密钥隔离安全扫描链电路设计与实现

发布时间：2018-06-23 16:54

本文选题：加密芯片 + 安全扫描链　；参考：《南京邮电大学》2017年硕士论文

【摘要】：随着通信技术与互联网技术的发展,信息化已经成为社会发展的必然趋势,网络成为人们日常生活的必需工具,信息安全问题随之出现。针对这个问题,加密芯片等硬件加密技术应用到通信设备中,而芯片中插入的扫描链成为黑客进行旁路攻击的后门,窃取芯片中的重要数据。因此,现代通信技术中的加密芯片需要一种安全扫描测试技术,即能保证芯片可测试性,又能保证信息安全。本文针对AES(Advanced Encryption Standard)加密芯片安全扫描测试需求,基于现有的安全扫描测试方法,提出一种“密钥隔离安全扫描链”技术。具体实现为:首先将与加密密钥相关的中间值寄存器R与其它寄存器分开,单独插入一条扫描链,并将其部分扫描寄存器用安全扫描寄存器替换,得到中间值寄存器R的扫描链,称为安全扫描链;其次,将安全扫描链与密钥生成电路隔离,增加密钥隔离控制电路控制密钥是否加载。该技术电路实现包括三个部分:安全扫描链电路、密钥隔离器电路、控制器电路。其中,密钥隔离器电路将扫描链电路与密钥生成器电路隔离,控制器电路使能密钥隔离器电路加载密钥,密钥隔离器电路和控制器电路组成了密钥隔离控制电路。功能模式下,密钥加载到加密运算电路进行正常加密;测试模式下,分为无密钥测试和有密钥测试两种模式:无密钥测试模式,密钥被密钥隔离器电路隔离,不加载到加密电路中;有密钥测试模式下,用户输入正确的测试密码,得到授权后密钥加载到加密电路中,更完整地测试芯片。本文提出的“密钥隔离安全扫描链”技术基于AES加密芯片,采用标准数字电路设计流程。根据查阅的参考文献及业界经验,以解析安全扫描链结构的难度和破解密钥隔离控制器测试密码的复杂度作为两项安全性指标,分别为C128N,2k。取N=64,k=6时,实验结果是:上述指标为C64128和26,AES加密芯片被破解的概率为1/(C64128*26),即1/(1.6*1039),优于同等条件下的其它方法,另外,面积增加为0.58%。证明本技术的可行性。
[Abstract]:With the development of communication technology and Internet technology, information technology has become an inevitable trend of social development. To solve this problem, hardware encryption technology such as encryption chip is applied to communication equipment, and the scan chain inserted in the chip becomes the back door for hackers to bypass attack and steal important data from the chip. Therefore, the encryption chip in modern communication technology needs a kind of security scanning and testing technology, which can guarantee the testability of the chip and the security of information. In this paper, according to the requirement of Advanced encryption Standard (AES) encryption chip security scan test, based on the existing security scan test method, a key isolation security scan chain technology is proposed. The realization is as follows: firstly, the intermediate value register R which is related to the encryption key is separated from the other registers, and a scanning chain is inserted separately, and some of the scanning registers are replaced by the secure scan registers. The scan chain of the intermediate value register R is called the secure scan chain. Secondly, the secure scan chain is isolated from the key generation circuit, and the key isolation control circuit is added to control whether the key is loaded or not. The circuit includes three parts: secure scan chain circuit, key isolator circuit and controller circuit. The key isolator circuit separates the scan chain circuit from the key generator circuit, the controller circuit enables the key isolator circuit to load the key, and the key isolator circuit and controller circuit constitute the key isolation control circuit. In the function mode, the key is loaded into the encryption operation circuit for normal encryption, and in the test mode, the key is divided into two modes: the key test mode and the key test mode, the key is isolated by the key isolator circuit. In the key test mode, the user enters the correct test password, and the key is loaded into the encryption circuit after the authorization, so that the chip can be tested more completely. The "key isolation secure scan chain" technology proposed in this paper is based on AES encryption chip and adopts standard digital circuit design flow. According to the references and industry experience, the difficulty of analyzing the security scan chain structure and the complexity of cracking the key isolation controller test password are taken as two security indexes, namely C128NU 2k. The experimental results are as follows: the probability of C64128 and 26AES encryption chips being cracked is 1 / (C64128m26), that is, 1 / (1.61039), which is superior to other methods under the same conditions, in addition, the area is increased to 0.58. To prove the feasibility of this technology.
【学位授予单位】：南京邮电大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TN918.4;TN402

【参考文献】