CN103324467B - A kind of anti-bypass attack processor architecture postponed based on stochastic instruction - Google Patents
A kind of anti-bypass attack processor architecture postponed based on stochastic instruction Download PDFInfo
- Publication number
- CN103324467B CN103324467B CN201310202878.9A CN201310202878A CN103324467B CN 103324467 B CN103324467 B CN 103324467B CN 201310202878 A CN201310202878 A CN 201310202878A CN 103324467 B CN103324467 B CN 103324467B
- Authority
- CN
- China
- Prior art keywords
- random
- instruction
- module
- flowing water
- operation instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of anti-bypass attack processor architecture postponed based on stochastic instruction, framework is that command memory and instruction random schedule module is connected, CPU (central processing unit) is connected with data-carrier store with MUX, random flowing water section Postponement module respectively, and MUX respectively and instruction random schedule module, random no-operation instruction (no-op) injection module is connected; Random-number-generating module is connected with random flowing water section Postponement module with random no-operation instruction (no-op) injection module, instruction random schedule module respectively.The present invention passes through random schedule instruction and the modes such as Out-of-order execution, random injection no-operation instruction (no-op) and random flowing water section operating delay, make bypass attack cannot determine the execution time point of certain operations, thus be difficult to carry out statistical study, the ability of great enhancing system attack bypass attack, avoids causing cryptographic algorithm to be cracked because of the leakage of bypass message.
Description
Technical field
The present invention relates to information security field, relate to a kind of processor architecture of anti-bypass attack, particularly a kind of anti-bypass attack processor architecture postponed based on stochastic instruction.
Background technology
Information security chip is widely used in every field, the safe storage of main completing user critical data, data encrypting and deciphering, digital signature and certification and identity verify etc.Core and the trust root of safety chip often as security control in various application system, therefore the security of safety chip self plays key effect to whole system.
The complicacy of cryptographic algorithm and the safety of key in chip are depended in the security of safety chip to a great extent.The cryptographic algorithm of current widespread use all reaches very high complicacy, and the cryptanalysis in mathematical meaning almost cannot decryption algorithm completely.And bypass attack is a kind of a kind of attack method utilizing the bypass message revealed in cryptographic algorithm specific implementation directly to obtain (comprising the execution time, power consumption, electromagnetic radiation, sound etc.) key occurred in recent years.Research shows, for without any protection crypto chip, assailant only need a small amount of power consumption/electromagnetism curve just can within a few minutes breaking cryptographic keys.Therefore, the appearance of bypass attack brings serious security threat to safety chip, and this just requires the ability that must possess anti-bypass attack in the specific implementation of safety chip particularly cryptographic algorithm.
The technology of the anti-bypass attack proposed comprises increases noise signal, insert random delay and use random mask, adopt power consumption constant logic unit and power consumption smoothing technique etc., and mainly eliminating in cryptographic algorithm specific implementation can by the difficulty of the leak attacked or increase power consumption attack.But there is a lot of shortcoming and defect in above defence method.Such as, although increase noise signal can weaken correlativity between power consumption and key intuitively, assailant can adopt the signal processing technologies such as auto adapted filtering with the impact of stress release treatment.Adopt n rank random mask can resist n rank differential power attack, but helpless to n+1 rank differential power attack.Adopt mask technology to need to design different mask algorithms for different cryptographic algorithms, the construction cycle of mask algorithm is grown and will take a large amount of resources when realizing simultaneously.Adopt power consumption constant logic unit can resist power consumption attack to a certain extent, but compared with the realization based on static criteria unit, chip area and power consumption approximately double, but operational performance about drop to the former half.Still lack real effective anti-bypass attack method, can effective bypass attack be provided to protect under the prerequisite of low hardware and system performance expense.
