CN106656460A - Defense device for electromagnetic pulse fault analysis of password chip - Google Patents
Defense device for electromagnetic pulse fault analysis of password chip Download PDFInfo
- Publication number
- CN106656460A CN106656460A CN201611049807.XA CN201611049807A CN106656460A CN 106656460 A CN106656460 A CN 106656460A CN 201611049807 A CN201611049807 A CN 201611049807A CN 106656460 A CN106656460 A CN 106656460A
- Authority
- CN
- China
- Prior art keywords
- defense device
- electromagnetic pulse
- signal
- device disclosed
- accident analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Burglar Alarm Systems (AREA)
Abstract
The invention discloses a defense device for electromagnetic pulse fault analysis of a password chip. The defense device comprises a ring oscillator, a modulator and a digital phase detector, which are connected in sequence. A circuit structure involved in the invention is completely composed of digital circuits, thereby being able to be implemented in a field programmable gate array (FPGA) and an application-specific integrated circuit (ASIC) conveniently without requiring special process conditions. The defense device disclosed by the invention is simple in structure and low in delay, and can detect the interference pulse generated by the electromagnetic pulse fault analysis in time and quickly provide an alarm signal. After the fault interference, the defense device disclosed by the invention can automatically return to normal without external reset. The alarm signal output by the defense device disclosed by the invention is a digital signal, so the defense device disclosed by the invention can be combined for multiple times for use in the same password chip, the output signal can be processed by a simple digital combinational circuit, and thus the cost is low. The additional effect of the defense device disclosed by the invention is to change the power consumption features of the password chip and defend the attack of power consumption fault analysis to a certain extent.
Description
Technical field
It is the present invention relates to field of information security technology more particularly to a kind of for crypto chip electromagnetic pulse accident analysis
Defence installation.
Background technology
At present, all kinds of cryptographic algorithms have been widely used in the every field of productive life, including FPGA, ASIC interior
Polytype crypto chip is also widely applied.And bypass attack (Side Channel Attack, SCA) is a kind of logical
Cross the information revealed in the scope course of work to infer the attack method of device interior state, for crypto chip,
Bypass attack is mainly used in extracting the cryptographic parameters such as key, so that crypto chip loses function of keeping secret.Generally, one
The hardware device of operation cryptographic algorithm can be appropriately carried out various crypto-operations, but under noisy condition, crypto-operation mould
Block recovers the secret parameters such as key using these failure behaviors or error message it is possible that failure causes operation mistake
Method is referred to as password accident analysis.Password accident analysis is one kind of bypass attack method.Electromagnetic pulse accident analysis is a kind of
The attack pattern of cheap and simple, disturbs crypto chip to work by way of external electromagnetic impulses injection to chip internal, makes
Perform error, it is not necessary to invade chip, be a kind of attack pattern with higher feasibility.Electromagnetic pulse has various different
The form of expression, such as electromagnetic radiation (Electromagnetic Emission) and laser (Laser).It is noted that swashing
Light disturbs the electrical characteristics of circuit by radium-shine high energy ion beam as a kind of special electromagnetic pulse, has been achieved for preferably
Analytical attack effect.
Up to the present, the electromagnetic pulse accident analysis research for crypto chip has been achieved for some achievements so that
Think that safe cryptographic algorithm becomes in realization no longer safe in traditional sense.In order to defend the electromagnetism arteries and veins for crypto chip
Accident analysis is rushed, certain methods have been proposed that.For example in order to ensure the integrality of data storage, during password is realized, can
To increase extra CRC (CRC).Verification is stored together with data, when data are loaded from memory, can
To detect whether to be tampered, but CRC methods are not suitable for same coded data and are efficiently calculated, in subsequent calculating, it is necessary to
Other methods are taken to ensure data safety.Module redundancy is also a kind of direct defence method.Module redundancy device is in space
On can be with Parallel Implementation, by algorithm performs repeatedly and whether comparative result consistent, this method causes hardware spending at least to increase
One times;Can compute repeatedly in time, mainly be realized by increasing calculating execution number of times, this method causes the time at least
Double.It can be seen that the defence cost of module redundancy is very high.Random delay method is prolonged at random in the insertion of password implementation procedure clock
When, it is not directly prevention electromagnetic pulse accident analysis, but reduce the direct fault location precision of attacker so that only use certain
The attack of specific fault becomes more difficult.And the method for mask to password intermediate data and computing by carrying out mask, can
Attacker is prevented to obtain sensitive data by detecting devices to a certain extent, but the scholar such as Boscher points out mask not
Be enough to defend accident analysis.Can see, currently for crypto chip electromagnetic pulse accident analysis do not have it is practical and perfect
Defence installation, particularly inexpensive defence installation is also to be studied.
The content of the invention
Present invention aims to deficiency of the existing crypto chip in defence electromagnetic pulse accident analysis, proposes
A kind of defence installation for crypto chip electromagnetism accident analysis, this device can experience electromagnetism accident analysis in crypto chip
When can provide alarm signal, the signal can notify when cryptochannel is subject to attack, so that crypto chip is taken in time
Corresponding countermeasure, for example, no longer export the information related to ciphertext, so as to defend the attack of this type.
The purpose of the present invention is achieved through the following technical solutions:It is a kind of to divide for crypto chip electromagnetic pulse failure
The defence installation of analysis, including the ring oscillator, modulator and digital phase detector that are sequentially connected.
Further, the ring oscillator constitutes closed loop by odd number phase inverter.
Further, the signal that the modulator exports ring oscillator carries out frequency-division modulation.
Further, the modulator is made up of d type flip flop.
Further, the digital phase detector is mainly made up of two d type flip flops and two XOR gates, for judging
The phase difference of input signal, so as to output alarm signal alarm.
The present invention has following beneficial effect:
1st, circuit structure according to the present invention is made up of completely digital circuit, very easily can at the scene may be programmed gate array
Realize in row (FPGA) and special IC (ASIC), it is not necessary to special process conditions.
2nd, circuit structure of the present invention is simple, and delay is low, can in time detect the interference produced during electromagnetic pulse accident analysis
Pulse, quickly provides caution signal.
3rd, the present invention can independently recover normal, it is not necessary to external reset after failure end of interrupt.
4th, the alarm signal of present invention output is data signal, therefore in same crypto chip, the present invention can be more
Secondary to be applied in combination, output signal just can be processed by simple digital bombination circuit, and cost is relatively low.
5th, additional effect of the invention is the power consumption features that can change crypto chip, and power consumption failure point is defendd to a certain extent
Analysis is attacked.
Description of the drawings
Fig. 1 is the electrical block diagram of the embodiment of the present invention;
Fig. 2 is typical waveform schematic diagram of the present invention when electromagnetic pulse failure is defendd;
In figure, ring oscillator 1, modulator 2, digital phase detector 3, alert status 4, alarm condition 5, self- recoverage is pre-
Alert state 6.
Specific embodiment
Below in conjunction with the accompanying drawings the present invention is described further.
Fig. 1 is the electrical block diagram of the present invention, and the circuit structure includes ring oscillator 1, the modulation being sequentially connected
Device 2 and digital phase detector 3.Ring oscillator 1 constitutes closed loop to produce the letter that frequency is f by odd number phase inverter
Number oscillator signal ck, 3 phase inverters are constituted used in figure, and simply a kind of embodiment is illustrated, letter that can be according to actual needs
Number frequency adjustment phase inverter number.Oscillator signal ck is input to modulator 2, and it obtains frequency by d type flip flop frequency-division modulation
For the fractional frequency signal data of f/2.Oscillator signal ck and fractional frequency signal data are input to digital phase detector 3, and the module is main
It is made up of two d type flip flops and two XOR gates, for judging the phase difference of input signal, so as to output alarm signal alarm.
Specifically, two d type flip flop cascades constitute signal chains, are triggered by oscillator signal ck rising edges, and its output is designated as respectively B and A
(B is also the input of second level trigger).2 XOR gates are input into from signal data, A and B, finally realize that following logic is closed
System:
In view of time delay is had in signal in the chips actual transmissions, without loss of generality, it is believed that signal data is compared
Ck has a fixed time delay, and Delay is labeled as in figure.
Fig. 2 gives typical waveform schematic diagram when once specifically defending electromagnetism failure, and the circuit structure is once typical
Workflow be divided into following 3 stages:
The first step, circuit is in alert status 4.The frequency that signal data and ck keep fixed does not change.Circuit node
B, A, X, Y-signal hold period stable state, signal alarm is fixed low level.
Second step, circuit is subject to the interference of the accident analysis means such as external electromagnetic pulse, into alarm condition 5.These interference
Ring oscillator module output can be caused to be interfered, show as some disturbing pulses.The now intrinsic pass of signal data and ck
System is broken, circuit node B, A, X, and Y-signal can also produce fluctuation, finally shows as alarm signals and one or more height occurs
Level pulse.First alarm high level pulses can be latched by subsequent conditioning circuit, be labeled as chip by fault analysis attacks, and then
Take further measures.
3rd step, circuit self- recoverage is to alert status 6.After attack terminates, each signal can return to the first step automatically
State, alarm signals can also return to low level state.Circuit continues normal work.I.e. this circuit structure is disturbed in failure
After end, can independently recover normal, it is not necessary to external reset.
In order under limited expense, make the best results of defence, it is attached that ring oscillator module will be placed on cryptochannel
Closely, and multiple this such circuit structure can be arranged.The alarm signal of several outputs can also pass through combinational logic
To generate the certain logic for meeting actually used needs.
It should be appreciated that above-described embodiment is for the ease of those of ordinary skill's understanding, description is more in detail and concrete, and
Therefore the restriction to scope of patent protection of the present invention can not be considered, enlightenment of the one of ordinary skill in the art in the present invention
Under, under the ambit protected without departing from the claims in the present invention, replacement can also be made or deformed, each fall within the present invention
Protection domain within, the present invention's is claimed scope and should be defined by claims.
Claims (5)
1. a kind of defence installation for crypto chip electromagnetic pulse accident analysis, it is characterised in that including the ring being sequentially connected
Shape oscillator, modulator and digital phase detector.
2. the defence installation for crypto chip electromagnetic pulse accident analysis according to claim 1, it is characterised in that institute
State ring oscillator and closed loop is constituted by odd number phase inverter.
3. the defence installation for crypto chip electromagnetic pulse accident analysis according to claim 1, it is characterised in that institute
Stating the signal that modulator exports ring oscillator carries out frequency-division modulation.
4. the defence installation for crypto chip electromagnetic pulse accident analysis according to claim 3, it is characterised in that institute
State modulator to be made up of d type flip flop.
5. the defence installation for crypto chip electromagnetic pulse accident analysis according to claim 1, it is characterised in that institute
State digital phase detector to be mainly made up of two d type flip flops and two XOR gates, for judging the phase difference of input signal, from
And output alarm signal alarm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611049807.XA CN106656460A (en) | 2016-11-22 | 2016-11-22 | Defense device for electromagnetic pulse fault analysis of password chip |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611049807.XA CN106656460A (en) | 2016-11-22 | 2016-11-22 | Defense device for electromagnetic pulse fault analysis of password chip |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106656460A true CN106656460A (en) | 2017-05-10 |
Family
ID=58811860
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611049807.XA Pending CN106656460A (en) | 2016-11-22 | 2016-11-22 | Defense device for electromagnetic pulse fault analysis of password chip |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106656460A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107317671A (en) * | 2017-08-22 | 2017-11-03 | 兆讯恒达微电子技术(北京)有限公司 | Defend the CRC operation circuit arrangement and method of bypass attack |
CN112235259A (en) * | 2020-09-25 | 2021-01-15 | 中国人民解放军海军工程大学 | Clock-free password chip fault injection attack detection and protection system and method |
US11276648B2 (en) | 2018-07-31 | 2022-03-15 | Nvidia Corporation | Protecting chips from electromagnetic pulse attacks using an antenna |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101183871A (en) * | 2007-12-17 | 2008-05-21 | 华为技术有限公司 | Method of implementing conversion of input clock to high-frequency clock and phase-locked loop apparatus |
