[go: up one dir, main page]

CN117521162A - Top layer covering circuit of security chip, security chip and attack identification method - Google Patents

Top layer covering circuit of security chip, security chip and attack identification method Download PDF

Info

Publication number
CN117521162A
CN117521162A CN202311382308.2A CN202311382308A CN117521162A CN 117521162 A CN117521162 A CN 117521162A CN 202311382308 A CN202311382308 A CN 202311382308A CN 117521162 A CN117521162 A CN 117521162A
Authority
CN
China
Prior art keywords
inverter
output
input
signal
security chip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311382308.2A
Other languages
Chinese (zh)
Inventor
张辉
吴正中
唐才荣
张祥杉
王晓东
刘喆
邓能文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Urban Construction Intelligent Control Technology Co ltd
Original Assignee
Beijing Urban Construction Intelligent Control Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Urban Construction Intelligent Control Technology Co ltd filed Critical Beijing Urban Construction Intelligent Control Technology Co ltd
Priority to CN202311382308.2A priority Critical patent/CN117521162A/en
Publication of CN117521162A publication Critical patent/CN117521162A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a top layer coverage circuit of a security chip, the security chip and an attack identification method, wherein the top layer coverage circuit of the security chip comprises: an inverter unit, an input inverter, an output inverter, and a signal comparison circuit; the inverter unit comprises at least one stage of inverter, the input end of the inverter unit is connected with the output end of the input inverter, the output end of the inverter unit is connected with the input end of the output inverter, and all or part of the output ends of the at least one stage of inverter and the output end of the output inverter are connected with the input end of the signal comparison circuit.

Description

Top layer covering circuit of security chip, security chip and attack identification method
Technical Field
The present invention relates to the field of security circuits, and in particular, to a top layer coverage circuit of a security chip, and an attack recognition method.
Background
Security chips are now required in many fields. The security chip is characterized in that the security chip has strong protection to internal important information, has strong protection capability to various external attack means, ensures that internal sensitive data cannot be leaked out when the chip receives external attack, and achieves the purpose of security. The top layer coverage of the security chip is a very important and very effective security protection measure, has very strong protection capability for invasive attack and semi-invasive attack, and is one of the necessary security protection measures of the security chip.
Along with the progress of technology and the popularization of chip knowledge, the attack level of an attacker is continuously improved, and the top layer coverage circuit of the existing security chip is insufficient to fully protect the security chip; therefore, how to improve the security protection capability of the security chip and ensure the security of the sensitive information of the security chip becomes a urgent problem to be solved.
Disclosure of Invention
The invention provides a top layer covering circuit of a security chip, the security chip and an attack recognition method, which are used for improving the security protection capability of the security chip and ensuring the security of sensitive information of the security chip.
In a first aspect, the present invention provides a top-level overlay circuit for a security chip, comprising: an inverter unit, an input inverter, an output inverter, and a signal comparison circuit;
the inverter unit comprises at least one stage of inverter, the input end of the inverter unit is connected with the output end of the input inverter, the output end of the inverter unit is connected with the input end of the output inverter, and all or part of the output ends of the at least one stage of inverter and the output end of the output inverter are connected with the input end of the signal comparison circuit.
According to the top-layer coverage circuit of the security chip, the at least one-stage inverter is connected in series, the input end of the first-stage inverter in the at least one-stage inverter is connected with the output end of the input inverter, and the output end of the last-stage inverter in the at least one-stage inverter is connected with the input end of the output inverter.
In a second aspect, the invention provides a security chip comprising the top-layer overlay circuit of the security chip according to the first aspect.
In a third aspect, the present invention provides an attack recognition method applied to the security chip according to the second aspect, the method comprising:
performing signal comparison based on signals output by all or part of output ends of the at least one stage of inverter, output signals of the output inverter and input signals of the input inverter;
under the condition that the signal comparison results are consistent in comparison, determining that the security chip is not attacked;
and under the condition that the result of the signal comparison comprises inconsistent comparison, determining that the security chip is attacked.
According to the attack recognition method provided by the invention, the signal comparison is performed based on the signal output by all or part of the output ends of the at least one stage of inverter, the output signal of the output inverter and the input signal of the input inverter, and the attack recognition method comprises the following steps:
the signal output by the output end of the inverter and the signal output by the output end of the output inverter are directly compared with the input signal of the input inverter under the condition that the signal output by the output end of the inverter and the signal output by the output end of the output inverter exist in the at least one-stage inverter and are in phase with the input signal of the input inverter;
and when the signals output by the output end of the inverter and the signals output by the output end of the output inverter exist in the at least one-stage inverter and are opposite to the input signals of the input inverter, comparing the signals output by the output end of the inverter and the signals output by the output end of the output inverter with the opposite signals of the input inverter.
According to the attack recognition method provided by the invention, after the security chip is determined to be attacked, the method further comprises the following steps:
the signal comparison circuit generates an alarm signal;
based on the alarm signal, the security chip switches to a secure reset state.
In a fourth aspect, the present invention provides an attack recognition device applied to the security chip according to the second aspect, the device comprising:
the comparison module is used for comparing signals based on signals output by all or part of output ends of the at least one stage of inverter, output signals of the output inverter and input signals of the input inverter;
the determining module is used for determining that the security chip is not attacked under the condition that the signal comparison results are consistent; and under the condition that the result of the signal comparison comprises inconsistent comparison, determining that the security chip is attacked.
In a fifth aspect, the present invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of any of the attack identification methods described above when the program is executed.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the attack identification method according to any of the above.
The invention also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the attack identification method according to any of the preceding claims.
According to the top layer coverage circuit of the security chip, the security chip and the attack identification method, at least one level of inverter is arranged on the top layer coverage circuit of the security chip, and part or all of the output is connected with the signal comparison circuit to participate in signal comparison; the comparison of multiple signals and opposite signals is increased, the attack difficulty of an attacker is increased, and the safety of the safety chip is enhanced.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a related art provided physical layer protection circuit metal line;
FIG. 2 is a block diagram of a physical layer protection circuit implementation provided by the related art;
FIG. 3 is a diagram showing the comparison of the top layer coverage circuit of a security chip before and after being attacked in the related art;
FIG. 4 is a schematic diagram of a top-level overlay circuit of a security chip according to the present invention;
FIG. 5 is a schematic diagram of a security chip according to the present invention;
FIG. 6 is a schematic flow chart of an attack recognition method provided by the invention;
FIG. 7 is a schematic diagram of an attack recognition device according to the present invention;
fig. 8 illustrates a physical structure diagram of an electronic device.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The following will be described first:
in the related art, fig. 1 is a metal wire of a physical layer protection circuit provided by the related art, fig. 2 is a block diagram of an implementation of the physical layer protection circuit provided by the related art, and as shown in fig. 1 and fig. 2, a method for implementing top layer coverage of a security chip is as follows: and tens of signal wires are connected with the top layer metal of the chip and cover all areas of the security chip except the signal pins PAD. One end of each signal wire is connected with the output end of the input inverter, and the other end is connected with the input end of the output inverter. The input signal to the inverter is a random number perturbed by a truly random source signal. Signals between tens of signal lines may all be different and are random numbers.
Several tens of signal lines can be divided into several groups, and when input is performed once, one input signal can be changed in each group. After a period of time, the input signal reaches the output end of the output inverter, the output signal of the output inverter is compared with the input signal of the input inverter, and if the comparison result is consistent, the top layer is completely covered and is not attacked; otherwise, if the signal comparison result is inconsistent, the top layer coverage is incomplete and is attacked, and the signal comparison circuit generates an alarm signal to enable the security chip to enter a security reset state, so that the security of important data in the chip is protected.
In the related art, there is only one long top metal line between the input inverter output and the output inverter input. Along with the progress of technology and the popularization of chip knowledge, the attack level of attackers is also continuously improved; FIG. 3 is a comparison of the prior art before and after the top layer coverage circuit of the security chip is attacked, as shown in FIG. 3, an attacker can directly short the top layer metal connection part; the rest is removed, and many places of the security chip lose the protection of the top metal cover, so that an attacker can attack the security chip through an invasive and semi-invasive attack method.
Therefore, the invention provides a top layer coverage circuit of a security chip, the security chip and an attack recognition method, which are used for improving the security protection capability of the security chip and ensuring the security of sensitive information of the security chip.
The top layer coverage circuit of the security chip, the security chip and the attack recognition method of the present invention are described below with reference to the accompanying drawings.
Fig. 4 is a schematic structural diagram of a top layer coverage circuit of a security chip according to the present invention, and as shown in fig. 4, the top layer coverage circuit of the security chip includes: an inverter unit 410, an input inverter 420, an output inverter 430, and a signal comparison circuit 440;
the inverter unit 410 includes at least one stage of inverter, an input end of the inverter unit 410 is connected to an output end of the input inverter 420, an output end of the inverter unit 410 is connected to an input end of the output inverter 430, and all or part of output ends of the at least one stage of inverter and an output end of the output inverter 430 are connected to an input end of the signal comparison circuit 440.
Specifically, the invention inserts at least one inverter between the output of the input inverter and the input of the output inverter, connects the inserted inverter output or part of the output with the input of the signal comparison circuit, i.e. leads the inserted inverter output or part of the output to the signal comparison circuit for signal comparison.
Specifically, although the number of inverters through which signals output from inverters of different stages pass is different, there may be a case where a signal output from a part of the inverters is in phase with an input signal input to the inverter, and a signal output from a part of the inverters is in phase with an input signal input to the inverter; for the situation that the signal output by the output end of a certain inverter is in phase with the input signal of the input inverter, the signal output by the output end of the inverter is directly compared with the input signal of the input inverter; and in the case that the signal output by the output end of one inverter is in phase opposition with the input signal of the input inverter, the signal output by the output end of the inverter is directly compared with the phase opposition signal of the input inverter.
Specifically, for the result of signal comparison, if the result of signal comparison is consistent, it can be determined that the top layer of the security chip is covered completely and is not attacked; on the contrary, under the condition that the result of the signal comparison comprises inconsistent comparison, the situation that the top layer of the security chip is not completely covered can be determined, and the security chip is attacked, the signal comparison circuit can generate an alarm signal, so that the chip enters a security reset state, and the security of important data in the chip is protected.
