基于能量分析技术的芯片后门指令分析方法
|
摘要
芯片后门指令是激活硬件木马的典型方式之一,其安全风险高,影响范围广,且难于检测.本文提出了一种基于能量分析的后门指令检测方法,通过对指令分段穷举、并分别采集其能量信息,可有效区分常规指令和后门指令.实验表明,通过简单能量分析即可从能量迹中直接判定出后门指令.进一步,本文提出了一种自动化识别后门指令的相关能量分析方法,通过判断其相关系数与系数均值之间的关系,可高效、自动地完成后门指令分析.
The backdoor instruction of chip is one of the typical ways to activate hardware Trojan,which has high security risk and a wide range of impact besides being difficult to be detected.In this paper,we propose a detection method of the backdoor instruction based on power analysis technology.By utilizing the segmented exhausting process and some power traces,the backdoor instruction can be distinguished from the conventional instruction effectively.The experiments show that the backdoor instruction can be analyzed successfully from the power traces by simple power analysis(SPA).Moreover,we also present an automatic detection method for the backdoor instruction based on correlation power analysis(CPA).By comparing the correlation coefficient with the mean value of the coefficient,backdoor instruction can be analyzed efficiently and automatically.
The backdoor instruction of chip is one of the typical ways to activate hardware Trojan,which has high security risk and a wide range of impact besides being difficult to be detected.In this paper,we propose a detection method of the backdoor instruction based on power analysis technology.By utilizing the segmented exhausting process and some power traces,the backdoor instruction can be distinguished from the conventional instruction effectively.The experiments show that the backdoor instruction can be analyzed successfully from the power traces by simple power analysis(SPA).Moreover,we also present an automatic detection method for the backdoor instruction based on correlation power analysis(CPA).By comparing the correlation coefficient with the mean value of the coefficient,backdoor instruction can be analyzed efficiently and automatically.
引文
[1] Yang K,Hicks M,Dong Q,et al.A2: Analog malicious hardware[A].IEEE/S&P Security and Privacy[C].California,USA: IEEE,2016.18-37.
[2] Sergei Skorobogatov,Christopher Woods.Breakthrough silicon scanning discovers backdoor in military chip[A].Workshop on Cryptographic Hardware and Embedded Systems (CHES)[C].Germany: Springer,2012.23-40.
[3] 忽朝俭,薛一波,赵粮,等.无文件系统嵌入式固件后门检测[J].通信学报,2013,34(8):140-145.Hu Chao-jian,Xue Yi-bo,Zhao Liang,et al.Backdoor detection in embedded system firmware without file system[J].Journal on Communications,2013,34(8):140-145.(in Chinese).
[4] R Torrance,D James.The state-of-the-art in IC reverse engineering[A].Workshop on Cryptographic Hardware and Embedded Systems (CHES)[C].Germany: Springer,2009.363-381.
[5] S Jha,S K Jha.Randomization based probabilistic approach to detect trojan circuits[A].IEEE High Assurance System Engineering Symp[C].California,USA: IEEE,2008.117-124.
[6] M Banga,M Hslao.A region based approach for the identification of hardware trojans[A].Workshop on Hardware-Oriented Security and Trust (HOST)[C].California,USA: IEEE,2008.40-47.
[7] Paul C Kocher,Joshua Jaffe,Benjamin Jun.Differential power analysis[A].Annual International Cryptology Conference[C].Germany:Springer,1999.388-397.
[8] Clavier C,Reynaud L.Improved blind side-channel analysis by exploitation of joint distributions of leakages[A].Workshop on Cryptographic Hardware and Embedded Systems[C].Germany: Springer,2017.24-44.
[9] 杜之波,吴震,王敏,等.基于SM3的动态令牌的能量分析攻击方法[J].通信学报,2017,38(3):65-72.Du Zhi-bo,Wu Zhen,Wang Min,et al.Power analysis attack of dynamic password token based on SM3[J].Journal on Communications,2017,38(3):65-72.(in Chinese)
[10] Stefan Mangard,Elisabe Thoswald,Thomas Popp.能量分析攻击[M].冯登国,周永彬,刘继业,等,译.北京:科学出版社,2010.100-111.
[2] Sergei Skorobogatov,Christopher Woods.Breakthrough silicon scanning discovers backdoor in military chip[A].Workshop on Cryptographic Hardware and Embedded Systems (CHES)[C].Germany: Springer,2012.23-40.
[3] 忽朝俭,薛一波,赵粮,等.无文件系统嵌入式固件后门检测[J].通信学报,2013,34(8):140-145.Hu Chao-jian,Xue Yi-bo,Zhao Liang,et al.Backdoor detection in embedded system firmware without file system[J].Journal on Communications,2013,34(8):140-145.(in Chinese).
[4] R Torrance,D James.The state-of-the-art in IC reverse engineering[A].Workshop on Cryptographic Hardware and Embedded Systems (CHES)[C].Germany: Springer,2009.363-381.
[5] S Jha,S K Jha.Randomization based probabilistic approach to detect trojan circuits[A].IEEE High Assurance System Engineering Symp[C].California,USA: IEEE,2008.117-124.
[6] M Banga,M Hslao.A region based approach for the identification of hardware trojans[A].Workshop on Hardware-Oriented Security and Trust (HOST)[C].California,USA: IEEE,2008.40-47.
[7] Paul C Kocher,Joshua Jaffe,Benjamin Jun.Differential power analysis[A].Annual International Cryptology Conference[C].Germany:Springer,1999.388-397.
[8] Clavier C,Reynaud L.Improved blind side-channel analysis by exploitation of joint distributions of leakages[A].Workshop on Cryptographic Hardware and Embedded Systems[C].Germany: Springer,2017.24-44.
[9] 杜之波,吴震,王敏,等.基于SM3的动态令牌的能量分析攻击方法[J].通信学报,2017,38(3):65-72.Du Zhi-bo,Wu Zhen,Wang Min,et al.Power analysis attack of dynamic password token based on SM3[J].Journal on Communications,2017,38(3):65-72.(in Chinese)
[10] Stefan Mangard,Elisabe Thoswald,Thomas Popp.能量分析攻击[M].冯登国,周永彬,刘继业,等,译.北京:科学出版社,2010.100-111.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |