difference detection section.
  • FIG. 8 is a diagram illustrating an overview of tampering detection processing by the information processing device.
  • FIG. 9 is a flowchart illustrating an example of a processing procedure at the time of registration by the information processing apparatus according to the embodiment.
  • FIG. 10 is a flowchart illustrating an example of a processing procedure when tampering is detected by the information processing apparatus according to the embodiment.
  • FIG. 11 is a diagram showing
  • FIG. 1 is a block diagram showing an example of the configuration of a system according to an embodiment.
  • the system includes an information processing device 10 and a photographing device 20.
  • the information processing device 10 and the photographing device 20 are connected to each other via a network 30.
  • each device may communicate via any communication network, such as the Internet, LAN, or VPN (Virtual Private Network), regardless of whether it is wired or wireless.
  • the configuration shown in FIG. 1 is only an example, and the specific configuration and the number of each device are not particularly limited.
  • the information processing device 10 acquires image data and spatial data of an electronic board (a board on which electronic components are arranged) included in the IoT device from the imaging device 20, registers it at the time of shipment or procurement, and checks whether there are any differences. To detect. Thereby, the information processing device 10 can easily and accurately detect tampering with the electronic board, and can improve the security level.
  • the information processing device 10 registers image data and spatial data at the time of electronic board shipment and procurement, and detects a difference; however, the information processing device 10 is limited to the time of shipment and procurement. Instead, for example, it may be immediately after manufacturing the electronic board or at the time of shipping.
  • the photographing device 20 acquires image data and spatial data of the electronic board and transmits them to the information processing device 10.
  • the imaging device 20 uses a camera to capture image data of an electronic board, and uses a laser to measure spatial data.
  • the photographing device 20 may acquire only image data.
  • the photographing device 20 may be installed in a factory and automatically take an image of the electronic board, for example, or may take an image of the electronic board manually at any location.
  • FIG. 2 is a block diagram illustrating the configuration of the information processing apparatus of this embodiment.
  • the information processing device 10 of this embodiment includes a communication processing section 11, a control section 12, and a storage section 13.
  • the communication processing unit 11 is realized by a NIC (Network Interface Card) or the like, and controls communication via a telecommunication line such as a LAN (Local Area Network) or the Internet.
  • NIC Network Interface Card
  • LAN Local Area Network
  • the storage unit 13 stores data and programs necessary for various processing by the control unit 12, and has an image data DB 13a, a spatial data DB 13b, and a detection result data DB 13c.
  • the storage unit 13 is a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as a hard disk or an optical disk.
  • the image data DB 13a stores image data of the electronic board.
  • the image data DB 13a stores an inspection object ID (identification information) that uniquely identifies an electronic board and image data of the electronic board in association with each other.
  • the spatial data DB 13b stores spatial data of the electronic board.
  • the spatial data DB 13b stores an inspection object ID (identification information) that uniquely identifies an electronic board and spatial data of the electronic board in association with each other.
  • the detection result data DB 13c stores a difference in image data detected by an image difference detection unit 12b, which will be described later, and a difference in spatial data, detected by a spatial difference detection unit 12c, which will be described later.
  • the detection result data DB 13c stores an ID that uniquely identifies an electronic board, differences and changes in image data (for example, chip inclusion, tampering with wiring, etc.), and differences and changes in spatial data. .
  • the control unit 12 has an internal memory for storing programs that define various processing procedures and required data, and executes various processes using these.
  • the control section 12 includes a storage section 12a, an image difference detection section 12b, a spatial difference detection section 12c, and an output section 12d.
  • the control unit 12 is an electronic circuit such as a CPU (Central Processing Unit) or an MPU (Micro Processing Unit), or an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array).
  • the storage unit 12a acquires image data of the electronic board, and stores the image data in the image data DB 13a in association with identification information that uniquely identifies the electronic board. Further, the storage unit 12a further acquires spatial data of the electronic board, and stores the spatial data in the spatial data DB 13b in association with identification information that uniquely identifies the electronic board.
  • the storage unit 12a stores, in the storage unit 13, image data captured by the imaging device 20 of the target electronic board and spatial data sensed.
  • image data captured by the imaging device 20 of the target electronic board
  • spatial data sensed it is assumed that if the electronic board is hidden behind a cover or a housing, the photographing or sensing is performed with the cover removed.
  • the storage unit 12a may correct deviations due to the region of the electronic board and rotation from the feature points of the electronic board during data registration.
  • the image difference detection unit 12b acquires identification information of the electronic board to be inspected, reads image data corresponding to the acquired identification information from the image data DB 13a, and compares the read image data with the image data of the electronic board to be inspected. Detect the difference between
  • the image difference detection unit 12b calculates the degree of deviation between the position of the chip included in the image data read from the image data DB 13a and the position of the chip included in the image data of the electronic board to be inspected, and calculates the degree of deviation. is greater than or equal to a predetermined threshold, a difference in chip position is detected. In other words, if the degree of deviation is greater than or equal to a predetermined threshold, and if a chip that did not exist at the time of shipment was mixed in at the time of procurement, the image difference detection unit 12b detects the position of the incorrect chip that has been mixed in. , If the position of the chip at the time of shipment has moved at the time of procurement, the changed position of the chip is detected.
  • the image difference detection unit 12b calculates the degree of deviation between the position of the wiring included in the image data read from the image data DB 13a and the position of the wiring contained in the image data of the electronic board to be inspected, and calculates the degree of deviation. is greater than or equal to a predetermined threshold, a difference in the wiring positions is detected. In other words, if the degree of deviation is greater than or equal to a predetermined threshold, and if a wiring that did not exist at the time of shipment exists at the time of procurement, the image difference detection unit 12b detects the position of the incorrect wiring and ships the wiring. If the position of the original wiring has moved at the time of procurement, the changed position of the wiring is detected.
  • the image difference detection unit 12b acquires the size and position information of the board area, the package that protects the IC chip, and the soldered wiring area, and acquires the size and position information at the time of shipping and procurement. Detect discrepancies in information and addition of packages and wiring that were not present at the time of shipment.
  • the image difference detection unit 12b when detecting chip contamination, uses a black filter to identify continuous black areas as chips, and then determines the size of the chip and the reference point (upper left corner). ) to measure the position. Further, as illustrated in FIG. 6, when detecting tampering with wiring, the image difference detection unit 12b uses a white filter to identify continuous white areas as wiring, and then measures the coordinates of the wiring.
  • the image difference detection unit 12b compares the chip position information (C1, C2, . . .) and the wiring position information (E1, E2, . . .) of the comparison source and comparison target, and detects the deviation. If the degree is greater than or equal to the threshold, it is detected that there is a difference.
  • the image difference detection unit 12b calculates the deviation degree Dc of the chip position information and the deviation degree De of the wiring position information as follows.
  • the spatial difference detection unit 12c acquires the identification information of the electronic board to be inspected, reads spatial data corresponding to the acquired identification information from the spatial data DB 13b, and compares the read spatial data with the spatial data of the electronic board to be inspected. Detect the difference between For example, the spatial difference detection unit 12c calculates the degree of deviation between the height of each area of the spatial data read from the spatial data DB 13b and the height of each area of the spatial data of the electronic board to be inspected, and determines that the degree of deviation is a predetermined value. If the difference is greater than or equal to the threshold value, it is detected that there is a difference in the chip position.
  • the spatial difference detection unit 12c identifies the position of a package (black or the like) that protects the IC chip from unevenness on the electronic board or soldered wiring (white or the like).
  • a package black or the like
  • an attacker who detects the discrepancy between the location information at the time of shipment and the location information at the time of procurement, or the addition of packages or wiring that was not present at the time of shipment, may paint the mixed chip or tampered wiring to make it difficult to notice. This can make the differences difficult to understand.
  • the spatial difference detection unit 12c detects chip contamination or wiring tampering from spatial information (difference in the height direction), for example, when a difference cannot be detected from the image.
  • the output unit 12d outputs the detection results of the image difference detection unit 12b and the spatial difference detection unit 12c. For example, if a chip that did not exist at the time of shipment is mixed in at the time of procurement, the output unit 12d outputs the position of the illegal chip detected by the image difference detection unit 12b, and outputs the position of the incorrect chip detected by the image difference detection unit 12b. If the position has moved at the time of procurement, the changed chip position detected by the image difference detection unit 12b is output. For example, if a wiring that did not exist at the time of shipment exists at the time of procurement, the output unit 12d outputs the position of the incorrect wiring detected by the spatial difference detection unit 12c, and outputs the position of the incorrect wiring detected by the spatial difference detection unit 12c. If the position has moved at the time of procurement, the changed wiring position detected by the spatial difference detection unit 12c is output.
  • FIG. 8 is a diagram illustrating an overview of tampering detection processing by the information processing device.
  • the imaging device 20A photographs and measures the electronic board (board on which electronic components are arranged) included in the IoT device using a camera or laser, and performs image identification and measurement of the electronic board.
  • Image data and spatial data of the electronic board are obtained by performing shape identification using LIDAR (see (1) in FIG. 8).
  • the photographing device 20 transmits the information to the information processing device 10.
  • the information processing device 10 acquires image data and spatial data from the imaging device A, and stores them in the storage unit 13 in association with the inspection object ID.
  • the imaging device 20B acquires image data and spatial data of the electronic board to be inspected (see (2) in FIG. 8), and transmits it to the information processing device 10 together with the inspection object ID.
  • the information processing device 10 reads the image data and spatial data corresponding to the inspection target ID from the storage unit 13, and detects the difference between the read image data and spatial data and the image data of the electronic board to be inspected (FIG. 8 (See (3)). Then, for example, the information processing device 10 detects as a detection result. If a chip that was not present at the time of shipment is mixed in at the time of procurement, the position of the detected illegal chip is output (see (4) in FIG. 8).
  • FIG. 9 is a flowchart illustrating an example of a processing procedure at the time of registration by the information processing apparatus according to the embodiment.
  • FIG. 10 is a flowchart illustrating an example of a processing procedure when tampering is detected by the information processing apparatus according to the embodiment. Note that the registration process in FIG. 9 is a process performed when an electronic board is shipped, and the process at the time of tampering detection in FIG. 10 is described below as a process to be performed when an electronic board is procured. The timing is not limited to this.
  • the storage unit 12a of the information processing device 10 acquires the image data and spatial data of the electronic board from the imaging device 20 at the time of shipping the electronic board (Yes in step S101)
  • the storage unit 12a of the information processing device 10 stores the image data and the spatial data.
  • the data is stored in the storage unit 13 in association with the inspection object ID (step S102).
  • the image difference detection unit 12b of the information processing device 10 when the image difference detection unit 12b of the information processing device 10 acquires the inspection object ID at the time of procuring the electronic board (Yes at step S201), the image difference detection unit 12b of the information processing device 10 detects the image data corresponding to the inspection object ID.
  • the image data is read from the image data DB 13a (step S202), and a difference between the read image data and the image data of the electronic board to be inspected is detected (step S203).
  • the output unit 12d outputs the detection result (step S207). Further, when the image difference detection unit 12b does not detect a difference (No in step S204), the spatial data corresponding to the inspection object ID is read out from the spatial data DB 13b (step S205), and the read spatial data and the inspection object The difference between the spatial data of the electronic board and the spatial data of the electronic board is detected (step S206). After that, the output unit 12d outputs the detection result of the image difference detection unit 12b (step S207).
  • the information processing apparatus 10 acquires image data of an electronic board, and stores the image data in the image data DB 13a in association with identification information that uniquely identifies the electronic board. Then, the information processing device 10 acquires the identification information of the electronic board to be inspected, reads image data corresponding to the acquired identification information from the image data DB 13a, and combines the read image data and the image data of the electronic board to be inspected. Detect the difference between Therefore, the information processing device 10 can easily and accurately detect tampering with the electronic board, and can improve the security level.
  • the user can check whether the IoT device including the electronic board used by the user has been tampered with during the distribution stage, thereby improving the user's security level. Is possible. For this reason, the information processing device 10 can, for example, detect tampering with electronic components that are components of electronic devices such as IoT devices (incorporation of unauthorized IC chips or alteration of wiring). It is possible to determine whether IoT devices have been tampered with during the distribution process of the supply chain, and to improve cybersecurity.
  • IoT devices incorporation of unauthorized IC chips or alteration of wiring
  • FIG. 11 is a diagram showing a computer that executes the program.
  • the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. However, each of these parts is connected by a bus 1080.
  • the memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012, as illustrated in FIG.
  • the ROM 1011 stores, for example, a boot program such as BIOS (Basic Input Output System).
  • BIOS Basic Input Output System
  • Hard disk drive interface 1030 is connected to hard disk drive 1031, as illustrated in FIG.
  • Disk drive interface 1040 is connected to disk drive 1041, as illustrated in FIG.
  • a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1041.
  • the serial port interface 1050 is connected to, for example, a mouse 1051 and a keyboard 1052, as illustrated in FIG.
  • Video adapter 1060 is connected to display 1061, for example, as illustrated in FIG.
  • the hard disk drive 1031 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, the above program is stored, for example, in the hard disk drive 1031 as a program module in which commands to be executed by the computer 1000 are written.
  • the various data described in the above embodiments are stored as program data in, for example, the memory 1010 or the hard disk drive 1031. Then, the CPU 1020 reads out the program module 1093 and program data 1094 stored in the memory 1010 and the hard disk drive 1031 to the RAM 1012 as necessary, and executes various processing procedures.
  • program module 1093 and program data 1094 related to the program are not limited to being stored in the hard disk drive 1031, but may be stored in a removable storage medium, for example, and read by the CPU 1020 via a disk drive or the like.
  • the program module 1093 and program data 1094 related to the program are stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and are transmitted via the network interface 1070. It may be read by the CPU 1020.
  • LAN Local Area Network
  • WAN Wide Area Network
  • Communication processing section 12 Control section 12a Storage section 12b Image difference detection section 12c Spatial difference detection section 12d Output section 13 Storage section 13a Image data DB 13b Spatial data DB 13c Detection result data DB

Abstract

An information processing device (10) acquires image data of an electronic substrate and stores, in an image data DB (13a), the image data in association with identification information for uniquely identifying the electronic substrate. The information processing device (10) also acquires identification information of an electronic substrate to be inspected, reads the image data that correspond to the acquired identification information from the image data DB (13a), and detects a difference between the read image data and the image data of the electronic substrate to be inspected.

Description

情報処理装置、検出方法及び検出プログラムInformation processing device, detection method and detection program
 本発明は、情報処理装置、検出方法及び検出プログラムに関する。 The present invention relates to an information processing device, a detection method, and a detection program.
 近年、サプライチェーンの弱点を狙ったサイバー攻撃が顕在化、高度化している。企業がIoT(Internet of Things)機器を利用する際には、リスクマネジメントが一層重要となる。このため、脆弱性やマルウェア混入が発覚した際には利用している機器が原因となるソフトウェアやハードウェアを使用しているかを速やかに確認し、対処を行う必要がある。 In recent years, cyber attacks targeting weaknesses in the supply chain have become more obvious and sophisticated. Risk management becomes even more important when companies use IoT (Internet of Things) devices. Therefore, when a vulnerability or malware infection is discovered, it is necessary to promptly check whether the device being used uses the software or hardware that causes the problem, and take countermeasures.
 例えば、設計工程で侵入する不正回路(ハードウェアトロイ)の検知する方法として、過去のハードウェアトロイの性質に基づき、パターンマッチにより、対象の電子回路の不正スコアを算出する技術がある(例えば、非特許文献1参照)。また、例えば、PUF(物理複製困難関数)を利用した電子部品の認証を行う方法として、電子部品に固有のIDを出力する特殊な回路を埋め込むことで、電子部品の唯一性を確保し、電子部品の改ざんを検出する技術がある(例えば、非特許文献2参照)。 For example, as a method for detecting fraudulent circuits (hardware trojans) that invade during the design process, there is a technique that calculates the fraud score of the target electronic circuit by pattern matching based on the characteristics of past hardware trojans (for example, (See Non-Patent Document 1). In addition, for example, as a method for authenticating electronic components using PUF (Physically Hard to Copy Function), by embedding a special circuit that outputs a unique ID in electronic components, the uniqueness of electronic components is ensured and electronic There is a technique for detecting tampering with parts (for example, see Non-Patent Document 2).
 しかしながら、従来の技術では、電子基板の改ざんを容易かつ精度よく検出することができず、セキュリティレベルを向上させることができないという課題があった。例えば、設計工程で侵入する不正回路を検知する技術では、電子部品に含まれる電子回路1つ1つを対象とすることから、詳細な検知が可能だが、数百数千の電子部品を対象として不正回路を検索することになり、検索範囲が大量で処理に時間を要する。このため、設計工程後の流通段階で適用する場合、電子部品を保護するパッケージを剥がし、電子回路を露出させる必要があり手間がかかるため、電子基板の改ざんを容易に検出することができなかった。 However, with conventional technology, tampering with electronic boards cannot be easily and accurately detected, and the security level cannot be improved. For example, technology for detecting unauthorized circuits that enter during the design process targets each electronic circuit included in an electronic component, so detailed detection is possible, but it is possible to perform detailed detection by targeting each electronic circuit contained in an electronic component. Since a search for invalid circuits is required, the search range is large and processing takes time. For this reason, when applied at the distribution stage after the design process, the packaging that protects the electronic components must be removed to expose the electronic circuits, which is time-consuming, making it impossible to easily detect tampering with electronic boards. .
 また、PUFを利用した電子部品の認証を行う技術では、特殊な回路を電子部品に搭載させる必要があり、電子部品の改変は検出できるが、電子部品の追加は検出できなかったため、電子基板の改ざんを容易かつ精度よく検出することができなかった。 In addition, with the technology for authenticating electronic components using PUF, it is necessary to mount a special circuit on the electronic components, and while it is possible to detect modifications to electronic components, it is not possible to detect the addition of electronic components. Tampering could not be detected easily and accurately.
 本発明は、上記に鑑みてなされたものであって、電子基板の改ざんを容易かつ精度よく検出することができ、セキュリティレベルを向上させることができる情報処理装置、検出方法及び検出プログラムを提供することを目的とする。 The present invention has been made in view of the above, and provides an information processing device, a detection method, and a detection program that can easily and accurately detect tampering with an electronic board and improve the security level. The purpose is to
 上述した課題を解決し、目的を達成するために、本発明の情報処理装置は、電子基板の画像データを取得し、当該画像データを、電子基板を一意に識別する識別情報と対応付けて記憶部に格納する格納部と、検査対象の電子基板の識別情報を取得し、取得した識別情報に対応する画像データを前記記憶部から読み出し、読み出した画像データと、前記検査対象の電子基板の画像データとの差分を検出する画像差分検出部と、を有することを特徴とする。 In order to solve the above problems and achieve the purpose, an information processing device of the present invention acquires image data of an electronic board, and stores the image data in association with identification information that uniquely identifies the electronic board. a storage section to store the identification information of the electronic board to be inspected, read out image data corresponding to the acquired identification information from the storage section, and read out the read image data and an image of the electronic board to be inspected; It is characterized by having an image difference detection section that detects a difference between the image data and the data.
 本発明によれば、電子基板の改ざんを容易かつ精度よく検出することができ、セキュリティレベルを向上させることが可能である。 According to the present invention, tampering with an electronic board can be detected easily and accurately, and the security level can be improved.
図1は、実施の形態に係るシステムの構成の一例を示すブロック図である。FIG. 1 is a block diagram showing an example of the configuration of a system according to an embodiment. 図2は、本実施形態の情報処理装置の構成を例示するブロック図である。FIG. 2 is a block diagram illustrating the configuration of the information processing apparatus of this embodiment. 図3は、格納部の処理を説明する図である。FIG. 3 is a diagram illustrating the processing of the storage unit. 図4は、画像差分検出部の処理を説明する図である。FIG. 4 is a diagram illustrating the processing of the image difference detection section. 図5は、画像差分検出部の処理を説明する図である。FIG. 5 is a diagram illustrating the processing of the image difference detection section. 図6は、画像差分検出部の処理を説明する図である。FIG. 6 is a diagram illustrating the processing of the image difference detection section. 図7は、空間差分検出部の処理を説明する図である。FIG. 7 is a diagram illustrating the processing of the spatial difference detection section. 図8は、情報処理装置による改ざん検知処理の概要を説明する図である。FIG. 8 is a diagram illustrating an overview of tampering detection processing by the information processing device. 図9は、実施形態の情報処理装置による登録時の処理手順の一例を示すフローチャートである。FIG. 9 is a flowchart illustrating an example of a processing procedure at the time of registration by the information processing apparatus according to the embodiment. 図10は、実施形態の情報処理装置による改ざん検出時の処理手順の一例を示すフローチャートである。FIG. 10 is a flowchart illustrating an example of a processing procedure when tampering is detected by the information processing apparatus according to the embodiment. 図11は、プログラムを実行するコンピュータを示す図である。FIG. 11 is a diagram showing a computer that executes a program.
 以下に、本願に係る情報処理装置、検出方法及び検出プログラムの実施の形態を図面に基づいて詳細に説明する。また、本発明は、以下に説明する実施の形態により限定されるものではない。 Hereinafter, embodiments of an information processing device, a detection method, and a detection program according to the present application will be described in detail based on the drawings. Further, the present invention is not limited to the embodiments described below.
[システムの構成]
 実施の形態に係る情報処理装置を含むシステムの構成を説明する。図1は、実施の形態に係るシステムの構成の一例を示すブロック図である。図1に示すように、システムは、情報処理装置10と撮影装置20とを有する。情報処理装置10と撮影装置20とは、ネットワーク30を介して互いに接続されている。なお、図1に示すネットワークの形態について、各装置は、有線または無線を問わず、インターネット、LANやVPN(Virtual Private Network)などの任意の通信網を介して通信してよい。また、図1に示す構成は一例にすぎず、具体的な構成や各装置の数は特に限定されない。 [System configuration]
