面向物联网应用的SoC安全检查架构设计

doi:10.19678/j.issn.1000-3428.0057460

计算机工程 ›› 2021, Vol. 47 ›› Issue (2): 152-159. doi: 10.19678/j.issn.1000-3428.0057460

面向物联网应用的SoC安全检查架构设计

闫华钰^1,2, 陈岚¹, 佟鑫¹, 李莹¹

1. 中国科学院微电子研究所, 北京 100029;
2. 中国科学院大学, 北京 100049

收稿日期:2020-02-21 修回日期:2020-04-07 出版日期:2021-02-15 发布日期:2021-01-29
作者简介:闫华钰(1994-),男,硕士研究生,主研方向为集成电路硬件安全;陈岚(通信作者),研究员、博士;佟鑫,助理研究员、硕士;李莹,副研究员、博士。
基金资助:
北京市科技专项（Z171100001117147）。

Design of SoC Security Check Architecture for Internet of Things Applications

YAN Huayu^1,2, CHEN Lan¹, TONG Xin¹, LI Ying¹

1. Institute of Microelectronics of Chinese Academy of Sciences, Beijing 100029, China;
2. University of Chinese Academy of Sciences, Beijing 100049, China

Received:2020-02-21 Revised:2020-04-07 Online:2021-02-15 Published:2021-01-29

摘要/Abstract

摘要： 物联网（IoT）应用的快速发展和软硬件开源化趋势使得IoT设备所面临的硬件安全威胁日益严峻，尤其是利用运行时条件触发的系统级攻击，很难通过传统测试方法进行检测和防御，需要提供运行时安全检查机制。分析IoT系统芯片面临的安全威胁，结合数据加密传输路径中的攻击、任务流和检查内容，设计4条功能完整性安全检查策略，搭建SoC安全策略检查架构并植入运行时触发硬件木马。仿真结果显示，运行时策略检查状态机可以检查出加密核、内存和UART接口的功能完整性问题，并通过发送错误中断信号进行反馈，证明了所设计的系统级安全策略检查架构的正确性与有效性。

关键词: 物联网, 运行时检查, 系统级安全检查, 安全策略, 安全架构

Abstract: The rapid development of Internet of Things(IoT) applications and the trend of open source software and hardware impose an increasingly acute hardware security threat on IoT devices.An especially serious threat is the system-level attacks triggered by runtime conditions,which are difficult to detect and defend by using traditional testing methods,and a runtime security check mechanism is required.This paper analyzes the security threats faced by IoT system chips.Based on the attacks,task flows and check content on the encrypted transmission paths for data,four security check policies for function integrity are designed.Then a SoC security policy check architecture is constructed,and triggered hardware trojans at runtime are embedded into it.Simulation results show that the state machine for runtime policy check can accurately check the functional integrity errors of the encryption core,memory and UART interface,and feedback by sending error interrupt signals.The results demonstrate the effectiveness and correctness of the designed system-level security policy check architecture.

Key words: Internet of Things(IoT), runtime check, system-level security check, security policy, security architecture

中图分类号:

TP302.1

闫华钰, 陈岚, 佟鑫, 李莹. 面向物联网应用的SoC安全检查架构设计[J]. 计算机工程, 2021, 47(2): 152-159.

YAN Huayu, CHEN Lan, TONG Xin, LI Ying. Design of SoC Security Check Architecture for Internet of Things Applications[J]. Computer Engineering, 2021, 47(2): 152-159.

http://www.ecice06.com/CN/Y2021/V47/I2/152

图/表 12

20210225092024

20210225092028

20210225092031

20210225092034

20210225092037

20210225092040

20210225092044

20210225092049

20210225092052

20210225092055

20210225092059

20210225092103

参考文献 21

[1]	BEHM S,DEETJEN U,KANIYAR S,et al.Digital eco-systems for insurers:opportunities through the Internet of Things[EB/OL].[2020-01-20].https://www.mckinsey.com/industries/financial-services/our-insights/digital-eco systems-for-insurers-opportunities-through-the-internet-of-things.
[2]	HUANG Zhe,YAO Ruohe,LUO Fei.Trigger circuit of hardware trojan based on up/down counter[J].IEICE Transactions on Electronics,2015,98(3):279-282.
[3]	ZHAO Yiqiang,HE Jiaji,YANG Song,et al.Research on defense technology against hardware trojans in integrated circuits[J].Computer Engineering,2016,42(1):128-132,137.(in Chinese)赵毅强,何家骥,杨松,等.集成电路中硬件木马防御技术研究[J].计算机工程,2016,42(1):128-132,137.
[4]	LI Xiongwei,WANG Xiaohan,ZHANG Yang,et al.Survey on the hardware trojan protection[J].Journal of Ordnance Engineering College,2015,27(6):40-50.(in Chinese)李雄伟,王晓晗,张阳,等.硬件木马防护研究综述[J].军械工程学院学报,2015,27(6):40-50.
[5]	KIM L W,VILLASENOR J D.Dynamic function verification for system on chip security against hardware-based attacks[J].IEEE Transactions on Reliability,2015,64(4):1229-1242.
[6]	HUANG Zhe.Design and detection of hardware trojan horse[D].Guangzhou:South China University of Tech-nology,2016.(in Chinese)黄哲.硬件木马电路设计与检测[D].广州:华南理工大学,2016.
[7]	JIN Y,SULLIVAN D.Real-time trust evaluation in integrated circuits[C]//Proceedings of 2014 Design,Automation & Test in Europe Conference & Exhibition.Washington D.C.,USA:IEEE Press,2014:1-6.
[8]	BASAK A,BHUNIA S,RAY S.A flexible architecture for systematic implementation of SoC security policies[C]//Proceedings of IEEE/ACM International Conference on Computer-Aided Design.Washington D.C.,USA:IEEE Press,2015:536-543.
[9]	NATH A P D,RAY S,BASAK A,et al.System-on-chip security architecture and cad framework for hardware patch[C]//Proceedings of the 23rd Asia and South Pacific Design Automation Conference.Washington D.C.,USA:IEEE Press,2018:733-738.
[10]	SHI Shengli,REN Ping'an.Real-time detection method of buffer overflow attacks[J].Computer Engineering,2011,37(10):111-113,116.(in Chinese)史胜利,任平安.一种缓冲区溢出攻击的实时检测方法[J].计算机工程,2011,37(10):111-113,116.
[11]	DUAN Xiaoyi,WANG Sixiang,CUI Qi,et al.A high-order differential power analysis attack scheme with masked AES algorithm[J].Computer Engineering,2017,43(10):120-125.(in Chinese)段晓毅,王思翔,崔琦,等.一种带掩码AES算法的高阶差分功耗分析攻击方案[J].计算机工程,2017,43(10):120-125.
[12]	WANG Sixiang,ZHANG Lei,CUI Qi,et al.Correlation electromagnetic analysis attacks based on signal amplified technology[J].Computer Engineering,2018,44(4):181-186,192.(in Chinese)王思翔,张磊,崔琦,等.基于信号增益放大技术的相关性电磁分析攻击[J].计算机工程,2018,44(4):181-186,192.
[13]	TANG Wenbin,ZHU Yuefei,CHEN Jiayong.Research on attack method of unified extensible firmware interface[J].Computer Engineering,2012,38(13):99-101,111.(in Chinese)唐文彬,祝跃飞,陈嘉勇.统一可扩展固件接口攻击方法研究[J].计算机工程,2012,38(13):99-101,111.
[14]	ZHANG Jinling,LÜ Lei.Hardware trojan detection based on PCA and logistics regression[J].Computer Engineering and Science,2018,40(7):1187-1191.(in Chinese)张金玲,吕蕾.基于主成分分析和对数几率回归的硬件木马检测[J].计算机工程与科学,2018,40(7):1187-1191.
[15]	RAY S,JIN Y.Security policy enforcement in modern SoC designs[C]//Proceedings of 2015 IEEE/ACM International Conference on Computer-Aided Design.Washington D.C.,USA:IEEE Press,2015:345-350.
[16]	TRABER A,ZARUBA F,STUCKI S,et al.PULPino:a small single-core RISC-V SoC[C]//Proceedings of the 3rd RISCV Workshop.Washington D.C.,USA:IEEE Press,2016:15-21.
[17]	SCHIAVONE P D,CONTI F,ROSSI D,et al.Slow and steady wins the race? a comparison of ultra-low-power RISC-V cores for Internet-of-Things applications[C]//Proceedings of the 27th International Symposium on Power and Timing Modeling,Optimization and Simulation.Washington D.C.,USA:IEEE Press,2017:1-8.
[18]	KAN S,DWORAK J.Triggering trojans in SRAM circuits with X-propagation[C]//Proceedings of 2014 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems.Washington D.C.,USA:IEEE Press,2014:1-8.
[19]	VAN DE GOOR A J.Using March tests to test SRAMs[J].IEEE Design & Test of Computers,1993,10(1):8-14.
[20]	DILILLO L,GIRARD P,PRAVOSSOUDOVITCH S,et al.March iC-:an improved version of March C-for ADOFs detection[C]//Proceedings of the 22nd IEEE VLSI Test Symposium.Washington D.C.,USA:IEEE Press,2004:129-134.
[21]	YU Bin.ModelSim electronic system analysis and simulation[M].Beijing:Publishing House of Electronics Industry,2011.(in Chinese)于斌.ModelSim电子系统分析及仿真[M].北京:电子工业出版社,2011.

选择文件类型/文献管理软件名称

选择包含的内容

面向物联网应用的SoC安全检查架构设计

Design of SoC Security Check Architecture for Internet of Things Applications

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 21

相关文章 15

编辑推荐

Metrics

本文评价

[1]	余长宏, 陆雅, 王海鑫, 高明. 基于滑动时间窗的物联网设备流量分类算法[J]. 计算机工程, 2023, 49(7): 259-268.
[2]	潘雪, 袁凌云, 黄敏敏. 基于区块链和域信任度的物联网跨域信任评估模型[J]. 计算机工程, 2023, 49(5): 181-190.
[3]	田秀霞, 杨明夷. 家庭物联网中基于智能合约的访问控制机制[J]. 计算机工程, 2023, 49(3): 18-28.
[4]	苏瑞国, 阳建, 秦继伟, 武晓雄, 贾振红. 基于物联网区块链的轻量级共识算法研究[J]. 计算机工程, 2023, 49(2): 175-180.
[5]	顾智敏, 王梓莹, 郭静, 郭雅娟, 冯景瑜. 雾化零信任组件的5G电力失陷终端威胁检测[J]. 计算机工程, 2023, 49(2): 161-168.
[6]	丁庆丰, 李晋国. 一种物联网环境下的分布式异常流量检测方案[J]. 计算机工程, 2022, 48(8): 152-159.
[7]	刘晶, 朱炳旭, 梁佳杭, 任女尔, 季海鹏. 基于主侧链合作的区块链访问控制策略[J]. 计算机工程, 2022, 48(3): 10-16,22.
[8]	黄志清, 解鲁阳, 张严心, 尹泽明. 基于区块链的物联网数据服务信誉评估模型[J]. 计算机工程, 2022, 48(1): 33-42.
[9]	李忠成, 解滨, 张文祥. 基于多元分层感知的移动物联网区域分割算法[J]. 计算机工程, 2021, 47(9): 51-58.
[10]	朱新兵, 李清宝, 张平, 陈志锋, 顾艳阳. 面向新攻击面的物联网终端固件安全威胁模型[J]. 计算机工程, 2021, 47(7): 126-134.
[11]	张建国, 胡晓辉. 基于以太坊的改进物联网设备访问控制机制研究[J]. 计算机工程, 2021, 47(4): 32-39,47.
[12]	张江徽, 崔波, 李茹, 史锦山. 基于智能合约的物联网访问控制系统[J]. 计算机工程, 2021, 47(4): 21-31.
[13]	任智, 吴本源, 周舟, 苏新. 基于CoAP协议的泛在电力物联网拥塞控制算法[J]. 计算机工程, 2021, 47(10): 166-173.
[14]	黄廷辉, 丁勇, 李思骏. 基于MT6D的物联网轻量级安全协议研究[J]. 计算机工程, 2020, 46(9): 117-122.
[15]	王汝言, 刘宇哲, 张普宁, 亢旭源, 李学芳. 面向物联网的边云协同实体搜索方法[J]. 计算机工程, 2020, 46(8): 43-49.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

面向物联网应用的SoC安全检查架构设计

Design of SoC Security Check Architecture for Internet of Things Applications

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 21

相关文章 15

编辑推荐

Metrics

本文评价