CN101572527A (en) * | 2009-06-09 | 2009-11-04 | 中国人民解放军国防科学技术大学 | High-speed high-jitter-tolerance random-data linear phase detector circuit |
CN102455394A (en) * | 2010-10-27 | 2012-05-16 | 上海华虹集成电路有限责任公司 | Device for defending invasive attack |
CN104604131A (en) * | 2012-09-06 | 2015-05-06 | 晶像股份有限公司 | Test solution for ring oscillators |
CN105391542A (en) * | 2015-10-22 | 2016-03-09 | 天津大学 | Detection method and detector applied to integrated circuit for detecting electromagnetic fault injection attack |
-
2016
- 2016-11-22 CN CN201611049807.XA patent/CN106656460A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101183871A (en) * | 2007-12-17 | 2008-05-21 | 华为技术有限公司 | Method of implementing conversion of input clock to high-frequency clock and phase-locked loop apparatus |
CN101572527A (en) * | 2009-06-09 | 2009-11-04 | 中国人民解放军国防科学技术大学 | High-speed high-jitter-tolerance random-data linear phase detector circuit |
CN102455394A (en) * | 2010-10-27 | 2012-05-16 | 上海华虹集成电路有限责任公司 | Device for defending invasive attack |
CN104604131A (en) * | 2012-09-06 | 2015-05-06 | 晶像股份有限公司 | Test solution for ring oscillators |
CN105391542A (en) * | 2015-10-22 | 2016-03-09 | 天津大学 | Detection method and detector applied to integrated circuit for detecting electromagnetic fault injection attack |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107317671A (en) * | 2017-08-22 | 2017-11-03 | 兆讯恒达微电子技术(北京)有限公司 | Defend the CRC operation circuit arrangement and method of bypass attack |
CN107317671B (en) * | 2017-08-22 | 2019-12-24 | 兆讯恒达微电子技术(北京)有限公司 | CRC operation circuit device and method for defending bypass attack |
US11276648B2 (en) | 2018-07-31 | 2022-03-15 | Nvidia Corporation | Protecting chips from electromagnetic pulse attacks using an antenna |
CN112235259A (en) * | 2020-09-25 | 2021-01-15 | 中国人民解放军海军工程大学 | Clock-free password chip fault injection attack detection and protection system and method |
CN112235259B (en) * | 2020-09-25 | 2022-07-12 | 中国人民解放军海军工程大学 | Clock-free password chip fault injection attack detection and protection system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Alam et al. | RAM-Jam: Remote temperature and voltage fault attack on FPGAs using memory collisions | |
Cherif et al. | An easy-to-design PUF based on a single oscillator: The loop PUF | |
Selmke et al. | Attack on a DFA protected AES by simultaneous laser fault injections | |
Roscian et al. | Frontside laser fault injection on cryptosystems-Application to the AES'last round | |
CN101796467B (en) | Mesh grid protection | |
CN104734845B (en) | Bypass attack means of defence based on full Encryption Algorithm pseudo-operation | |
Roshanisefat et al. | Dfssd: Deep faults and shallow state duality, a provably strong obfuscation solution for circuits with restricted access to scan chain | |
US9418250B2 (en) | Tamper detector with hardware-based random number generator | |
CN103839013A (en) | Physical non-cloneable functional circuit structure based on three delay chains | |
CN106656460A (en) | Defense device for electromagnetic pulse fault analysis of password chip | |
CN103513955B (en) | Method and apparatus for generating random number | |
Shila et al. | Design, implementation and security analysis of hardware Trojan threats in FPGA | |
JP7066791B2 (en) | Electronic devices and methods for data sampling consistency checking using a gate clock | |
CN112507400B (en) | Electronic device and method for protecting electronic device | |
Rahman et al. | CSST: an efficient secure split-test for preventing IC piracy | |
Tomashevich et al. | Protecting cryptographic hardware against malicious attacks by nonlinear robust codes | |
US10671763B2 (en) | Protecting circuits from hacking using a digital reset detector | |
EP1451676B1 (en) | Method and apparatus for preventing noise influencing a random number generator based on flip-flop meta-stability | |
He et al. | Bypassing parity protected cryptography using laser fault injection in cyber-physical system | |
Zhou et al. | PL-MRO PUF: High speed pseudo-LFSR PUF based on multiple ring oscillators | |
US11546132B2 (en) | Detection of laser fault injection attacks on cryptographic devices | |
US9525457B1 (en) | Spread spectrum clock generation using a tapped delay line and entropy injection | |
CN106775584A (en) | It is a kind of to resist the real random number generator that intrusive mood is attacked | |
Dofe et al. | Strengthening SIMON implementation against intelligent fault attacks | |
CN103514080B (en) | Method for the output for monitoring random generator |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170510 |
|
RJ01 | Rejection of invention patent application after publication |