Protection of a computer system against side channel attacks

专利摘要:
The invention relates to a method for protecting a computer system against side channel attacks when using an encryption or decryption method for data packets of a data stream (PT), wherein by a random number generator (TRNG) interruptions in the encryption or decryption method are generated. It is provided that further arithmetic operations are applied during the interruptions to already encrypted or decrypted data packets of the data stream or data packets still to be encrypted or decrypted in order to generate a random noise in the power consumption of the computer system.
公开号:AT517983A1
申请号:T50980/2015
申请日:2015-11-18
公开日:2017-06-15
发明作者:Cech Christian；Matschnig Martin；Pitu Ciprian-Leonard
申请人:Siemens Ag Österreich；
IPC主号:

专利说明:

description
Protection of a computer system against side channel attacks. Technical area
The invention relates to a method for protecting a computer system against side channel attacks when using a encryption or decryption method for data packets of a data stream, wherein by a random generator interruptions in the encryption or decryption method are generated. Furthermore, the invention comprises a corresponding computer system and a corresponding computer program product.
The method according to the invention is particularly suitable for use in security-relevant embedded systems. An embedded system refers to an electronic computer or computer that is embedded (embedded) in a technical context. The computer takes over monitoring, control or regulating functions or is responsible for a form of data or signal processing. In most cases, a mixed hardware software implementation is chosen, which combines the great flexibility of software with the performance of the hardware. The software serves both to control the embedded system itself and, if appropriate, to interact with the embedded system with the outside world via defined interfaces or protocols.
State of the art
Encryption and error correction (e.g., by means of Error Correcting Code, ECC) are two key mechanisms used in most communication protocols of computer systems. Typically, these two operations are independent of each other and are performed sequentially. That Data packets are first encrypted and the encrypted data is backed up by an error-correcting code prior to transmission. When receiving, any possible transmission errors are usually corrected first and the data is then decrypted. However, combined methods are known, but they are not very common.
In modern safety-critical applications, side-channel attacks (SCA) or differential power analysis (DPA) attacks pose an ever greater threat. In principle, the power consumption of a computer system is recorded over a large number of cycles in order to draw conclusions to draw on the internal process. By this procedure, e.g. cryptographic keys are found. Whether, or how easily an attacker can reach their goal with SCA depends on the physical implementation of a cryptographic function.
To counteract this danger, a variety of curing measures is available. A common method is the introduction of additional logic operated by a random number generator. Alternatively, random empty cycles can be inserted, which naturally extends the runtime. The above measures obscure the power consumption of the circuitry of the computer system with additional noise and make DPA analysis more difficult. Thus, for secure transmission of encrypted content, so-called hardened cryptocores are generally needed along with error correction logic. That additional hardware or chip area or computing time is required for the hardening mechanisms.
So far, these, sometimes very compute-intensive, operations are either mapped in software or by their own
Hardware modules realized. In the first case, processor computation time, ie CPU computation time, is required for the computation, in both cases additional data transfer is generated.
Presentation of the invention
It is an object of the present invention to provide a method for protecting a computer system from side channel attacks when using a data stream encryption or decryption method that requires little or no additional CPU processing time and requires no additional hardware.
The stated object is achieved by a method having the features of patent claim 1, in which interruptions in the encryption or decryption method are generated by a random number generator. It is provided that further arithmetic operations are applied during the interruptions to already encrypted or decrypted data packets of the data stream or data packets still to be encrypted or decrypted in order to generate random noise in the power consumption of the computer system.
The further arithmetic operations may preferably be part of an error correction process. The additional arithmetic operations may also be-additionally or alternatively-part of other sequential methods already provided, such as part of a Message Authentication Code Message Authentication Code (MAC) algorithm for masking the encryption and decryption operation.
A message authentication code (MAC) is used to obtain certainty about the origin of data or messages and to verify their integrity. MAC algorithms require two
Input parameters, first, the data to be protected and second, a secret key, and calculate from both a checksum, the message authentication code. The sender and receiver agree on a secret key.
The sender calculates a MAC for this key and its message and then sends the message as well as the MAC to the receiver. This calculates the MAC to the received message with the key and compares the calculated MAC with the received MAC. The recipient interprets the correspondence of both values as a successful integrity test: The message was sent by a party who knows the secret key, and it was not changed during the transmission. MACs are either block ciphers or hash functions or are specially designed MACs. One common MAC calculation method, the HMAC, is based on cryptographic hash functions.
Thus, the described invention combines encryption with other operations, usually with error correction, such that the further necessary arithmetic operations are used to achieve random noise in the power consumption of the overall system. For this purpose, both operations - the encryption and the other operation - are still executed sequentially according to the pipeline principle. A random number is generated by a random number generator, which is used in the encryption or decryption unit to install interruptions in the form of empty cycles at random times of the encryption or decryption process.
In the case of encryption, the data stream is best subjected first to the encryption process and then to the further computational operations, in particular the error correction process. In the case of decryption, the data stream is first subjected to the further arithmetic operations, in particular the error correction method, and then to the decryption method.
As an error correction method so-called error-correcting code (ECC) methods can be used. An error-correcting code procedure is an algorithm for expressing a sequence of numbers in such a way that errors occurring in the sequence can later be recognized and - with restrictions - corrected on the basis of the remaining numbers. In the error-correcting code method, the protection is against random bit errors, e.g. due to radiation, in the foreground.
A simple method variant of the method according to the invention is when the start and end of the further arithmetic operations are controlled by the encryption or decryption method. This means that, for example, the ECC generator that generates the error-correcting code is controlled by the encryption unit in such a way that it operates only during the encryption unit's idle cycles.
In the rare case that the further arithmetic operations, such as the error correction, are already completed while the encryption or decryption is still performing idle cycles, the ECC generator (or decryption the decryption unit) is operated in this time with random input data. In this case, according to the invention, it may be provided that, if the further arithmetic operations have ended, the encryption or decryption method has not yet ended, which is interrupted by the encryption or decryption method
Decryption method generated interrupts are filled with arithmetic operations based on random data.
