摘要
物联网(IoT)应用的快速发展和软硬件开源化趋势使得IoT设备所面临的硬件安全威胁日益严峻,尤其是利用运行时条件触发的系统级攻击,很难通过传统测试方法进行检测和防御,需要提供运行时安全检查机制。分析IoT系统芯片面临的安全威胁,结合数据加密传输路径中的攻击、任务流和检查内容,设计4条功能完整性安全检查策略,搭建SoC安全策略检查架构并植入运行时触发硬件木马。仿真结果显示,运行时策略检查状态机可以检查出加密核、内存和UART接口的功能完整性问题,并通过发送错误中断信号进行反馈,证明了所设计的系统级安全策略检查架构的正确性与有效性。
The rapid development of Internet of Things(IoT)applications and the trend of open source software and hardware impose an increasingly acute hardware security threat on IoT devices.An especially serious threat is the systemlevel attacks triggered by runtime conditions,which are difficult to detect and defend by using traditional testing methods,and a runtime security check mechanism is required. This paper analyzes the security threats faced by IoT system chips. Based on the attacks,task flows and check content on the encrypted transmission paths for data,four security check policies for function integrity are designed.Then a SoC security policy check architecture is constructed,and triggered hardware trojans at runtime are embedded into it. Simulation results show that the state machine for runtime policy check can accurately check the functional integrity errors of the encryption core,memory and UART interface,and feedback by sending error interrupt signals.The results demonstrate the effectiveness and correctness of the designed system-level security policy check architecture.
作者
闫华钰
陈岚
佟鑫
李莹
YAN Huayu;CHEN Lan;TONG Xin;LI Ying(Institute of Microelectronics of Chinese Academy of Sciences,Beijing 100029,China;University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2021年第2期152-159,共8页
Computer Engineering
基金
北京市科技专项(Z171100001117147)。
关键词
物联网
运行时检查
系统级安全检查
安全策略
安全架构
Internet of Things(IoT)
runtime check
system-level security check
security policy
security architecture
