节点文献
抗功耗攻击的安全SoC设计与实现关键技术研究
Research on Key Techniques of Design and Implementation of Power Analysis Resistant Secure SoC
【作者】 童元满;
【作者基本信息】 国防科学技术大学 , 计算机科学与技术, 2008, 博士
【摘要】 安全SoC(System on Chip)芯片在各个领域中得到了广泛的应用,主要完成用户关键数据的安全存储、数据加解密、数字签名与认证、以及身份鉴别等。安全SoC芯片在各种应用系统中往往作为安全控制的核心和信任根源,因此安全SoC芯片自身的安全性对整个系统而言起着关键作用。受利益驱使,安全SoC芯片往往成为恶意实体或个人的破解目标,相关的破解手段包括软件攻击、旁路攻击以及物理攻击,其中旁路攻击特别是功耗攻击就是一种针对密码算法具体实现中存在的薄弱环节而实施的以破解密钥为目标的有效攻击技术。为此,本文将安全SoC中密码算法部件抗功耗攻击设计与实现的关键技术作为研究内容,主要包括以下三个方面:一是抗功耗攻击的密码算法部件辅助设计技术,二是创新的防护技术,三是面向安全约束的SoC设计技术与安全SoC原型芯片的设计与实现。在本文的研究过程中,主要取得了如下创新成果:(1)提出了识别密码算法具体实现中可被功耗攻击漏洞的分析方法,主要包括三个部分:识别密码算法具体实现中可被功耗攻击漏洞的基本理论,描述密码算法具体实现的增强数据相关图,以及识别可被功耗攻击漏洞的算法。发现密码算法具体实现中可被功耗攻击的漏洞不仅为设计具有高防护能力的密码算法实现模块提供有效指导信息,设计者可以据此采取有针对性的技术措施以抗功耗攻击;也可为建立抗功耗攻击的密码算法部件辅助设计EDA工具打下坚实的基础。(2)提出了密码算法部件抗功耗攻击防护能力的量化评估方法。本文根据功耗攻击的信噪比来估算成功实施功耗攻击所需的样本数,并给出了不同设计层次(包括RTL级、综合后以及布局布线后等)下密码算法部件的瞬态功耗模拟技术。识别密码算法具体实现中可被功耗攻击的漏洞相当于定性分析防护能力,结合防护能力量化评估,可以有效指导抗功耗攻击的密码算法部件设计与实现。(3)提出了基于随机掩码的抗高阶功耗攻击的AES算法实现技术,其目的在于消除可被功耗攻击的漏洞。定义了若干随机掩码的细粒度操作,将AES算法中各种变换转换为细粒度操作的序列,并保证所有的中间结果均被不同的随机量所掩码,结合运算过程随机化技术以达到更好的防护效果。基于该技术,可以采用软件、硬件以及软硬件混合等不同方式实现AES算法。(4)提出了三种不同的旨在增大功耗攻击难度的防护技术:一是基于WDDL和行波流水技术的抗功耗攻击的分组密码算法实现技术,将WDDL逻辑单元的功耗恒定特性与行波流水技术的高运算性能有效结合,用以实现分组密码算法部件,不仅具有良好的抗功耗攻击防护能力,也具有较高的运算性能;二是基于混沌噪声的防护技术,利用混沌信号的高度复杂性和不可预测性,以混沌功耗噪声掩盖密码算法部件的有效功耗信息,适合于安全SoC芯片中对多个密码运算部件进行保护,且与密码算法部件的实现细节无关;三是基于细粒度任务调度的RSA和ECC算法抗功耗攻击实现技术,将RSA和ECC算法中关键操作即大整数模幂和椭圆曲线标量乘法转换为细粒度原子操作的随机序列,在运算过程中随机的插入数目可配置的伪操作,达到了防护能力和运算性能的灵活折衷。(5)提出了面向安全约束的SoC芯片设计技术。在基于层次平台的SoC设计方法学基础上,提出了基于可信计算体系结构的安全SoC层次化设计平台,在安全SoC的设计中引入独立的安全约束,并给出了相应的安全约束映射技术和安全验证技术。从软件攻击和旁路攻击等角度,定义安全约束并验证防护技术的有效性。所提出的安全SoC设计技术不仅可以充分重用已有的设计资源,也可充分利用现有的层次平台设计技术及相关辅助设计工具。
【Abstract】 Secure SoC (System on Chip) plays an important role in many applications. The function of secure SoC includes the protection and secure storage of private data, encryption/decryption, digital signature and verification, identity authentication etc. Secure SoC is always the key of security control or the root of trust. So the security of a secure SoC itself is the key to establish an information system with high dependability. To obtain illegal interest, some vicious entities or individuals may attempt to break the secure SoCs. The commonly used techniques to break a secure SoC include software attack, side-channel attack and physical attack. Side-channel attack, especially power analysis attack, is a very efficient method to break the private keys using the implementing weakness of a secure SoC. So the key techniques of power analysis resistant implementation of cryptographic devices in the secure SoC are the main target of this thesis. The research of this thesis includes the following three parts; the first one is the aided design method to implement power analysis resistant cryptographic devices, the second one is novel countermeasures for different cryptographic algorithms, and the last one is the design method of security oriented SoC and implementation of a secure SoC prototype.Primary innovation works of this thesis can be summarized as follows.(1) The technique to identify feasible power analysis attacks in the implementation of cryptographic devices is presented. This is equivalent to perform qualitative analysis of the cryptographic device’s resistibility against power analysis attack. The identifying method includes three parts, the basic theory to identify feasible attacks, the enhanced data dependence graph to describe the implementation, and the algorithm to identify different kinds of attacks. The results of identified attacks are valuable guidance for designers to choose appropriate countermeasures while designing and implementing power analysis resistant cryptographic device. Besides, this technique lays the foundation of the EDA tools for the aided design of power analysis resistant cryptographic device.