For example, an error correction process may be performed on random data generated by that random generator that also generates the interrupts for the encryption or decryption process.
A computer system for carrying out the method according to the invention comprises at least one encryption or decryption unit, a further computing unit arranged serially with respect to a data stream and a random generator which is designed to generate interruptions in the encryption or decryption method in the encryption or decryption unit. In this case, the encryption or decryption unit is connected to the further arithmetic unit such that during the interruptions by the further arithmetic unit further arithmetic operations are applied to already encrypted or decrypted data packets of the data stream or to data packets to be encrypted or decrypted.
The random number generator can be connected to the further arithmetic unit in order, in the event that the further arithmetic operations have ended, the encryption or decryption process not yet ended, the interruptions generated by the encryption or decryption method with arithmetic operations of the further arithmetic unit based on To fill random data of the random number generator.
The computer system according to the invention can be embodied as an application-specific, integrated circuit (ASIC). However, it can also be embodied as a so-called Field Programmable Gate Array (FPGA), ie as an integrated circuit (IC) of digital technology into which a logic circuit can be programmed. In both cases, the computer system according to the invention can be produced as a one-chip system or system-on-chip (SoC).
The computer system may e.g. be implemented as a Field Programmable Gate Array (FPGA) and encryption or decryption unit and further processing unit designed as a soft-core or hard-core.
Soft cores are available as source code or in the form of a netlist and are implemented in the freely programmable area of an FPGA. Soft cores thus correspond to soft IP in ASICs. An IP core that is in source code can be used for both FPGAs and ASICs. By contrast, soft cores in the form of a netlist can only be used with a specific FPGA model.
Hard cores are integrated into the chip of the FPGA as a finished circuit and can not be changed by the manufacturer. The advantage of this is that hard cores occupy less chip area and can usually also work faster than freely implemented logic soft cores. The disadvantage is the lack of ability to attach your own adaptations or a porting (migration) to other logic families that do not have the most very specific hard cores to perform.
The invention may be implemented using a computer program, such as using soft cores in FPGAs or ASICs. Accordingly, a computer program product is provided which comprises a program which can be loaded directly into the computer units of a computer system, with program means for carrying out all those steps of the method according to the invention when the program is executed by the computer units.
The method according to the invention makes it possible to achieve hardening against differential power analysis (DPA) attacks without additional hardware or computing time. There is no need for additional chip area, whereby the overall chip can be manufactured more cheaply. The additional power consumption is minimized because only in exceptional cases additional computing operations with random input data are performed.
Brief description of the figure
To further explain the invention, reference is made in the following part of the description to the figure, from the further advantageous embodiments, details and further developments of the invention can be found. The figure is to be understood by way of example and is intended to set out the inventive character, but in no way restrict it or even render it conclusively.
The figure shows a block diagram of a part of a computer system according to the invention. For the computer system, only the units essential to the invention are shown in the figure. It can and will usually also contain other units, such as processors, input / output units, controllers, additional interfaces, memory, etc.
Embodiment of the invention
In the figure, only two arithmetic units are shown as part of the computer system, namely one
Encryption unit EnC, which is also referred to as Encryption Core, another arithmetic unit, which is designed here as Errorskorrektureinheit ErCC and is also referred to as Error Correction Core, and a random number generator TRNG. In general, the computer system for decryption on two other corresponding computing units, another
Error correction unit ErCC and a decryption unit, wherein in the decryption of the data first the error correction unit ErCC and then the decryption unit is traversed. These two computing units for the decryption can again be embodied according to the invention, with its own random number generator TRNG. It would also be conceivable that the units represented in the figure, that is to say the encryption unit EnC, the error correction unit ErCC and the random number generator TRNG, possibly also perform the decryption. In this case, the data flow would run in the other direction, ie the data would first pass into the error correction unit ErCC and only then into the encryption unit EnC which then operates as the decryption unit.
Encryption unit EnC (or decryption unit) and Err error correction unit can each be designed as a hard or soft core, the computer system itself can be designed as ASIC or FPGA.
The random number generator TRNG (True Random Number Generator) is a physical random number generator using physical processes. In this case, for example, pulse fluctuations of electronic circuits (eg thermal noise of a resistor) are utilized. In general, all natural sources can be used that are based on physical effects and provide a fairly high quality, but also other asynchronous sources, such. Atmospheric noise, CCD sensor noise, the variation in the actual amount of time measured by a timer or voltage fluctuations across a Zener diode.
The data stream now enters the encryption unit EnC as an unencrypted data flow (plain text) PT, where it is encrypted and leaves the encryption unit EnC as an encrypted data stream (ciphertext) CT. This is supplied to the error correction unit ErCC, which generates the error correcting code (ECC ECC) and forwards this together with the encrypted data stream CT, such as by radio transmission, via electrical or optical lines to the outside.
Both the encryption unit EnC and the error correction unit ErCC is supplied with the same clock signal CL for synchronization purposes, one clock being applied to one clock
Machining cycle or an idling cycle corresponds. The random number generator TRNG now generates a signal S on the basis of the random numbers generated by it, which causes an interruption of the encryption method in the encryption unit EnC. The
Encryption unit EnC then sends a switch signal (Enable) E to the error correction unit ErCC, which starts the error correction process. If the predetermined duration of the interruption of the encryption process ends, the switching signal E is switched off, so that the error correction stops until further notice and the encryption process begins again. The encryption is interrupted again only when the random number generator specifies a new interruption.
Once the encryption process has been completed for a given portion of the data stream, the error correction can be completed without further interruptions to that portion.
Should the error correction process be completed for a given portion of the data stream before the encryption is complete, that would
Encryption methods are no longer masked. Thus, in the event that the error correction process is completed, but the encryption method does not yet operate, the random error (RI) error correction process must continue to operate during interrupts of the encryption process. The random data RI for this is generated by the random number generator TRNG and supplied to the error correction unit ErCC. The resulting Error Correction Code ECC is indeed generated to produce the desired noise, but not retransmitted.
List of Reference Signs: CL clock signal (clock) CT encrypted data stream (ciphertext) E switching signal (enable) ECC Error Correction Code
EnC encryption unit (Encryption Core)
ErCC further processing unit (Error Correction Core) PT unencrypted data stream (Plain Text) RI Random Input S Signal TRNG Random Number Generator

权利要求:
Claims (12)
[1]
claims
1. A method for protecting a computer system against side channel attacks when using a encryption or decryption method for data packets of a data stream (PT), being generated by a random number generator (TRNG) interruptions in the encryption or decryption method, characterized in that during the interruptions to already ver - or decrypted data packets of the data stream or to be encrypted or decrypting data packets of the data stream further computing operations are applied to generate random noise in the power consumption of the computer system.
[2]
2. The method according to claim 1, characterized in that the further arithmetic operations are part of an error correction process.
[3]
3. The method according to claim 1 or 2, characterized in that the further arithmetic operations are part of an algorithm for message authentication by means of message authentication code.
[4]
4. The method according to any one of claims 1 to 3, characterized in that in the case of encryption, the data stream (PT) first the encryption method and then the other arithmetic operations, in particular the error correction method is subjected.
[5]
5. The method according to any one of claims 1 to 3, characterized in that in the case of decryption, the data stream is first subjected to the further arithmetic operations, in particular the error correction method, and then the decryption method.
[6]
6. The method according to any one of claims 1 to 5, characterized in that the beginning and end of the further arithmetic operations are controlled by the encryption or decryption method.
[7]
7. The method according to any one of claims 1 to 6, characterized in that, if the further arithmetic operations are completed, the encryption or decryption method is not yet completed, the generated by the encryption or decryption method interruptions with arithmetic operations based on random data ( RI) are filled.
[8]
8. The method according to claims 2 and 7, characterized in that an error correction method with random data (RI) is performed, which are generated by the random number generator (TRNG).
[9]
9. Computer system for carrying out the method according to one of claims 1 to 8, comprising at least one encryption or decryption unit (EnC), a further data processing unit (PT) serially arranged further computing unit and a random number generator (TRNG), which is designed to in the encryption or decryption unit (EnC) to generate interruptions in the encryption or decryption process, characterized in that the encryption or decryption unit (EnC) is connected to the further computing unit (ErCC) that during the interruptions by the further processing unit ( ErCC) further arithmetic operations are applied to already encrypted or decrypted data packets of the data stream or to still be encrypted or decrypted data packets of the data stream.
[10]
10. Computer system according to claim 9, characterized in that the random number generator (TRNG) is connected to the further arithmetic unit (ErCC) in order that, in the event that the further arithmetic operations are terminated, the encryption or decryption process has not yet ended by the encryption or decryption method generated interrupts with arithmetic operations of the other arithmetic unit (ErCC) based on random data (RI) of the random number generator (TRNG) to fill.
[11]
11. Computer system according to claim 9 or 10, characterized in that it is designed as a field programmable gate array and encryption or decryption unit (EnC) and further computing unit (ErCC) are designed as soft-core or hard-core.
[12]
A computer program product comprising a program directly loadable into the computing units of a computer system, having program means for performing all the steps of the method of any of claims 1 to 8 when the program is executed by the computing units.

类似技术:

---

公开号 | 公开日 | 专利标题

---

EP3171290A1|2017-05-24|Protection of a computer system again side channel attacks

---

EP2899714B1|2019-01-16|Secure provision of a key

---

DE102013203415B4|2016-02-11|Create a derived key from a cryptographic key using a non-cloning function

---

EP2742643B1|2018-03-07|Device and method for decrypting data

---

DE102010042539B4|2013-03-14|Data senders with a secure but efficient signature

---

DE102013227184A1|2015-07-02|Method for securing a system-on-a-chip

---

DE102013206202A1|2014-10-30|Sensor module and method for operating a sensor module

---

DE102009024604B4|2011-05-05|Generation of a session key for authentication and secure data transmission

---

DE102012201164B4|2017-12-07|DEVICE AND METHOD FOR GENERATING A MESSAGE AUTHENTICATION CODE

---

DE102009000869A1|2010-08-19|Method and device for tamper-proof transmission of data

---

DE102007007699A1|2008-08-14|Reduction of page channel information by interacting crypto blocks

---

EP3123689A1|2017-02-01|Method and system for improving the data security during a communication process

---

EP2499774B1|2017-04-12|Method and system for the accelerated decryption of cryptographically protected user data units

---

DE102014007820A1|2015-12-03|Data frame for protected data transmissions

---

DE10328860A1|2005-01-20|Device and method for encrypting data

---

DE102015202935A1|2016-08-18|Method for manipulation protection

---

DE102013202322A1|2014-08-14|Method for encrypted transmission of data between two components of control unit, involves transferring encrypted data from first component of control unit to second component of control unit, where encrypted data is decrypted

---

DE102016210786A1|2017-08-24|Component for connection to a data bus and method for implementing a cryptographic functionality in such a component

---

DE102014001270A1|2015-08-06|Method and system for calculating codewords for protected data transmissions

---

EP1442391A2|2004-08-04|Method and device for guaranteeing a calculation in a cryptographic algorithm

---

EP2839601B1|2015-10-21|Field bus data transmission

---

EP3509247A1|2019-07-10|Method and key generator for creating an overall key with the support of a computer

---

EP3371733B1|2021-10-27|Encrypting the memory content of a memory in an embedded system

---

EP3506144A1|2019-07-03|Method and system for checking an integrity of a communication

---

DE102020117552A1|2021-01-21|SAFE HYBRID BOAT SYSTEMS AND SAFE BOAT PROCEDURES FOR HYBRID SYSTEMS

同族专利:

---

公开号 | 公开日

---

AT517983B1|2018-11-15|

---

EP3171290A1|2017-05-24|

---

US20170141912A1|2017-05-18|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

DE2310654C1|1972-03-06|1996-01-11|Sits Soc It Telecom Siemens|Bit type encoding and decoding installation for digital information|

---

WO1997011423A2|1995-09-22|1997-03-27|United Technologies Automotive, Inc.|A method of generating secret identification numbers|

---

US20030149863A1|2001-11-20|2003-08-07|Ip-First, Llc.|Microprocessor with random number generator and instruction for storing random data|

---

GB2399904A|2003-03-28|2004-09-29|Sharp Kk|Side channel attack prevention in data processing by adding a random multiple of the modulus to the plaintext before encryption.|

---

WO2006114762A2|2005-04-26|2006-11-02|Koninklijke Philips Electronics N.V.|A device for and a method of processing an encrypted data stream for trick play|

---

JP2012230276A|2011-04-27|2012-11-22|Hitachi Ltd|Encryption processing device|

---

US20130243191A1|2012-03-15|2013-09-19|Kabushiki Kaisha Toshiba|Encryption key generating apparatus|

---

CN103259647A|2012-03-31|2013-08-21|成都信息工程学院|Encryption system side channel attack test method|

---

US6058189A|1997-06-20|2000-05-02|Secure Choice Llc|Method and system for performing secure electronic monetary transactions|

---

CA2333095C|1998-06-03|2005-05-10|Cryptography Research, Inc.|Improved des and other cryptographic processes with leak minimization for smartcards and other cryptosystems|

---

EP1293856A1|2001-09-18|2003-03-19|EM Microelectronic-Marin SA|Secure integrated circuit having confidential parts and a method for activating the circuit|

---

US7996671B2|2003-11-17|2011-08-09|Bluerisc Inc.|Security of program executables and microprocessors based on compiler-architecture interaction|

---

US20080126766A1|2006-11-03|2008-05-29|Saurabh Chheda|Securing microprocessors against information leakage and physical tampering|

---

DE102007007699A1|2007-02-09|2008-08-14|IHP GmbH - Innovations for High Performance Microelectronics/Institut für innovative Mikroelektronik|Reduction of page channel information by interacting crypto blocks|

---

WO2009118795A1|2008-03-28|2009-10-01|富士通株式会社|Encrypting method having tamper-resistance to side-channel attack|

---

US8819839B2|2008-05-24|2014-08-26|Via Technologies, Inc.|Microprocessor having a secure execution mode with provisions for monitoring, indicating, and managing security levels|

---

EP3537653A1|2009-12-04|2019-09-11|Cryptography Research, Inc.|Verifiable, leak-resistant authentication|

---

US8966264B2|2010-05-28|2015-02-24|Nec Corporation|Signature generation apparatus, signature method, non-transitory computer readable medium storing signature generation program|

---

US8650408B2|2010-09-08|2014-02-11|Xilinx, Inc.|Protecting against differential power analysis attacks on decryption keys|

---

US8769355B2|2011-06-27|2014-07-01|Freescale Semiconductor, Inc.|Using built-in self test for preventing side channel security attacks on multi-processor systems|

---

KR101380895B1|2012-06-12|2014-04-10|한국전자통신연구원|Apparatus for providing security service and method of security service using the same|

---

US9448942B2|2012-08-20|2016-09-20|Freescale Semiconductor, Inc.|Random access of a cache portion using an access module|

---

US9189202B2|2013-12-23|2015-11-17|The University Of Massachusetts|Generate random numbers using metastability resolution time|CN107979574B|2016-10-25|2021-08-03|华为技术有限公司|Method and device for preventing attack of encryption and decryption engine and chip|

---

US10771236B2|2017-05-03|2020-09-08|Seagate Technology Llc|Defending against a side-channel information attack in a data storage device|

---

US11177933B2|2019-03-24|2021-11-16|Google Llc|Side channel timing attack mitigation in securing data in transit|

---

CN111600873A|2020-05-13|2020-08-28|江苏芯盛智能科技有限公司|Method for preventing side channel attack and related device|

法律状态:

优先权:

---

申请号 | 申请日 | 专利标题

---

ATA50980/2015A|AT517983B1|2015-11-18|2015-11-18|Protection of a computer system against side channel attacks|ATA50980/2015A| AT517983B1|2015-11-18|2015-11-18|Protection of a computer system against side channel attacks|

---

EP16195513.3A| EP3171290A1|2015-11-18|2016-10-25|Protection of a computer system again side channel attacks|

---

US15/347,299| US20170141912A1|2015-11-18|2016-11-09|Method for protecting a computer system from side-channel attacks|