ارائه یک مکانیزم درون تراشه برای تشخیص حملات زنجیره پویش در تراشههای رمزنگاری
الموضوعات :فاطمه جمالی زواره 1 , حاکم بیتالهی 2
1 - دانشگاه علم و صنعت ایران
2 - دانشگاه علم و صنعت ايران
الکلمات المفتاحية: امنیت سختافزارآزمونپذیریحملات مبتنی بر زنجیره پویش,
ملخص المقالة :
با پیدایش تراشههای رمزنگاری، حملات کانال جانبی تهدید جدیدی علیه الگوریتمهای رمزنگاری و سیستمهای امنیتی به شمار میروند. حملات کانال جانبی به ضعفهای محاسباتی الگوریتمها کاری نداشته و از ضعفهای پیادهسازی استفاده مینمایند. زنجیره پویش که در آزمون تراشهها کاربرد گستردهای دارد، یکی از این کانالهای جانبی است. برای جلوگیری از حمله با استفاده از زنجیره پویش، میتوان ارتباط زنجیرههای پویش را پس از آزمون ساخت از بین برد اما این روش، امکان آزمون پس از ساخت و همچنین بهروزرسانی مدارها را غیر ممکن میسازد. بنابراین باید علاوه بر حفظ آزمونپذیری زنجیره پویش، به دنبال روشی برای جلوگیری از حملات کانال جانبی ناشی از آن بود. در این مقاله روشی ارائه شده که بتواند حمله مهاجم را شناسایی کند و از حمله با استفاده از زنجیره پویش جلوگیری نماید. در این روش با مجازشماری کاربر، خروجی متناسب، تولید شده و از دسترسی مهاجم به اطلاعات حساس جلوگیری خواهد گردید. روش ارائهشده با سربار مساحت کمتر از 1%، سربار توان مصرفی ایستای حدود 1% و سربار تأخیر ناچیز، قابلیت آزمونپذیری را حفظ کرده و میتواند از حملات مبتنی بر زنجیره پویش تفاضلی و مبتنی بر امضا بهتر از روشهای پیشین جلوگیری کند.
[1] Y. Bo, W. Kaijie, and R. Karri, "Scan-based side-channel attack on dedicated hardware implementations of data encryption standard," in Proc. IEEE Int. Test Conf., ITC'04, pp. 339-344, Washington DC, USA, 26-28 Oct. 2004.
[2] Y. Bo, W. Kaijie, and R. Karri, "Secure scan: a design-for-test architecture for crypto chips," IEEE Trans. CAD Integr. Cir. Syst., vol. 25, no. 10, pp. 2287-2293, Oct. 2006.
[3] H. Kodera, M. Yanagisawa, and N. Togawa, "Scan-based attack against DES cryptosystems using scan signatures," in Proc. Asia Pacific Conf. Cir. Syst., APCCAS'12, pp. 2-5, Kaohsiung, Taiwan, 2-5 Dec. 2012.
[4] R. Nara, N. Togawa, M. Yanagisawa, and T. Ohtsuki, "A scan-based attack based on discriminators for AES cryptosystems," IEICE Trans. on Fundamentals Electronics, Communications and Computer Sciences, vol. E92-A, no. 12, pp. 3229-3237, Dec. 2009.
[5] R. Nara, N. Togawa, M. Yanagisawa, and T. Ohtsuki, "Scan-based attack against elliptic curve cryptosystems," in Proc. of Asia and South Pacific Des. Autom. Conf., ASP-DAC'10, pp. 407-412, Taipei, Taiwan, 18-21 Jan. 2010.
[6] R. Nara, K. Satoh, M. Yanagisawa, and N. Togawa, "Scan-based sidechannel attack against RSA cryptosystems using scan signatures," IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences, vol. E93-A, no. 12, pp. 2481-2489, Dec. 2010.
[7] K. S. Kumar, K. Lodha, S. R. Sahoo, and K. K. Mahapatra, "On-chip comparison based secure output response compactor for scan-based attack resistance," in Proc. Int. Conf. on VLSI Systems, Architecture, Technology and Applications, VLSI-SATA'15, 6 pp., Bangalore, India, 8-10 Jan. 2015.
[8] A. Mehta, D. Saif, and R. Rashidzadeh, "A hardware security solution against scan-based attacks," IEEE Int. Symp. on Circuits and Systems, ISCAS'16, pp. 1698-1701, May 2016.
[9] J. Da Rolt, A. Das, G. Di Natale, M. L. Flottes, B. Rouzeyre, and I. Verbauwhede, "Test versus security: past and present," IEEE Trans. on Emerging Topics in Computing, vol. 2, no. 1, pp. 50-62, Mar. 2014.
[10] J. D. Rolt, G. D. Natale, M. L. Flottes, and B. Rouzeyre, "Scan attacks and countermeasures in presence of scan response compactors," in Proc. 16th IEEE European Test Symp., ETS'11, Annecy, France, pp. 19-24, May 2011.
[11] J. D. Rolt, G. D. Natale, M. Flottes, and B. Rouzeyre, "Are advanced DFT structures sufficient for preventing scan-attacks?" in Proc. of the IEEE VLSI Test Symp., VTS'12, pp. 246-251, Maui, HI, USA, Apr. 2012.
[12] J. D. Rolt, G. D. Natale, M. Flottes, and B. Rouzeyre, "Are advanced DFT structures sufficient for preventing scan-attacks?" in Proc. IEEE VLSI Test Symp., VTS'12, pp. 246-251, Maui, HI, USA, 23-25 Apr. 2012.
[13] A. Cui, Y. Luo, and C. H. Chang, "Static and dynamic obfuscations of scan data against scan-based side-channel attacks," IEEE Trans. on Information Forensics and Security, vol. 12, no. 2, pp. 363-376, Feb. 2017.
[14] G. Sengar, D. Mukhopadhyay, and D. R. Chowdhury, "Secured flipped scan-chain model for crypto-architecture," IEEE Trans. on Computer Aided Design of Integrated Circuits and Systems, vol. 26, no. 11, pp. 2080-2084, Nov. 2007.
[15] Y. Shi, N. Togawa, M. Yanagisawa, and T. Ohtsuki, "Robust secure scan design against scan-based differential cryptanalysis," IEEE Trans. on Very Large Scale Integration (VLSI) Systems, vol. 20, no. 1, pp. 176-181, Jan. 2012.
[16] M. Agrawal, S. Karmakar, D. Saha, and D. Mukhopadhyay, "Scan based side channel attacks on stream ciphers and their counter-measures," in Proc. 9th Annual Int. Conf. on Cryptology in India, Kharagpu, India, pp. 226-238, Dec. 2009.
[17] Y. Atobe, Y. Shi, M. Yanagisawa, and N. Togawa, "Dynamically changeable secure scan architecture against scan_based side channel attack," in Proc. Int. SoC Design Conf., ISOCC'12, pp. 155-158, Jeju Island, Korea, 4-7 Nov. 2012.
[18] Y. Atobe, Y. Shi, M. Yanagisawa, and N. Togawa, "Secure scan design with dynamically configurable connection," in Proc. 19th IEEE Pacific Rim Int. Sym. Dependable Computing, PRDC'13, pp. 256-262, Vancouver, Canada, 2-4 Dec. 2013.
[19] D. Hly, et al., "Scan design and secure chip," in Proc. 10th IEEE Int. On-Line Testing Symp., pp. 219-226, 14-14 Jul. 2004.
[20] J. D. Rolt, G. Di Natale, M. L. Flottes, and B. Rouzeyre, "Thwarting scan-based attacks on secure-ICs with on-chip comparison," IEEE Trans. on Very Large Scale Integration (VLSI) Systems, vol. 22, no. 4, pp. 947-951, Apr. 2014.
[21] B. Yang, K. Wu, and R. Karri, "Secure scan: a design-for-test architecture for crypto chips," in Proc. of 42nd Annual Conf. on Design Automation, pp. 135-140, Anaheim, CA, USA, 13-17 Jun. 2005.
[22] S. Paul, R. S. Chakraborty, and S. Bhunia, "VIm-scan: a low overhead scan design approach for protection of secret key in scan-based secure chips," in Proc. the 25th IEEE VLSI Test Symp., pp. 455-460, Berkeley, CA, USA, 6-10 May 2007.
[23] J. Lee, M. Tehranipoor, C. Patel, and J. Plusquellic, "Securing designs against scan-based side-channel attacks, " IEEE Trans. on Dependable and Secure Computing, vol. 4, no. 4, pp. 325-336, Oct. 2007.
[24] J. Lee, M. Tehranipoor, C. Patel, and J. Plusquellic, "Securing designs against scan-based side-channel attacks," IEEE Trans. on Dependable and Secure Computing, vol. 4, no. 4, pp. 325-336, Oct. 2007.
[25] J. Li, J. Jiang, H. Cheng, M. Zhang, and S. Wei, "An efficient hardware random number generator based on the MT method," in 12th IEEE Int. Conf. on Computer and Information Technology, pp. 1011-1015, Chengdu, China, 27-29 Oct. 2012.
[26] B. Sileshi, C. Ferrer, and J. Oliver, "Accelerating hardware Gaussian random number generation using Ziggurat and CORDIC algorithms," in Proc. IEEE Int. Conf. on Sensors, pp. 2122-2125, Valencia, Spain, 2-5 Nov. 2014.
[27] I. Cicek and G. Dundar, "A hardware efficient chaotic ring oscillator based true random number generator," in Proc.18th IEEE Int. Conf. on Electronics, Circuits, and Systems, pp. 430-433, Beirut, Lebanon, 11-14 Dec. 2011.