Random time delay technology, by introducing random time delay in cryptographic algorithm, makes bypass attack cannot determine the execution time point of certain operations, thus increases the difficulty of statistical study.This technology easily realizes, and can be applied in various algorithm, all has certain protective action to fault attacks, timing attack, differential power attack and higher difference power consumption attack etc.The random delay technology proposed comprises employing multi-clock, inserts dummy instruction, inserts random no-operation instruction (no-op) etc.But single random delay method is proved to be exists limitation.Research shows, attack for DPA (Differential Power Analysis), after inserting random time delay, although single biased spike is separated into the little spike on some diverse locations, the signal to noise ratio (S/N ratio) that remarkable reduction DPA attacks, if but assailant can postpone the scope that may occur by evaluation time, namely determine time delay window, so by analyzing the total power consumption in this time window, effectively can improve the signal to noise ratio (S/N ratio) that DPA attacks, make random delay technical failure.
Summary of the invention
The object of the invention is to overcome the shortcoming of prior art and deficiency, a kind of anti-bypass attack processor architecture postponed based on stochastic instruction is provided, the present invention is applied to safety chip, can resist Various Complex bypass attack, avoids causing cryptographic algorithm to be cracked because of the leakage of bypass message.
Technical scheme of the present invention is:
A kind of anti-bypass attack processor architecture postponed based on stochastic instruction, utilize multiple stochastic instruction delay technology to resist bypass attack, it is characterized in that: comprise instruction random schedule module, random no-operation instruction (no-op) injection module, random flowing water section Postponement module, MUX, CPU (central processing unit), random-number-generating module, command memory and data-carrier store, wherein, command memory and instruction random schedule module is connected, CPU (central processing unit) respectively with MUX, random flowing water section Postponement module is connected with data-carrier store, MUX is and instruction random schedule module respectively, random no-operation instruction (no-op) injection module is connected.Random-number-generating module is connected with random flowing water section Postponement module with random no-operation instruction (no-op) injection module, instruction random schedule module respectively.
Described instruction memory is for storing all very long instruction words needed for instruction random schedule module;
Described instruction random schedule module can random schedule is multiple can the instruction of executed in parallel out of order transmitting;
Described data-carrier store is for storing the data needed for CPU (central processing unit) execution;
Described CPU (central processing unit) for performing instruction, namely instruction execution unit, instruction execution unit is divided into again n flowing water section, n be not equal to zero natural number;
Described random no-operation instruction (no-op) injection module can be random in normal instructions implementation generation no-operation instruction (no-op) and be transmitted into CPU (central processing unit) perform;
Described random flowing water section Postponement module can carry out random delay in the monocycle to the flowing water section operating unit of CPU (central processing unit) inside and control.
Described random-number-generating module provides random no-operation instruction (no-op) injection module, instruction random schedule module and random random number needed for flowing water section Postponement module; Described random number generation unit is true Random Number Generator.
Described instruction random schedule module comprises instruction buffer unit and random schedule unit;
First utilize very long instruction word technique of compiling run time version is compiled into very long instruction word and is stored in command memory, every bar very long instruction word comprises the instruction of many energy executed in parallel; First very long instruction word is loaded into instruction buffer unit in the process of implementation, random schedule unit according to all instructions in random sequence successively dispatch command buffer cell and be transmitted to CPU (central processing unit) perform.After all instructions in instruction buffer unit are all called, by the automatic very long instruction word that loading one is new from command memory.
Described random no-operation instruction (no-op) injection module comprises random no-operation instruction (no-op) generation unit, control module, configuration register and shadow register are injected in random no-operation instruction (no-op);
Described random no-operation instruction (no-op) generation unit can produce random no-operation instruction (no-op), and the random no-operation instruction (no-op) of generation is the data processing class instruction of monocyclic not reprogramming status register;
The injection that control module is used for controlling random no-operation instruction (no-op) is injected in described random no-operation instruction (no-op), comprises and selects to inject the moment of random no-operation instruction (no-op), the quantity of the random no-operation instruction (no-op) of bolus injection;
Described configuration register is used for arranging the parameter that control module is injected in random no-operation instruction (no-op), thus frequency and the quantity of random no-operation instruction (no-op) are injected in adjustment; Following parameter is included but not limited to: enable, security protection rank in configuration register; Described configuration register is addressable special register, can by software design patterns; Described configuration register has the safety practice of reinforcement to prevent the value of assailant's illegal modifications register thus the random no-operation instruction (no-op) function of injecting of bypass;
The source-register that described shadow register provides random no-operation instruction (no-op) to use and destination register; Random no-operation instruction (no-op) uses several shadow registers as source-register, is write in other shadow register by execution result simultaneously.
Each flowing water section of described CPU (central processing unit) inside has random delay function in the monocycle; Carry out in each clock period of flowing water execution in instruction, when clock signal is come, each flowing water section is restarted after postponing one section of random time respectively, and guarantees all operations that completed before the next clock period comes in this cycle, to meet timing requirements; This random delay function carrys out control realization by random flowing water section Postponement module; The delay scope of each flowing water section can adjust according to clock signal frequency.
Described random flowing water section Postponement module is to the control realization of the flowing water section time delay of CPU (central processing unit) inside, adopt but be not limited to under type: 1) in each clock period that CPU (central processing unit) performs, after clock signal arrives when active, random flowing water section Postponement module be respectively each flowing water section produce independently random delay after control signal, make each flowing water section random start; 2) each flowing water intersegmental part adopts the register of band random delay Trigger Function; When clock signal is effective, the register in flowing water section can trigger after random delay a period of time again, and guarantees stable before the next clock period comes triggering to meet timing requirements.
Described random no-operation instruction (no-op) injection module, instruction random schedule module and random flowing water section Postponement module all have the ability of opposing bypass attack, need in processor architecture, select the combination of wherein operational blocks which partition system to realize the ability of suitable opposing bypass attack according to design.
The utilization of each module of the present invention makes bypass attack cannot determine the execution time point of certain operations thus be difficult to carry out statistical study, enhances the ability of system attack bypass attack greatly.By the combination of these four kinds of technology, increase the status number of time delay further, make time delay window be difficult to determine, thus the usefulness of total power consumption analysis is sharply declined until complete failure.
When using the CPU (central processing unit) of this structure to perform cryptographic algorithm, do not need to design different protection algorithms for different cryptographic algorithm, decrease design overhead.Simultaneously can according to design need to choose arbitrarily in these four kinds of implementations one or more combine, system performance expense being reduced in can within tolerance range.
In processor architecture of the present invention, each stochastic instruction Postponement module all achieves the random delay that instruction performs, and specific implementation technology is as follows:
1, instruction random schedule
Comprise instruction random schedule module in this processor architecture, can random schedule many can the instruction Out-of-order execution of executed in parallel.Stochastic instruction scheduling has upset the execution sequence of instruction, is also random delay technology in essence.This module comprises instruction cache unit and random schedule unit.The CPU (central processing unit) of this structure needs compiler support when realizing random schedule function.Idiographic flow comprises:
1) very long instruction word compiling: in order to support that CPU (central processing unit) carries out stochastic instruction scheduling, first utilize very long instruction word technique of compiling that cryptographic algorithm is compiled into very long instruction word, wherein each instruction word comprise many (such as 8) can the instruction of executed in parallel, and to be stored in command memory.
2) instruction buffer and random schedule: when CPU (central processing unit) performs, first n bar instruction in a very long instruction word will call instruction cache unit by from command memory, then press Instruction Scheduling Algorithm according to random sequence successively scheduled for executing by random schedule unit.After the instruction in instruction buffer unit is all complete, automatically read to load new very long instruction word from command memory.
2, random no-operation instruction (no-op) is injected
Contain random no-operation instruction (no-op) injection module in this processor architecture, can inject at random in normal instructions implementation and perform random no-operation instruction (no-op).The execution of random no-operation instruction (no-op) has upset the execution sequential of normal instructions, makes it that random delay occur.Meanwhile, by adopting methods such as adding shadow register to guarantee that the execution of random no-operation instruction (no-op) does not affect normal instructions.Concrete technical scheme comprises:
1) random no-operation instruction (no-op) generation unit: produce random monocyclic data processing class instruction.Guarantee that the random no-operation instruction (no-op) produced does not affect program status register, also can not cause the redirect of program.
2) control module is injected in random no-operation instruction (no-op): the injection being used for controlling random no-operation instruction (no-op), comprises and selects to inject the moment of random no-operation instruction (no-op), the quantity etc. of the random no-operation instruction (no-op) of bolus injection.
3) control module configuration register is injected in random no-operation instruction (no-op): in order to the resistivity allowing designer can set CPU (central processing unit) as required, additionally will add the configuration register that control module is injected in a random no-operation instruction (no-op), this configuration register comprise enable, class of safety protection is equivalent.Control by enable the unlatching that control module is injected in random no-operation instruction (no-op), frequency and the bolus injection transformation of random no-operation instruction (no-op) injection are set by class of safety protection parameter.This configuration register is specially deposited the same with other, can be arranged by upper layer software (applications).Meanwhile, this configuration register with the safety practice strengthened to prevent the value of assailant's illegal modifications register thus bypass pseudoinstruction function of injecting.
4) shadow register: the source-register that shadow register unit provides random no-operation instruction (no-op) to use and destination register.Random no-operation instruction (no-op) uses several shadow registers as source-register, and execution result is write in other shadow register simultaneously.
3, random flowing water section postpones
Generally for raising instruction execution efficiency, instruction general flowing water that adopts in CPU (central processing unit) performs.Instruction execution unit in CPU (central processing unit) is divided into multiple flowing water section, and each flowing water section uses corresponding hardware circuit to realize, within the corresponding clock period, complete set operation.In execution process instruction, whenever clock signal is come, unification overturns by the timing unit in each flowing water section, drives the saltus step of combinational circuit generation state.These upsets and saltus step will cause the change of power consumption.
Present invention employs time delay technology in a kind of streamline monocycle, delays time to control can be carried out to the executory flowing water section operation of instruction.Concrete principle is: when flowing water execution is carried out in instruction, when clock signal is come, the register in each flowing water section does not overturn immediately, but overturns after waiting for a random time again.That is, within each clock period, the start-up time of each flowing water section is different, and time delay is random, this random variation that will instruction execution unit caused at the total power consumption curve in this cycle.Even if perform same instructions under same input, each power consumption profile of instruction execution unit within certain clock period is not identical, and change is also random.
It should be noted that the time delay in order to ensure flowing water section can not cause system sequence chaotic, must guarantee that the operation of each flowing water section within each clock period can complete before the next clock period comes, therefore the reference time delay of flowing water section should be rationally set.
This technology makes the power consumption profile in CPU (central processing unit) each cycle become level and smooth and random variation, effectively can reduce the signal to noise ratio (S/N ratio) of the bypass attacks such as power consumption attack, increase attack difficulty further, can not bring any loss in performance simultaneously.
Accompanying drawing explanation
Fig. 1 is the anti-bypass attack processor architecture of the present invention;
Fig. 2 is the inner structure schematic diagram that the present invention has the processor architecture of stochastic instruction delay feature;
Embodiment
So feature disclosed in this instructions, or the step in disclosed all methods or process, except mutually exclusive feature and/or step, all can combine by any way.
Below in conjunction with accompanying drawing, the present invention is described in further detail.
Figure 1 shows that processor architecture block diagram of the present invention, instruction memory of the present invention is for storing all very long instruction words needed for instruction random schedule module;
Described instruction random schedule module can random schedule is multiple can the instruction of executed in parallel out of order transmitting;
Described data-carrier store is for storing the data needed for CPU (central processing unit) execution;
Described CPU (central processing unit) for performing instruction, namely instruction execution unit, instruction execution unit is divided into again n flowing water section, n be not equal to zero natural number;
Described random no-operation instruction (no-op) injection module can be random in normal instructions implementation generation no-operation instruction (no-op) and be transmitted into CPU (central processing unit) perform;
Described random flowing water section Postponement module can carry out random delay in the monocycle to the flowing water section operating unit of CPU (central processing unit) inside and control.
Described random-number-generating module provides random no-operation instruction (no-op) injection module, instruction random schedule module and random random number needed for flowing water section Postponement module; Described random number generation unit is true Random Number Generator.
