西安电子科技大学学报 ›› 2020, Vol. 47 ›› Issue (4): 64-69.doi: 10.19665/j.issn1001-2400.2020.04.009

• • 上一篇    下一篇

能量隐通道安全高层综合设计方法

张璐(),慕德俊,胡伟,邰瑜   

  1. 西北工业大学 网络空间安全学院,陕西 西安 710072
  • 收稿日期:2019-12-31 出版日期:2020-08-20 发布日期:2020-08-14
  • 作者简介:张 璐(1989—),男,西北工业大学博士研究生,E-mail:willvsnick@mail.nwpu.edu.cn.
  • 基金资助:
    国家自然科学基金(61672433);深圳市科技创新委员会基础研究(201703063000517);国家密码发展基金(MMJJ20170210);陕西省关键技术研究发展项目(2018KW-005);国家电网技术项目(522722180007)

High-level synthesis design flow for power side-channel security

ZHANG Lu(),MU Dejun,HU Wei,TAI Yu   

  1. School of Cybersecurity, Northwestern Polytechnical University, Xi’an 710072, China
  • Received:2019-12-31 Online:2020-08-20 Published:2020-08-14

摘要:

针对高层综合设计流程中长期缺乏有效安全设计流程的问题,提出了一种针对能量侧信道的高层综合安全设计方法。该方法通过构建能量安全属性模块库量化侧信道安全,使用安全优化控制流产生高效安全的并行调度机制,应用安全优化数据流生成安全的系统存储架构;该设计方法帮助设计者在产品性能与安全性之间进行权衡,能够在设计初始阶段排除能量侧信道风险,从而在满足设计需求的前提下达到生成更安全高效硬件密码核的目标。在现场可编程门阵列平台上对所提出的高层综合安全设计流程进行了验证。实验结果表明, 相比于传统的设计流程,该设计方法减少了72%的资源消耗和70%的时钟消耗,吞吐量提高了88%,并且能够最大程度地降低硬件设计中存在的能量隐通道安全风险。

关键词: 高层综合技术, 硬件设计, 密码设备, 信息泄露, 能量侧信道

Abstract:

The lack of efficient security guidance is a prominent problem in the design flow of high-level synthesis. To tackle this issue, this paper proposes a security-based high-level synthesis design flow featuring the power side-channel vulnerabilities. The side-channel leakage is quantified by establishing a secure component module library, a more efficient and secure parallel scheduling mechanism is generated by optimizing the control flow, and a more secure architecture of the storage system is achieved by optimizing the data flow. The goal is to perform tradeoffs between performance and security, reducing the side-channel risks at the early stage of design and simultaneously generating more secure and efficient cryptographic cores in hardware. Furthermore, the proposed HLS design flow is verified on a field programmable gate array platform. Experimental results show that, in comparison with the traditional design flow, this method reduces the resources by 72% and the clock cycles by 70% and increases the throughput by 88%, and that it can lower the power side-channel risks within an ongoing design to the greatest extent.

Key words: high-level synthesis, hardware design, cypher device, information leakage, power side-channel

中图分类号: 

  • TP393.083