(2) The technique to perform quantitative analysis of the cryptographic device’s resistibility against power analysis attack is presented. The number of power trace measurements needed to perform a power analysis attack successfully is used to express the quantitative resistibility. And the number of samples is computed based on the signal-to-noise ratio of the corresponding power analysis attack. The technique of power trace simulations at multiple levels including RTL, synthesized and Placement & routing, is proposed. With the qualitative analysis and quantitative analysis of the resistibility against power analysis attack, a designer can implement a power analysis resistant cryptographic device efficiently.(3) The AES implementation secure against high-order power analysis attack based on random masking is presented. This countermeasure aims to eliminate the feasible leaks which can be used to perform power analysis attacks. Several fine grained masked operations are defined. And all the transformations in AES are transferred to the sequence of the pre-defined masked operations. All the intermediate results are masked by different random values. Combined with randomized execution of the fine grained operations sequence, it is proven that the proposed countermeasure is secure against high-order power analysis attack. This countermeasure not only can be implemented as software or hardware blocks completely, but also can be implemented as software-hardware hybrid block.(4) Three kinds of different countermeasures which aim to increase the difficulty of performing power analysis attack to an extremely large degree are presented. The first one is the implementation of block cipher coprocessor based on WDDL and wave-pipelining. A WDDL circuit can achieve nearly constant power consumption which is independent with the input signals. And wave-pipelining is an advanced technique which achieves extremely high performance. Block cipher coprocessor based on WDDL and wave-pipelining not only prevent power analysis attack effectively, but also achieves high performance and low power consumption. The second one is the countermeasure based on chaotic noise. Since the extremely high complexity and unpredictable nature of chaos, chaotic power noise is generated to mask the power trace of cryptographic device. This technique is suited for protecting multiple cryptographic blocks in a secure SoC. And it is unrelated to the implementation details of a cryptographic device. The third one is the implementation of RSA and ECC based on fine grained operation schedule. The large number modular exponentiation and elliptic curve scalar multiplication which are the key operations of RSA and ECC are transferred to the randomized sequence of fine grained operations. By inserting invalid operations with configurable amount, fine compromise is achieved between performance and the resistibility against power analysis attack.(5) The key technique of security oriented SoC design is presented. With the hierarchical platform based SoC design methodology, the hierarchical secure SoC platform based on the architecture of trusted computing is constructed. Independent constraints of security are introduced to the design and implementation of secure SoC. And the transmission and validation of the security constraints are presented. The security constraints and validation include two sides, i.e., the ability to resist software attack and side-channel attack. The presented design method not only reuses the existing design resources to a large degree, but also reuses the existing platform based SoC design technique and aided design environment.
【Key words】 secure SoC; power analysis attack; quantitative analysis; random masking; WDDL; wave-pipelining; chaotic noise; hierarchical platform;