安全监控,防非法跳转,Maximum security-enabling monitoring, Security policy bypass, Digital实现
The security of a System-on-Chip depends on various tamper protections used to protect the cryptographic keys from different kind of attacks. These keys are usually transmitted as plaintext between heterogonous modules through a SoC interconnect as bus and network-on-chip.
Advance probing techniques consist in approaching probes near an on-chip wire and observe logical values transmitted through it. This technique is applied when the on-chip wire is routed on the top metal layers of the chip.
Another technique, based on the Focused on Beam (FIB) technology, consists of drilling a hole to an on-chip wire routed on bottom metal layers, felling the hole with platinum and creating a pad on surface for easy access.
The probing attacks are expensive but they are more and more used by attackers to retrieve the keys transmitted through the SoC interconnect. Advance probing attacks might use multiple probes and access to full data word carried by the bus. This is why busses should be protected against probing attacks.
The typical protection against the probing attacks is shielding using dedicated wires routed above the buses to be protected. The shield protection deteriorates the chip performances in term of area and power consumption when the shield lines cover the whole circuit. To reduce the shield cost, the designer can select only sensitive zones of the chip to be covered with the shield; however, this solution introduces a breach because the buses that transmit sensitive data between the zones covered by the shield remain vulnerable.
Secure-IC Scrambled Bus IP masks all data carried on the bus with random variables generated locally by cryptographic primitives.
· Cryptographically secure masking
· On-the-fly masking and unmasking, no additional latency
· Transparent for bus masters and slaves, no modifications on the wrappers
· Easy integration
· Adaptable to various protocols
· High frequency (more than 1GHz is reached with 28nm technology)
AES | 数据加密,防护旁路攻击Side-Channel Attacks |
DES / 3-DES | 数据加密,防护旁路攻击Side-Channel Attacks |
RSA | 数据加密,防护旁路攻击Side-Channel Attacks |
ECC | 数据加密,防护旁路攻击Side-Channel Attacks |
HASH (SHA-1/MD-5) | 数据加密,防护旁路攻击Side-Channel Attacks |
SM2 | 数据加密,防护旁路攻击Side-Channel Attacks |
SM3 | 数据加密,防护旁路攻击Side-Channel Attacks |
SM4 | 数据加密,防护旁路攻击Side-Channel Attacks |
TRNG | 真随机数,Digital,防护Harmonic EM Attacks |
PUF | 防克隆防伪造,Digital, Anti Cloning/Counterfeiting,100% Unique, Random and Steady ID Generation |
Digital Sensor | 数字电路传感器实现,防御一切故障注入,Anti Fault Injection Attacks, All-in-one Fault Injection Detector, Entirely Digital |
Active Shield | 主动式屏蔽,防切割,Active Protection against Intrusive Attacks on ASIC, Anti Intrusive Hardware Modification. |
Scrambled BUS | 加密总线,防偷听,Encrypted Information to Prevent Probing on BUS, Anti Eavesdroping |
Memory Ciphering | 内存加密,防止反向工程或篡改,Memory Protection Against Reverse Engineering and Tampering |
Secure Clock | 加密时钟,扰乱时钟以防同步,Anti Synchronization to prevent efficient SCA and FIA |
Secure JTAG | 安全JTAG,JTAG口防护及认证系统,防止芯片调试口被入侵,Authentication System to Secure the debugging channel on chip, Anti JTAG Violation |
Secure Boot | 安全启动,防固件篡改,Maximum security-enabling root-on-trust, Anti Firmware Tampering |
Secure Monitor | 安全监控,防非法跳转,Maximum security-enabling monitoring, Security policy bypass |
CyberCPU CPU | 网络安全,防网络攻击,CPU-agnostic Cyber Attack Sensor |
Secure-IC位于法国,专业从事电子产品安全性保护咨询服务和安全性分析测试平台的研发。从研究安全性加密保护算法起家,到销售保护IP授权,到现在提供全方位的安全性分析测试套件。Secure-IC的测试套件作为欧洲CC多家认证实验室的认证工具,可以帮助客户获得CC EAL5+的认证。Secure-IC进入中国市场数年来,已经有多家厂商和科研院所等选用了Secure-IC套件作为安全性测试和研究的工具,受到了良好的评价。
旁路攻击(Side Channel Attack)又称侧信道攻击,利用嵌入式系统的功耗、电磁等泄露信息,通过统计数学的分析方法比如SPA、CPA、DPA、MIA、CEMA等破解一个加密算法的秘钥;
故障注入(Fault Injection Attack)攻击分析是通过对加密系统注入故障迫使系统产生可利用的错误反馈,通过对反馈结果的分析,而破解一个系统的安全机制,相较于侧信道分析,故障注入分析方法手段更复杂先进,效率更高。常见的故障注入方式有激光故障注入、电磁故障注入、电压毛刺故障注入和时钟毛刺故障注入等方式。
硬件木马(Hardware Trojan Horse)是在芯片或者电子系统中故意植入的特殊模块电路或者设计者无意留下的缺陷模块电路,在特殊条件触法下,该模块能够被攻击者利用而实现有目的性的篡改,或产生破坏性的功能。硬件木马可能会导致信息泄露、电路功能被篡改,乃至整个芯片被恶意控制。
1.旁路攻击及故障注入安全分析设备:Secure-IC Analyzr
2.旁路攻击及故障注入仿真分析软件:Secure-IC Virtualyzr
3.旁路攻击及故障注入大数据分析软件:Secure-IC Catalyzr
4.安全保护IP核:Secure-IC Security IP cores
5.硬件木马检测与防护:Hardware Trojan Horse Detection and Defense.
Analyzr是一套芯片安全评估分析设备,通过旁路攻击(Side Channel Attack)分析及故障注入(Fault Injection Attack)分析方式对实际芯片进行安全攻击测试评估,定位安全漏洞,分析安全泄露,提高安全保护。
支持经典算法AES, DES / 3-DES. RSA, ECC等
支持国产加密算法如SM2, SM3, SM4等
测信道信息泄露和故障注入对芯片的安全性威胁非常大,但通常对这两方面的评估是在实际芯片上或者FPGA仿真板上进行。实际芯片生产需要时间和费用成本,FPGA仿真又与实际芯片差距较大,Secure-IC Virtualyzr能解决此问题,可以在设计的初期阶段直接针对芯片设计代码评估其加密算法实施在旁路攻击和故障注入方面的安全性。
Virtualyzr支持不同级别的设计代码:RTL, Post-Synthesis, Post Place & Route
支持Actel / Microsemi以及开发环境Libero
支持Altera 以及开发环境Quartus
支持ASIC以及开发工具Cadence / Synopsys
1, 汲取多维(XYZ,频率,电压,持续时间...)测量条件下测试数据
2, 检测并找到泄露
3, 增强经典评估流程:快速分析参数和数据处理链路
