CN103997402B - A kind of encryption chip Testing Method of Safety and device - Google Patents
A kind of encryption chip Testing Method of Safety and device Download PDFInfo
- Publication number
- CN103997402B CN103997402B CN201410240453.1A CN201410240453A CN103997402B CN 103997402 B CN103997402 B CN 103997402B CN 201410240453 A CN201410240453 A CN 201410240453A CN 103997402 B CN103997402 B CN 103997402B
- Authority
- CN
- China
- Prior art keywords
- attacked
- encryption
- parameter
- chip
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 58
- 238000002347 injection Methods 0.000 claims abstract description 34
- 239000007924 injection Substances 0.000 claims abstract description 34
- 238000000034 method Methods 0.000 claims abstract description 22
- 238000004422 calculation algorithm Methods 0.000 claims description 58
- 238000004364 calculation method Methods 0.000 claims description 19
- 238000013461 design Methods 0.000 claims description 15
- 239000013598 vector Substances 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 6
- 238000003780 insertion Methods 0.000 claims description 4
- 230000037431 insertion Effects 0.000 claims description 4
- 230000008859 change Effects 0.000 abstract description 5
- 230000035945 sensitivity Effects 0.000 abstract 2
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000006698 induction Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011056 performance test Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000010835 comparative analysis Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000012854 evaluation process Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 238000010884 ion-beam technique Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention is applied to testing field, there is provided a kind of encryption chip Testing Method of Safety and device, the method include:According to the AES of the encryption chip, determine that error injection in AES attacks by attack parameter;Search in the encryption chip to calculate the sensitivity register related by attack parameter simultaneously interleave scan chain;Make to be attacked chip operation in test mode, by the scanning output security that encryption chip is determined by the scanning output result of attack parameter.The embodiment of the present invention due to using scan chain be inserted into by the related sensitivity register of attack parameter such that it is able to acquisition, so as to more intuitively judge whether to produce effective mistake, effectively improves the testing efficiency of encryption chip security by the change of attack parameter.
Description
Technical Field
The invention belongs to the field of testing, and particularly relates to a method and a device for testing the security performance of an encryption chip.
Background
With the development of communication technology, information security also becomes more and more important. Although there are complex encryption and decryption algorithms and key protection mechanisms in the chip, the chip is still vulnerable to induced error attacks, thereby causing leakage of data content in the chip.
In order to avoid data leakage when the chip is subjected to induced error attack, for example, leakage of a private key, it is necessary to test the security and stability of an encryption circuit in the secure chip. The error injection attack is a widely used security performance test method for evaluating the fault tolerance of the encryption chip and the influence of the fault on the encryption chip.
The principle of the error injection attack of the encryption chip is as follows: the method for analyzing the key information is characterized in that a certain error is artificially injected, and the key information is analyzed according to an error transmission mechanism and an encryption and decryption result. Common induced errors for injection include, among others: voltage and clock glitch errors, laser induced errors, X-ray and ion beam implantation errors.
However, due to uncertainty in time and space of the current error injection technology, on one hand, internal changes caused by injected errors cannot be effectively reflected in output results, and on the other hand, in practical application, it is difficult to analyze and judge a mechanism for generating errors only by the output encryption and decryption results. Therefore, the testing efficiency of the existing encryption chip testing method is low.
Disclosure of Invention
The embodiment of the invention aims to provide a security performance testing method for an encryption chip, which aims to solve the problem that in the testing process of the encryption chip in the prior art, internal changes generated by injected errors cannot be reflected in an output result, and the mechanism generating errors is difficult to analyze and judge only by outputting an encryption and decryption result, so that the testing efficiency of the prior encryption chip is low.
The embodiment of the invention is realized in such a way that a method for testing the security performance of an encryption chip comprises the following steps:
determining attacked parameters of error injection attack in the encryption algorithm according to the encryption algorithm of the encryption chip;
searching a sensitive register related to the calculation of the attacked parameter in the encryption chip according to the attacked parameter of the error injection attack;
inserting a scan chain into a sensitive register related to the calculation of the attacked parameter;
scanning and outputting a scanning output result of the attacked parameter according to the input test vector and the error injection attack;
and comparing the attacked scan output result with an expected scan output result, and determining the security of the encryption chip according to the comparison result.
Another objective of an embodiment of the present invention is to provide a device for testing security performance of an encrypted chip, where the device includes:
the attacked parameter determining unit is used for determining attacked parameters of error injection attack in the encryption algorithm according to the encryption algorithm of the encryption chip;
the sensitive register searching unit is used for searching a sensitive register related to the calculation of the attacked parameter in the encryption chip according to the attacked parameter of the error injection attack;
the scan chain inserting unit is used for inserting a scan chain into a sensitive register related to the calculation of the attacked parameter;
the result output unit is used for scanning and outputting the scanning output result of the attacked parameter according to the input test vector and the error injection attack;
and the security determining unit is used for comparing the attacked scanning output result with an expected scanning output result and determining the security of the encryption chip according to the comparison result.
In the embodiment of the invention, the attacked parameter of the injected error attack is determined according to the encryption algorithm of the chip, the relevant register used for calculating the attacked parameter is searched according to the attacked parameter, the register is called as a sensitive register, the sensitive register is inserted into a scan chain, the change result of the attacked parameter caused by the injected error attack is scanned and output, the output result of the attacked parameter is compared with the expected scan output result, and the safety of the encryption chip is determined. According to the embodiment of the invention, the sensitive register is inserted into the scan chain, so that the change of the attacked parameter can be acquired, whether an effective error is generated or not can be judged more visually, and the testing efficiency of the security of the encryption chip is effectively improved.
Drawings
Fig. 1 is a flowchart of an implementation of a method for testing security performance of an encrypted chip according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a security performance test of an encryption chip according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a security performance testing apparatus for an encrypted chip according to an embodiment of the present invention;
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The method for testing the security performance of the encryption chip can be used for security evaluation in the design stage of the encryption chip and can also be used for actual test of the encryption chip.
In the safety evaluation process of the design stage, under the condition that errors are artificially introduced into the gate-level netlist, a scan output result aiming at attacked parameters and generated by error attack can be obtained through simulation, and whether the encryption algorithm of the design stage meets the safety requirement or not can be obtained according to the comparison between the result and an expected scan output result.
In the actual test process, the change result of the attacked parameter can be obtained according to the scan chain which is inserted in the chip in advance and is positioned at the sensitive register, and whether the chip meets the safety requirement can be tested by performing comparative analysis according to the output result of the scan chain. The following examples are given for illustrative purposes.
Fig. 1 shows an implementation flow of the method for testing the security performance of the cryptographic chip according to the embodiment of the present invention, which is detailed as follows:
in step S101, according to the encryption algorithm of the encryption chip, an attacked parameter of the error injection attack in the encryption algorithm is determined.
Specifically, since the embodiment of the present invention may be used in a design stage of an encryption chip and a test stage of the encryption chip, the encryption chip described in the embodiment of the present invention may also be referred to as an encryption design for the chip (the chip is a finished product that needs to be designed and is produced through tape-out) in the encryption design stage of the chip, and is referred to as an encryption chip in the test stage of the chip, and is collectively referred to as an encryption chip for convenience of description.
The chip encryption algorithm described in the embodiment of the present invention is not limited to an encryption algorithm, and may be a symmetric encryption algorithm AES or DES, an asymmetric encryption algorithm RSA or ECC, or of course, another type of algorithm, such as a national and commercial cryptographic algorithm, etc.
Among them, the AES Encryption algorithm (its english is called Advanced Encryption Standard, and chinese is called Advanced Encryption Standard) is based on permutation and permutation operations. Permutation is the rearrangement of data, and permutation is the replacement of one data element by another. AES uses several different methods to perform permutation and permutation operations.
AES is an iterative, symmetric key-block cipher that can use 128, 192, and 256 bit keys and encrypt and decrypt data in 128 bit (16 byte) blocks. Symmetric key ciphers use the same key to encrypt and decrypt data, as opposed to public key ciphers using a key pair. The number of bits of the encrypted data returned by the block cipher is the same as the input data. Iterative encryption uses a loop structure in which input data is repeatedly replaced and replaced.
The DES (Data Encryption Algorithm is used for english) is a symmetric Encryption Algorithm, is the most widely used key system, and is particularly used for protecting the security of financial Data.
DES uses a 56-bit key with an additional 8-bit parity bit (the 8 th bit of each group as the parity bit), resulting in a maximum packet size of 64 bits. This is an iterative block cipher using a technique known as Feistel in which the encrypted text block is divided in half. Applying a round function to one half of the sub-keys, and then performing exclusive-or operation on the output and the other half; the two halves are then swapped and the process continues, but the last cycle is not swapped. DES uses 16 rounds of rotation, uses XOR, permutation, substitution, and shift operations, four basic operations.
The RSA, public key cryptosystem. The so-called public key cryptosystem uses different encryption and decryption keys, and is a cryptosystem in which it is computationally infeasible to derive a decryption key from a known encryption key.
In a public key cryptosystem, an encryption key (i.e., a public key) is public information, and a decryption key (i.e., a secret key) is required to be kept secret. Both encryption and decryption algorithms are also disclosed. Although the secret key is determined by the public key, the secret key cannot be calculated from the public key.
The ECC (English is called Elliptic currves Cryptography and Chinese is called Elliptic curve Cryptography) encryption algorithm, the mathematical theory of the ECC algorithm is very profound and complicated, and is difficult to realize in engineering application, but the unit safety intensity of the ECC is relatively high.
The attacked parameters of the error injection attack in the encryption algorithm are determined according to the encryption algorithm of the encryption chip, and the attacked parameters are different according to different encryption algorithms, for example, in the RSA encryption algorithm of CRT (English is called Chinese remainders the theory), only one of the exponentiations (S)POr SQ) If an error occurs, the key can be successfully deduced. Thus, for an attacked parameter in the RSA-CRT encryption algorithm, it can be SPOr may be SQ。
For other encryption algorithms, the attacked parameters can be correspondingly determined according to the error attack injection parameters corresponding to the encryption algorithms.
In step S102, according to the attacked parameter of the error injection attack, a sensitive register related to the calculation of the attacked parameter in the cryptographic chip is searched.
Specifically, the injection fault attack may include, but is not limited to, a heavy ion fault attack, a laser irradiation fault attack, an X-ray fault attack, and the like.
The sensitive register related to the calculation of the attacked parameter in the encryption chip is searched, a factor related to the calculation of the attacked parameter can be obtained according to the expression of the attacked parameter, and the register storage space defined by the related factor is the sensitive register.
In step S103, a scan chain is inserted into the sensitive register related to the calculation of the attacked parameter.
Specifically, according to a safety Design for testability tool (DFST, generally called Design for SafeTestability in english), a scan chain is inserted into a sensitive register related to the calculation of the attacked parameter.
The Scan chain (English is called Scan chain) is an implementation technology of testability design. The circuit is provided with a shift register, so that a tester can externally control and observe the signal value of a trigger in the circuit.
In step S104, a scan output result of the attacked parameter is scanned out according to the input test vector and the error injection attack.
The test vectors may be generated using an automated test vector tool, such as TeraMax.
In step S105, the attacked scanout result is compared with the expected scanout result, and the security of the cryptographic chip is determined according to the comparison result.
The sensitive registers are registers related to calculation of attacked parameters, other registers which are not related to calculation of attacked parameters, and key registers do not need to be inserted into a scan chain.
The advantage of doing so is that on the one hand can avoid leading to the secret key of chip to reveal because of the insertion of scan chain, on the other hand induces under the wrong injection experiment, can judge the security degree of this safety chip fast through scan test under test mode.
Wherein, the step of comparing the attacked scan output result with the expected scan output result and determining the security of the encryption chip according to the comparison result comprises:
comparing the attacked scan output result with the expected scan output result, and judging whether the two are the same;
if the encryption chips are the same, the security of the encryption chips passes test verification;
if not, the encryption chip fails the security test.
And the expected scan output result is a normal result output by the attacked parameter when the encryption chip receives the test vector input.
The following description is made by taking a specific 1024-bit CRT-RSA encryption algorithm as an example, it should be understood that the CRT-RSA encryption algorithm is only one embodiment, and those skilled in the art may also find other similar design ways, which should fall within the protection scope of the present invention.
Let a and b be pre-calculated values, p and q are two prime numbers, n ═ p × q, d are private key parameters, and:
and
and defines:
dp=d (mod p-1)
dq=d (mod q-1)
the RSA signature can be expressed as:
s=a·sp+b·sq(mod N),
wherein,
if s ispOr sqOne of which has an error, e.g. sqAn error occurs, then the wrong signature result can be expressed as:
s′=a·sp+b·s′q(mod N),
subtracting the correct signature result and the incorrect signature result may result in: Δ ═ s-s' ═ b(s)q-s′q) (modn), p can be calculated by a simple operation to obtain the key information: gcd (Δ, n) ═ p.
Therefore, for the CRT-RSA encryption algorithm, s is selected and calculatedpOr sqThe register of the relevant parameter is a sensitive register and is inserted into the scan chain, and the register is prevented from being inserted into the key, so that the potential safety hazard caused by the transmission scan chain can be eliminated, and the testability and observability of the sensitive area in the security chip are ensured.
In addition, by combining a safety testability design method DFST and an induced error injection technology, the method can quickly evaluate the safety of the encryption chip, accurately position the weak point of the chip and provide powerful reference for the defense design of the encryption chip when carrying out error injection test on the encryption chip with a specific scan chain.
Fig. 2 is a schematic structural diagram of a security performance testing method for an encryption chip according to an embodiment of the present invention, and as shown in fig. 2, a test vector generation tool generates a CRT-RSA test vector, where the test vector may be generated by TetraMax, and the generated test vector is input to the chip. The encryption chip stores an encryption and decryption algorithm, and a scan chain is inserted into the sensitive register by injecting an attack by an induction method. Through the input of the test vector and the injection of the induction error, the change of the sensitive parameter is monitored by the scan chain, the output vector of the sensitive parameter is output and compared with the expected result of the test mode file, if the result is the same, the interference of the induction error is not generated, and the safety performance of the chip is good.
Fig. 3 is a schematic structural diagram of an encryption chip security testing apparatus according to an embodiment of the present invention, where the encryption chip security testing apparatus according to the embodiment of the present invention includes:
an attacked parameter determining unit 301, which determines attacked parameters of the error injection attack in the encryption algorithm according to the encryption algorithm of the encryption chip;
a sensitive register searching unit 302, configured to search, according to the attacked parameter of the error injection attack, a sensitive register related to calculating the attacked parameter in the cryptographic chip;
a scan chain insertion unit 303, configured to insert a scan chain in a sensitive register related to the calculation of the attacked parameter;
a result output unit 304, configured to scan out a scan output result of the attacked parameter according to the input test vector and the error injection attack;
and a security determination unit 305 for comparing the attacked scan output result with an expected scan output result, and determining the security of the cryptographic chip according to the comparison result.
Specifically, optionally, the encryption algorithm is a symmetric encryption algorithm or an asymmetric encryption algorithm.
More specifically, the encryption algorithm of the chip is a CRT-RSA encryption algorithm, and the attacked parameter determining unit is specifically configured to:
according to the signature expression of CRT-RSA encryption: a is·sp+b·sq(modn) determining an attacked parameter s for an error injection attack in said CRT-RSA cryptographic algorithmpOr sqWherein dp=d(modp-1),dq=d(modq-1),where p and q are two prime numbers, m is a message used for encryption, n is p q, and d is a private key parameter.
Specifically, the security determination unit includes:
the comparison subunit is used for comparing the attacked scan output result with the expected scan output result and judging whether the attacked scan output result and the expected scan output result are the same;
the first verification subunit is used for verifying the security of the encryption chip through testing if the encryption chips are the same;
and the second verification subunit is used for failing to pass the security test if the two are not the same.
Preferably, the scan chain insertion unit is specifically configured to: according to a design for testability tool, a scan chain is inserted in a sensitive register relevant to calculating the attacked parameter.
The encryption chip security testing apparatus shown in fig. 3 corresponds to the encryption chip security testing method shown in fig. 1, and is not repeated here.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A method for testing the security performance of an encryption chip is characterized by comprising the following steps:
determining attacked parameters of error injection attack in the encryption algorithm according to the encryption algorithm of the encryption chip;
searching a sensitive register related to the calculation of the attacked parameter in the encryption chip according to the attacked parameter of the error injection attack, wherein the sensitive register is a register storage space defined by a factor related to the calculation of the attacked parameter obtained according to an expression of the attacked parameter;
inserting a scan chain into a sensitive register related to the calculation of the attacked parameter;
scanning and outputting a scanning output result of the attacked parameter according to the input test vector and the error injection attack;
and comparing the attacked scan output result with an expected scan output result, and determining the security of the encryption chip according to the comparison result.
2. The method of claim 1, wherein the encryption algorithm is a symmetric encryption algorithm or an asymmetric encryption algorithm.
3. The method according to claim 1 or 2, wherein the encryption algorithm of the chip is a CRT-RSA encryption algorithm, and the determining the attacked parameter of the error injection attack in the encryption algorithm according to the encryption algorithm of the encryption chip comprises:
according to the signature expression of CRT-RSA encryption: s is a.sp+b·sq(modn) determining an attacked parameter s for an error injection attack in said CRT-RSA cryptographic algorithmpOr sqWherein dp=d(modp-1),dq=d(modq-1),where p and q are two prime numbers, m is a message used for encryption, n is p q, and d is a private key parameter.
4. The method of claim 1, wherein the step of comparing the attacked scanout result with the expected scanout result and determining the security of the cryptographic chip according to the comparison result comprises:
comparing the attacked scan output result with the expected scan output result, and judging whether the two are the same;
if the encryption chips are the same, the security of the encryption chips passes test verification;
if not, the encryption chip fails the security test.
5. The method according to claim 1, wherein the step of inserting scan chains in sensitive registers related to the calculation of the attacked parameters is specifically:
the sensitive registers that are looked up are inserted into the scan chain according to the design for testability tool.
6. An encryption chip security performance testing device, characterized in that the device comprises:
the attacked parameter determining unit is used for determining attacked parameters of error injection attack in the encryption algorithm according to the encryption algorithm of the encryption chip;
the sensitive register searching unit is used for searching a sensitive register related to calculation of the attacked parameter in the encryption chip according to the attacked parameter of the error injection attack, wherein the sensitive register is a register storage space defined by a factor related to calculation of the attacked parameter obtained according to an expression of the attacked parameter;
the scan chain inserting unit is used for inserting a scan chain into a sensitive register related to the calculation of the attacked parameter;
the result output unit is used for scanning and outputting the scanning output result of the attacked parameter according to the input test vector and the error injection attack;
and the security determining unit is used for comparing the attacked scanning output result with an expected scanning output result and determining the security of the encryption chip according to the comparison result.
7. The apparatus of claim 6, wherein the encryption algorithm is a symmetric encryption algorithm or an asymmetric encryption algorithm.
8. The apparatus according to claim 6 or 7, wherein the encryption algorithm of the chip is a CRT-RSA encryption algorithm, and the attacked parameter determining unit is specifically configured to:
according to the signature expression of CRT-RSA encryption: s is a.sp+b·sq(modn) determining an attacked parameter s for an error injection attack in said CRT-RSA cryptographic algorithmpOr sqWherein dp=d(modp-1),dq=d(modq-1),where p and q are two prime numbers, m is a message used for encryption, n is p q, and d is a private key parameter.
9. The apparatus of claim 6, wherein the security determination unit comprises:
the comparison subunit is used for comparing the attacked scan output result with the expected scan output result and judging whether the attacked scan output result and the expected scan output result are the same;
the first verification subunit is used for verifying the security of the encryption chip through testing if the encryption chips are the same;
and the second verification subunit is used for failing to pass the security test if the two are not the same.
10. The apparatus according to claim 6, wherein the scan chain insertion unit is specifically configured to: the sensitive registers that are looked up are inserted into the scan chain according to the design for testability tool.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410240453.1A CN103997402B (en) | 2014-05-30 | 2014-05-30 | A kind of encryption chip Testing Method of Safety and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410240453.1A CN103997402B (en) | 2014-05-30 | 2014-05-30 | A kind of encryption chip Testing Method of Safety and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103997402A CN103997402A (en) | 2014-08-20 |
| CN103997402B true CN103997402B (en) | 2017-06-23 |
Family
ID=51311413
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410240453.1A Active CN103997402B (en) | 2014-05-30 | 2014-05-30 | A kind of encryption chip Testing Method of Safety and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103997402B (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104660466B (en) * | 2015-02-06 | 2018-02-09 | 深圳先进技术研究院 | A kind of safety detecting method and system |
| GB2537876A (en) * | 2015-04-29 | 2016-11-02 | Advanced Risc Mach Ltd | Error protection key generation method and system |
| CN104836808B (en) * | 2015-05-12 | 2017-12-15 | 中国科学院软件研究所 | Based on the SM2 signature algorithm security verification methods for improving difference fault analysis |
| CN105045695B (en) * | 2015-08-17 | 2018-08-10 | 大唐微电子技术有限公司 | A kind of chip enters guard method and the system of test pattern |
| CN105376058B (en) * | 2015-10-08 | 2018-08-10 | 深圳先进技术研究院 | A kind of security assessment method and device of the hardware based on RSA Algorithm |
| CN107966644A (en) * | 2017-10-23 | 2018-04-27 | 北京中电华大电子设计有限责任公司 | A kind of test pattern guard method of random key and circuit |
| CN108173645B (en) * | 2017-12-27 | 2021-02-02 | 中国科学院国家空间科学中心 | Security detection method and device for password chip |
| US11055409B2 (en) * | 2019-01-06 | 2021-07-06 | Nuvoton Technology Corporation | Protected system |
| CN110020558A (en) * | 2019-04-09 | 2019-07-16 | 长沙理工大学 | A kind of safe crypto chip Testability Design structure under boundary scan design environment |
| CN110247929B (en) * | 2019-06-28 | 2021-06-11 | 兆讯恒达科技股份有限公司 | Method for preventing injection type attack of elliptic encryption algorithm coprocessor |
| CN110598398B (en) * | 2019-08-26 | 2021-03-19 | 浙江大学 | Chip security evaluation method based on steady-state fault |
| CN110798305B (en) * | 2019-09-24 | 2023-05-30 | 瓦戈科技有限公司 | Fault analysis defense method, electronic equipment and readable storage medium |
| CN112000996B (en) * | 2020-10-28 | 2021-06-18 | 南京邮电大学 | Method for preventing differential cryptanalysis attack |
| CN112506730B (en) * | 2020-11-10 | 2022-11-01 | 中国人民解放军战略支援部队信息工程大学 | Verification platform and verification method suitable for network switching chip ECC function verification |
| CN116400199B (en) * | 2023-06-05 | 2023-09-15 | 中国汽车技术研究中心有限公司 | Chip clock burr fault injection cross-validation test method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103530566A (en) * | 2013-10-21 | 2014-01-22 | 中国科学院深圳先进技术研究院 | System for detecting safety performance of safety chip under induced error attacks |
-
2014
- 2014-05-30 CN CN201410240453.1A patent/CN103997402B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103530566A (en) * | 2013-10-21 | 2014-01-22 | 中国科学院深圳先进技术研究院 | System for detecting safety performance of safety chip under induced error attacks |
Non-Patent Citations (2)
| Title |
|---|
| Secure Scan: A Design-for-Test Architecture for Crypto Chips;Bo Yang et al.;《IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS》;20061031;第25卷(第10期);全文 * |
| Security evaluation at design time against optical fault injection attacks;H. Li and S. Moore;《IEE Proceedings - Information Security》;20060331;第153卷(第1期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103997402A (en) | 2014-08-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103997402B (en) | A kind of encryption chip Testing Method of Safety and device | |
| US11251935B2 (en) | Multiplicative blinding for cryptographic operations | |
| JP6366595B2 (en) | Method and system for anti-glitch cryptographic discrete log-based signature | |
| Kocher et al. | Introduction to differential power analysis | |
| Lashermes et al. | A DFA on AES based on the entropy of error distributions | |
| Pahlevanzadeh et al. | Assessing CPA resistance of AES with different fault tolerance mechanisms | |
| Da Rolt et al. | A new scan attack on rsa in presence of industrial countermeasures | |
| KR100546375B1 (en) | Interdependent parallel processing hardware cryptographic engine providing for enhanced self fault-detecting and hardware encryption processing method thereof | |
| Bedoui et al. | An improvement of both security and reliability for AES implementations | |
| CN112653546A (en) | Fault attack detection method based on power consumption analysis | |
| Cabrera Aldaya et al. | Side‐channel analysis of the modular inversion step in the RSA key generation algorithm | |
| El Hennawy et al. | LEA: link encryption algorithm proposed stream cipher algorithm | |
| Putra et al. | Revealing AES Encryption Device Key on 328P Microcontrollers with Differential Power Analysis. | |
| CN105703896A (en) | Method for detecting resistance of HAS-160 algorithm to differential fault attack | |
| Gebotys et al. | Preaveraging and carry propagate approaches to side-channel analysis of HMAC-SHA256 | |
| Mischke et al. | Fault sensitivity analysis meets zero-value attack | |
| Steffen et al. | In-depth analysis of side-channel countermeasures for crystals-kyber message encoding on arm cortex-m4 | |
| EP3664359A1 (en) | A computation device using shared shares | |
| Oku et al. | A robust scan-based side-channel attack method against HMAC-SHA-256 circuits | |
| JP2005340892A (en) | Encryption circuit | |
| Saraswat et al. | Remote cache-timing attacks against aes | |
| Abdul-Latip et al. | Fault analysis of the KATAN family of block ciphers | |
| Prouff et al. | First-order side-channel attacks on the permutation tables countermeasure | |
| Bae et al. | A practical analysis of fault attack countermeasure on AES using data masking | |
| Park et al. | A Fault-Resistant AES Implementation Using Differential Characteristic of Input and Output. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BUSINESS PASSWORD TEST CENTER STATE CRYPTOGRAPHY A Effective date: 20150113 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| C53 | Correction of patent for invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Shao Cuiping Inventor after: Li Huiyun Inventor after: Xu Guoqing Inventor after: Li Dawei Inventor after: Luo Peng Inventor before: Shao Cuiping Inventor before: Li Huiyun Inventor before: Xu Guoqing |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: SHAO CUIPING LI HUIYUN XU GUOQING TO: SHAO CUIPING LI HUIYUN XU GUOQING LI DAWEI LUO PENG |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20150113 Address after: 1068 No. 518000 Guangdong city in Shenzhen Province, Nanshan District City Xili University School Avenue Applicant after: Shenzhen Institutes of Advanced Technology, Chinese Academy of Science Applicant after: State Cryptography Administration Commercial Code Testing Center Address before: 1068 No. 518000 Guangdong city in Shenzhen Province, Nanshan District City Xili University School Avenue Applicant before: Shenzhen Institutes of Advanced Technology, Chinese Academy of Science |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |