Research On Security Technology For Processor

With the rapid development of modern information technology and integrated cir-cuits,the application of processors is becoming more and more extensive,ranging from various electronic products to national strategic military products such as spacecraft,mis-siles,and radars.The wide application of processors brings us the dividends of the infor-mation age,but also brings many inevitable security problems.In recent years,malicious attacks on processors and detected hardware vulnerabilities emerge in an endless stream.Even in the process of processor design,HT(Hardware Trojan,HT)may be injected in some processes that cannot be controlled independently.In an era when national infor-mation security is being paid more and more attention,processor security has attracted the attention of researchers at home and abroad,and the research on processor-oriented security technology has gradually become a research hotspot.The security problems faced by processors mainly come from malicious attacks caused by hardware vulnerabilities,including malicious tampering attacks,leakage of Key in-formation about the processor,and HT.At present,domestic and foreign research on processor-oriented security technology has achieved certain results,which can effectively solve the security problems caused by processor hardware vulnerabilities,but there are certain defects:(1)Most research results can only target a specific and single attack type or usage scenarios?(2)The detection of malicious attacks is discrete,there is a“window period”of detection,and there is a serious lag in defense measures?(3)most of the secu-rity technologies using encryption methods are used in the one-time encryption method,once the key is cracked,the security technology is useless?(4)Most of the research results are passive defense,that is,the corresponding defense mechanism is activated after the processor is attacked.Thesis conducts research on security technology for processor based on the idea of active defense,including security technology research on malicious tampering attacks,leakage of processor key information,and instruction-triggered HT.And solves some se-curity issuees caused by processor hardware vulnerabilities.While improving and supple-menting some of the shortcomings of the current processor security technology.In thesis,the following research work is carried out.1.Security issues for malicious tampering attack types.Starting from avoiding and invalidating tampering attacks on key parts of the processor,the four technologies are pro-posed to solve the security issues of GPRs(General Purpose Registers,GPRs),dynamic stacks and Boot Code in processors that are vulnerable to tampering attacks:(a)Based on self-reference model active detection technology for abnormal state of GPRs,building a self-reference model based on processor instruction set and micro-architecture to realize continuous and real-time detection of abnormal state of GPRs?(b)Rapid recovery tech-nology for abnormal state based on“latch backup”and“PC rollback”is based on the idea of”Triple Modular Redundance”and the principle of“Program Rollback”,so as to achieve rapid recovery of GPRs abnormal state?(c)Dynamic stack overflow active de-tection and defense technology based on”Guard Instruction”that according to custom extension instruction and store instructions implements real-time monitoring of the size of the dynamic stack space used by the function application,completes the boundary de-tection at the hardware level.And immediately disable the permission of the store type instruction to store Data RAM when it is abnormal,so as to complete the early defensing of the dynamic stack tampering attack?(d)Secure boot of the processor based on SM3 al-gorithm realizes the hardware implementation by SM3 algorithm and verifies the integrity of Boot Code,so that to realize the simple and safe startup of the processor.According to the analysis of security and operation performance,the proposed processor security tech-nology can achieve the expected goal.The security technologies in items(a),(b)and(c)can realize continuous real-time detection and defense without detection gap period and serious defense lag,and solve corresponding security problems within Cycle level time.2.Aiming at the security issue of the leakage of key information of the processor.Starting from the suspicious and malicious behavior detection and key information encryp-tion in the processor.Firstly,according to the inverting latch,the RO-TRNG with an av-erage entropy per bit of 0.992368 and a correlation coefficient of-0.000181,and RO-PUF with intra-chip Hamming distance of?_intra=0.04%and the average inter-chip Hamming distance is?_inter=49.84%are designed.RO-TRNG and RO-PUF cooperate with SM3 to design the key derivation function to dynamically and randomly provide the key and true random number for subsequent technologies?Secondly,an active detection technology of suspicious behavior and malicious attack based on dynamic information flow tracking is proposed.By adding data attribute tags to the flow information of the processor,and the label checking rules are formulated to realize the dynamic information flow tracking anal-ysis of the processor,so as to realize the real-time detection of suspicious and malicious behavior.Finally,a key information protection technology based on active detection and dynamic randomization is proposed.The processor is divided into core domain and pe-ripheral domain,and masks and QARMA-64 are used to encrypt/encrypt the core domain and peripheral domain respectively.And its domain key and its encrypted information can be updated multiple times during program execution according to active detection results and a regular update mechanism,so that attackers cannot detect and obtain valid information needed to launch malicious attacks.From the perspective of mathematical provability,experimental data,attack examples and running performance,it is concluded that the proposed security technology has high security,effectiveness and superiority,and the average is only 2.98%performance penalty.3.For the security issues of instruction-triggered HT.Firstly,starting from the trig-gering method of HT,a dynamic random-based instruction flow obfuscation technology.A pipeline is added between the IF and ID of the processor pipeline,and an instruction ob-fuscation library is created by hardware level custom Opcode in the newly added pipeline.Combined with RO-TRNG and PRNG dynamically and randomly select the instructions of the obfuscated instruction library and insert them into the given instruction stream to com-plete the confusion of instruction streams in the processor,disrupting the established order of given instruction flow to reduce or avoid triggering of instruction sequence-triggered HT,at the same time,fine-grained encryption/decryption of instructions is used to ensure that HT triggered before IO stage is not triggered?Secondly,a backdoor instruction de-tection technology based on the open instruction set is proposed.Through Boot Code and the instruction legitimacy decoding circuit designed based on open instruction set,the validity of all instructions in instruction RAM is verified,so as to complete the backdoor instruction detection before the program execution.From the perspective of mathemat-ical provability,experimental data,attack examples and running performance,we get:The proposed security technology can effectively solve the security problem.However,a corresponding performance penalty is introduced,with the test case showing a minimum performance penalty of 37.85%and an average of 116.13%.Users can decide whether to enable the security technology by using custom extension instructions based on actual requirements.