基于正交混淆的多硬件IP核安全防護設(shè)計

張躍軍; 王佳偉; 潘釗; 張曉偉; 汪鵬君

doi:10.11999/JEIT180898

基于正交混淆的多硬件IP核安全防護設(shè)計

doi: 10.11999/JEIT180898

寧波大學信息科學與工程學院 ??寧波 ??315211

基金項目: 國家自然科學基金(61871244, 61874078, 61704094)，浙江省自然科學基金(LY18F040002)，浙江省科技廳公益技術(shù)應(yīng)用研究(2016C31078)，億像素視頻加密與IP加密算法與硬件開發(fā)橫向項目(HK2017000135)，浙江省大學生新苗人才計劃(2018R405071)，寧波大學王寬誠幸福基金

詳細信息

作者簡介:
張躍軍：男，1982年生，副教授，研究方向為信息安全芯片理論和設(shè)計

王佳偉：男，1994年生，碩士生，研究方向為硬件安全和混淆設(shè)計

潘釗：男，1993年生，碩士生，研究方向為混淆狀態(tài)機的設(shè)計與實現(xiàn)

張曉偉：男，1987年生，講師，研究方向為稀土摻雜硅基薄膜發(fā)光材料與光電子器件研究

汪鵬君：男，1966年生，教授，研究方向為低功耗、高信息密度集成電路理論和設(shè)計、安全芯片理論和設(shè)計、多媒體技術(shù)及相關(guān)理論

通訊作者:
汪鵬君　wangpengjun@nbu.edu.cn

中圖分類號: TP331
計量
- 文章訪問數(shù): 1976
- HTML全文瀏覽量: 981
- PDF下載量: 74
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2018-09-18
- 修回日期: 2019-03-14
- 網(wǎng)絡(luò)出版日期: 2019-04-13
- 刊出日期: 2019-08-01

Hardware Security for Multi IPs Protection Based on Orthogonal Obfuscation

Faculty of Electrical Engineering and Computer Science, Ningbo University, Ningbo 315211, China

Funds: The National Natural Science Foundation of China (61871244, 61874078, 61704094),The Natural Science Foundation of Zhejiang Provincial (LY18F040002), The S&T Plan of Zhejiang Provincial Science and Technology Department (2016C31078), Algorithms and Hardware Development of Billion Pixels Video Encryption and IP Encryption (HK2017000135), Fresh Student Talents Program of Zhejiang Province (2018R405071), The K.C. Wong Magna Fund in Ningbo University

摘要

摘要: 為了解決集成電路設(shè)計中多方合作的成員信息泄漏問題，該文提出一種基于正交混淆的多硬件IP核安全防護方案。該方案首先利用正交混淆矩陣產(chǎn)生正交密鑰數(shù)據(jù)，結(jié)合硬件特征的物理不可克隆函數(shù)(PUF)電路，產(chǎn)生多硬件IP核的混淆密鑰；然后，在正交混淆狀態(tài)機的基礎(chǔ)上，實現(xiàn)多硬件IP核的正交混淆安全防護算法；最后，利用ISCAS-85基準電路和密碼算法，驗證正交混淆方法的有效性。在臺灣積體電路制造股份有限公司(TSMC) 65 nm工藝下測試正交混淆的多硬件IP核方案，正確密鑰和錯誤密鑰下的Toggle翻轉(zhuǎn)率小于5%，在較大規(guī)模的測試電路中面積和功耗開銷占比小于2%。實驗結(jié)果表明，采用正交混淆的方式能夠提高多硬件IP核的安全性，可以有效防御成員信息泄漏、狀態(tài)翻轉(zhuǎn)率分析等攻擊。
- 正交混淆 /
- 合伙人組織 /
- 物理不可克隆函數(shù) /
- 硬件IP安全性
Abstract: In order to solve the problem of member information leakage in multi-party cooperative design of integrated circuits, a orthogonal obfuscation scheme of multi-hardware IPs core security protection is proposed. Firstly, the orthogonal obfuscation matrix generates orthogonal key data, and the obfuscated key of the hardware IP core is designed with the physical feature of the Physical Unclonable Function (PUF) circuit. Then the security of multiple hardware IP cores is realized by the orthogonal obfuscation state machine. Finally, the validity of orthogonal aliasing is verified using the ISCAS-85 circuit and cryptographic algorithm. The multi-hardware IP core orthogonal obfuscation scheme is tested under Taiwan Semiconductor Manufacturing Company (TSMC) 65 nm process, the difference of Toggle flip rate between the correct key and the wrong key is less than 5%, and the area and power consumption of the larger test circuit are less than 2%. The experimental results show that orthogonal obfuscation can improve the security of multi-hardware IP cores, and can effectively defend against member information leakage and state flip rate analysis attacks.
- Orthogonal obfuscation /
- PartnerShip Organization(PSO) /
- Physical Unclonable Function(PUF) /
- Hardware IPs security

HTML全文

圖 1 正交混淆方法結(jié)構(gòu)框圖

下載: 全尺寸圖片幻燈片

圖 2 IC設(shè)計團隊、芯片公司以及用戶的正交混淆交互協(xié)議

下載: 全尺寸圖片幻燈片

圖 3 正交混淆的電路實現(xiàn)

下載: 全尺寸圖片幻燈片

圖 4 正交混淆功能仿真圖

下載: 全尺寸圖片幻燈片

圖 5 正交混淆的面積開銷

下載: 全尺寸圖片幻燈片

圖 6 正交混淆的功耗開銷

下載: 全尺寸圖片幻燈片

圖 7 不同加密方法在成員泄密時的安全性曲線

下載: 全尺寸圖片幻燈片

圖 8 Toggle仿真結(jié)果

下載: 全尺寸圖片幻燈片

表 1 正交混淆算法偽代碼

正交混淆算法
輸入：K_user
輸出：{p₁,p₂,···,p_n}
(1) 初始化正交模塊
(2) 重置功能IP核
(3) 對各功能IP核分配權(quán)重
(4) for i←0 to N-1
for j←i+1 to N-1 {
do vector_j←vector_j-(vector_j[i]/vector_i[i])× 　　　　　vector_i
}
(5) for i←0 to N-1
for j←i+1 to N-1 {
do vector_i←vector_i-(vector_i[N-i]/vector_j[N-i])× 　　　　vector_j
}
(6) 矩陣O←{vector_1,vector_2,···,vector_N}^T
(7) 向量p←O×K_user

下載: 導出CSV

表 2 基準電路中硬件開銷情況

	基準電路面積(μm²)	測試模塊面積(μm²)	混淆面積開銷(μm²)	面積開銷占比(%)	基準電路功耗(mW)	測試模塊功耗(mW)	混淆功耗開銷(mW)	功耗開銷占比(%)	混淆模塊延時(ns)
A1	6457.68	7391.68	934.00	12.60	0.3129	0.4392	0.1263	28.80	1.12
A1+A2	16851.96	17866.12	1014.16	5.70	3.3928	3.5517	0.1589	4.50	1.12
A1+A2+A3	32561.64	33618.80	1057.16	3.10	7.5221	7.7017	0.1796	2.30	1.15
A1+A2+A3+A4	49888.08	51038.76	1150.68	2.30	11.5796	11.7626	0.1830	1.60	1.20
注：表中A1, A2, A3和A4分別表示密碼算法TDEA, SEED_3clk, MISTY1_3clk和AES中的EncCore部分。

下載: 導出CSV

表 3 本文設(shè)計與文獻[8–12]對比情況

文獻	混淆方法	工藝(mm)	基準電路	面積(μm²)	功耗(mW)	速度(GHz)	混淆IP核數(shù)量	MILA
文獻[8]	狀態(tài)映射混淆	65	AES-ENC	25983.00	0.7558	–	單個	是
文獻[9]	DUP	65	SEED_3clk	17506.08	3.2171	1.38	單個	是
文獻[10]	ISO	65	SEED_3clk	17450.64	3.2830	1.72	單個	是
文獻[11]	HARPOON	65	S38584	22995.40	6.3883	1.14	單個	是
文獻[12]	Dynamic State-Deflection	65	S38584	21835.00	6.9262	0.86	單個	是
本文	正交混淆	65	SEED_3clk	17114.60	3.2815	0.98	多個	否
			AES-ENC	17326.44	4.0575	0.95		否
			s38584	20159.00	6.7456	0.83		否

下載: 導出CSV

參考文獻(18)

FYRBIAK M, ROKICKI S, BISSANTZ N, et al. Hybrid obfuscation to protect against disclosure attacks on embedded microprocessors[J]. IEEE Transactions on Computers, 2018, 67(3): 307–321. doi: 10.1109/TC.2017.2649520

JAEHA K and PARK K T. EE6: Can artificial intelligence replace my job? The dawn of a new IC industry with AI[C]. 2018 IEEE International Solid-State Circuits Conference, San Francisco, USA, 2018: 531–533.

WERNER M, UNTERLUGGAUER T, SCHAFFENRATH D, et al. Sponge-based control-flow protection for IoT devices[C]. 2018 IEEE European Symposium on Security and Privacy, London, UK, 2018: 214–226.

許天燊. 萬物互聯(lián)驅(qū)動IC產(chǎn)業(yè)創(chuàng)新與合作[J]. 軟件和集成電路, 2015(6): 16–20.

XU Tianshen. All things interconnection drives innovation and cooperation in IC industry[J]. Software and Integrated Circuits, 2015(6): 16–20.

HONG C, KIM S H, KIM J H, et al. A linear-mode LiDAR sensor using a multi-channel CMOS transimpedance amplifier array[J]. IEEE Sensors Journal, 2018, 18(17): 7032–7040. doi: 10.1109/JSEN.2018.2852794

BUSE D S, SOMMER C, and DRESSLER F. Demo abstract: Integrating a driving simulator with city-scale VANET simulation for the development of next generation ADAS systems[C]. The IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops, Honolulu, USA, 2018: 1–2.

VIJAYAKUMAR A, PATIL V C, HOLCOMB D E, et al. Physical design obfuscation of hardware: A comprehensive Investigation of device and logic-level techniques[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(1): 64–77. doi: 10.1109/TIFS.2016.2601067

張躍軍, 潘釗, 汪鵬君, 等. 基于狀態(tài)映射的AES算法硬件混淆設(shè)計[J]. 電子與信息學報, 2018, 40(3): 750–757. doi: 10.11999/JEIT170556

ZHANG Yuejun, PAN Zhao, WANG Pengjun, et al. Design of hardware obfuscation AES based on state deflection strategy[J]. Journal of Electronics &Information Technology, 2018, 40(3): 750–757. doi: 10.11999/JEIT170556

KOUSHANFAR F. Provably secure active IC metering techniques for piracy avoidance and digital rights management[J]. IEEE Transactions on Information Forensics and Security, 2012, 7(1): 51–63. doi: 10.1109/TIFS.2011.2163307

CHAKRABORTY R S and BHUNIA S. RTL hardware IP protection using key-based control and data flow obfuscation[C]. International Conference on VLSI Design, Bangalore, India, 2010: 405–410.

CHAKRABORTY R S and BHUNIA S. HARPOON: An obfuscation-based soc design methodology for hardware protection[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2009, 28(10): 1493–1502. doi: 10.1109/TCAD.2009.2028166

DOFE J and YU Qiaoyan. Novel dynamic state-deflection method for gate-level design obfuscation[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2018, 37(2): 273–285. doi: 10.1109/TCAD.2017.2697960

CANETTI R, ROTHBLUM G N, and VARIA M. Theory of Cryptography[M]. Berlin, Heidelberg: Springer, 2010: 72–89.

CAO Yuan, ZHANG Le, CHANG C H, et al. A low-power hybrid RO PUF with improved thermal stability for lightweight applications[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2015, 34(7): 1143–1147. doi: 10.1109/TCAD.2015.2424955

ZHANG Jiliang, LIN Yaping, LYU Yongqiang, et al. A PUF-FSM binding scheme for FPGA IP protection and pay-per-device licensing[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(6): 1137–1150. doi: 10.1109/TIFS.2015.2400413

張元達. 有限群構(gòu)造[M]. 北京: 科學出版社, 1982: 203–206.

ZHANG Yuanda. Finite Group Construction[M]. Beijing: Science Press, 1982: 203–206.

LAO Yingjie and PARHI K K. Statistical analysis of MUX-based physical unclonable functions[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2014, 33(5): 649–662. doi: 10.1109/TCAD.2013.2296525

BO?NJAK L, SRE? J, and BRUMEN B. Brute-force and dictionary attack on hashed real-world passwords[C]. The 41st International Convention on Information and Communication Technology, Electronics and Microelectronics, Opatija, Croatia, 2018: 1161–1166.

相關(guān)文章

施引文獻

資源附件(0)

訪問統(tǒng)計