Figure 2 shows that the inner structure schematic diagram of processor architecture of the present invention.Concrete principle and embodiment as follows:
Very long instruction word compiles: in order to support that CPU (central processing unit) carries out stochastic instruction scheduling, first utilize very long instruction word technique of compiling that cryptographic algorithm is compiled into very long instruction word, wherein each instruction word comprise many (such as 8) can the instruction of executed in parallel, and to be stored in command memory.
Instruction buffer: when CPU (central processing unit) performs, first many instructions in a very long instruction word will call instruction cache unit, press Instruction Scheduling Algorithm scheduled for executing successively by random schedule unit.After the instruction in instruction buffer unit is all complete, automatically from command memory, read new very long instruction word.
Instruction random schedule: storing in instruction buffer unit can many instruction of Out-of-order execution, the whole instruction in random dispatch command buffer cell is successively transported in a MUX by Randomized scheduling algorithm by random schedule unit.Meanwhile, add a control signal, be used for opening and suspend the execution of random schedule unit.
Random no-operation instruction (no-op) produces: use random-number-generating module in CPU (central processing unit) to produce random number, then a part for the operational code of random number formation instruction, source-register and destination register is used, again according to order format specification, other sections of instruction are filled out with fixing numerical value, create a random no-operation instruction (no-op).Be fixed as corresponding numerical value by some section of the operational code by instruction, the random no-operation instruction (no-op) that can control to produce is data manipulation type instruction, can not affect program status register, also can not cause the redirect of program.
Random no-operation instruction (no-op) is injected and is controlled: described random no-operation instruction (no-op) injection module comprises random no-operation instruction (no-op) generation unit, control module, configuration register and shadow register are injected in random no-operation instruction (no-op); Control module is injected in random no-operation instruction (no-op), is used for controlling the injection of random no-operation instruction (no-op), comprises and select to inject the moment of random no-operation instruction (no-op), the quantity etc. of the random no-operation instruction (no-op) of bolus injection.A kind of implementation is (as shown in Figure 2): the instruction that random schedule unit is launched and the instruction that random no-operation instruction (no-op) generation unit produces input as two-way, are input in a MUX.Random no-operation instruction (no-op) injects control module according to corresponding algorithm, in the corresponding moment, injection can be drawn high by signal, MUX is outputted to instruction execution unit that random no-operation instruction (no-op) is transported to CPU (central processing unit).This signal is input to random no-operation instruction (no-op) scheduling unit and instruction execution unit equally, and be used for that random no-operation instruction (no-op) is dispatched and suspend, notification instruction performance element carries out shadow register switching simultaneously.
Meanwhile, in order to the opposing bypass attack ability allowing designer can set CPU (central processing unit) as required, the configuration register that control module is injected in a random no-operation instruction (no-op) is also set, this configuration register can include but not limited to enable, safe class is equivalent.Upper layer software (applications) can pass through configuration register value, and function is inserted in the enable random no-operation instruction (no-op) of the material time section having key to participate in cryptographic algorithm, can reduce system overhead greatly like this.By arranging safe class, being used for adjusting instruction and injecting frequency and the bolus injection instruction strip number upper limit that control module calls random no-operation instruction (no-op).
Register switches: CPU (central processing unit) i.e. instruction execution unit will additionally add some shadow registers, the source-register that shadow register provides random no-operation instruction (no-op) to use and destination register.Instruction is in flowing water section performs, if control signal shows that this instruction is random no-operation instruction (no-op), read-write register all can replace to shadow register, and switchback again during execution normal instructions, can guarantee that the execution of random no-operation instruction (no-op) can not revise the value of general-purpose register like this.Meanwhile, in order to improve anti-attack ability further, the value of source shadow register can be changed at random in each clock period.
