高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

可信设计技术的脆弱性分析与防御

崔晓通 秦蔚蓉 程克非 吴渝

崔晓通, 秦蔚蓉, 程克非, 吴渝. 可信设计技术的脆弱性分析与防御[J]. 电子与信息学报, 2021, 43(9): 2482-2488. doi: 10.11999/JEIT210624
引用本文: 崔晓通, 秦蔚蓉, 程克非, 吴渝. 可信设计技术的脆弱性分析与防御[J]. 电子与信息学报, 2021, 43(9): 2482-2488. doi: 10.11999/JEIT210624
Xiaotong CUI, Weirong QIN, Kefei CHENG, Yu WU. The Vulnerability Analysis of Design-for-trust Technique and Its Defense[J]. Journal of Electronics & Information Technology, 2021, 43(9): 2482-2488. doi: 10.11999/JEIT210624
Citation: Xiaotong CUI, Weirong QIN, Kefei CHENG, Yu WU. The Vulnerability Analysis of Design-for-trust Technique and Its Defense[J]. Journal of Electronics & Information Technology, 2021, 43(9): 2482-2488. doi: 10.11999/JEIT210624

可信设计技术的脆弱性分析与防御

doi: 10.11999/JEIT210624
基金项目: 重庆市教委科学技术项目(KJQN201900641),计算机体系结构国家重点实验室开放课题(CARCH201902),汽车噪声振动和安全技术国家重点实验室开放课题(NVHSKL-202114)
详细信息
    作者简介:

    崔晓通:男,1991年生,博士,讲师,研究方向为硬件安全、容错计算

    秦蔚蓉:女,1997年生,硕士生,研究方向为硬件安全、无线电测试

    程克非:男,1974年生,博士,教授,研究方向为网络安全、嵌入式系统

    吴渝:女,1970年生,博士,教授,研究方向为网络舆情与管控

    通讯作者:

    崔晓通 xiaotong.sd@gmail.com

  • 中图分类号: TP309.5; TN402

The Vulnerability Analysis of Design-for-trust Technique and Its Defense

Funds: The Science and Technology Research Program of Chongqing Municipal Education Commission (KJQN201900641), The State Key Laboratory of Computer Architecture Research Fund (CARCH201902), The State Key Laboratory of Vehicle NVH and Safety Technology Research Fund (NVHSKL-202114)
  • 摘要: 片上系统 (SoC) 设计人员通常使用第三方知识产权 (3PIP) 核来实现特定功能。由于这些 3PIP 核不受信任,所搭建的 SoC受到了硬件木马 (HT) 的威胁。作为可信设计技术的一个子集,多样性冗余机制在使用不可信3PIP建立可信计算方面具有较好的应用前景。然而,该文发现通过探索激活序列所设计的硬件木马能够破坏多样性冗余机制的安全性。鉴于此,该文提出一种改进的基于检查点的多样性冗余机制来防御此类攻击。
  • 图  1  基于IP的SoC设计开发流程

    图  2  多样性冗余机制中的安全策略部署

    图  3  通过IP核多样性增强防御方案

    图  4  通过检查点机制增强防御方案

    表  1  当1个硬件木马被激活时计算中的中间结果展示

    时钟周期正常计算重计算恢复计算
    o1o2o3o4o5$o'_1 $$o'_2 $$o'_3 $$o'_4 $$o'_5 $$o''_1 $$ o''_2$$o''_3 $$o''_4 $$o''_5 $
    1(6)N/AN/AN/AN/AN/AN/AN/AN/AN/AN/A2515N/AN/AN/A
    2(7)2515N/AN/AN/A2515N/AN/AN/A25155017N/A
    3(8)25153017N/A25155017N/A2515501767
    425153017472515501767
    5o5≠$o'_5 $时进入恢复计算
    下载: 导出CSV

    表  2  基于检查点的多样性冗余机制算法

     算法1 基于检查点的多样性冗余机制
     设置恢复计算切换标志位flag=0
     (1)在检测阶段,对于每对正常计算、重计算中对应的任务节点,比较并存储其运算结果;
     (2)如果存在运算结果不一致的情况,则将flag置为1
     (3)当检测阶段结束时,如果flag=0,则正常计算的最终输出为正确输出,否则进入恢复阶段。
     (4)对于恢复计算中的每个任务节点,将其结果与检测阶段存储的结果进行比较,根据多数投票原则构建正确计算,并获取最终计算结果。
    下载: 导出CSV
  • [1] BHUNIA S and TEHRANIPOOR M. Hardware Security: A Hands-on Learning Approach[M]. Cambridge: Morgan Kaufmann Publishers, 2018.
    [2] XIAO K, FORTE D, JIN Y, et al. Hardware Trojans: Lessons learned after one decade of research[J]. ACM Transactions on Design Automation of Electronic Systems, 2016, 22(1): 6.
    [3] ZHANG Jiliang and QU Gang. Recent attacks and defenses on FPGA-based systems[J]. ACM Transactions on Reconfigurable Technology and Systems, 2019, 12(3): 14.
    [4] LU Renjie, SHEN Haihua, FENG Zhihua, et al. HTDet: A clustering method using information entropy for hardware Trojan detection[J]. Tsinghua Science and Technology, 2021, 26(1): 48–61. doi: 10.26599/TST.2019.9010047
    [5] HU Nianhang, YE Mengmei, and WEI Sheng. Surviving information leakage hardware Trojan attacks using hardware isolation[J]. IEEE Transactions on Emerging Topics in Computing, 2019, 7(2): 253–261. doi: 10.1109/TETC.2017.2648739
    [6] ZHANG Xuehui and TEHRANIPOOR M. Case study: Detecting hardware Trojans in third-party digital IP cores[C]. 2011 IEEE International Symposium on Hardware-Oriented Security and Trust, San Diego, USA, 2011: 67–70.
    [7] AMIN H A M, ALKABANI Y, and SELIM G M I. System-level protection and hardware Trojan detection using weighted voting[J]. Journal of Advanced Research, 2014, 5(4): 499–505. doi: 10.1016/j.jare.2013.11.008
    [8] RAJENDRAN J, ZHANG Huan, SINANOGLU O, et al. High-level synthesis for security and trust[C]. The 19th International on-Line Testing Symposium, Chania, Greece, 2013: 232–233.
    [9] RAJENDRAN J J V, SINANOGLU O, and KARRI R. Building trustworthy systems using untrusted components: A high-level synthesis approach[J]. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2016, 24(9): 2946–2959. doi: 10.1109/TVLSI.2016.2530092
    [10] CUI Xiaotong, MA Kun, SHI Liang, et al. High-level synthesis for run-time hardware Trojan detection and recovery[C]. The 51st ACM/EDAC/IEEE Design Automation Conference, San Francisco, USA, 2014: 1–6.
    [11] CUI Xiaotong, ZHANG Xing, YAN Hao, et al. Towards building and optimizing trustworthy systems using untrusted components: A graph-theoretic perspective[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, To be published. doi: 10.1109/TCAD.2021.3086765.
    [12] GUNDABOLU S and WANG Xiaofang. On-chip data security against untrustworthy software and hardware IPs in embedded systems[C]. 2018 IEEE Computer Society Annual Symposium on VLSI, Hong Kong, China, 2018: 644–649.
    [13] SAYED-AHMED A, HAJ-YAHYA J, and CHATTOPADHYAY A. SoCINT: Resilient system-on-chip via dynamic intrusion detection[C]. The 32nd International Conference on VLSI Design and 2019 18th International Conference on Embedded Systems, Delhi, India, 2019: 359–364.
    [14] CUI Xiaotong, SAEED S M, ZULEHNER A, et al. On the difficulty of inserting Trojans in reversible computing architectures[J]. IEEE Transactions on Emerging Topics in Computing, 2020, 8(4): 960–972.
    [15] KARNIK T and HAZUCHA P. Characterization of soft errors caused by single event upsets in CMOS processes[J]. IEEE Transactions on Dependable and secure Computing, 2004, 1(2): 128–143. doi: 10.1109/TDSC.2004.14
    [16] GAILLARD R. Single event effects: Mechanisms and classification[M]. NICOLAIDIS M. Soft Errors in Modern Electronic Systems. Boston: Springer, 2011: 27–54.
  • 加载中
图(4) / 表(2)
计量
  • 文章访问数:  807
  • HTML全文浏览量:  641
  • PDF下载量:  51
  • 被引次数: 0
出版历程
  • 收稿日期:  2021-06-28
  • 修回日期:  2021-08-12
  • 网络出版日期:  2021-08-27
  • 刊出日期:  2021-09-16

目录

    /

    返回文章
    返回