According to the top layer coverage circuit of the security chip, at least one level of inverter is arranged on the top layer coverage circuit of the security chip, and part or all of the top layer coverage circuit is connected with the signal comparison circuit to participate in signal comparison; the comparison of multiple signals and opposite signals is increased, the attack difficulty of an attacker is increased, and the safety of the safety chip is enhanced.
In some embodiments, the at least one stage of inverters are connected in series, an input of a first stage of inverter of the at least one stage of inverters is connected with an output of the input inverter, and an output of a last stage of inverter of the at least one stage of inverters is connected with an input of the output inverter.
Specifically, at least one inverter is connected in series, for example, an input terminal of a first inverter is connected to an output terminal of the input inverter, an output terminal of the first inverter is connected to an input terminal of a second inverter, an output terminal of the second inverter is connected to an input terminal of a third inverter, an output terminal of the third inverter is connected to an input terminal of a fourth inverter, …, and so on, an output terminal of a penultimate inverter is connected to an input terminal of a last inverter, and an output terminal of the last inverter is connected to an input terminal of the output inverter.
Fig. 5 is a schematic structural diagram of a security chip provided by the present invention, and as shown in fig. 5, a security chip 500 includes a top layer covering circuit 510 of the security chip.
Specifically, the top-level overlay circuit 510 of the security chip includes an inverter unit, an input inverter, an output inverter, and a signal comparison circuit; the inverter unit comprises at least one stage of inverter, the input end of the inverter unit is connected with the output end of the input inverter, the output end of the inverter unit is connected with the input end of the output inverter, and all or part of the output ends of the at least one stage of inverter and the output end of the output inverter are connected with the input end of the signal comparison circuit.
Specifically, at least one stage of inverter is inserted between the input inverter output and the output inverter input, and the inserted inverter output ends or part of the inverter output ends are connected with the input ends of the signal comparison circuit, namely, the inserted inverter output ends or part of the inverter output ends are led to the signal comparison circuit for signal comparison.
Specifically, although the number of inverters through which signals output from inverters of different stages pass is different, there may be a case where a signal output from a part of the inverters is in phase with an input signal input to the inverter, and a signal output from a part of the inverters is in phase with an input signal input to the inverter; for the situation that the signal output by the output end of a certain inverter is in phase with the input signal of the input inverter, the signal output by the output end of the inverter is directly compared with the input signal of the input inverter; and in the case that the signal output by the output end of one inverter is in phase opposition with the input signal of the input inverter, the signal output by the output end of the inverter is directly compared with the phase opposition signal of the input inverter.
Specifically, for the result of signal comparison, if the result of signal comparison is consistent, it can be determined that the top layer of the security chip is covered completely and is not attacked; on the contrary, under the condition that the result of the signal comparison comprises inconsistent comparison, the situation that the top layer of the security chip is not completely covered can be determined, and the security chip is attacked, the signal comparison circuit can generate an alarm signal, so that the chip enters a security reset state, and the security of important data in the chip is protected.
Specifically, at least one inverter is connected in series, for example, an input terminal of a first inverter is connected to an output terminal of the input inverter, an output terminal of the first inverter is connected to an input terminal of a second inverter, an output terminal of the second inverter is connected to an input terminal of a third inverter, an output terminal of the third inverter is connected to an input terminal of a fourth inverter, …, and so on, an output terminal of a penultimate inverter is connected to an input terminal of a last inverter, and an output terminal of the last inverter is connected to an input terminal of the output inverter.
According to the security chip provided by the invention, at least one level of inverter is arranged on the top layer coverage circuit of the security chip, and part or all of the output is connected with the signal comparison circuit to participate in signal comparison; the comparison of multiple signals and opposite signals is increased, the attack difficulty of an attacker is increased, and the safety of the safety chip is enhanced.
Fig. 6 is a schematic flow chart of an attack recognition method provided by the present invention, as shown in fig. 6, the attack recognition method is applied to the above-mentioned security chip, and the attack recognition method includes the following steps:
step 600, performing signal comparison based on the signal output by all or part of the output terminals of the at least one stage of inverter, the output signal of the output inverter, and the input signal of the input inverter;
specifically, the attack recognition method of the present invention is applied to the above-mentioned security chip, and the top-layer coverage circuit 510 of the security chip includes the above-mentioned inverter unit 410, an input inverter, an output inverter and a signal comparison circuit, that is, at least one stage of inverter is inserted between the input inverter output and the output inverter input, and the inserted inverter output terminals or part of the output terminals and the output terminals of the output inverter are connected to the input terminals of the signal comparison circuit, that is, the output terminals of the output inverter, the inserted inverter output or part of the output are led to the signal comparison circuit for signal comparison.
Step 610, determining that the security chip is not attacked when the signal comparison results are consistent; and under the condition that the result of the signal comparison comprises inconsistent comparison, determining that the security chip is attacked.
Specifically, for the result of signal comparison, if the result of signal comparison is consistent, it can be determined that the top layer of the security chip is covered completely and is not attacked; otherwise, if the result of the signal comparison includes inconsistent comparison, it can be determined that the top layer of the security chip is not completely covered, and the security chip is attacked.
Specifically, at least one inverter is connected in series, for example, an input terminal of a first inverter is connected to an output terminal of the input inverter, an output terminal of the first inverter is connected to an input terminal of a second inverter, an output terminal of the second inverter is connected to an input terminal of a third inverter, an output terminal of the third inverter is connected to an input terminal of a fourth inverter, …, and so on, an output terminal of a penultimate inverter is connected to an input terminal of a last inverter, and an output terminal of the last inverter is connected to an input terminal of the output inverter.
According to the attack identification method provided by the invention, at least one level of inverter is arranged on the top layer coverage circuit of the security chip, and part or all of the output is connected with the signal comparison circuit to participate in signal comparison; the comparison of multiple signals and opposite signals is increased, the attack difficulty of an attacker is increased, and the safety of the safety chip is enhanced.
In some embodiments, the comparing the signals based on the signals output from all or part of the output terminals of the at least one stage inverter, the output signals of the output inverter, and the input signals of the input inverter includes:
the signal output by the output end of the inverter and the signal output by the output end of the output inverter are directly compared with the input signal of the input inverter under the condition that the signal output by the output end of the inverter and the signal output by the output end of the output inverter exist in the at least one-stage inverter and are in phase with the input signal of the input inverter;
and when the signals output by the output end of the inverter and the signals output by the output end of the output inverter exist in the at least one-stage inverter and are opposite to the input signals of the input inverter, comparing the signals output by the output end of the inverter and the signals output by the output end of the output inverter with the opposite signals of the input inverter.
Specifically, although the number of inverters through which signals output from inverters of different stages pass is different, there may be a case where a signal output from a part of the inverters is in phase with an input signal input to the inverter, and a signal output from a part of the inverters is in phase with an input signal input to the inverter; for the situation that the signal output by the output end of a certain inverter is in phase with the input signal of the input inverter, the signal output by the output end of the inverter is directly compared with the input signal of the input inverter; and in the case that the signal output by the output end of one inverter is in phase opposition with the input signal of the input inverter, the signal output by the output end of the inverter is directly compared with the phase opposition signal of the input inverter.
In some embodiments, after the determining that the secure chip is under attack, the method further comprises:
the top layer coverage circuit generates an alarm signal;
based on the alarm signal, the security chip switches to a secure reset state.
Specifically, if the security chip is determined to be attacked, the signal comparison circuit of the top layer coverage circuit can generate an alarm signal, so that the chip enters a security reset state, and the security of important data in the chip is protected.
The attack recognition device provided by the invention is described below, and the attack recognition device described below and the attack recognition method described above can be referred to correspondingly.
Fig. 7 is a schematic structural diagram of an attack recognition device according to the present invention, and as shown in fig. 7, the attack recognition device is applied to the above-mentioned security chip, and the attack recognition device 700 includes:
a comparison module 710, configured to perform signal comparison based on a signal output by all or part of the output terminals of the at least one stage inverter, an output signal of the output inverter, and an input signal of the input inverter;
a determining module 720, configured to determine that the security chip is not attacked when the signal comparison results are consistent; and under the condition that the result of the signal comparison comprises inconsistent comparison, determining that the security chip is attacked.
According to the attack recognition device provided by the invention, at least one level of inverter is arranged on the top layer coverage circuit of the security chip, and part or all of the output is connected with the signal comparison circuit to participate in signal comparison; the comparison of multiple signals and opposite signals is increased, the attack difficulty of an attacker is increased, and the safety of the safety chip is enhanced.
The attack recognition device 700 provided by the present invention can implement the steps in the above method embodiments to achieve the same technical effects, and will not be described herein.
Fig. 8 illustrates a physical structure diagram of an electronic device, as shown in fig. 8, which may include: processor 810, communication interface (Communications Interface) 820, memory 830, and communication bus 840, wherein processor 810, communication interface 820, memory 830 accomplish communication with each other through communication bus 840. The processor 810 may invoke logic instructions in the memory 830 to perform an attack identification method comprising: performing signal comparison based on signals output by all or part of output ends of the at least one stage of inverter, output signals of the output inverter and input signals of the input inverter;
under the condition that the signal comparison results are consistent in comparison, determining that the security chip is not attacked;
and under the condition that the result of the signal comparison comprises inconsistent comparison, determining that the security chip is attacked.
Further, the logic instructions in the memory 830 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product comprising a computer program, the computer program being storable on a non-transitory computer readable storage medium, the computer program, when executed by a processor, being capable of executing the attack recognition method provided by the above methods, the method comprising: performing signal comparison based on signals output by all or part of output ends of the at least one stage of inverter, output signals of the output inverter and input signals of the input inverter;
under the condition that the signal comparison results are consistent in comparison, determining that the security chip is not attacked;
and under the condition that the result of the signal comparison comprises inconsistent comparison, determining that the security chip is attacked.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the attack recognition method provided by the above methods, the method comprising: performing signal comparison based on signals output by all or part of output ends of the at least one stage of inverter, output signals of the output inverter and input signals of the input inverter;
under the condition that the signal comparison results are consistent in comparison, determining that the security chip is not attacked;
and under the condition that the result of the signal comparison comprises inconsistent comparison, determining that the security chip is attacked.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A top-level overlay circuit for a security chip, comprising: an inverter unit, an input inverter, an output inverter, and a signal comparison circuit;
the inverter unit comprises at least one stage of inverter, the input end of the inverter unit is connected with the output end of the input inverter, the output end of the inverter unit is connected with the input end of the output inverter, and all or part of the output ends of the at least one stage of inverter and the output end of the output inverter are connected with the input end of the signal comparison circuit.
2. The top-level overlay circuit of a security chip of claim 1, wherein the at least one inverter is connected in series, an input of a first one of the at least one inverter is connected to an output of the input inverter, and an output of a last one of the at least one inverter is connected to an input of the output inverter.
3. A security chip comprising the top-layer overlay circuit of the security chip of claim 1 or 2.
4. An attack recognition method applied to the security chip as claimed in claim 3, the method comprising:
performing signal comparison based on signals output by all or part of output ends of the at least one stage of inverter, output signals of the output inverter and input signals of the input inverter;
under the condition that the signal comparison results are consistent in comparison, determining that the security chip is not attacked;
and under the condition that the result of the signal comparison comprises inconsistent comparison, determining that the security chip is attacked.
5. The attack recognition method according to claim 4, wherein the performing signal comparison based on the signal output from all or part of the output terminals of the at least one stage inverter, the output signal of the output inverter, and the input signal of the input inverter includes:
the signal output by the output end of the inverter and the signal output by the output end of the output inverter are directly compared with the input signal of the input inverter under the condition that the signal output by the output end of the inverter and the signal output by the output end of the output inverter exist in the at least one-stage inverter and are in phase with the input signal of the input inverter;
and when the signals output by the output end of the inverter and the signals output by the output end of the output inverter exist in the at least one-stage inverter and are opposite to the input signals of the input inverter, comparing the signals output by the output end of the inverter and the signals output by the output end of the output inverter with the opposite signals of the input inverter.
6. The attack identification method according to claim 4, wherein after said determining that the secure chip is attacked, the method further comprises:
generating an alarm signal;
and switching to a safe reset state based on the alarm signal.
7. An attack recognition device, applied to the security chip of claim 3, comprising:
the comparison module is used for comparing signals based on signals output by all or part of output ends of the at least one stage of inverter, output signals of the output inverter and input signals of the input inverter;
the determining module is used for determining that the security chip is not attacked under the condition that the signal comparison results are consistent; and under the condition that the result of the signal comparison comprises inconsistent comparison, determining that the security chip is attacked.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the attack recognition method according to any of claims 4 to 6 when the program is executed by the processor.
9. A non-transitory computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when executed by a processor, implements the steps of the attack identification method according to any of claims 4 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the steps of the attack recognition method according to any of claims 4 to 6.
CN202311382308.2A 2023-10-24 2023-10-24 Top layer covering circuit of security chip, security chip and attack identification method Pending CN117521162A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311382308.2A CN117521162A (en) 2023-10-24 2023-10-24 Top layer covering circuit of security chip, security chip and attack identification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311382308.2A CN117521162A (en) 2023-10-24 2023-10-24 Top layer covering circuit of security chip, security chip and attack identification method

Publications (1)

Publication Number Publication Date
CN117521162A true CN117521162A (en) 2024-02-06

Family

ID=89748530

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311382308.2A Pending CN117521162A (en) 2023-10-24 2023-10-24 Top layer covering circuit of security chip, security chip and attack identification method

Country Status (1)

Country Link
CN (1) CN117521162A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1292110A (en) * 1998-11-05 2001-04-18 因芬尼昂技术股份公司 Protection circuit for integrated circuit
US20080244749A1 (en) * 2007-03-27 2008-10-02 Samsung Electronics Co., Ltd. Integrated circuits including reverse engineering detection using differences in signals
WO2011155114A1 (en) * 2010-06-08 2011-12-15 パナソニック株式会社 Protection circuit, semiconductor device and electronic equipment
CN102455394A (en) * 2010-10-27 2012-05-16 上海华虹集成电路有限责任公司 Device for defending invasive attack
CN105629154A (en) * 2015-12-25 2016-06-01 大唐微电子技术有限公司 Chip top metal cover circuit test realization method and device
CN112513858A (en) * 2018-08-03 2021-03-16 Arm有限公司 Tamper detection in integrated circuits
KR20210052145A (en) * 2019-10-29 2021-05-10 고려대학교 산학협력단 Silicon backside protection device and operation method thereof
CN113343317A (en) * 2020-02-18 2021-09-03 新唐科技股份有限公司 Secure integrated circuit and protection method thereof
US20220358253A1 (en) * 2019-08-23 2022-11-10 Cryptography Research, Inc. Anti-tamper shield based on strings of series resistors

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1292110A (en) * 1998-11-05 2001-04-18 因芬尼昂技术股份公司 Protection circuit for integrated circuit
US20080244749A1 (en) * 2007-03-27 2008-10-02 Samsung Electronics Co., Ltd. Integrated circuits including reverse engineering detection using differences in signals
WO2011155114A1 (en) * 2010-06-08 2011-12-15 パナソニック株式会社 Protection circuit, semiconductor device and electronic equipment
CN102455394A (en) * 2010-10-27 2012-05-16 上海华虹集成电路有限责任公司 Device for defending invasive attack
CN105629154A (en) * 2015-12-25 2016-06-01 大唐微电子技术有限公司 Chip top metal cover circuit test realization method and device
CN112513858A (en) * 2018-08-03 2021-03-16 Arm有限公司 Tamper detection in integrated circuits
US20220358253A1 (en) * 2019-08-23 2022-11-10 Cryptography Research, Inc. Anti-tamper shield based on strings of series resistors
KR20210052145A (en) * 2019-10-29 2021-05-10 고려대학교 산학협력단 Silicon backside protection device and operation method thereof
CN113343317A (en) * 2020-02-18 2021-09-03 新唐科技股份有限公司 Secure integrated circuit and protection method thereof

Similar Documents

Publication Publication Date Title
CN107256349B (en) Method and device for preventing dynamic library from being stolen, electronic equipment and readable storage medium
CN109933980A (en) A kind of vulnerability scanning method, apparatus and electronic equipment
CN107991572B (en) Chip top layer covering integrity protection method and device
CN101478404A (en) Extraction apparatus and method for chip finger print
US5994917A (en) Method and apparatus for sequencing an integrated circuit
CN117521162A (en) Top layer covering circuit of security chip, security chip and attack identification method
US6678739B1 (en) System, method, and computer program product for compressing test pattern set
US10148671B2 (en) Method for protecting a chip card against a physical attack intended to modify the logical behaviour of a functional program
CN110751570B (en) Electric power business message attack identification method and system based on business logic
CN109583246B (en) Chip physical security detection device and method
US20230153472A1 (en) Integrated Circuit and Method for Protecting an Integrated Circuit Against Reverse Engineering
CN113935008B (en) User authentication method, device, electronic equipment and computer readable storage medium
US11914706B2 (en) Circuit design method and associated circuit
US11789897B2 (en) Data processing circuit, data processing method, and electronic device
CN115509941A (en) Data interface testing method and device
CN109886019B (en) Hardware Trojan detection method based on RTL (real-time kinematic) level feature extraction
CN113704255A (en) Data insertion method and device, and data verification method and device
CN112395648A (en) Block chain-based government affair public data call information tracing method and system
CN110929271A (en) Chip tamper-proofing method, system, terminal and storage medium
CN113204803B (en) Chip physical protection circuit and method
CN113536310B (en) Code file processing method, code file checking device and electronic equipment
CN110391187B (en) Anti-attack protection structure of chip
CN112948799B (en) Verification method of graphic verification code and related device thereof
Ramji et al. Reduction of Data Leakage Trojans in Modulation Scheme of TDMA using Encoding and Decoding
CN116015950A (en) Login method and device of webpage platform, terminal equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination