本文選題：加密芯片 + 安全掃描鏈��； 參考：《南京郵電大學》2017年碩士論文

【摘要】：隨著通信技術與互聯(lián)網(wǎng)技術的發(fā)展,信息化已經(jīng)成為社會發(fā)展的必然趨勢,網(wǎng)絡成為人們?nèi)粘Ｉ畹谋匦韫ぞ?信息安全問題隨之出現(xiàn)。針對這個問題,加密芯片等硬件加密技術應用到通信設備中,而芯片中插入的掃描鏈成為黑客進行旁路攻擊的后門,竊取芯片中的重要數(shù)據(jù)。因此,現(xiàn)代通信技術中的加密芯片需要一種安全掃描測試技術,即能保證芯片可測試性,又能保證信息安全。本文針對AES(Advanced Encryption Standard)加密芯片安全掃描測試需求,基于現(xiàn)有的安全掃描測試方法,提出一種“密鑰隔離安全掃描鏈”技術。具體實現(xiàn)為:首先將與加密密鑰相關的中間值寄存器R與其它寄存器分開,單獨插入一條掃描鏈,并將其部分掃描寄存器用安全掃描寄存器替換,得到中間值寄存器R的掃描鏈,稱為安全掃描鏈;其次,將安全掃描鏈與密鑰生成電路隔離,增加密鑰隔離控制電路控制密鑰是否加載。該技術電路實現(xiàn)包括三個部分:安全掃描鏈電路、密鑰隔離器電路、控制器電路。其中,密鑰隔離器電路將掃描鏈電路與密鑰生成器電路隔離,控制器電路使能密鑰隔離器電路加載密鑰,密鑰隔離器電路和控制器電路組成了密鑰隔離控制電路。功能模式下,密鑰加載到加密運算電路進行正常加密;測試模式下,分為無密鑰測試和有密鑰測試兩種模式:無密鑰測試模式,密鑰被密鑰隔離器電路隔離,不加載到加密電路中;有密鑰測試模式下,用戶輸入正確的測試密碼,得到授權后密鑰加載到加密電路中,更完整地測試芯片。本文提出的“密鑰隔離安全掃描鏈”技術基于AES加密芯片,采用標準數(shù)字電路設計流程。根據(jù)查閱的參考文獻及業(yè)界經(jīng)驗,以解析安全掃描鏈結構的難度和破解密鑰隔離控制器測試密碼的復雜度作為兩項安全性指標,分別為C128N,2k。取N=64,k=6時,實驗結果是:上述指標為C64128和26,AES加密芯片被破解的概率為1/(C64128*26),即1/(1.6*1039),優(yōu)于同等條件下的其它方法,另外,面積增加為0.58%。證明本技術的可行性。
[Abstract]:With the development of communication technology and Internet technology, information technology has become an inevitable trend of social development. To solve this problem, hardware encryption technology such as encryption chip is applied to communication equipment, and the scan chain inserted in the chip becomes the back door for hackers to bypass attack and steal important data from the chip. Therefore, the encryption chip in modern communication technology needs a kind of security scanning and testing technology, which can guarantee the testability of the chip and the security of information. In this paper, according to the requirement of Advanced encryption Standard (AES) encryption chip security scan test, based on the existing security scan test method, a key isolation security scan chain technology is proposed. The realization is as follows: firstly, the intermediate value register R which is related to the encryption key is separated from the other registers, and a scanning chain is inserted separately, and some of the scanning registers are replaced by the secure scan registers. The scan chain of the intermediate value register R is called the secure scan chain. Secondly, the secure scan chain is isolated from the key generation circuit, and the key isolation control circuit is added to control whether the key is loaded or not. The circuit includes three parts: secure scan chain circuit, key isolator circuit and controller circuit. The key isolator circuit separates the scan chain circuit from the key generator circuit, the controller circuit enables the key isolator circuit to load the key, and the key isolator circuit and controller circuit constitute the key isolation control circuit. In the function mode, the key is loaded into the encryption operation circuit for normal encryption, and in the test mode, the key is divided into two modes: the key test mode and the key test mode, the key is isolated by the key isolator circuit. In the key test mode, the user enters the correct test password, and the key is loaded into the encryption circuit after the authorization, so that the chip can be tested more completely. The "key isolation secure scan chain" technology proposed in this paper is based on AES encryption chip and adopts standard digital circuit design flow. According to the references and industry experience, the difficulty of analyzing the security scan chain structure and the complexity of cracking the key isolation controller test password are taken as two security indexes, namely C128NU 2k. The experimental results are as follows: the probability of C64128 and 26AES encryption chips being cracked is 1 / (C64128m26), that is, 1 / (1.61039), which is superior to other methods under the same conditions, in addition, the area is increased to 0.58. To prove the feasibility of this technology.
【學位授予單位】：南京郵電大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TN918.4;TN402

【參考文獻】

相關碩士學位論文 前2條

1 程軍;基于等效移位寄存器的針對掃描鏈攻擊的安全掃描設計[D];西安電子科技大學;2014年

2 歐陽冬生;密碼芯片安全掃描結構與安全掃描方法[D];浙江大學;2013年

，

本文編號：2057768