共查询到20条相似文献,搜索用时 0 毫秒
1.
2.
代码混淆利用系统自身逻辑来保护内部重要信息和关键算法,常用于软件代码的安全防护,确保开发者和用户的利益。如何在硬件电路上实现混淆、保护硬件IP核的知识产权,也是亟待解决的问题。该文通过对硬件混淆和AES算法的研究,提出一种基于状态映射的AES算法硬件混淆方案。该方案首先利用冗余和黑洞两种状态相结合的状态映射方式,实现有限状态机的混淆;然后,采用比特翻转的方法,实现组合逻辑电路的混淆;最后,在SMIC 65 nm CMOS工艺下设计基于状态映射的AES算法硬件混淆电路,并采用Toggle、数据相关性和代码覆盖率等评价硬件混淆的效率和有效性。实验结果表明,基于状态映射的AES算法硬件混淆电路面积和功耗分别增加9%和16%,代码覆盖率达到93%以上。 相似文献
3.
为了解决集成电路设计中多方合作的成员信息泄漏问题,该文提出一种基于正交混淆的多硬件IP核安全防护方案。该方案首先利用正交混淆矩阵产生正交密钥数据,结合硬件特征的物理不可克隆函数(PUF)电路,产生多硬件IP核的混淆密钥;然后,在正交混淆状态机的基础上,实现多硬件IP核的正交混淆安全防护算法;最后,利用ISCAS-85基准电路和密码算法,验证正交混淆方法的有效性。在台湾积体电路制造股份有限公司(TSMC) 65 nm工艺下测试正交混淆的多硬件IP核方案,正确密钥和错误密钥下的Toggle翻转率小于5%,在较大规模的测试电路中面积和功耗开销占比小于2%。实验结果表明,采用正交混淆的方式能够提高多硬件IP核的安全性,可以有效防御成员信息泄漏、状态翻转率分析等攻击。 相似文献
4.
5.
随着集成电路(IC)产业进入后摩尔时代,芯片一次性工程成本愈发高昂,而以逆向工程技术为代表的知识产权窃取手段,越来越严重地威胁着芯片信息安全。为了抵抗逆向工程攻击,该文提出一种基于遗传算法的自动化逻辑混淆方法,通过分析网表寄存器的拓扑网络结构,筛选逻辑节点并创建冗余连接,从而混淆词级寄存器的相似性特征,在低开销下防止逆向攻击恢复寄存器传输级的词级变量、控制逻辑与数据通路。基于SM4国密算法基准电路开展验证实验,结果表明:经该文方法混淆后,逆向结果与设计真实情况的标准化互信息相关度下降了46%,拓扑复杂度提升61.46倍,面积额外开销为0.216%;同时相较于随机混淆,该混淆方法效率提升为2.718倍,面积额外开销降低70.8%。 相似文献
6.
移动IP在全球范围内的应用引入了许多安全问题,其中以认证问题最为关键,特别是当移动节点在外地链路上漫游时这种问题尤为明显。论文介绍了移动IP的认证机制以及针对其缺陷进行的DoS攻击,提出了一系列防范措施。理论分析表明,这些防范措施可以在一定程度上对DoS攻击进行防范,并维护移动IP网络的系统安全。 相似文献
7.
拒绝服务攻击已经成为威胁互联网安全的重要攻击手段,本文介绍了分布式拒绝服务(DDoS)攻击的概念,分析了DDoS攻击的原理;最后介绍了多种IP溯源技术的优缺点。 相似文献
8.
9.
As one of the most effective proactive countermeasures against reverse engineering, circuit camouflaging has emerged to be a hot research topic and it is becoming a mature technology with the development of various de-camouflaging attacks. Among them, the SAT-based method is the most powerful one to defeat circuit camouflaging. However, SAT-based attacks have scalability problem due to the complexity of the underlying SAT solvers, and straightforward approach to parallelize SAT-based attacks will fail. In this article, we propose a novel parallelization framework for SAT-based attacks, which consists of a two-level partition method (independent module partitioning and k-medoids clustering), together with a novel conflict avoidance strategy. Specifically, we first break down the camouflaged netlist into multiple independent modules that can be solved in parallel. However, any good circuit camouflaging approach should produce one or multiple large modules. To solve this problem, we further apply the k-medoids algorithm to partition the large modules into multiple “high cohesion” and “low coupling” clusters. Utilizing the relative independence of these clusters, we propose a two-stage attack method to avoid conflicts among clusters. Experimental results on OpenSparc T1 microprocessor controller demonstrate that our approach can on average reduce the scales of the SAT formulas by more than 50%, reduce the attack iteration number by 45%, and achieves on average 3.6× and maximum 10× speed up over the best-known SAT-based de-camouflaging tool. 相似文献
10.
Logic locking/obfuscation has emerged as an auspicious solution for protecting the semiconductor intellectual property (IP) from the untrusted entities in the design and fabrication process. Logic locking disguises the implementation and functionality of the IP by implanting additional key-gates in the circuit. The right output of the locked chip is produced, once the correct key value is available at the input of the key-gates. The confidentiality of the key is imperative for the security of the locked IP as it stands as the lone barrier against IP infringement. Therefore, the logic locking is considered as a broken scheme once the key value is exposed. The logic locking techniques have shown vulnerability to different classes of attacks, such as Oracle-guided and physical attacks. Although the research community has proposed a number of countermeasures against such attacks, none of them is simultaneously unbreakable against Oracle-guided, Oracle-less, and physical attacks. Under such circumstances, a defense-in-depth mechanism can be considered as a feasible approach in addressing the vulnerabilities of logic locking. Defense-in-depth is a multilayer defense strategy where several independent countermeasures are implemented in the device to provide aggregated protection against different attack vectors.Introducing such a multilayer shielding model in logic locking is the major contribution of this paper. With regard to this, we first identify the core components of logic locking schemes, which need to be protected. Afterwards, we categorize the vulnerabilities of core components according to potential threats for the locking key in logic locking schemes. Furthermore, we propose several defense layers and countermeasures to protect the device from those vulnerabilities. In conclusion, we believe that a logic locking technique with a layered defense mechanism can be a possible solution against IP piracy. 相似文献
11.
Due to the globalized semiconductor business model, malicious hardware modifications, known as hardware Trojans (HTs), have risen up as a big concern for chip security. HT detection and mitigation methods for general integrated circuits have been investigated in the past decade. However, the majority of the existing efforts are not customized for HTs in Networks-on-Chip (NoCs). To complement the firmware and software level methods for rogue NoCs detection, we propose countermeasures to harden the NoC hardware design against tampering. More specifically, we propose a collaborative dynamic permutation and flit integrity check method to mitigate the potential inside-router HTs inserted by the disloyal member in the NoC design house or the 3rd-party system integration company. Our method improves the number of received packets by up to 70.1% over the other methods if the HT controls the NoC packet destination address. The average link availability of our method is 43.7% higher than that of the exiting methods. Our method increases the effective average latency by up to 63.4%, 68.2%, and 98.9% for the single HT in the destination, header, and tail fields, respectively, over the existing methods. 相似文献
12.
13.
The PCB supply chain has become globally distributed such that PCBs are vulnerable to hardware Trojan attacks. Moreover, attacks on PCBs are possible even after a system is deployed. Various countermeasures have been proposed and efforts to develop board-level Trojan benchmarks are underway, but IC Trojan taxonomies do not capture important characteristics of PCB implants. This work surveys existing PCB countermeasures and examples of board-level Trojans to inform a new taxonomy suited for PCB Trojans. Our taxonomy reflects practically significant characteristics of board-level Trojans to guide development of board-level countermeasures and fair, comprehensive benchmark suites. 相似文献
14.
15.
Hardware is the foundation of security and trust for any security system. However, recent study has revealed that hardware is subject to a number of security risks. Some of the most severe risks come from the VLSI supply chain. Such risks compromise the foundation of any existing security design. In this paper, we present a systematic survey on these security risks and their corresponding mitigation techniques. 相似文献
16.
为检测目标主机是否存在DoS漏洞及承受DoS攻击的能力,在Linux平台上实现一个基于SYN Flood的DoS攻击工具。首先,介绍SYN Flood攻击原理。然后利用原始套接字结合IP欺骗技术,实现SYN Flood攻击报文的构造和发送,实现了基于SYN Flood攻击工具synAttacker。最后,利用synAttacker进行测试,并对测试结果进行分析。测试结果表明synAttacker能够进行有效的SYN Flood攻击,可以作为DoS渗透攻击工具。 相似文献
17.
18.
我们可以把整个因特网看作是一个单一的、抽象的网络,IP地址是用来标识这个网络上计算机的逻辑地址,这个网络也依靠IP地址与本网上的其它站点互相区分、互相通信。然而在实际通信过程中,仅有IP地址是不够的,还必须借助硬件地址,那么IP地址与硬件地址是如何配合通信的呢?本文通过一个实例来揭示它们之间的配合关系。 相似文献
19.
本文主要将网络攻击源追踪多种不同技术进行了归纳,并分析了各种不同网络攻击源追踪技术的优点和缺点,对网络攻击源追踪的未来研究方向进行了探讨,对网络攻击源追踪技术相关问题提供解决办法。 相似文献
20.
现代电子设计工具与IP核的重用 总被引:5,自引:0,他引:5
简单介绍了硬件描述语言(HDL)和IP的概念;采用HDL和IP设计方法的优点;综述了目前世界上著名的ESDA厂商的前端设计工具;推广IP设计方法中的几个重要问题;以及由此对复杂数字电路系统设计和EDA工具发展产生的影响。对我国怎样在有限的人力物力的条件下培养人才,逐步推广HDL和IP设计方法提出了建议。 相似文献