[go: up one dir, main page]

CN102110206B - Method for defending attack and device with attack defending function - Google Patents

Method for defending attack and device with attack defending function Download PDF

Info

Publication number
CN102110206B
CN102110206B CN2010106080853A CN201010608085A CN102110206B CN 102110206 B CN102110206 B CN 102110206B CN 2010106080853 A CN2010106080853 A CN 2010106080853A CN 201010608085 A CN201010608085 A CN 201010608085A CN 102110206 B CN102110206 B CN 102110206B
Authority
CN
China
Prior art keywords
code
interference source
setting
execution
interference
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2010106080853A
Other languages
Chinese (zh)
Other versions
CN102110206A (en
Inventor
于付真
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Co ltd
Original Assignee
Beijing WatchData System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing WatchData System Co Ltd filed Critical Beijing WatchData System Co Ltd
Priority to CN2010106080853A priority Critical patent/CN102110206B/en
Publication of CN102110206A publication Critical patent/CN102110206A/en
Application granted granted Critical
Publication of CN102110206B publication Critical patent/CN102110206B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a method for defending attack and a device with attack defending function. The method comprises the following steps of: executing a code corresponding to a set operation; and during executing the code, introducing an interference source code for the set operation at the set position of the code. The energy power consumption waveform law abided by the normal operation is disturbed by introducing the interference source code, so that an attacker cannot extract the valid operating time of the important operation of an intelligent card by energy analysis and cannot acquire private data in the intelligent card by energy analysis, and the purpose of protecting the sensitive data in the intelligent card is fulfilled.