The configuration of a system including an information processing device according to an embodiment will be described. FIG. 1 is a block diagram showing an example of the configuration of a system according to an embodiment. As shown in FIG. 1, the system includes an information processing device 10 and a photographing device 20. The information processing device 10 and the photographing device 20 are connected to each other via a network 30. Regarding the network configuration shown in FIG. 1, each device may communicate via any communication network, such as the Internet, LAN, or VPN (Virtual Private Network), regardless of whether it is wired or wireless. Further, the configuration shown in FIG. 1 is only an example, and the specific configuration and the number of each device are not particularly limited.
 情報処理装置10は、例えば、IoT機器に含まれる電子基板(電子部品が配置された基板)の画像データおよび空間データを撮影装置20から取得して出荷時や調達時に登録し、差分がないか検出する。これにより、情報処理装置10は、電子基板の改ざんを容易かつ精度よく検出することができ、セキュリティレベルを向上させることが可能である。なお、以下では、情報処理装置10が、電子基板の出荷時と調達時の画像データおよび空間データを登録し、差分を検出する場合を例に説明するが、出荷時と調達時に限定されるものではなく、例えば、電子基板の製造直後と出荷時等でもよい。 For example, the information processing device 10 acquires image data and spatial data of an electronic board (a board on which electronic components are arranged) included in the IoT device from the imaging device 20, registers it at the time of shipment or procurement, and checks whether there are any differences. To detect. Thereby, the information processing device 10 can easily and accurately detect tampering with the electronic board, and can improve the security level. In the following, a case will be explained in which the information processing device 10 registers image data and spatial data at the time of electronic board shipment and procurement, and detects a difference; however, the information processing device 10 is limited to the time of shipment and procurement. Instead, for example, it may be immediately after manufacturing the electronic board or at the time of shipping.
 撮影装置20は、電子基板の画像データおよび空間データを取得し、情報処理装置10に送信する。例えば、撮影装置20は、カメラにより電子基板の画像データを撮像し、レーザにより空間データを測定する。なお、撮影装置20は、画像データのみを取得してもよい。なお、撮影装置20は、例えば、工場に設置されていて自動で電子基板を撮像等してもよいし、任意の場所で電子基板を手動で撮像等するようにしてもよい。 The photographing device 20 acquires image data and spatial data of the electronic board and transmits them to the information processing device 10. For example, the imaging device 20 uses a camera to capture image data of an electronic board, and uses a laser to measure spatial data. Note that the photographing device 20 may acquire only image data. Note that the photographing device 20 may be installed in a factory and automatically take an image of the electronic board, for example, or may take an image of the electronic board manually at any location.
[情報処理装置の構成]
 図2は、本実施形態の情報処理装置の構成を例示するブロック図である。図2に例示するように、本実施形態の情報処理装置10は、通信処理部11、制御部12、および記憶部13を有する。 [Configuration of information processing device]
FIG. 2 is a block diagram illustrating the configuration of the information processing apparatus of this embodiment. As illustrated in FIG. 2, the information processing device 10 of this embodiment includes a communication processing section 11, a control section 12, and a storage section 13.
 通信処理部11は、NIC(Network Interface Card)等で実現され、LAN(Local Area Network)やインターネットなどの電気通信回線を介して通信を制御する。 The communication processing unit 11 is realized by a NIC (Network Interface Card) or the like, and controls communication via a telecommunication line such as a LAN (Local Area Network) or the Internet.
 記憶部13は、制御部12による各種処理に必要なデータおよびプログラムを格納し、画像データDB13a、空間データDB13bおよび検出結果データDB13cを有する。例えば、記憶部13は、RAM(Random Access Memory)、フラッシュメモリ(Flash Memory)等の半導体メモリ素子、又は、ハードディスク、光ディスク等の記憶装置などである。 The storage unit 13 stores data and programs necessary for various processing by the control unit 12, and has an image data DB 13a, a spatial data DB 13b, and a detection result data DB 13c. For example, the storage unit 13 is a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as a hard disk or an optical disk.
 画像データDB13aは、電子基板の画像データを記憶する。例えば、画像データDB13aは、電子基板を一意に識別する検査対象ID(識別情報)とその電子基板の画像データとを対応付けて記憶する。 The image data DB 13a stores image data of the electronic board. For example, the image data DB 13a stores an inspection object ID (identification information) that uniquely identifies an electronic board and image data of the electronic board in association with each other.
 空間データDB13bは、電子基板の空間データを記憶する。例えば、空間データDB13bは、電子基板を一意に識別する検査対象ID(識別情報)とその電子基板の空間データとを対応付けて記憶する。 The spatial data DB 13b stores spatial data of the electronic board. For example, the spatial data DB 13b stores an inspection object ID (identification information) that uniquely identifies an electronic board and spatial data of the electronic board in association with each other.
 検出結果データDB13cは、後述する画像差分検出部12bによって検出された画像データの差分と、後述する空間差分検出部12cによって検出された空間データの差分を記憶する。例えば、検出結果データDB13cは、電子基板を一意に識別するIDと、画像データの差分箇所および変更内容(例えば、チップ混入、配線の改ざん等)と、空間データの差分箇所および変更内容を記憶する。 The detection result data DB 13c stores a difference in image data detected by an image difference detection unit 12b, which will be described later, and a difference in spatial data, detected by a spatial difference detection unit 12c, which will be described later. For example, the detection result data DB 13c stores an ID that uniquely identifies an electronic board, differences and changes in image data (for example, chip inclusion, tampering with wiring, etc.), and differences and changes in spatial data. .
 制御部12は、各種の処理手順などを規定したプログラムおよび所要データを格納するための内部メモリを有し、これらによって種々の処理を実行する。例えば、制御部12は、格納部12a、画像差分検出部12b、空間差分検出部12cおよび出力部12dを有する。ここで、制御部12は、CPU(Central Processing Unit)やMPU(Micro Processing Unit)などの電子回路やASIC(Application Specific Integrated Circuit)やFPGA(Field Programmable Gate Array)などの集積回路である。 The control unit 12 has an internal memory for storing programs that define various processing procedures and required data, and executes various processes using these. For example, the control section 12 includes a storage section 12a, an image difference detection section 12b, a spatial difference detection section 12c, and an output section 12d. Here, the control unit 12 is an electronic circuit such as a CPU (Central Processing Unit) or an MPU (Micro Processing Unit), or an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array).
 格納部12aは、電子基板の画像データを取得し、当該画像データを、電子基板を一意に識別する識別情報と対応付けて画像データDB13aに格納する。また、格納部12aは、電子基板の空間データをさらに取得し、当該空間データを、電子基板を一意に識別する識別情報と対応付けて空間データDB13bに格納する。 The storage unit 12a acquires image data of the electronic board, and stores the image data in the image data DB 13a in association with identification information that uniquely identifies the electronic board. Further, the storage unit 12a further acquires spatial data of the electronic board, and stores the spatial data in the spatial data DB 13b in association with identification information that uniquely identifies the electronic board.
 格納部12aは、撮影装置20が対象の電子基板を撮影した画像データおよび、センシングした空間データを記憶部13に格納する。なお、ここでは、電子基板がカバーや筐体に隠れている場合はそのカバーが外れている状態で撮影あるいはセンシングしていることを前提とする。また、格納部12aは、図3に例示するように、データ登録時は電子基板の特徴点から基板の領域、回転によるずれを補正するようにしてもよい。 The storage unit 12a stores, in the storage unit 13, image data captured by the imaging device 20 of the target electronic board and spatial data sensed. Here, it is assumed that if the electronic board is hidden behind a cover or a housing, the photographing or sensing is performed with the cover removed. Furthermore, as illustrated in FIG. 3, the storage unit 12a may correct deviations due to the region of the electronic board and rotation from the feature points of the electronic board during data registration.
 画像差分検出部12bは、検査対象の電子基板の識別情報を取得し、取得した識別情報に対応する画像データを画像データDB13aから読み出し、読み出した画像データと、検査対象の電子基板の画像データとの差分を検出する。 The image difference detection unit 12b acquires identification information of the electronic board to be inspected, reads image data corresponding to the acquired identification information from the image data DB 13a, and compares the read image data with the image data of the electronic board to be inspected. Detect the difference between
 例えば、画像差分検出部12bは、画像データDB13aから読み出した画像データに含まれるチップの位置と、検査対象の電子基板の画像データに含まれるチップの位置との乖離度を算出し、当該乖離度が所定の閾値以上である場合には、チップの位置の差分を検出する。つまり、画像差分検出部12bは、乖離度が所定の閾値以上である場合には、出荷時に存在しなかったチップが調達時に混入している場合には、混入した不正なチップの位置を検出し、出荷時のチップの位置が調達時に移動していた場合には、変更したチップの位置を検出する。 For example, the image difference detection unit 12b calculates the degree of deviation between the position of the chip included in the image data read from the image data DB 13a and the position of the chip included in the image data of the electronic board to be inspected, and calculates the degree of deviation. is greater than or equal to a predetermined threshold, a difference in chip position is detected. In other words, if the degree of deviation is greater than or equal to a predetermined threshold, and if a chip that did not exist at the time of shipment was mixed in at the time of procurement, the image difference detection unit 12b detects the position of the incorrect chip that has been mixed in. , If the position of the chip at the time of shipment has moved at the time of procurement, the changed position of the chip is detected.
 例えば、画像差分検出部12bは、画像データDB13aから読み出した画像データに含まれる配線の位置と、検査対象の電子基板の画像データに含まれる配線の位置との乖離度を算出し、当該乖離度が所定の閾値以上である場合には、配線の位置の差分を検出する。つまり、画像差分検出部12bは、乖離度が所定の閾値以上である場合には、出荷時に存在しなかった配線が調達時に存在している場合には、不正な配線の位置を検出し、出荷時の配線の位置が調達時に移動していた場合には、変更した配線の位置を検出する。 For example, the image difference detection unit 12b calculates the degree of deviation between the position of the wiring included in the image data read from the image data DB 13a and the position of the wiring contained in the image data of the electronic board to be inspected, and calculates the degree of deviation. is greater than or equal to a predetermined threshold, a difference in the wiring positions is detected. In other words, if the degree of deviation is greater than or equal to a predetermined threshold, and if a wiring that did not exist at the time of shipment exists at the time of procurement, the image difference detection unit 12b detects the position of the incorrect wiring and ships the wiring. If the position of the original wiring has moved at the time of procurement, the changed position of the wiring is detected.
 ここで、図4~図6を用いて、画像差分検出部12bの処理を説明する。図4に例示するように、画像差分検出部12bは、基板領域、ICチップを保護するパッケージや、はんだ付けによる配線の領域のサイズや位置情報を取得し、出荷時と調達時のサイズや位置情報のずれや出荷時になかったパッケージや配線の追加を検出する。 Here, the processing of the image difference detection unit 12b will be explained using FIGS. 4 to 6. As illustrated in FIG. 4, the image difference detection unit 12b acquires the size and position information of the board area, the package that protects the IC chip, and the soldered wiring area, and acquires the size and position information at the time of shipping and procurement. Detect discrepancies in information and addition of packages and wiring that were not present at the time of shipment.
 また、図5に例示するように、画像差分検出部12bは、チップ混入を検出する場合は、黒色フィルタを利用し、連続する黒色領域をチップとして識別した後、チップのサイズと基準点(左上)からの位置を計測する。また、図6に例示するように、画像差分検出部12bは、配線の改ざんを検出する場合は白色フィルタを利用し、連続する白色領域を配線として識別した後、配線の座標を計測する。 Further, as illustrated in FIG. 5, when detecting chip contamination, the image difference detection unit 12b uses a black filter to identify continuous black areas as chips, and then determines the size of the chip and the reference point (upper left corner). ) to measure the position. Further, as illustrated in FIG. 6, when detecting tampering with wiring, the image difference detection unit 12b uses a white filter to identify continuous white areas as wiring, and then measures the coordinates of the wiring.
 画像差分検出部12bは、差分を検出する際は比較元と比較先のチップ位置情報(C1、C2、・・・)、配線位置情報(E1、E2、・・・)を比較して、乖離度が閾値以上の場合には、差分ありとして検出する。画像差分検出部12bは、チップの位置情報の乖離度Dc、および配線の位置情報の乖離度Deは以下のように算出する。
Dc=C1-C1’=|x1-x1’|+|y1-y1’|+|w1-w1’|+|h1-h1|
De=E1-E1’=|x11-x11’|+|y11-y11’|+|x12-x12’|+|y12-y12’| When detecting a difference, the image difference detection unit 12b compares the chip position information (C1, C2, . . .) and the wiring position information (E1, E2, . . .) of the comparison source and comparison target, and detects the deviation. If the degree is greater than or equal to the threshold, it is detected that there is a difference. The image difference detection unit 12b calculates the deviation degree Dc of the chip position information and the deviation degree De of the wiring position information as follows.
Dc=C1-C1'=|x1-x1'|+|y1-y1'|+|w1-w1'|+|h1-h1|
De=E1-E1'=|x11-x11'|+|y11-y11'|+|x12-x12'|+|y12-y12'|
 空間差分検出部12cは、検査対象の電子基板の識別情報を取得し、取得した識別情報に対応する空間データを空間データDB13bから読み出し、読み出した空間データと、検査対象の電子基板の空間データとの差分を検出する。例えば、空間差分検出部12cは、空間データDB13bから読み出した空間データの各領域の高さと、検査対象の電子基板の空間データの各領域の高さとの乖離度を算出し、当該乖離度が所定の閾値以上である場合には、チップの位置に差分があるものとして検出する。 The spatial difference detection unit 12c acquires the identification information of the electronic board to be inspected, reads spatial data corresponding to the acquired identification information from the spatial data DB 13b, and compares the read spatial data with the spatial data of the electronic board to be inspected. Detect the difference between For example, the spatial difference detection unit 12c calculates the degree of deviation between the height of each area of the spatial data read from the spatial data DB 13b and the height of each area of the spatial data of the electronic board to be inspected, and determines that the degree of deviation is a predetermined value. If the difference is greater than or equal to the threshold value, it is detected that there is a difference in the chip position.
 ここで、図7を用いて、空間差分検出部12cの処理を説明する。図7に例示するように、空間差分検出部12cは、電子基板の凹凸からICチップを保護するパッケージ(黒色等)や、はんだ付けによる配線(白色等)の位置を特定する。ここで、出荷時の位置情報と調達時の位置情報のずれや出荷時になかったパッケージや配線の追加を検出する攻撃者は、混入したチップや改ざんした配線を気付きにくくするため、塗装を施して差異をわかりづらくすることがある。 Here, the processing of the spatial difference detection unit 12c will be explained using FIG. 7. As illustrated in FIG. 7, the spatial difference detection unit 12c identifies the position of a package (black or the like) that protects the IC chip from unevenness on the electronic board or soldered wiring (white or the like). Here, an attacker who detects the discrepancy between the location information at the time of shipment and the location information at the time of procurement, or the addition of packages or wiring that was not present at the time of shipment, may paint the mixed chip or tampered wiring to make it difficult to notice. This can make the differences difficult to understand.
 このため、空間差分検出部12cは、例えば、画像から差異を検出できなかった場合に空間情報(高さ方向の差異)からチップ混入や配線の改ざんを検出する。空間差分検出部12cは、電子基板の領域を細分化し、基板の高さを基準とし、各領域の高さ情報を測定し、差異を検出する。例えば、空間差分検出部12cは、各マスの高さ情報をZ1、Z2、・・・とし、表面の凹凸の乖離度Dzは以下のように計算し、乖離度が閾値を超えた場合に差異として検出する。
Dz=Σ|Zi-Zi^′| For this reason, the spatial difference detection unit 12c detects chip contamination or wiring tampering from spatial information (difference in the height direction), for example, when a difference cannot be detected from the image. The spatial difference detection unit 12c subdivides the area of the electronic board, uses the height of the board as a reference, measures height information of each area, and detects a difference. For example, the spatial difference detection unit 12c sets the height information of each square as Z1, Z2, ..., calculates the degree of deviation Dz of surface irregularities as follows, and determines the difference when the degree of deviation exceeds a threshold value. Detected as.
Dz=Σ|Zi-Zi^′|
 出力部12dは、画像差分検出部12bおよび空間差分検出部12cの検出結果を出力する。例えば、出力部12dは、出荷時に存在しなかったチップが調達時に混入している場合には、画像差分検出部12bによって検出された混入した不正なチップの位置を出力し、出荷時のチップの位置が調達時に移動していた場合には、画像差分検出部12bによって検出された変更したチップの位置を出力する。また、例えば、出力部12dは、出荷時に存在しなかった配線が調達時に存在している場合には、空間差分検出部12cによって検出された不正な配線の位置を出力し、出荷時の配線の位置が調達時に移動していた場合には、空間差分検出部12cによって検出された変更後の配線の位置を出力する。 The output unit 12d outputs the detection results of the image difference detection unit 12b and the spatial difference detection unit 12c. For example, if a chip that did not exist at the time of shipment is mixed in at the time of procurement, the output unit 12d outputs the position of the illegal chip detected by the image difference detection unit 12b, and outputs the position of the incorrect chip detected by the image difference detection unit 12b. If the position has moved at the time of procurement, the changed chip position detected by the image difference detection unit 12b is output. For example, if a wiring that did not exist at the time of shipment exists at the time of procurement, the output unit 12d outputs the position of the incorrect wiring detected by the spatial difference detection unit 12c, and outputs the position of the incorrect wiring detected by the spatial difference detection unit 12c. If the position has moved at the time of procurement, the changed wiring position detected by the spatial difference detection unit 12c is output.
 ここで、図8を用いて、情報処理装置10による改ざん検知処理の概要を説明する。図8は、情報処理装置による改ざん検知処理の概要を説明する図である。図8に例示するように、例えば、出荷時に、撮影装置20AがIoT機器に含まれる電子基板(電子部品が配置された基板)をカメラやレーザにより撮影・測定を行い、電子基板の画像識別やLIDARによる形状識別を行うことで、電子基板の画像データおよび空間データを取得する(図8の(1)参照)。そして、撮影装置20は、情報処理装置10に送信する。そして、情報処理装置10は、撮影装置Aから画像データおよび空間データを取得し、検査対象IDに紐づけて記憶部13に格納する。 Here, an overview of the tampering detection process by the information processing device 10 will be explained using FIG. 8. FIG. 8 is a diagram illustrating an overview of tampering detection processing by the information processing device. As illustrated in FIG. 8, for example, at the time of shipment, the imaging device 20A photographs and measures the electronic board (board on which electronic components are arranged) included in the IoT device using a camera or laser, and performs image identification and measurement of the electronic board. Image data and spatial data of the electronic board are obtained by performing shape identification using LIDAR (see (1) in FIG. 8). Then, the photographing device 20 transmits the information to the information processing device 10. Then, the information processing device 10 acquires image data and spatial data from the imaging device A, and stores them in the storage unit 13 in association with the inspection object ID.
 そして、調達時において、撮影装置20Bは、検査対象の電子基板の画像データおよび空間データを取得し(図8の(2)参照)、検査対象IDとともに、情報処理装置10に送信する。情報処理装置10は、検査対象IDに対応する画像データおよび空間データを記憶部13から読み出し、読み出した画像データおよび空間データと、検査対象の電子基板の画像データとの差分を検出する(図8の(3)参照)。そして、例えば、情報処理装置10は、検出結果として。出荷時に存在しなかったチップが調達時に混入している場合には、検出した不正なチップの位置を出力する(図8の(4)参照)。 Then, at the time of procurement, the imaging device 20B acquires image data and spatial data of the electronic board to be inspected (see (2) in FIG. 8), and transmits it to the information processing device 10 together with the inspection object ID. The information processing device 10 reads the image data and spatial data corresponding to the inspection target ID from the storage unit 13, and detects the difference between the read image data and spatial data and the image data of the electronic board to be inspected (FIG. 8 (See (3)). Then, for example, the information processing device 10 detects as a detection result. If a chip that was not present at the time of shipment is mixed in at the time of procurement, the position of the detected illegal chip is output (see (4) in FIG. 8).
[情報処理装置10の処理手順]
 次に、図9および図10を用いて、情報処理装置10が実行する処理の処理手順の一例について説明する。図9は、実施形態の情報処理装置による登録時の処理手順の一例を示すフローチャートである。図10は、実施形態の情報処理装置による改ざん検出時の処理手順の一例を示すフローチャートである。なお、図9の登録処理は、電子基板を出荷する際に行う処理であり、図10の改ざん検出時の処理は、電子基板の調達時に行う処理であるものとして、以下説明するが、各処理のタイミングはこれに限定されるものではない。 [Processing procedure of information processing device 10]
Next, an example of a processing procedure of processing executed by the information processing device 10 will be described using FIG. 9 and FIG. 10. FIG. 9 is a flowchart illustrating an example of a processing procedure at the time of registration by the information processing apparatus according to the embodiment. FIG. 10 is a flowchart illustrating an example of a processing procedure when tampering is detected by the information processing apparatus according to the embodiment. Note that the registration process in FIG. 9 is a process performed when an electronic board is shipped, and the process at the time of tampering detection in FIG. 10 is described below as a process to be performed when an electronic board is procured. The timing is not limited to this.
 図9に例示するように、情報処理装置10の格納部12aは、電子基板の出荷時において、撮影装置20から電子基板の画像データおよび空間データを取得すると(ステップS101肯定)、画像データおよび空間データを、検査対象IDと対応付けて記憶部13に格納する(ステップS102)。 As illustrated in FIG. 9, when the storage unit 12a of the information processing device 10 acquires the image data and spatial data of the electronic board from the imaging device 20 at the time of shipping the electronic board (Yes in step S101), the storage unit 12a of the information processing device 10 stores the image data and the spatial data. The data is stored in the storage unit 13 in association with the inspection object ID (step S102).
 また、図10に例示するように、情報処理装置10の画像差分検出部12bは、電子基板の調達時において、検査対象IDを取得すると(ステップS201肯定)、検査対象IDに対応する画像データを画像データDB13aから読み出し(ステップS202)、読み出した画像データと、検査対象の電子基板の画像データとの差分を検出する(ステップS203)。 Further, as illustrated in FIG. 10, when the image difference detection unit 12b of the information processing device 10 acquires the inspection object ID at the time of procuring the electronic board (Yes at step S201), the image difference detection unit 12b of the information processing device 10 detects the image data corresponding to the inspection object ID. The image data is read from the image data DB 13a (step S202), and a difference between the read image data and the image data of the electronic board to be inspected is detected (step S203).
 この結果、画像差分検出部12bが差分を検出した場合には(ステップS204肯定)、出力部12dは、検出結果を出力する(ステップS207)。また、画像差分検出部12bが差分を検出しなかった場合には(ステップS204否定)、検査対象IDに対応する空間データを空間データDB13bから読み出し(ステップS205)、読み出した空間データと、検査対象の電子基板の空間データとの差分を検出する(ステップS206)。その後、出力部12dは、画像差分検出部12bの検出結果を出力する(ステップS207)。 As a result, if the image difference detection unit 12b detects a difference (Yes at step S204), the output unit 12d outputs the detection result (step S207). Further, when the image difference detection unit 12b does not detect a difference (No in step S204), the spatial data corresponding to the inspection object ID is read out from the spatial data DB 13b (step S205), and the read spatial data and the inspection object The difference between the spatial data of the electronic board and the spatial data of the electronic board is detected (step S206). After that, the output unit 12d outputs the detection result of the image difference detection unit 12b (step S207).
[実施の形態の効果]
 このように、実施形態に係る情報処理装置10は、電子基板の画像データを取得し、当該画像データを、電子基板を一意に識別する識別情報と対応付けて画像データDB13aに格納する。そして、情報処理装置10は、検査対象の電子基板の識別情報を取得し、取得した識別情報に対応する画像データを画像データDB13aから読み出し、読み出した画像データと、検査対象の電子基板の画像データとの差分を検出する。このため、情報処理装置10は、電子基板の改ざんを容易かつ精度よく検出することができ、セキュリティレベルを向上させることが可能である。 [Effects of embodiment]
In this way, the information processing apparatus 10 according to the embodiment acquires image data of an electronic board, and stores the image data in the image data DB 13a in association with identification information that uniquely identifies the electronic board. Then, the information processing device 10 acquires the identification information of the electronic board to be inspected, reads image data corresponding to the acquired identification information from the image data DB 13a, and combines the read image data and the image data of the electronic board to be inspected. Detect the difference between Therefore, the information processing device 10 can easily and accurately detect tampering with the electronic board, and can improve the security level.
 つまり、情報処理装置10では、例えば、利用者は自身が利用する電子基板を含むIoT機器が流通段階で改ざんされていないかを確認することができるようになり、利用者のセキュリティレベルの向上することが可能である。このため、情報処理装置10が、例えば、IoT機器をはじめとする電子機器の構成部品である電子部品の改ざん(不正ICチップの混入や配線の改変)を検出することにより、企業自身が利用するIoT機器がサプライチェーンの流通過程で改ざんされていないかを把握することができ、サイバーセキュリティの向上を図ることができる。 In other words, in the information processing device 10, for example, the user can check whether the IoT device including the electronic board used by the user has been tampered with during the distribution stage, thereby improving the user's security level. Is possible. For this reason, the information processing device 10 can, for example, detect tampering with electronic components that are components of electronic devices such as IoT devices (incorporation of unauthorized IC chips or alteration of wiring). It is possible to determine whether IoT devices have been tampered with during the distribution process of the supply chain, and to improve cybersecurity.
〔システム構成等〕
 上記実施形態に係る図示した各装置の各構成要素は機能概念的なものであり、必ずしも物理的に図示のごとく構成されていることを要しない。すなわち、各装置の分散・統合の具体的形態は図示のものに限られず、その全部または一部を、各種の負荷や使用状況などに応じて、任意の単位で機能的または物理的に分散・統合して構成することができる。さらに、各装置にて行なわれる各処理機能は、その全部または任意の一部が、CPUおよび当該CPUにて解析実行されるプログラムにて実現され、あるいは、ワイヤードロジックによるハードウェアとして実現され得る。 [System configuration, etc.]
The components of the illustrated devices according to the above embodiments are functional and conceptual, and do not necessarily need to be physically configured as illustrated. In other words, the specific form of distributing and integrating each device is not limited to what is shown in the diagram, and all or part of the devices can be functionally or physically distributed or integrated in arbitrary units depending on various loads and usage conditions. Can be integrated and configured. Furthermore, all or any part of each processing function performed by each device may be realized by a CPU and a program that is analyzed and executed by the CPU, or may be realized as hardware using wired logic.
 また、上記実施形態において説明した各処理のうち、自動的に行われるものとして説明した処理の全部または一部を手動的に行うこともでき、あるいは、手動的に行われるものとして説明した処理の全部または一部を公知の方法で自動的に行うこともできる。この他、上記文書中や図面中で示した処理手順、制御手順、具体的名称、各種のデータやパラメータを含む情報については、特記する場合を除いて任意に変更することができる。 Furthermore, among the processes described in the above embodiments, all or part of the processes described as being performed automatically can be performed manually, or the processes described as being performed manually can be performed manually. All or part of the process can also be performed automatically using known methods. In addition, information including processing procedures, control procedures, specific names, and various data and parameters shown in the above documents and drawings may be changed arbitrarily, unless otherwise specified.
〔プログラム〕
 また、上記実施形態において説明した情報処理装置が実行する処理をコンピュータが実行可能な言語で記述したプログラムを作成することもできる。この場合、コンピュータがプログラムを実行することにより、上記実施形態と同様の効果を得ることができる。さらに、かかるプログラムをコンピュータ読み取り可能な記録媒体に記録して、この記録媒体に記録されたプログラムをコンピュータに読み込ませて実行することにより上記実施形態と同様の処理を実現してもよい。 〔program〕
Further, it is also possible to create a program in which the processing executed by the information processing apparatus described in the above embodiment is written in a language executable by a computer. In this case, when the computer executes the program, the same effects as in the above embodiment can be obtained. Furthermore, the same processing as in the above embodiments may be realized by recording such a program on a computer-readable recording medium and having the computer read and execute the program recorded on this recording medium.
 図11は、プログラムを実行するコンピュータを示す図である。図11に例示するように、コンピュータ1000は、例えば、メモリ1010と、CPU1020と、ハードディスクドライブインタフェース1030と、ディスクドライブインタフェース1040と、シリアルポートインタフェース1050と、ビデオアダプタ1060と、ネットワークインタフェース1070とを有し、これらの各部はバス1080によって接続される。 FIG. 11 is a diagram showing a computer that executes the program. As illustrated in FIG. 11, the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. However, each of these parts is connected by a bus 1080.
 メモリ1010は、図11に例示するように、ROM(Read Only Memory)1011及びRAM1012を含む。ROM1011は、例えば、BIOS(Basic Input Output System)等のブートプログラムを記憶する。ハードディスクドライブインタフェース1030は、図11に例示するように、ハードディスクドライブ1031に接続される。ディスクドライブインタフェース1040は、図11に例示するように、ディスクドライブ1041に接続される。例えば、磁気ディスクや光ディスク等の着脱可能な記憶媒体が、ディスクドライブ1041に挿入される。シリアルポートインタフェース1050は、図11に例示するように、例えば、マウス1051、キーボード1052に接続される。ビデオアダプタ1060は、図11に例示するように、例えばディスプレイ1061に接続される。 The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012, as illustrated in FIG. The ROM 1011 stores, for example, a boot program such as BIOS (Basic Input Output System). Hard disk drive interface 1030 is connected to hard disk drive 1031, as illustrated in FIG. Disk drive interface 1040 is connected to disk drive 1041, as illustrated in FIG. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1041. The serial port interface 1050 is connected to, for example, a mouse 1051 and a keyboard 1052, as illustrated in FIG. Video adapter 1060 is connected to display 1061, for example, as illustrated in FIG.
 ここで、図11に例示するように、ハードディスクドライブ1031は、例えば、OS1091、アプリケーションプログラム1092、プログラムモジュール1093、プログラムデータ1094を記憶する。すなわち、上記のプログラムは、コンピュータ1000によって実行される指令が記述されたプログラムモジュールとして、例えば、ハードディスクドライブ1031に記憶される。 Here, as illustrated in FIG. 11, the hard disk drive 1031 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, the above program is stored, for example, in the hard disk drive 1031 as a program module in which commands to be executed by the computer 1000 are written.
 また、上記実施形態で説明した各種データは、プログラムデータとして、例えば、メモリ1010やハードディスクドライブ1031に記憶される。そして、CPU1020が、メモリ1010やハードディスクドライブ1031に記憶されたプログラムモジュール1093やプログラムデータ1094を必要に応じてRAM1012に読み出し、各種処理手順を実行する。 Further, the various data described in the above embodiments are stored as program data in, for example, the memory 1010 or the hard disk drive 1031. Then, the CPU 1020 reads out the program module 1093 and program data 1094 stored in the memory 1010 and the hard disk drive 1031 to the RAM 1012 as necessary, and executes various processing procedures.
 なお、プログラムに係るプログラムモジュール1093やプログラムデータ1094は、ハードディスクドライブ1031に記憶される場合に限られず、例えば着脱可能な記憶媒体に記憶され、ディスクドライブ等を介してCPU1020によって読み出されてもよい。あるいは、プログラムに係るプログラムモジュール1093やプログラムデータ1094は、ネットワーク(LAN(Local Area Network)、WAN(Wide Area Network)等)を介して接続された他のコンピュータに記憶され、ネットワークインタフェース1070を介してCPU1020によって読み出されてもよい。 Note that the program module 1093 and program data 1094 related to the program are not limited to being stored in the hard disk drive 1031, but may be stored in a removable storage medium, for example, and read by the CPU 1020 via a disk drive or the like. . Alternatively, the program module 1093 and program data 1094 related to the program are stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and are transmitted via the network interface 1070. It may be read by the CPU 1020.
 以上、本発明者によってなされた発明を適用した実施形態について説明したが、本実施形態による本発明の開示の一部をなす記述および図面により本発明は限定されることはない。すなわち、本実施形態に基づいて当業者等によりなされる他の実施形態、実施例および運用技術等は全て本発明の範疇に含まれる。 Although embodiments to which the invention made by the present inventor is applied have been described above, the present invention is not limited by the description and drawings that form part of the disclosure of the present invention by this embodiment. That is, all other embodiments, examples, operational techniques, etc. made by those skilled in the art based on this embodiment are included in the scope of the present invention.
 10 情報処理装置
 11 通信処理部
 12 制御部
 12a 格納部
 12b 画像差分検出部
 12c 空間差分検出部
 12d 出力部
 13 記憶部
 13a 画像データDB
 13b 空間データDB
 13c 検出結果データDB 10 Information processing device 11 Communication processing section 12 Control section 12a Storage section 12b Image difference detection section 12c Spatial difference detection section 12d Output section 13 Storage section 13a Image data DB
13b Spatial data DB
13c Detection result data DB

Claims (7)

  1.  電子基板の画像データを取得し、当該画像データを、電子基板を一意に識別する識別情報と対応付けて記憶部に格納する格納部と、
     検査対象の電子基板の識別情報を取得し、取得した識別情報に対応する画像データを前記記憶部から読み出し、読み出した画像データと、前記検査対象の電子基板の画像データとの差分を検出する画像差分検出部と
     を有することを特徴とする情報処理装置。     a storage unit that acquires image data of the electronic board and stores the image data in a storage unit in association with identification information that uniquely identifies the electronic board;
    An image in which identification information of an electronic board to be inspected is acquired, image data corresponding to the acquired identification information is read from the storage section, and a difference between the read image data and the image data of the electronic board to be inspected is detected. An information processing device comprising: a difference detection section;
  2.  前記画像差分検出部は、前記記憶部から読み出した画像データに含まれるチップの位置と、前記検査対象の電子基板の画像データに含まれるチップの位置との乖離度を算出し、当該乖離度が所定の閾値以上である場合には、チップの位置の差分を検出することを特徴とする請求項1に記載の情報処理装置。 The image difference detection unit calculates the degree of deviation between the position of the chip included in the image data read from the storage unit and the position of the chip included in the image data of the electronic board to be inspected, and determines whether the degree of deviation is 2. The information processing apparatus according to claim 1, wherein the information processing apparatus detects a difference in chip position when the difference is equal to or greater than a predetermined threshold.
  3.  前記画像差分検出部は、前記記憶部から読み出した画像データに含まれる配線の位置と、前記検査対象の電子基板の画像データに含まれる配線の位置との乖離度を算出し、当該乖離度が所定の閾値以上である場合には、配線の位置の差分を検出することを特徴とする請求項1に記載の情報処理装置。 The image difference detection unit calculates the degree of deviation between the position of the wiring included in the image data read from the storage unit and the position of the wiring included in the image data of the electronic board to be inspected, and determines whether the degree of deviation is 2. The information processing apparatus according to claim 1, wherein the information processing apparatus detects a difference in the position of the wiring if the difference is equal to or greater than a predetermined threshold.
  4.  前記格納部は、電子基板の空間データをさらに取得し、当該空間データを、前記識別情報と対応付けて記憶部に格納し、
     前記検査対象の電子基板の識別情報を取得し、取得した識別情報に対応する空間データを前記記憶部から読み出し、読み出した空間データと、前記検査対象の電子基板の空間データとの差分を検出する空間差分検出部をさらに有することを特徴とする請求項1に記載の情報処理装置。     The storage unit further acquires spatial data of the electronic board, and stores the spatial data in a storage unit in association with the identification information,
    Obtaining identification information of the electronic board to be inspected, reading spatial data corresponding to the acquired identification information from the storage unit, and detecting a difference between the read spatial data and the spatial data of the electronic board to be inspected. The information processing apparatus according to claim 1, further comprising a spatial difference detection section.
  5.  前記空間差分検出部は、前記記憶部から読み出した空間データの各領域の高さと、前記検査対象の電子基板の空間データの各領域の高さとの乖離度を算出し、当該乖離度が所定の閾値以上である場合には、チップの位置に差分があるものとして検出することを特徴とする請求項4に記載の情報処理装置。 The spatial difference detection unit calculates the degree of deviation between the height of each area of the spatial data read from the storage unit and the height of each area of the spatial data of the electronic board to be inspected, and determines whether the degree of deviation is a predetermined value. 5. The information processing apparatus according to claim 4, wherein if the difference is greater than or equal to a threshold value, it is detected that there is a difference in the position of the chip.
  6.  情報処理装置によって実行される検出方法であって、
     電子基板の画像データを取得し、当該画像データを、電子基板を一意に識別する識別情報と対応付けて記憶部に格納する格納工程と、
     検査対象の電子基板の識別情報を取得し、取得した識別情報に対応する画像データを前記記憶部から読み出し、読み出した画像データと、前記検査対象の電子基板の画像データとの差分を検出する画像差分検出工程と
     を含むことを特徴とする検出方法。     A detection method executed by an information processing device, comprising:
    a storage step of acquiring image data of the electronic board and storing the image data in a storage unit in association with identification information that uniquely identifies the electronic board;
    An image in which identification information of an electronic board to be inspected is acquired, image data corresponding to the acquired identification information is read from the storage section, and a difference between the read image data and the image data of the electronic board to be inspected is detected. A detection method comprising: a difference detection step;
  7.  電子基板の画像データを取得し、当該画像データを、電子基板を一意に識別する識別情報と対応付けて記憶部に格納する格納ステップと、
     検査対象の電子基板の識別情報を取得し、取得した識別情報に対応する画像データを前記記憶部から読み出し、読み出した画像データと、前記検査対象の電子基板の画像データとの差分を検出する画像差分検出ステップと
     をコンピュータに実行させることを特徴とする検出プログラム。     a storing step of acquiring image data of the electronic board and storing the image data in a storage unit in association with identification information that uniquely identifies the electronic board;
    An image in which identification information of an electronic board to be inspected is acquired, image data corresponding to the acquired identification information is read from the storage section, and a difference between the read image data and the image data of the electronic board to be inspected is detected. A detection program characterized by causing a computer to execute the step of detecting a difference.
PCT/JP2022/022007 2022-05-30 2022-05-30 Information processing device, detection method, and detection program WO2023233489A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/022007 WO2023233489A1 (en) 2022-05-30 2022-05-30 Information processing device, detection method, and detection program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/022007 WO2023233489A1 (en) 2022-05-30 2022-05-30 Information processing device, detection method, and detection program

Publications (1)

Publication Number Publication Date
WO2023233489A1 true WO2023233489A1 (en) 2023-12-07

Family

ID=89025907

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/022007 WO2023233489A1 (en) 2022-05-30 2022-05-30 Information processing device, detection method, and detection program

Country Status (1)

Country Link
WO (1) WO2023233489A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11337498A (en) * 1998-05-26 1999-12-10 Dainippon Screen Mfg Co Ltd Apparatus and method for inspecting printed circuit board
US7162035B1 (en) * 2000-05-24 2007-01-09 Tracer Detection Technology Corp. Authentication method and system
JP2015156413A (en) * 2014-02-20 2015-08-27 共立電気計器株式會社 Authenticity determination system of printed circuit board
JP2021032657A (en) * 2019-08-22 2021-03-01 名古屋電機工業株式会社 Imaging area determination system, imaging area determination method, and imaging area determination program
JP2021148464A (en) * 2020-03-16 2021-09-27 Necフィールディング株式会社 Inspection device, inspection method and inspection program
JP2021177154A (en) * 2020-05-08 2021-11-11 ダイキン工業株式会社 Appearance inspection system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11337498A (en) * 1998-05-26 1999-12-10 Dainippon Screen Mfg Co Ltd Apparatus and method for inspecting printed circuit board
US7162035B1 (en) * 2000-05-24 2007-01-09 Tracer Detection Technology Corp. Authentication method and system
JP2015156413A (en) * 2014-02-20 2015-08-27 共立電気計器株式會社 Authenticity determination system of printed circuit board
JP2021032657A (en) * 2019-08-22 2021-03-01 名古屋電機工業株式会社 Imaging area determination system, imaging area determination method, and imaging area determination program
JP2021148464A (en) * 2020-03-16 2021-09-27 Necフィールディング株式会社 Inspection device, inspection method and inspection program
JP2021177154A (en) * 2020-05-08 2021-11-11 ダイキン工業株式会社 Appearance inspection system

Similar Documents

Publication Publication Date Title
Rahman et al. The key is left under the mat: On the inappropriate security assumption of logic locking schemes
Xu et al. Electronics supply chain integrity enabled by blockchain
Kraetzer et al. Modeling attacks on photo-ID documents and applying media forensics for the detection of facial morphing
CN105745667B (en) tool and document authentication system
US11068691B2 (en) Fingerprint image processing method, optical fingerprint identification system and electronic device
JP2021515427A (en) Blockchain-based data validation methods and equipment, as well as electronic devices
JP2008517508A (en) Secure sensor chip
Vashistha et al. Detecting hardware trojans inserted by untrusted foundry using physical inspection and advanced image processing
US11308188B2 (en) Method used in a mobile equipment with a trusted execution environment for authenticating a user based on his face
Harrison et al. On malicious implants in PCBs throughout the supply chain
WO2021189853A1 (en) Flash light spot position recognition method and apparatus, and electronic device and storage medium
Krachenfels et al. Automatic Extraction of Secrets from the Transistor Jungle using {Laser-Assisted}{Side-Channel} Attacks
US20190205518A1 (en) Method used in a mobile equipment with a Trusted Execution Environment for authenticating a user based on his face
Stern et al. SPARTA-COTS: A laser probing approach for sequential trojan detection in COTS integrated circuits
Vashistha et al. Detecting hardware Trojans using combined self-testing and imaging
Vashistha et al. ToSHI-towards secure heterogeneous integration: Security risks, threat assessment, and assurance
JP7378089B2 (en) Unauthorized communication detection device, unauthorized communication detection method, and manufacturing system
WO2023233489A1 (en) Information processing device, detection method, and detection program
Puschner et al. Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations
Ludwig et al. CRESS: Framework for Vulnerability Assessment of Attack Scenarios in Hardware Reverse Engineering
Vashistha et al. Trust validation of chiplets using a physical inspection based certification authority
US20150098643A1 (en) Device for measuring critical dimension of pattern and method thereof
US20210067520A1 (en) Cross-attestation of electronic devices
US20210286905A1 (en) Systems and methods for laser probing for hardware trojan detection
Asadizanjani et al. Physical inspection of integrated circuits

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22944778

Country of ref document: EP

Kind code of ref document: A1