《電子技術(shù)應(yīng)用》
您所在的位置:首頁 > 模擬設(shè)計(jì) > 設(shè)計(jì)應(yīng)用 > 面向密碼芯片設(shè)計(jì)階段的仿真?zhèn)刃诺腊踩苑治龇椒ㄑ芯?/span>
面向密碼芯片設(shè)計(jì)階段的仿真?zhèn)刃诺腊踩苑治龇椒ㄑ芯?
電子技術(shù)應(yīng)用
沈煒,劉詩宇,楊光,李東方
中國航天科工集團(tuán)第二研究院706所
摘要: 密碼芯片是密碼算法實(shí)現(xiàn)的重要載體,在信息系統(tǒng)中承擔(dān)了加解密、簽名、認(rèn)證等功能,側(cè)信道分析是檢測密碼芯片安全性的重要手段,當(dāng)前行業(yè)內(nèi)通常采用專用設(shè)備進(jìn)行側(cè)信道分析,該方法存在發(fā)現(xiàn)時(shí)間晚、修復(fù)成本高、硬件設(shè)備昂貴等問題。研究面向密碼芯片設(shè)計(jì)階段的能量采集與側(cè)信道分析方法,采用EDA工具在設(shè)計(jì)階段對(duì)密碼芯片的RTL代碼進(jìn)行功能仿真,通過分析仿真生成的波形記錄文件,實(shí)現(xiàn)對(duì)能量跡的模擬和采集。采用Welch t檢驗(yàn)、KL散度和相關(guān)能量分析方法,實(shí)現(xiàn)了對(duì)芯片RTL代碼的泄漏檢測、泄漏定位和側(cè)信道攻擊。通過對(duì)AES-128 RTL設(shè)計(jì)的仿真實(shí)驗(yàn),證明了該方法能夠正確地反映能量泄漏情況,且能夠在不借助專用硬件設(shè)備的條件下實(shí)現(xiàn)對(duì)密碼芯片早期設(shè)計(jì)階段的側(cè)信道泄漏安全風(fēng)險(xiǎn)檢測。
中圖分類號(hào):TP311.5 文獻(xiàn)標(biāo)志碼:A DOI: 10.16157/j.issn.0258-7998.245035
中文引用格式: 沈煒,劉詩宇,楊光,等. 面向密碼芯片設(shè)計(jì)階段的仿真?zhèn)刃诺腊踩苑治龇椒ㄑ芯縖J]. 電子技術(shù)應(yīng)用,2024,50(10):98-104.
英文引用格式: Shen Wei,Liu Shiyu,Yang Guang,et al. Research on side channel security analysis technology of cryptographic chip based on simulation[J]. Application of Electronic Technique,2024,50(10):98-104.
Research on side channel security analysis technology of cryptographic chip based on simulation
Shen Wei,Liu Shiyu,Yang Guang,Li Dongfang
Institute 706, Second Academy of CASIC
Abstract: Cryptographic chip is an important carrier for cryptographic algorithms, which implements functions such as encryption, decryption, signature, and authentication of information system. Side channel analysis is an important method to verify the security of cryptographic chips. In the current industry, post-silicon side channel analysis with special equipment is a common method, which is too late and expensive in making any changes to the design to solve the leakage issue. This paper proposes a simulation-based power trace acquisition and side channel analysis method. EDA tools are used to perform functional simulation on the RTL code of the cryptographic chip during the design phase, and we collect the simulated power trace by analyzing the waveform record file. By using Welch t test, KL divergence and correlation energy analysis, leakage can be located in time and space dimensions. Through the side channel analysis experiment on AES-128 RTL design, we proved that the method proposed in this paper can correctly reflect the power leakage, which can detect the side channel leakage risk in the early stage of the cryptographic chip design without the help of special hardware equipment.
Key words : cryptographic chip;power consumption simulation;leakage detection;power side channel attack

引言

密碼芯片是保障網(wǎng)絡(luò)與通信設(shè)備數(shù)據(jù)傳輸和交換安全性的重要部件,其安全性至關(guān)重要。芯片在運(yùn)行過程中,其邏輯門的變化在物理上體現(xiàn)為電流的變化,從而引起能量消耗。如果芯片自身安全機(jī)制不足或未做泄漏防護(hù),芯片在處理敏感信息時(shí)產(chǎn)生的能量將與敏感信息之間產(chǎn)生隱通道,如被攻擊者加以利用,可能造成數(shù)據(jù)泄漏,對(duì)系統(tǒng)的安全性產(chǎn)生極大的威脅。

目前針對(duì)上述問題的典型測試方法是在芯片設(shè)計(jì)完成后,采用專用硬件設(shè)備搭建側(cè)信道分析平臺(tái),對(duì)芯片實(shí)物開展能量側(cè)信道安全性分析。該方法主要存在以下問題:一是硬件設(shè)備成本較高,當(dāng)前測試方法分析過程的精確性依賴于專業(yè)側(cè)信道采集設(shè)備,此類設(shè)備價(jià)格昂貴;二是搭建分析平臺(tái)難度大、時(shí)間長,測試人員需要花費(fèi)大量時(shí)間和精力設(shè)計(jì)和調(diào)試側(cè)信道采集板卡,測試周期難以保證;三是發(fā)現(xiàn)問題較晚、修復(fù)成本高,現(xiàn)有的硅后測試方法不僅發(fā)現(xiàn)問題階段較晚,而且修改后需重新流片,修復(fù)成本較高。

針對(duì)上述問題,目前已經(jīng)有研究提出了針對(duì)芯片晶體管級(jí)、門級(jí)、RTL級(jí)的仿真?zhèn)刃诺婪治龇椒?。文獻(xiàn)[1]提出了在晶體管級(jí)進(jìn)行基于漢明差的差分功耗分析方法,但分析時(shí)間需要數(shù)天,時(shí)間開銷較大。文獻(xiàn)[2]結(jié)合Primetime PX工具構(gòu)建了門級(jí)的側(cè)信道分析框架。文獻(xiàn)[3]通過分析SAIF文件,實(shí)現(xiàn)對(duì)RTL級(jí)的側(cè)信道分析,但SAIF文件一般只適用于Synopsys工具,通用性不強(qiáng)。

本文提出了一種基于功能仿真的密碼芯片側(cè)信道分析方法,該方法在密碼芯片早期的RTL設(shè)計(jì)階段,通過功能仿真的手段生成仿真能量跡,實(shí)現(xiàn)待測芯片設(shè)計(jì)進(jìn)行側(cè)信道攻擊與泄漏評(píng)估。相比于硅后的側(cè)信道分析方法,本文提出的方法不僅不需要專用的硬件設(shè)備,而且可以在設(shè)計(jì)階段實(shí)現(xiàn)模塊級(jí)的泄漏檢測、定位和側(cè)信道攻擊。


本文詳細(xì)內(nèi)容請(qǐng)下載:

http://ihrv.cn/resource/share/2000006186


作者信息:

沈煒,劉詩宇,楊光,李東方

(中國航天科工集團(tuán)第二研究院706所,北京 100854)


Magazine.Subscription.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。