芯片安全IP: Active Shield

Secure-IC Security IP Cores: Active Shield

主动式屏蔽，防切割，Active Protection against Intrusive Attacks on ASIC, Anti Intrusive   Hardware Modification.

1. PROBLEM SOLVED

Attacks against digital circuits can be performed by directly tampering with the device’s internal structure. These attacks are intrusive, and regroup attempts to directly probe or force signals, remove, add or modify features on the chip (metal routing, transistors).

Secure-IC’s Active Shield technology is designed to deter such intrusive attacks by placing a mesh over the sensitive parts of the circuit and actively monitoring the mesh’s integrity. This counter-measure protects the circuit’s features such as metal routing and transistors that are beneath the mesh from undetected access or

modification through the front-side, including:

• Wire micro-probing to read or force an equipotential

• Wire cutting (e.g. alarms, entropy source disconnection from a true random number

generator…)

• Wire re-routing

• Burnt fuses opening

• ROM Altering

In order to further deter intrusive attacks, the mesh is actively monitored using random cryptographicallygenerated patterns to detect integrity violations. By using this technology, modifying and rerouting the mesh becomes very costly as the attacker has to reroute many wires to avoid detection. In addition, the data travelling through the shield mesh cannot be predicted by the attacker, because it is output by a cryptographic block cipher.

2. GLOBAL OVERVIEW

Active Shield technology relies on several submodules:

• A mesh created using a metal layer for wire routing

• Drivers and receivers used for electrical connection with the mesh

• A cryptographic-grade tamper detection module for monitoring the mesh integrity

关于Secure-IC

Secure-IC位于法国，专业从事电子产品安全性保护咨询服务和安全性分析测试平台的研发。从研究安全性加密保护算法起家，到销售保护IP授权，到现在提供全方位的安全性分析测试套件。Secure-IC的测试套件作为欧洲CC多家认证实验室的认证工具，可以帮助客户获得CC EAL5+的认证。Secure-IC进入中国市场数年来，已经有多家厂商和科研院所等选用了Secure-IC套件作为安全性测试和研究的工具，受到了良好的评价。
Secure-IC相对于竞争者主要的优势是技术，前端的技术和跨越式的发展。具体包括：加密算法、分析算法、各种保护模块IP，以及针对实际芯片的安全攻击分析设备和针对芯片设计源代码的安全仿真分析软件。这些也是Secure-IC最核心的产品。

随着智能化时代的到来，物联网、车联网、人工智能、云计算、电子支付等会越来越多的进入人们的生活并极大的改善人们的生活，然而随着嵌入式系统的推广应用，其安全性也受到越来越多的威胁，现阶段嵌入式系统芯片安全面临的最前沿的威胁有旁路攻击和故障注入等。

• 旁路攻击又称侧信道攻击，利用嵌入式系统的功耗、电磁等泄露信息，通过统计数学的分析方法比如SPA、CPA、DPA、MIA、CEMA等破解一个加密算法的秘钥；

• 故障注入攻击分析是通过对加密系统注入故障迫使系统产生可利用的错误反馈，通过对反馈结果的分析，而破解一个系统的安全机制，相较于侧信道分析，故障注入分析方法手段更复杂先进，效率更高。常见的故障注入方式有激光故障注入、电磁故障注入、电压毛刺故障注入和时钟毛刺故障注入等方式。

Secure-IC公司开发出了不同的安全分析和保护工具以应对嵌入式系统安全面临的威胁：

1.旁路攻击及故障注入安全分析设备：Secure-IC Analyzer

2.旁路攻击及故障注入仿真分析软件：Secure-IC Virtualyzer

3.旁路攻击及故障注入仿真大数据分析软件：Secure-IC Catalyzer

4.安全保护IP核:Secure-IC Security IP cores

关于Secure-IC Security IP Cores

安全分析是为了发现芯片的安全漏洞，了解芯片的安全等级，但发现安全漏洞之后更重要的是解决它。Secure-IC针对不同的安全漏洞设计了不同的安全保护IP核。

Secure-IC所售IP核可基于客户要求，按不同等级license出售，包括从最初步到全部源代码等不同程度。