Flowing water section postpones: CPU (central processing unit) i.e. instruction execution unit have employed time delay technology in a kind of streamline monocycle, can carry out delays time to control to the executory flowing water section operation of instruction.When clock signal is come then, each flowing water section can in startup after random delay a period of time, this random variation that will instruction execution unit caused at the total power consumption curve in this cycle.The time of the delay of each flowing water section should rationally be arranged, and guarantees that all operations before the next clock period comes in this cycle can all complete, and the delay scope of each flowing water section simultaneously can adjust according to clock signal frequency.
Described random flowing water section Postponement module is to the control realization of the flowing water section time delay of CPU (central processing unit) inside, adopt but be not limited to under type: 1) in each clock period that CPU (central processing unit) performs, after clock signal arrives when active, random flowing water section Postponement module be respectively each flowing water section produce independently random delay after control signal, make each flowing water section random start; 2) each flowing water intersegmental part adopts the register of band random delay Trigger Function; When clock signal is effective, the register in flowing water section can trigger after random delay a period of time again, and guarantees stable before the next clock period comes triggering to meet timing requirements.
In described random no-operation instruction (no-op) injection module, instruction random schedule module and random flowing water section Postponement module, required random number is provided by random number generation unit; Described random number generation unit is true Random Number Generator.
Described random no-operation instruction (no-op) injection module, instruction random schedule module and random flowing water section Postponement module all have the ability of opposing bypass attack, need in processor architecture, select the combination of wherein operational blocks which partition system to realize the ability of suitable opposing bypass attack according to design.
The invention is not restricted to aforesaid embodiment, change, the modification made under other any does not deviate from Spirit Essence of the present invention and principle, substitute, combine, simplify, the substitute mode of equivalence all should be considered as, be included in of the present invention comprising in scope.
Claims (5)
1. the anti-bypass attack processor architecture postponed based on stochastic instruction, utilize multiple stochastic instruction delay technology to resist bypass attack, it is characterized in that: comprise instruction random schedule module, random no-operation instruction (no-op) injection module, random flowing water section Postponement module, MUX, CPU (central processing unit), random-number-generating module, command memory and data-carrier store, wherein, command memory and instruction random schedule module is connected, CPU (central processing unit) respectively with MUX, random flowing water section Postponement module is connected with data-carrier store, MUX is and instruction random schedule module respectively, random no-operation instruction (no-op) injection module is connected, random-number-generating module is connected with random flowing water section Postponement module with random no-operation instruction (no-op) injection module, instruction random schedule module respectively,
Described command memory is for storing all very long instruction words needed for instruction random schedule module;
Described instruction random schedule module can random schedule is multiple can the instruction of executed in parallel out of order transmitting;
Described data-carrier store is for storing the data needed for CPU (central processing unit) execution;
Described CPU (central processing unit) for performing instruction, namely instruction execution unit, instruction execution unit is divided into again n flowing water section, n be not equal to zero natural number;
Described random no-operation instruction (no-op) injection module can be random in normal instructions implementation generation no-operation instruction (no-op) and be transmitted into CPU (central processing unit) perform; Described random no-operation instruction (no-op) injection module comprises random no-operation instruction (no-op) generation unit, control module, configuration register and shadow register are injected in random no-operation instruction (no-op); Described random no-operation instruction (no-op) generation unit can produce random no-operation instruction (no-op), and the random no-operation instruction (no-op) of generation is the data processing class instruction of monocyclic not reprogramming status register; The injection that control module is used for controlling random no-operation instruction (no-op) is injected in described random no-operation instruction (no-op), comprises and selects to inject the moment of random no-operation instruction (no-op), the quantity of the random no-operation instruction (no-op) of bolus injection; Described configuration register is used for arranging the parameter that control module is injected in random no-operation instruction (no-op), and frequency and the quantity of random no-operation instruction (no-op) are injected in adjustment; Described configuration register is addressable special register, can by software design patterns; Described configuration register has and steps up security to prevent the value of assailant's illegal modifications register from the random no-operation instruction (no-op) function of injecting of bypass; The source-register that described shadow register provides random no-operation instruction (no-op) to use and destination register; Random no-operation instruction (no-op) uses several shadow registers as source-register, is write by execution result in other shadow register simultaneously;
Described random flowing water section Postponement module can carry out random delay in the monocycle to the flowing water section operating unit of CPU (central processing unit) inside and control;
Described random-number-generating module provides random no-operation instruction (no-op) injection module, instruction random schedule module and random random number needed for flowing water section Postponement module; Described random-number-generating module is true Random Number Generator.
2. anti-bypass attack processor architecture according to claim 1, is characterized in that, described instruction random schedule module comprises instruction buffer unit and random schedule unit;
First utilize very long instruction word technique of compiling run time version is compiled into very long instruction word and is stored in command memory, every bar very long instruction word comprises the instruction of many energy executed in parallel; First very long instruction word is loaded into instruction buffer unit in the process of implementation, random schedule unit according to all instructions in random sequence successively dispatch command buffer cell and be transmitted to CPU (central processing unit) perform; After all instructions in instruction buffer unit are all called, by the automatic very long instruction word that loading one is new from command memory.
3. anti-bypass attack processor architecture according to claim 1, is characterized in that, each flowing water section of described CPU (central processing unit) inside has random delay function in single clock cycle; Carry out in each clock period of flowing water execution in instruction, when clock signal is come, each flowing water section is restarted after postponing one section of random time respectively, and guarantees all operations that completed before the next clock period comes in this cycle, to meet timing requirements; This random delay function carrys out control realization by random flowing water section Postponement module; The delay scope of each flowing water section adjusts according to clock signal frequency.
4. anti-bypass attack processor architecture according to claim 3, is characterized in that, described random flowing water section Postponement module is to the control realization of the flowing water section time delay of CPU (central processing unit) inside:
1) in each clock period that CPU (central processing unit) performs, after clock signal arrives when active, random flowing water section Postponement module be respectively each flowing water section produce independently random delay after control signal, make each flowing water section random start; 2) each flowing water intersegmental part adopts the register of band random delay Trigger Function; When clock signal is effective, the register in flowing water section can trigger after random delay a period of time again, and guarantees stable before the next clock period comes triggering to meet timing requirements.
5. anti-bypass attack processor architecture according to claim 1, it is characterized in that, described random no-operation instruction (no-op) injection module, instruction random schedule module and random flowing water section Postponement module all have the ability of opposing bypass attack, need in processor architecture, select wherein operational blocks which partition system or combination to realize resisting the ability of bypass attack according to design.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310202878.9A CN103324467B (en) | 2013-05-28 | 2013-05-28 | A kind of anti-bypass attack processor architecture postponed based on stochastic instruction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310202878.9A CN103324467B (en) | 2013-05-28 | 2013-05-28 | A kind of anti-bypass attack processor architecture postponed based on stochastic instruction |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103324467A CN103324467A (en) | 2013-09-25 |
| CN103324467B true CN103324467B (en) | 2015-09-16 |
Family
ID=49193237
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310202878.9A Active CN103324467B (en) | 2013-05-28 | 2013-05-28 | A kind of anti-bypass attack processor architecture postponed based on stochastic instruction |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103324467B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6323065B2 (en) * | 2014-02-26 | 2018-05-16 | セイコーエプソン株式会社 | Microcomputer and electronic equipment |
| TWI712915B (en) * | 2014-06-12 | 2020-12-11 | 美商密碼研究公司 | Methods of executing a cryptographic operation, and computer-readable non-transitory storage medium |
| CN104484615B (en) * | 2014-12-31 | 2017-08-08 | 清华大学无锡应用技术研究院 | Suitable for reconfigurable arrays framework based on space randomization fault-resistant attack method |
| US10019571B2 (en) * | 2016-03-13 | 2018-07-10 | Winbond Electronics Corporation | Protection from side-channel attacks by varying clock delays |
| CN106209457B (en) * | 2016-07-14 | 2019-03-12 | 北京工业大学 | Cope with the method for secret protection and system of bypass attack in smart home environment |
| CN111046381A (en) * | 2019-12-27 | 2020-04-21 | 南方电网科学研究院有限责任公司 | Embedded CPU anti-differential power consumption analysis device and method |
| CN111600873B (en) * | 2020-05-13 | 2023-03-10 | 江苏芯盛智能科技有限公司 | Method for preventing side channel attack and related device |
| CN112069514A (en) * | 2020-08-13 | 2020-12-11 | 南京低功耗芯片技术研究院有限公司 | Anti-power-consumption attack method based on register random grouping |
| FR3122747B1 (en) | 2021-05-07 | 2023-03-31 | Commissariat Energie Atomique | METHOD FOR EXECUTING A FUNCTION, SECURED BY TIME DESYNCHRONIZATION |
| CN113541922B (en) * | 2021-07-20 | 2023-02-03 | 山东大学 | Side channel attack resisting method and system based on switching network and jump algorithm instruction |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7664258B2 (en) * | 2005-12-28 | 2010-02-16 | Microsoft Corporation | Randomized sparse formats for efficient and secure computation on elliptic curves |
| CN101866401A (en) * | 2010-05-17 | 2010-10-20 | 武汉大学 | Method for resisting side channel attacks by evolutive S boxes |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8769355B2 (en) * | 2011-06-27 | 2014-07-01 | Freescale Semiconductor, Inc. | Using built-in self test for preventing side channel security attacks on multi-processor systems |
-
2013
- 2013-05-28 CN CN201310202878.9A patent/CN103324467B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7664258B2 (en) * | 2005-12-28 | 2010-02-16 | Microsoft Corporation | Randomized sparse formats for efficient and secure computation on elliptic curves |
| CN101866401A (en) * | 2010-05-17 | 2010-10-20 | 武汉大学 | Method for resisting side channel attacks by evolutive S boxes |
Non-Patent Citations (1)
| Title |
|---|
| 插入随机时延的高阶旁路攻击防御方法;张涛等;《计算机工程》;20080820;第34卷(第16期);第162-164页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103324467A (en) | 2013-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103324467B (en) | A kind of anti-bypass attack processor architecture postponed based on stochastic instruction | |
| Castelluccia et al. | On the difficulty of software-based attestation of embedded devices | |
| Daemen et al. | Protecting against statistical ineffective fault attacks | |
| US8886960B2 (en) | Microprocessor that facilitates task switching between encrypted and unencrypted programs | |
| JP2006522375A (en) | Processing action masking in data processing system | |
| TWI621963B (en) | System and method for protection from side-channel attacks by varying clock delays | |
| US11017125B2 (en) | Uniquified FPGA virtualization approach to hardware security | |
| Jovanovic et al. | A hardware preemptive multitasking mechanism based on scan-path register structure for FPGA-based reconfigurable systems | |
| CN110543766B (en) | Method for resisting control flow attack of data processor | |
| Steinegger et al. | A fast and compact RISC-V accelerator for ascon and friends | |
| CN111381869A (en) | Micro-operation cache using predictive allocation | |
| Igarashi et al. | Concurrent faulty clock detection for crypto circuits against clock glitch based DFA | |
| Patel et al. | Shield: A software hardware design methodology for security and reliability of mpsocs | |
| Péneau et al. | NOP-Oriented Programming: Should we Care? | |
| Gross et al. | Fpganeedle: Precise remote fault attacks from fpga to cpu | |
| TW202030632A (en) | Apparatus, system and method for target address encryption | |
| Hassan et al. | New asic/fpga cost estimates for sha-1 collisions | |
| Fletcher | Ascend: An architecture for performing secure computation on encrypted data | |
| CN100353703C (en) | Reconfigurable linear feedback shifting register | |
| Yu et al. | Creating Foundations for Secure Microarchitectures With Data-Oblivious ISA Extensions | |
| US20070162768A1 (en) | Electronic circuit | |
| WO2021245101A1 (en) | A computing platform for preventing side channel attacks | |
| Xu et al. | Automatic inductive invariant generation for scalable dataflow circuit verification | |
| Sunkavilli et al. | Security threats and countermeasure deployment using partial reconfiguration in fpga cad tools | |
| Zhang et al. | RAGuard: An Efficient and User-Transparent Hardware Mechanism against ROP Attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |