A Power Analysis Method Against Backdoor Instruction in Chips
MA Xiang-liang1,2,3, WANG Hong3, LI Bing3, FANG Jin-she3, YAN Yan4, BAI Xue-wen5, WANG An6,7
1. Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
2. University of Chinese Academy of Sciences, Beijing 100049, China;
3. National Research Center for Information Technology Security, Beijing 100084, China;
4. China Cybersecurity Review Technology and Certification Center, Beijing 100020, China;
5. Beijing Institute of Space Launch Technology, Beijing 100076, China;
6. School of Computer Science, Beijing Institute of Technology, Beijing 100081, China;
7. Key Laboratory of Network Assessment Technology & Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
Abstract:The backdoor instruction of chip is one of the typical ways to activate hardware Trojan,which has high security risk and a wide range of impact besides being difficult to be detected.In this paper,we propose a detection method of the backdoor instruction based on power analysis technology.By utilizing the segmented exhausting process and some power traces,the backdoor instruction can be distinguished from the conventional instruction effectively.The experiments show that the backdoor instruction can be analyzed successfully from the power traces by simple power analysis (SPA).Moreover,we also present an automatic detection method for the backdoor instruction based on correlation power analysis (CPA).By comparing the correlation coefficient with the mean value of the coefficient,backdoor instruction can be analyzed efficiently and automatically.
马向亮, 王宏, 李冰, 方进社, 严妍, 白学文, 王安. 基于能量分析技术的芯片后门指令分析方法[J]. 电子学报, 2019, 47(3): 686-691.
MA Xiang-liang, WANG Hong, LI Bing, FANG Jin-she, YAN Yan, BAI Xue-wen, WANG An. A Power Analysis Method Against Backdoor Instruction in Chips. Acta Electronica Sinica, 2019, 47(3): 686-691.
[1] Yang K,Hicks M,Dong Q,et al.A2:Analog malicious hardware[A].IEEE/S&P Security and Privacy[C].California,USA:IEEE,2016.18-37.
[2] Sergei Skorobogatov,Christopher Woods.Breakthrough silicon scanning discovers backdoor in military chip[A].Workshop on Cryptographic Hardware and Embedded Systems (CHES)[C].Germany:Springer,2012.23-40.
[3] 忽朝俭,薛一波,赵粮,等.无文件系统嵌入式固件后门检测[J].通信学报,2013,34(8):140-145.Hu Chao-jian,Xue Yi-bo,Zhao Liang,et al.Backdoor detection in embedded system firmware without file system[J].Journal on Communications,2013,34(8):140-145.(in Chinese).
[4] R Torrance,D James.The state-of-the-art in IC reverse engineering[A].Workshop on Cryptographic Hardware and Embedded Systems (CHES)[C].Germany:Springer,2009.363-381.
[5] S Jha,S K Jha.Randomization based probabilistic approach to detect trojan circuits[A].IEEE High Assurance System Engineering Symp[C].California,USA:IEEE,2008.117-124.
[6] M Banga,M Hslao.A region based approach for the identification of hardware trojans[A].Workshop on Hardware-Oriented Security and Trust (HOST)[C].California,USA:IEEE,2008.40-47.
[7] Paul C Kocher,Joshua Jaffe,Benjamin Jun.Differential power analysis[A].Annual International Cryptology Conference[C].Germany:Springer,1999.388-397.
[8] Clavier C,Reynaud L.Improved blind side-channel analysis by exploitation of joint distributions of leakages[A].Workshop on Cryptographic Hardware and Embedded Systems[C].Germany:Springer,2017.24-44.
[9] 杜之波,吴震,王敏,等.基于SM3的动态令牌的能量分析攻击方法[J].通信学报,2017,38(3):65-72.Du Zhi-bo,Wu Zhen,Wang Min,et al.Power analysis attack of dynamic password token based on SM3[J].Journal on Communications,2017,38(3):65-72.(in Chinese)
[10] Stefan Mangard,Elisabe Thoswald,Thomas Popp.能量分析攻击[M].冯登国,周永彬,刘继业,等,译.北京:科学出版社,2010.100-111.