Description

Method for defending attack and device with attack defense function
Technical Field
The invention relates to the technical field of smart card security, in particular to a method for defending against attacks for a smart card and a device with an attack defense function.
Background
At present, various attack means are increasingly used for SPA (Simple Power Analysis)/DPA (Differential Power Analysis)/Timing attacks during the operation of the smart card, the basic principle is to analyze energy consumption waveforms during the operation of the smart card, determine the start time and the end time of important codes, and attack codes operating in the period, such as disturbing the execution of normal codes by inserting an attack program and even acquiring important data such as a security key during the execution of the codes.
At present, an effective method capable of resisting the energy analysis attack is lacked, and the normal operation and data security of the intelligent card are seriously influenced.
Disclosure of Invention
The embodiment of the invention provides an attack defense method and a device with an attack defense function, which are used for preventing the ability analysis attack on an intelligent card or increasing the difficulty of the attack and ensuring the normal operation and data security of the intelligent card.
The invention provides a method for defending against attacks, which comprises the following steps:
executing a code corresponding to the setting operation;
in the process of executing the code, introducing execution of interference source code of the setting operation at a setting position of the code, wherein the operation executed by the interference source code at least comprises the operation of the same type as the setting operation;
the set position of the code includes:
a position adjacent to the code start position and located before the code; or
A position adjacent to the code end position and located after the code; or
A position adjacent to the code start position and located before the code, and a position adjacent to the code end position and located after the code.
The present invention also provides a device with an attack defense function, comprising:
the code execution unit is used for executing a code corresponding to the setting operation;
an interference program introducing unit, configured to introduce, in a process of executing the code, execution of an interference source code for the setting operation at a setting position of the code, where operations executed by the interference source code include at least an operation of the same type as the setting operation;
the interference program introducing unit is specifically configured to:
introducing execution of an aggressor code to the set operation at a location adjacent to and in front of the code start location; or,
introducing execution of an interference source code for the set operation at a location adjacent to and subsequent to the code end location; or,
the execution of the interfering source code for the set operation is introduced both at a location adjacent to and before the code start location and at a location adjacent to and after the code end location.
The method for defending the attack and the device with the attack defense function provided by the invention have the following beneficial effects: by introducing an interference mechanism, interference is added in the operation process of the smart card on some sensitive data, and the energy power consumption waveform rule followed by normal operation is disturbed, so that an attacker cannot extract the effective operation time of important operation of the smart card through energy analysis, and cannot obtain the private data in the smart card through energy analysis, thereby achieving the purpose of protecting the sensitive data in the smart card.
Drawings
FIG. 1 is a flow chart of a method for defending against attacks provided by the present invention;
fig. 2 is a flowchart corresponding to an interference source code introduced for an encryption/decryption operation in an embodiment of the present invention;
FIG. 3 is a flowchart corresponding to an interference source code introduced for a write operation in an embodiment of the present invention;
FIG. 4 is a flowchart corresponding to interference source codes that can be introduced for both encryption and decryption operations and write operations in the embodiment of the present invention;
fig. 5 is a diagram illustrating a structure of a device having an attack defense function according to the present invention.
Detailed Description
The method for defending against attacks and the device with the attack defense function provided by the invention are described in more detail below with reference to the accompanying drawings and embodiments.
The existing energy analysis attack mode utilizes the execution time of codes, consumed energy, electromagnetic radiation and other information, obtains confidential data such as a secret key and the like in an intelligent card through advanced instruments and methods, and needs to design a set of effective methods to prevent the attack, so that the attack difficulty is increased to at least a certain extent.
The present invention provides a method for defending against attacks, preferably applied to a smart card, as shown in fig. 1, the method comprising:
step S101, executing a code corresponding to the setting operation;
the setting operation is an operation needing to defend against energy analysis attack;
the program executed by the smart card can implement various operations, and the code corresponding to the various operations can be obtained through analyzing the program, and the operations required to defend against the energy analysis attack in this embodiment can be determined as required, for example, some operations related to sensitive data are selected as the operations required to defend against the energy analysis attack, for example: encryption and decryption operations, write operations, etc., and then analyzing codes corresponding to the operations.
And step S102, in the process of executing the code, introducing the execution of the interference source code of the setting operation at the setting position of the code.
In the process of executing the setting operation, the intelligent card of the invention disturbs the energy power consumption waveform followed by the normal operation by introducing the interference source code into the setting position, so that an attacker can not extract the effective running time of the important operation of the intelligent card through energy analysis, and the purpose of preventing the attack is achieved. Preferably, the interference source code executes the setting process, so that the interference source code executes the setting process, and thus, for the smart card, the setting process can be identified, and thus the normal operation of the smart card is not affected by the execution of the interference source code.
In specific implementation, the execution of the interference source code for the setting operation is introduced at the setting position of the code, and any one of the following modes can be adopted:
1) randomly introducing execution of interference source codes of the setting operation at least one setting position of the codes of the setting operation;
such as randomly introducing interference source codes at the start or end positions of the codes of the setting operation; or randomly introducing interference source codes at the code start and end positions of the setting operation.
2) Determining the execution of interference source codes for the set operation according to an introduction identifier preset at the set position;
3) and introducing the execution of the interference source code of the setting operation by executing the function calling code preset at the setting position.
