为了防护故障注入,传统的防护方式是一一针对的在芯片上布置模拟传感器,但是模拟传感器体积大功耗大成本高等确定日益成为掣肘,针对这一难点,Secure-IC设计了数字传感器(Digital Sensor),以数字电路实现传感器功效,防御一切故障注入,可防御现有的所有故障注入方式(包括电压、时钟、激光、电磁、温度等)以及未来可能出现的故障注入方式。
Digital Sensor Anti Fault Injection Attacks, All-in-one Fault Injection Detector, Entirely Digital.
1. PROBLEM SOLVED
In cryptography, an attack can be performed by injecting one or several faults into a device thus disrupting the functional behavior of the device. Techniques commonly used to inject faults consist in introducing variations in the source voltage, clock frequency, temperature, or irradiating with a laser beam etc.
Unlike analog sensors which are dedicated to the detection of a specific perturbation attack, the Digital Sensor is designed to detect various threats belonging to the family of Fault Injection Attacks (FIA):
• Input clock frequency (clock glitches, Overclocking): reduction of the clock period to provoke a critical path violation.
• Input voltage (power glitches, underfeeding): reduction of supply voltage to increase the propagation delay of combinational logic.
• Temperature (heating): modification of the temperature to increase the propagation delay.
• Radiations (laser spot, light spot, Electromagnetic): provoke bit set or reset in registers by irradiation.
2. OVERVIEW
• Fully digital and based on the standard cells of library design kit
• Transferable to any design kit
• Lightweight
• Difficult to identify by an attacker (melted within the rest of design)
• Customizable sensitivity
• Compatible with clock gating feature
• Several sensors can be regrouped around a unique bus interface.
• Real-time hardware alarm
• No calibration after design
Digital Sensor converts all monitored stresses into a timing stress which is then measured. When a threat is detected, it provides the system with a measurement of the threat’s level and it raises the hardware alarm.
关于Secure-IC
Secure-IC位于法国,专业从事电子产品安全性保护咨询服务和安全性分析测试平台的研发。从研究安全性加密保护算法起家,到销售保护IP授权,到现在提供全方位的安全性分析测试套件。Secure-IC的测试套件作为欧洲CC多家认证实验室的认证工具,可以帮助客户获得CC EAL5+的认证。Secure-IC进入中国市场数年来,已经有多家厂商和科研院所等选用了Secure-IC套件作为安全性测试和研究的工具,受到了良好的评价。
Secure-IC相对于竞争者最大的优势是技术,最前端的技术和跨越式的发展。具体包括:加密算法、分析算法、各种保护模块IP,以及针对实际芯片的安全攻击分析设备和针对芯片设计源代码的安全仿真分析软件。这些也是Secure-IC最核心的产品。
随着智能化时代的到来,物联网、车联网、人工智能、云计算、电子支付等会越来越多的进入人们的生活并极大的改善人们的生活,然而随着嵌入式系统的推广应用,其安全性也受到越来越多的威胁,现阶段嵌入式系统芯片安全面临的最前沿的威胁有旁路攻击和故障注入等。
旁路攻击又称侧信道攻击,利用嵌入式系统的功耗、电磁等泄露信息,通过统计数学的分析方法比如SPA、CPA、DPA、MIA、CEMA等破解一个加密算法的秘钥;
故障注入攻击分析是通过对加密系统注入故障迫使系统产生可利用的错误反馈,通过对反馈结果的分析,而破解一个系统的安全机制,相较于侧信道分析,故障注入分析方法手段更复杂先进,效率更高。常见的故障注入方式有激光故障注入、电磁故障注入、电压毛刺故障注入和时钟毛刺故障注入等方式。
Secure-IC公司开发出了不同的安全分析和保护工具以应对嵌入式系统安全面临的威胁:
1.旁路攻击及故障注入安全分析设备:Secure-IC Analyzer
2.旁路攻击及故障注入仿真分析软件:Secure-IC Virtualyzer
3.旁路攻击及故障注入仿真大数据分析软件:Secure-IC Catalyzer
4.安全保护IP核:Secure-IC Security IP cores
关于Secure-IC Security IP Cores
安全分析是为了发现芯片的安全漏洞,了解芯片的安全等级,但发现安全漏洞之后更重要的是解决它。Secure-IC针对不同的安全漏洞设计了不同的安全保护IP核。
Secure-IC所售IP核可基于客户要求,按不同等级license出售,包括从最初步到全部源代码等不同程度。