For the cases of 2) and 3), when the program is solidified, the introduction identifier/function call code needs to be added to the smart card source program, and the following method may be specifically adopted: determining a keyword of a code corresponding to the setting operation; analyzing a source program in a memory of the smart card by using the keyword by adopting a matching method to obtain the position of a code corresponding to the set operation in the source program; and presetting the introduction identification/function calling code at the set position of the code according to the position of the code corresponding to the setting operation in the source program. The matching analysis process may be manual analysis or automatic analysis, and preferably, the keyword is a code of a start and end position of a code of the setting operation, and if the program is used for automatic analysis, the code of the setting operation may be located by a matching method by executing a source program in the smart card once. The invention can ensure the effective protection of the operation and/or data needing protection by adding the identification/function calling code in the smart card source program when the program is solidified, and the omission does not occur.
The specific position of the interference source code can be set according to the requirement, but the set position is always related to the code, so the aim of the invention can be realized as long as the set position which disturbs the waveform rule followed by normal operation can be achieved. Preferably, the set position is located in the vicinity of the code, thereby interfering with an attacker in determining a valid time point of the attack.
In a preferred embodiment of the present invention, the setting position is specifically a position adjacent to the start position of the code and located before the code, so in step S102, an interference source code is introduced before the code of the setting operation, especially an interference source code that implements the same type of operation as the setting operation, for example: if the setting operation is an encryption and decryption operation, an interference source code for realizing the encryption and decryption operation is introduced, so that the starting point waveform of the energy consumption waveform of the normal operation is disturbed, and an attacker cannot effectively determine the effective time of the sensitive data operation; or the specific position is a position adjacent to the code end position and behind the code, so in step S102, an interference source code is introduced after the code of the setting operation, in particular, an interference source code that implements the same type of operation as the setting operation, for example: if the setting operation is an encryption and decryption operation, an interference source code for realizing the encryption and decryption operation is introduced, so that the end point waveform of the energy consumption waveform of the normal operation is disturbed, and an attacker can not effectively determine the effective time of the sensitive data operation; or the specific positions are a position adjacent to the code start position and before the code and a position adjacent to the code end position and after the code, so in step S102, an interference source code is introduced before and after the code, especially an interference source code that implements the same type of operation as the setting operation, for example: if the setting operation is an encryption and decryption operation, an interference source code for realizing the encryption and decryption operation is introduced, so that the starting point waveform and the end point waveform of a normal energy power consumption waveform are changed, an attacker cannot identify the sensitive data operation at all, even if the attacker obtains an effective waveform through denoising by means of statistical analysis and the like, the difficulty of denoising is greatly increased, and when the type of the operation executed by the interference source code is the same as the type of the setting operation, the effective waveform cannot be obtained through a denoising method.
In order to better realize the disturbing effect aiming at multiple operations of the smart card, the interference source codes are preferably multiple, the execution of the interference source codes of the set operation is introduced by executing a function calling code preset at the set position for the smart card, the function calling code comprises input parameters, the function calling code calls the interference source codes corresponding to the input parameters according to the input parameters, and different input parameters correspondingly execute the interference source codes of different set flows. Therefore, the same function calling code is only needed to be added at the set position, and the interference source codes are specifically called and determined by the input parameter of the function calling code, so that different interference source codes are introduced before and after different operation codes by setting different input parameters, and the interference effect is better.
The smart card executes various types of operations, such as encryption and decryption operations for encrypting and decrypting data and writing data into a memory, among which operations related to sensitive data, in order to further optimize the interference effect, each type of setting operation corresponds to at least one input parameter, and when a setting operation corresponds to a plurality of input parameters, the input parameter of the function call code added in the setting operation is randomly selected from the plurality of input parameters. Therefore, at least one interference source code can be designed aiming at a certain type of operation, one interference source code can be randomly selected when a plurality of interference source codes are designed, and the operation execution flow added into the interference source code is not reproducible due to the random selection, so that the attack difficulty is further increased.
In order to better realize the scrambling effect, it is preferable that the operation performed by the interference source code introduced at the setting position of the setting operation includes the same type of operation as the setting operation. Therefore, the setting flow executed by the interference source code introduced into the setting position of the code of the setting operation can realize the same type of operation as the setting operation, namely, the executed operation is also an encryption and decryption operation for the interference source code introduced by the encryption and decryption operation, and the executed operation is also a write operation for the interference source code introduced by the write operation, and only the introduced encryption and decryption operation and the write operation are preset, so that the intelligent card can normally recognize the operation without influencing the normal encryption and decryption operation and write operation, and the operation type is the same, thereby completely disturbing the effect from the waveform.
Preferably, the operation that needs to defend against the energy analysis attack in this embodiment specifically includes an encryption/decryption operation for encrypting and decrypting data and/or a write operation for writing data into the memory.
For the encryption and decryption operation, the operation type implemented by the introduced interference source code is the encryption and decryption operation, the specific encryption and decryption process may be flexibly set, and the adopted encryption and decryption algorithm may also be flexibly set, preferably, for the interference source code introduced by the encryption and decryption operation, as shown in fig. 2, the following setting process is specifically executed:
in step S201, a true random number generator is used to randomly generate an encryption/decryption frequency N, where N is an integer greater than or equal to 0, and the length of the encryption/decryption frequency N may be limited, for example, to 1 byte.
Step S202, generating N random data D by using the true random number generator1、D2...DN
Of course, the length of the random data may be limited, such as 8 bytes or other length.
Step S203, generating N groups of random numbers by using the true random number generatorMachine key K1、K2...KN
The execution of step S202 and step S203 is not limited successively.
Of course, the data characteristics to which the random key should be accorded can be randomly generated according to the encryption and decryption algorithm used, for example, when the DES encryption and decryption algorithm is used, the randomly generated key accords with the characteristics of the DES random secret, and of course, other encryption and decryption algorithms can also be used.
Step S204, judging whether N times of encryption and decryption operations are executed, if so, ending, otherwise, executing step S205;
step S205, take down a group of random keys KiAnd random data DiUsing KiTo DiAnd (5) performing encryption or decryption operation, wherein the value of i is different each time, i is more than or equal to 1 and less than or equal to N, and returning to execute the step S204.
The process realizes N times of encryption and decryption operations, random data and random keys used in the encryption and decryption operations are also randomly generated, and because N is an integer which is more than or equal to 0, whether the encryption and decryption operations are introduced and the times of introducing the encryption and decryption operations are randomly generated, so that the execution flow of the smart card when the same encryption and decryption operations are processed can be ensured not to be copied, and the smart card can be effectively prevented from being attacked through ways such as energy analysis and the like. The interference source code of the setting process corresponds to a first input parameter, and the first input parameter may be adopted by a function call code added before or after or both before and after the code of the encryption and decryption operation.
For write operation, the operation type implemented by the introduced interference source code is also write operation, a specific flow of writing data can be flexibly set, in order to support execution of the interference source code introduced by the write operation, in the embodiment of the present invention, a certain position is reserved in storage for writing the interference source code introduced by the write operation, and preferably, for the interference source code introduced by the write encryption operation, as shown in fig. 3, the following setting flow is specifically executed:
step S301, randomly generating writing times N 'by using a true random number generator, wherein N' is an integer which is more than or equal to 0;
of course, the length of the encryption/decryption times N' may be limited, for example, to 1 byte.
Step S302, using a true random number generator to randomly generate N' random data R1、R2...RN’;
Of course, the length of the random data may be defined in advance.
Step S303, judging whether N' times of data writing are executed, if so, finishing, otherwise, executing step S304;
step S304, random data R is takeniAnd writing the data into the specified reserved position of the memory, wherein the value of i is different each time, i is more than or equal to 1 and less than or equal to N', and returning to execute the step S303.
The process realizes the writing of data for N ' times, wherein N ' is randomly generated, random data written each time is also randomly generated, and because N ' is an integer which is more than or equal to 0, whether the writing operation is introduced or not and the number of times of introducing the writing data are both randomly generated, so that the execution flow of the smart card when the same writing operation is processed can be ensured not to be copied, and the smart card can be effectively prevented from being attacked through ways such as energy analysis and the like. The interference source code of the setting process corresponds to the second input parameter, and the function call code added before or after the code of the write operation or both before and after the code of the write operation may adopt the second input parameter.
In the above embodiment of the present invention, the same type of interference source code as the encryption/decryption operation is designed for the encryption/decryption operation, and the same type of interference source code as the write operation is designed for the write operation, in another embodiment of the present invention, a combination of the two interference source codes may be introduced for the encryption/decryption operation or the write operation, as shown in fig. 4, the interference source code introduced at the setting position of the code of the encryption/decryption operation or the write operation specifically executes the following setting flow:
step S401, a true random number generator is used for randomly generating encryption and decryption times N, wherein N is an integer which is greater than or equal to 0, and the length of N can be limited;
step S402, generating N random data D by using the true random number generator1、D2...DNIt is possible to define the length of the random data,
step S403, generating N groups of random keys K by using the true random number generator1、K2...KN
The execution of step S402 and step S403 is not limited successively.
Step S404, randomly generating writing times N ' by using a true random number generator, wherein N ' is an integer which is greater than or equal to 0 and can limit the length of N ';
step S404 may be performed before step S405, and is not limited to the execution of step S401, step S402, and step S403.
Step S405, randomly generating N' random data R by using a true random number generator1、R2...RN’;
Step S406, determining whether i is equal to the smaller one of N and N', wherein the initial value of i is 1, if so, executing step S408, and if not, executing step S407;
step S407, using KiTo DiPerforming encryption or decryption, and writing R into the specified reserved position of the memoryiI is increased by 1;
step S408, judging whether N is equal to N', if yes, finishing, otherwise executing step S409;
step S409, determining whether N is greater than N', if so, performing step S410, otherwise, performing step S411;
step S410, finally executing one-time use KiTo DiEncrypting or decrypting, and ending;
Step S411, write R to the appointed reserved position of the memory for the last timeiAnd then, the process is ended.
The interference source code of the set flow corresponds to a third input parameter, and the function calling code added before or after the code of the encryption and decryption operation or both before and after the code of the encryption and decryption operation can be randomly selected from the first input parameter and the third input parameter; the function call code added before or after the code of the write operation, or both, may be randomly selected from the second input parameter and the third input parameter.
The following is a preferred embodiment of the present invention for defending against energy analysis attacks.
1) Program analysis: analyzing a set operation, namely a code corresponding to an operation needing to defend energy analysis attack, in a source program executed by the intelligent card;
the program analysis may be to manually analyze a program executed by the smart card, or to design a set of software or a system to analyze the program executed by the smart card by using a keyword matching method according to a keyword of a code corresponding to a setting operation.
These operations generally involve operations on sensitive data, and are generally also attack targets of attackers, so that these operations need to be analyzed, interference operations are introduced nearby, the original flow is disturbed, and the attackers cannot locate real start and stop time points of operations on sensitive data, thereby ensuring the security of sensitive data.
An attacker analyzes the current operation type of the card through information such as energy consumption, and the operation with obvious energy consumption change is encryption and decryption operation and EEPROM writing operation, so that when analyzing and sorting programs, only attention is paid to the operation.
The program structure after program analysis and arrangement in this example is shown in table 1:
TABLE 1 program Structure after program analysis and arrangement
Figure BDA0000040894640000091
In the above program structure, the sensitive data operation program sequence is a code set corresponding to the setting operation, and a program between every two sensitive data operation program sequences becomes a program basic sequence.
2) Adding function call code in program structure
And adding function calling codes before and after the sensitive data operation program sequence, wherein the function calling codes call the interference source codes corresponding to the input parameters according to the input parameters, and different input parameters correspond to different interference source codes. For simplicity, the function call code in this embodiment is only one, and different types of interference sources are formed by introducing input parameters.
The function call code may specifically be in the form of:
void intruder(int interferon)
where interferon is an input parameter and int represents an integer.
In this embodiment, the program structure after adding function call codes before and after the sensitive data operation program sequence is shown in table 2:
table 2 program structure after adding function call code
Figure BDA0000040894640000101
In this embodiment, function call codes are added before and after the program sequence of the sensitive data operation, and particularly, an interference source code for implementing an operation of the same type as the set operation is introduced, for example: if the set operation is an encryption/decryption operation, then an interference source code is introduced that also implements the encryption/decryption operation. As for whether interference is introduced or not finally, the interference function determines that no interference is actually introduced in the embodiment when the randomly generated encryption and decryption times N or writing times N' are zero, in the embodiment, different interference source codes are called by the function calling code according to the input parameters, so that the point where the program really operates on sensitive data becomes unpredictable, the correct time point cannot be obtained by means of noise removal through statistical analysis and the like, interference is introduced before and after the sensitive data operation, and the difficulty of noise removal by means of statistical analysis and the like by an attacker can be greatly increased.
The following provides a design of an interference source code in an embodiment of the present invention.
Different input parameters correspond to different interferer codes. The operations executed by the interference source code include operations of the same type as the setting operation of the sensitive data to be protected actually, and what type of sensitive data operation program sequence exists, the interference source code of the same type can be designed for the program sequence, and generally, only if encryption and decryption and EEPROM write operations have obvious phenomena of energy, time and the like, the attention of an attacker can be attracted and utilized, so the encryption and decryption interference source and the EEPROM write operation are correspondingly designed for the encryption and decryption interference source and the EEPROM write interference source respectively.
The following describes a programming method for an encryption/decryption interference source and an EEPROM write interference source.
The DES algorithm is taken as an example to introduce a setting flow executed by an encryption and decryption interference source:
1) generating an encryption frequency with the length of 1 byte by using a true random number generator and recording the encryption frequency as N;
2) generating N random data D with length of 8 bytes by using true random number generator1、D2...DN
3) Generating N random sets of DES keys using a true random number generator is denoted K1、K2...KN
4) Using K in sequenceiTo DiAnd (4) encrypting or decrypting, wherein i is more than or equal to 1 and less than or equal to N.
In the specific implementation, the design of the setting flow executed for the encryption and decryption interference source according to the actual needs can be very flexible, and the above only provides a reference example.
For an EEPROM write interference source, an operation space that is an EEPROM space is created in advance as an interference source and is denoted as ADDRESS, and a setting procedure executed by the EEPROM write interference source is described below:
1) generating the number of writing times with the length of 1 byte by using a true random number generator and recording the number of writing times as N';
2) generation of N' random data R of 1 byte length using a true random number generator1、R2...RN’;
3) Sequentially write R to ADDRESS1、R2...RN’。
In specific implementation, the design of the setting process executed for the EEPROM interference source according to actual needs can be flexible, and the above is only provided as a reference example.
In an actual process, the introduction of interference to a certain type of operation may also be implemented by using a combination of multiple types of interference sources, and the combination includes the certain type of interference source, for example, the combination of an encryption/decryption interference source and an EEPROM write interference source may introduce an encryption/decryption operation or a write operation, and after the combination, the following flow is specifically executed:
1) generating an encryption and decryption interference number with the length of 1 byte by using a true random number generator and recording the encryption and decryption interference number as N;
2) generating N random data D with length of 8 bytes by using true random number generator1、D2...DN
3) Generating N random sets of DES keys using a true random number generator is denoted K1、K2...KN
4) Generating the number of writing times with the length of 1 byte by using a true random number generator and recording the number of writing times as N';
5) generation of N' random data R of 1 byte length using a true random number generator1、R2...RN’;
6) Repeating the following steps until i equals the smaller of N and N': using KiTo DiPerforming encryption or decryption, and writing R into the specified reserved position of the memoryiI is increased by 1;
7) if N ═ N ', then end, if N > N', finally execute once use KiTo DiPerforming encryption or decryption, and finally performing one-time writing of R into the specified reserved position of the memory if N is less than Ni
What kind of interference source is introduced is determined by input parameters, for example, when the encryption and decryption interference source corresponds to the input parameter a1, the EEPROM write interference source corresponds to the input parameter a2, the encryption and decryption interference source and the EEPROM write interference source correspond to the input parameter A3, the input parameter of the function call code added before and after the encryption and decryption operation may be a1 or A3, and the input parameter of the function call code added before and after the write operation may be a2 or A3.
The embodiment of the invention adds interference to the operation process of some sensitive data in the operation process of the smart card through an interference introduction mechanism, so that an attacker cannot correctly position an effective time point, for example, when encryption and decryption are performed, extra encryption and decryption interference is introduced, so that the attacker cannot determine which starting point is the start of the real encryption and decryption operation, and the attacker cannot extract a security key in the card through energy analysis, thereby achieving the purpose of preventing the attack.
The present invention provides a device having an attack defense function, as shown in fig. 5, including: a code execution unit 501 for executing a code corresponding to the setting operation; an interference program introducing unit 502, configured to introduce, in a process of executing the code, execution of an interference source code for the setting operation at a setting position of the code.
Preferably, the interference program introducing unit 502 is specifically configured to randomly introduce, in at least one setting position of the code, execution of an interference source code of the setting operation; or the interference source code is used for determining to introduce the execution of the interference source code of the setting operation according to an introduction mark preset at the setting position; or the function calling code preset at the set position is executed, so that the execution of the interference source code of the set operation is introduced. By adding the identification/function calling code in the smart card source program during program solidification, the operation and/or data needing to be protected can be effectively protected without omission, and the mode is realized through software without specific hardware support, so that hardware resources and cost are saved.
Preferably, the interference program introducing unit 502 is specifically configured to introduce, at a position adjacent to the start position of the code and before the code, execution of an interference source code of the setting operation, especially introduce an interference source code that implements an operation of the same type as the setting operation, for example: if the setting operation is an encryption and decryption operation, interference source codes for realizing the encryption and decryption operations are introduced; or at a position adjacent to the end position of the code and located after the code, the execution of the interference source code of the setting operation is introduced, especially the interference source code realizing the same type of operation as the setting operation is introduced, for example: if the setting operation is an encryption and decryption operation, interference source codes for realizing the encryption and decryption operations are introduced; or a position adjacent to the code start position and before the code, and a position adjacent to the code end position and after the code, and introducing the execution of the interference source code of the setting operation, especially introducing the interference source code realizing the same type of operation as the setting operation, such as: if the set operation is an encryption/decryption operation, then an interference source code is introduced that also implements the encryption/decryption operation.
Preferably, the interference program introducing unit 502 presets the introduction identifier/function call code at a set position of the code, and specifically includes: determining a keyword of a code corresponding to the setting operation; analyzing a source program by using the keywords and adopting a matching method to obtain the position of a code corresponding to the set operation in the source program; and according to the position of the code corresponding to the setting operation in the source program, presetting the introduction identification/function calling code at the setting position of the code corresponding to the setting operation.
Preferably, the function call code executed by the interference program introducing unit 502 includes an input parameter, and the function call code calls an interference source code corresponding to the input parameter according to the input parameter, where different input parameters correspond to different interference source codes.
Preferably, each type of setting operation corresponds to at least one input parameter, and when the setting operation corresponds to a plurality of input parameters, the function call code executed by the interference program introducing unit 502 randomly selects an input parameter from the plurality of input parameters.
Preferably, the operation performed by the interference source code introduced by the interference program introducing unit 502 introducing unit includes the same type of operation as the setting operation.
Preferably, the setting operation is an encryption/decryption operation, and the interference program introduces a ticketThe element 502 is specifically configured to introduce, at a setting position of a code of the encryption/decryption operation, an interference source code that executes a setting procedure as follows: randomly generating encryption and decryption times N by using a true random number generator, wherein N is an integer greater than or equal to 0; generating N random data D using the true random number generator1、D2...DN(ii) a Generating N sets of random keys K using the true random number generator1、K2...KN(ii) a Using K in sequenceiTo DiEncrypting or decrypting, wherein i is more than or equal to 1 and less than or equal to N; and/or
The setting operation is a write operation, and the interference program introducing unit 502 is specifically configured to introduce, at a setting position of a code of the write operation, an interference source code that executes a setting flow as follows: randomly generating writing times N 'by using a true random number generator, wherein N' is an integer which is greater than or equal to 0; random generation of N' random data R using a true random number generator1、R2...RN'; r is to be1、R2...RN' write sequentially to the designated reserved locations of the memory.
Preferably, the setting operation is an encryption/decryption operation or a write operation, and the interference program introducing unit 502 is specifically configured to introduce, at a setting position of a code of the encryption/decryption operation or the write operation, an interference source code that executes a following setting procedure:
randomly generating encryption and decryption times N by using a true random number generator, wherein N is an integer greater than or equal to 0;
generating N random data D using the true random number generator1、D2...DN
Generating N sets of random keys K using the true random number generator1、K2...KN
Randomly generating writing times N 'by using a true random number generator, wherein N' is an integer which is greater than or equal to 0;
generation of N' random data R using a true random number generator1、R2...RN’;
Repeating the following steps until i equals the smaller of N and N', wherein i has an initial value of 0: using KiTo DiPerforming encryption or decryption, writing R into the memoryiI is increased by 1;
if N ═ N ', then end, if N > N', finally execute once use KiTo DiPerforming encryption or decryption, and finally performing one-time writing of R into the specified reserved position of the memory if N is less than Ni
According to the device for defending against the energy analysis attack, the external attacker cannot correctly position the initial position and the final position of the key operation by increasing the interference on the front and the rear parts of the program sensitive data operation, so that the external attacker cannot obtain the private data in the card through energy analysis, and the aim of sensitive data in the card is fulfilled.
Preferably, the device with the attack defense function provided by the above embodiment of the present invention is a smart card. Preferably, the smart card can also comprise a device part in the existing smart card, such as a Flash storage unit for storing data; a central processing unit CPU; a memory access control unit mac (memory access control); RAM and other devices, and can also include:
the USB/UART interface is connected with the BUS and is used for connecting external equipment;
an algorithm control unit connected with the CPU through a BUS and executing various algorithms, such as safety-related algorithms, when necessary according to the control of the CPU;
the clock generation control unit is connected with the CPU through a BUS and is used for taking charge of the generation of an internal clock and the control of clock frequency and generating a clock signal required by the CPU;
the interrupt control unit is connected with the CPU through a BUS and performs interrupt control and processing when the interrupt is needed according to the control of the CPU;
and the random number generator is connected with the CPU through a BUS and generates random numbers required by the CPU according to the control of the CPU.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (11)

1. A method of defending against an attack, comprising:
executing a code corresponding to the setting operation;
in the process of executing the code, introducing execution of interference source code of the setting operation at a setting position of the code, wherein the operation executed by the interference source code at least comprises the operation of the same type as the setting operation;
the set position of the code includes:
a position adjacent to the code start position and located before the code; or
A position adjacent to the code end position and located after the code; or
A position adjacent to the code start position and located before the code, and a position adjacent to the code end position and located after the code.
2. The method of claim 1, wherein the introducing execution of the interference source code for the setting operation at the setting position of the code specifically comprises:
randomly introducing the execution of interference source codes for the setting operation at least one setting position of the codes; or
Determining the execution of interference source codes introduced to the set operation according to an introduction identifier preset at the set position; or
And introducing the execution of the interference source code of the setting operation by executing the function calling code preset at the setting position.
3. The method of claim 2, wherein the step of presetting the introduction identifier/function call code at a set position of the code specifically comprises:
determining a keyword of a code corresponding to the setting operation;
analyzing a source program by using the keywords and adopting a matching method to obtain the position of a code corresponding to the set operation in the source program;
and according to the position of the code corresponding to the setting operation in the source program, presetting the introduction identification/function calling code at the setting position of the code corresponding to the setting operation.
4. The method of claim 2, wherein the function call code includes an input parameter, the function call code invoking the aggressor code corresponding to the input parameter based on the input parameter, wherein different input parameters correspond to different aggressor codes.
5. The method of claim 4, wherein each type of setup operation corresponds to at least one input parameter, and wherein the function call code randomly selects an input parameter from the plurality of input parameters when the setup operation corresponds to the plurality of input parameters.
6. An apparatus having an attack defense function, comprising:
the code execution unit is used for executing a code corresponding to the setting operation;
an interference program introducing unit, configured to introduce, in a process of executing the code, execution of an interference source code for the setting operation at a setting position of the code, where operations executed by the interference source code include at least an operation of the same type as the setting operation;
the interference program introducing unit is specifically configured to:
introducing execution of an aggressor code to the set operation at a location adjacent to and in front of the code start location; or,
introducing execution of an interference source code for the set operation at a location adjacent to and subsequent to the code end location; or,
the execution of the interfering source code for the set operation is introduced both at a location adjacent to and before the code start location and at a location adjacent to and after the code end location.
7. The apparatus of claim 6, wherein the interference procedure introducing unit is specifically configured to:
randomly introducing the execution of interference source codes for the setting operation at least one setting position of the codes; or,
determining the execution of interference source codes introduced to the set operation according to an introduction identifier preset at the set position; or,
and introducing the execution of the interference source code of the setting operation by executing the function calling code preset at the setting position.
8. The apparatus of claim 7, wherein the interfering program introducing unit presets the introduction identifier/function call code at a set position of the code, and specifically includes:
determining a keyword of a code corresponding to the setting operation;
analyzing a source program by using the keywords and adopting a matching method to obtain the position of a code corresponding to the set operation in the source program;
and according to the position of the code corresponding to the setting operation in the source program, presetting the introduction identification/function calling code at the setting position of the code corresponding to the setting operation.
9. The apparatus of claim 7, wherein the function call code executed by the interference program importing unit includes an input parameter, and the function call code calls an interference source code corresponding to the input parameter according to the input parameter, wherein different input parameters correspond to different interference source codes.
10. The apparatus of claim 9, wherein each type of configuration operation corresponds to at least one input parameter, and the function call code executed by the interference program importing unit randomly selects an input parameter from the plurality of input parameters when the configuration operation corresponds to a plurality of input parameters.
11. The apparatus according to any one of claims 8 to 10, wherein the apparatus is a smart card.
CN2010106080853A 2010-12-27 2010-12-27 Method for defending attack and device with attack defending function Expired - Fee Related CN102110206B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010106080853A CN102110206B (en) 2010-12-27 2010-12-27 Method for defending attack and device with attack defending function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010106080853A CN102110206B (en) 2010-12-27 2010-12-27 Method for defending attack and device with attack defending function

Publications (2)

Publication Number Publication Date
CN102110206A CN102110206A (en) 2011-06-29
CN102110206B true CN102110206B (en) 2013-01-16

Family

ID=44174365

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010106080853A Expired - Fee Related CN102110206B (en) 2010-12-27 2010-12-27 Method for defending attack and device with attack defending function

Country Status (1)

Country Link
CN (1) CN102110206B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2494731B (en) * 2011-09-06 2013-11-20 Nds Ltd Preventing data extraction by sidechannel attack
CN102710413A (en) * 2012-04-25 2012-10-03 杭州晟元芯片技术有限公司 System and method with function of DPA/SPA (Differential Power Analysis/Simple Power Analysis) attack prevention
CN102946307B (en) * 2012-11-14 2015-05-13 中国地质大学(武汉) Method and system for protecting electricity consumption privacy of smart grid users
CN104657680A (en) * 2013-11-20 2015-05-27 上海华虹集成电路有限责任公司 In-chip template attack resisting data transmission method
CN108537271B (en) * 2018-04-04 2021-02-05 重庆大学 Method for defending against sample attack based on convolution denoising self-encoder

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2776410B1 (en) * 1998-03-20 2002-11-15 Gemplus Card Int DEVICES FOR MASKING THE OPERATIONS CARRIED OUT IN A MICROPROCESSOR CARD
FR2789776B1 (en) * 1999-02-17 2001-04-06 Gemplus Card Int COUNTER-MEASUREMENT METHOD IN AN ELECTRONIC COMPONENT USING A SECRET KEY CRYPTOGRAPHY ALGORITHM
DE19936529C1 (en) * 1999-08-03 2001-02-01 Orga Kartensysteme Gmbh Method for encrypting data using standard encryption in a microprocessor-based, portable data carrier
DE69940372D1 (en) * 1999-09-29 2009-03-19 Hitachi Ltd DEVICE, PROGRAM OR SYSTEM FOR PROCESSING SECRET INFORMATION
DE10101956A1 (en) * 2001-01-17 2002-07-25 Infineon Technologies Ag Method for increasing the security of a CPU by prevention of differential power analysis by insertion of a random placeholder code in a CPU pipeline decode stage that does not, however, affect the CPU state

Also Published As

Publication number Publication date
CN102110206A (en) 2011-06-29

Similar Documents

Publication Publication Date Title
EP3007093B1 (en) System and method for reducing information leakage from memory
EP1505470A2 (en) Terminal application generation apparatus and application authentication method
US8918768B2 (en) Methods and apparatus for correlation protected processing of data operations
CN102110206B (en) Method for defending attack and device with attack defending function
EP3103109A1 (en) Countermeasures against side-channel attacks on cryptographic algorithms using permutations
US20230018185A1 (en) Obfuscating data at-transit
EP3316177B1 (en) Attack prevention method, apparatus and chip for cipher engine
CN109462477B (en) White box encryption method based on Internet of things embedded equipment
CN103903043B (en) A kind of smart card Trinity preventing side-channel attack means of defence and system
CN103136458A (en) Code protection method for Linux operating system and module of method
US20170046280A1 (en) Data processing device and method for protecting a data processing device against attacks
EP2056275A1 (en) Pseudo random number generator, stream encrypting device, and program
Jiang et al. A novel cache bank timing attack
CN109165531B (en) AES mask method, electronic equipment and storage medium
CN111046381A (en) Embedded CPU anti-differential power consumption analysis device and method
CN113673002A (en) A Memory Overflow Defense Method Based on Pointer Encryption Mechanism and RISC-V Coprocessor
Abdellatif et al. Filtering-based CPA: a successful side-channel attack against desynchronization countermeasures
Leng Smart card applications and security
US20110091034A1 (en) Secure Method for Cryptographic Computation and Corresponding Electronic Component
CN105245325B (en) Method and apparatus for processing data
WO2017016087A1 (en) Method and device for generating program having random layout
CN209103293U (en) Electronic equipment
CN108121917B (en) Method and system for circuit protection
US11061996B2 (en) Intrinsic authentication of program code
WO2018234415A1 (en) Computing device processing expanded data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden

Patentee after: BEIJING WATCHDATA Co.,Ltd.

Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden

Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130116

Termination date: 20211227