KR102519202B1 - Secure system - Google Patents

Abstract

The security system according to this embodiment includes: an encryption module that stores an encryption key, a power transmitter that provides a power supply voltage capable of defending against a power analysis attack, and an authentication unit that checks whether the power supply voltage is provided by the authenticated power transmitter. and the encryption module is driven when the power transmission unit is authenticated.

Description

Security system {SECURE SYSTEM}

The present technology relates to security systems.

Among various methods of encrypting an object requiring security, it is common to encrypt an object using a key and decrypt the encrypted object with the same key.

An attack on a device performing encryption includes an invasive attack, a semi-invasive attack, and a non-invasive attack. Penetration attack refers to a type of attack in which the package of a chip performing encryption is removed to analyze the circuit and signals in the circuit. Quasi-intrusion attack removes the package of the chip but analyzes the data of the chip using laser or light. type of attack. A non-intrusive attack refers to an attack type that analyzes input/output data and side-channel information generated in the operation process while maintaining the package of the chip without leaving traces of the attack.

The power consumed by a chip that performs encryption using a key depends on the data included in the key. A power analysis attack, among types of non-intrusive attacks, is an attack method in which power consumption of a chip is traced and data of a key that is stored in an encryption module and performs encryption is traced back.

A power analysis attack uses the fact that information of a key that performs encryption in an encryption module is correlated with power consumed by the encryption module. As one of the methods of defending against a conventional power analysis attack, there is a method of controlling the provided power so that the power consumption is the same or random regardless of the encryption module. Alternatively, the power provided by the power management circuit may be made random regardless of the operation of the encryption module to defend against a power analysis attack.

However, according to the prior art, a semi-intrusive attack that obtains information on the power consumption of the encryption module by blocking the power line between the power management circuit or the power control circuit and the encryption module and supplying power to the encryption module with an external power source , it was possible to trace back the key that performs encryption through a power analysis attack.

This embodiment is intended to solve the above disadvantages of the prior art. One of the main purposes to be solved by this embodiment is to provide a security system capable of avoiding backtracking of keys even against non-intrusive attacks, semi-intrusive attacks, and attacks that track power by disconnecting power management circuits and encryption modules. is to do

The security system according to the present embodiment includes: an encryption module that stores an encryption key, a power transmitter that provides a power supply voltage capable of defending against a power analysis attack, and an authentication unit that authenticates the power transmitter, wherein the authenticator authenticates the power transmitter When done, the encryption module is driven by the power supply voltage provided by the power transmission unit.

A security system according to another embodiment includes: a power transmission side including a random signal generation unit generating a random signal and a power data transmission unit outputting power in which the random signal is embedded, and storing an encryption key. A power receiving side including an encryption module, a power data receiving unit receiving power and separating a random signal from the power, and an authentication unit authenticating the power transmitting side from the separated random signal, wherein the encryption module is configured such that the power transmitting side When authenticated, it is powered by electricity.

A security system according to another embodiment includes: a power transmission side including a random signal forming unit that forms a random signal based on random number data and a power data transmission unit that outputs power in which the random signal is embedded, and stores an encryption key. A power receiving side including an encryption module for receiving power, a power data receiver for receiving power and separating a random signal embedded in the power, an authentication signal generator for forming an authentication signal based on the random signal provided by the random signal generator, and an authentication unit. The authentication unit authenticates the power transmission side by determining whether the random signal separated from the power corresponds to the authentication signal, and the encryption module is driven when the power transmission side is authenticated.

A security system according to another embodiment includes: a power transmission side including a random signal forming unit that forms a random signal based on random number data and a power data transmission unit that outputs power in which the random signal is embedded, and stores an encryption key. A power receiving side including an encryption module for receiving power, a power data receiving unit for receiving power and separating a random signal embedded in the power, an authentication signal forming unit for forming an authentication signal based on the separated random signal, and an authentication unit, The authentication unit authenticates the power transmission side by determining whether the random signal provided by the random signal forming unit corresponds to the authentication signal, and the encryption module is driven when the power transmission side is authenticated.

A security system according to another embodiment includes: a random signal generator including a random number generator for generating random number data, an encryption unit for encrypting the random number data to form encryption data, and outputting power in which the random ripple is embedded. The authentication unit includes a power transmission side including a power data transmission unit, an encryption module for storing an encryption key, an authentication signal forming unit for receiving and decrypting encryption data to form an authentication signal, and a power reception side including an authentication unit. , Random number data and an authentication signal are provided, and if corresponding, the power transmission side is authenticated, and the encryption module is driven when the power transmission side is authenticated.

A security system according to another embodiment includes: a random signal forming unit including a random number generator for generating random number data, and an encryption unit for encrypting the random number data to form encryption data, and outputting power in which the random ripple is embedded. It includes a power transmission side including a power data transmission unit for performing authentication, an encryption module for storing an encryption key, an authentication signal formation unit for receiving and encrypting random number data to form an authentication signal, and a power reception side including an authentication unit for authentication. The unit receives the encryption data and the authentication signal to authenticate the power transmission side accordingly, and the encryption module is activated when the power transmission side is authenticated.

A security method according to an embodiment includes: (a) a power transmission unit providing a power supply voltage; (b) an authentication unit authenticating a power transmission unit providing power; and (c) authentication when the power transmission unit is authenticated. and activating the additional encryption module.

According to this embodiment, since the encryption module that performs encryption is activated by the driving power provided by the authorized power transmission side, tracking of keys stored in the encryption module can be prevented.

1 is a diagram for explaining the outline of this embodiment.
2(a) and 2(b) are schematic diagrams of a random number generator.
3(a) is a diagram showing an overview of the power data transmission unit 100 according to an embodiment, and FIG. 3(b) is a timing diagram showing an overview of the operation of the power data transmission unit 100 according to an embodiment.
4(a) is a diagram showing an overview of the power data transmission unit 100 according to another embodiment, and FIG. 4(b) is a timing diagram showing an overview of the operation of the power data transmission unit 100 according to another embodiment.
5 is a diagram showing an outline of a power data transmission unit 100 according to another embodiment.
6(a) is a schematic circuit diagram showing an embodiment of the data restoration unit 210, and FIG. 6(b) is a schematic timing diagram illustrating the operation of the data restoration unit 210.
Fig. 7 is a block diagram showing the outline of the security system 2 according to this embodiment, and Fig. 8 is a diagram showing the operation flow of the security system 2 according to this embodiment.
Fig. 9 is a block diagram showing the outline of another example of the security system 3 according to this embodiment, and Fig. 10 is a diagram showing the operational flow of another example of the security system 3 according to this embodiment.
Fig. 11 is a block diagram showing the outline of the security system 3 according to the above-described third embodiment, and Fig. 12 is a diagram showing the operation flow of the security system 3 according to the above-described third embodiment.
Fig. 13 is a block diagram showing the outline of a security system 3 according to another example of the third embodiment, and Fig. 14 is a diagram showing the operation flow of the security system 3 according to another example of the third embodiment.
Fig. 15 is a block diagram showing the outline of the security system 4 according to the fourth embodiment, and Fig. 16 is a diagram showing the operation flow of the security system 4 according to the fourth embodiment.
Fig. 17 is a block diagram showing the outline of a security system 4 according to another example of the fourth embodiment.
Fig. 18 is a block diagram showing the outline of the security system 5 according to the fifth embodiment described above, and Fig. 19 is a diagram showing the operation flow of the security system 5 according to the fifth embodiment.
20 is a block diagram showing the outline of a security system 5 according to another example of the fifth embodiment, and FIG. 21 is a diagram showing an operation flow of the security system 5 according to another example of the fifth embodiment.
22(a) and 22(b) are diagrams for explaining a case where the authentication unit 300 of the power receiving side 20 drives an encryption module.

Since the description of the disclosed technology is only an embodiment for structural or functional description, the scope of rights of the disclosed technology should not be construed as being limited by the embodiment described in the text. That is, since the embodiment can be changed in various ways and can have various forms, it should be understood that the scope of rights of the disclosed technology includes equivalents capable of realizing the technical idea.

Meanwhile, the meaning of terms described in this application should be understood as follows.

Singular expressions should be understood to include plural expressions unless the context clearly dictates otherwise, and terms such as “comprise” or “having” refer to a described feature, number, step, operation, component, part, or It is intended to specify that a combination exists, but it should be understood that it does not preclude the possibility of existence or addition of one or more other features, numbers, steps, operations, components, parts, or combinations thereof.

Each step may occur in a different order than the specified order unless the specific order is clearly stated in the context. That is, each step may occur in the same order as specified, may be performed substantially simultaneously, or may be performed in the reverse order.

All terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the disclosed technology belongs, unless defined otherwise. Commonly used terms defined in dictionaries should be interpreted as consistent with meanings in the context of the related art, and cannot be interpreted as having ideal or excessively formal meanings unless explicitly defined in the present application.

This specification does not distinguish between types of signal lines, and each line may be interpreted as a single signal or a bus signal composed of one or more analog or digital signals.

Example 1

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. Embodiments described below relate to a security system, and as an example, may relate to a power security system using secured power.

1 is a diagram for explaining the outline of a first embodiment of the present invention. Referring to FIG. 1, the security system 1 includes: a random number generator RNG that generates random number data R, and power data that outputs a DC voltage in which a random signal based on the random number data is embedded. The power transmission side 10 including the transmission unit 100 and the power data reception unit 200 receiving the power SP in which the random signal is embedded and separating the random signal R from the power SP and a power receiving side 20 that authenticates the power transmitting side 10 by evaluating the characteristics of the separated random signal.

The power transmission side 10 transmits power (SP) in which a ripple corresponding to a random number (R) is embedded with a random signal forming unit 120 including a random number generator (RNG). and a power data transmission unit 100 that generates and provides the power to the power receiving side 20 . The random number generator RNG forms binary data corresponding to a random number and provides it to the power data transmission unit 100 .

As an embodiment, the random signal generator 120 may include the one illustrated in FIG. 1 and a random number generator (RNG) to form and output random number data R. As in the embodiment illustrated in FIG. 11 , the random signal generator 120 may include a random number generator (RNG), an encryption unit 500 and a secret key storage unit 600 . The random signal generator 120 may output encryption data P obtained by encrypting the random number data generated by the random number generator RNG with a secret key stored in the secret key storage unit 600 .

In addition, as illustrated in FIG. 11 , the random number generator (RNG) included in the random signal generator 120, the encryption unit 500, and the secret key storage unit 600 may be disposed on the power transmission side 10, As illustrated in FIG. 13 , the random number generator (RNG) may be disposed on the power receiving side 20, and the encryption unit 500 and the secret key storage unit 600 may be disposed on the power transmitting side 10.

2(a) and 2(b) are schematic diagrams of a random number generator. Referring to FIG. 2(a), the random number generator performs, for example, an exclusive OR between a plurality of D flip-flops provided with the same clock and connected in cascade, and an output of the D flip-flop and an output of any one D flip-flop stage. It may have a linear feedback shift register (LFSR) configuration that performs an (XOR, exclusive OR) operation and feeds back as an input.

Referring to FIG. 2(b), the random number generator includes a first branch (branch 1) and a second branch (branch 2) in which a plurality of inverters are connected in series to oscillate with a two-input NAND gate, One input of the 2-input NAND gate of the first branch (branch 1) and the 2-input NAND gate of the second branch (branch 2) are connected to each other to provide an enable signal, The outputs of the first branch (branch 1) and the second branch (branch 2) are fed back to the other inputs of each two-input negative AND gate, and the first branch (branch 1) and the second branch (branch 2) The output of may be a random number generator based on a ring oscillator that is output to an exclusive OR (XOR) gate and synchronized with a clock (CLK) signal by a D flip-flop.

3(a) is a diagram showing an overview of the power data transmission unit 100 according to an embodiment, and FIG. 3(b) is a timing diagram showing an overview of the operation of the power data transmission unit 100 according to an embodiment. 3(a) and 3(b), the power data transmission unit 100 according to this embodiment provides a direct current voltage (Vin) and embeds a ripple in the output power (Vout). ) and a controller 120 that controls the ripple embedding unit based on the random number R formed by the random number generator RNG.

In the embodiment illustrated in FIGS. 3(a) and 3(b), the ripple insertion unit may be implemented as a semiconductor switch (SW 110). For example, it may be implemented as a transistor having a control electrode, such as FET or BJT, or may be implemented as a semiconductor switch having a control electrode, such as N-type MOS, P-type MOS, NPN BJT, or PNP BJT.

For example, the switch (SW, 110) can control the resistance between the first electrode and the second electrode according to the amplitude of the control signal (Vcon) provided to the control electrode, and the ripple inserted into the output voltage (Vout) therefrom. Amplitude can be adjusted. As another example, the conduction time of the switch (SW, 110) can be controlled according to the duty ratio of the control signal (Vcon) provided to the control electrode, and the amplitude of the ripple inserted into the output voltage (Vout) can be controlled therefrom. can be adjusted

For example, operation characteristics such as conduction, blocking, conduction resistance, conduction time, and interruption time of the ripple insertion unit, or characteristics such as ripple amplitude and frequency are determined according to the control voltage Vcon. The characteristics of the ripple formed from the control voltage Vcon based on the random number are random. Therefore, the ripple inserter embeds a random ripple into the output voltage and outputs the ripple.

The power data transmitter 100 may include an output sensor 130 that senses the output voltage Vout and outputs a detection signal Vsense. The output sensor 130 detects the output voltage Vout and provides it to the amplifier 123.

For example, when the magnitude of the output voltage Vout is greater than the input dynamic range of the amplifier 123, the output sensor 110 divides the output voltage with a plurality of resistors as illustrated in FIG. 3 (voltage divide) The processed detection signal Vsense may be provided.

The digital-to-analog converter (DAC) 122 receives the random number data R and forms a random comparison voltage Vr corresponding to the random number. The random comparison voltage Vr is an analog signal corresponding to a random number.

The amplifier 123 compares the magnitude of the detection signal Vsense provided to the first input and the comparison voltage Vr provided to the second input. The amplifier 123 forms a control signal Vcon corresponding to the comparison result and supplies it to the control electrode of the switch 110 to control the switch.

For example, when the detection signal Vsense provided to the first input of the amplifier 123 is greater than the random comparison voltage Vr provided to the second input, the amplifier 123 generates the control signal Vcon of the PMOS switch 110 is increased and provided to the control electrode of the PMOS switch 110. Accordingly, the voltage between the gate and the source of the PMOS switch 110 decreases, and a falling ripple is inserted into the output voltage Vout.

Conversely, if the detection signal Vsense provided to the first input of the amplifier 123 is smaller than the random comparison voltage Vr provided to the second input, the amplifier 123 generates the control signal Vcon of the PMOS switch 110 is reduced and provided to the control electrode of the PMOS switch 110. Accordingly, the gate-source voltage of the PMOS switch 110 increases, and a rising ripple is inserted into the output voltage Vout.

The amplifier 123 compares the detection signal Vsense obtained by detecting the output voltage Vout with the random comparison voltage Vr based on a random number, and outputs a control signal Vcon corresponding to the comparison result. The control signal Vcon provided to the control electrode of the PMOS switch 110 has a random characteristic, so its operation characteristics are also random. Accordingly, the ripple inserted into the output voltage Vout is also random.

4(a) is a diagram showing an overview of the power data transmission unit 100 according to another embodiment, and FIG. 4(b) is a timing diagram showing an overview of the operation of the power data transmission unit 100 according to another embodiment. In describing the present embodiment, descriptions of elements identical to or similar to those described above may be omitted.

4(a) and 4(b), the power data transmitter 100 may be a step down converter 100, which is a type of switch mode power supply (SMPS). . The step-down converter 100 includes an inductor (L) and a capacitor (C) that store energy by the supplied DC voltage. In addition, the step-down converter 100 further includes a second switch 112 that operates complementary to the switch 110 . For example, the second switch may be replaced with a flywheel diode that prevents reverse flow.

The control unit 120 includes a controller 125 having an amplifier structure that amplifies a difference between the detection voltage Vsense and the random comparison voltage Vr based on the random number provided by the random number generator RNG with a predetermined gain. 4(a) illustrates an inverting amplifier type as the controller 125, but may be implemented with various types of amplifiers, including non-inverting amplifier types that are not illustrated.

The controller 125 controls the output voltage Vout so that the detection voltage Vsense has the same voltage as the random comparison voltage Vr.

The modulator 123 compares the reference voltage Vref with the output signal of the amplifier 250, forms a control signal Vcon for driving the switch 110 and the second switch 120 as a result of the comparison, and outputs the do. For example, the reference voltage may be a sawtooth wave.

For example, the duty ratio of the output signal Vcon provided by the modulator 123 varies depending on the level of the output signal of the controller 125 and the level of the reference voltage Vref. 2 The duty ratio at which the switch 112 is turned on is also different.

For example, when the magnitude of the output signal of the controller 125 decreases, the duty ratio of the output signal Vcon of the modulator 123 decreases. Accordingly, the time during which the switch 110 is turned on and the second switch 120 is turned off per cycle increases. As the time during which the switch 110 is turned on increases, the current flows through the inductor L and the energy stored in the inductor L increases, and as the current flowing through the inductor L increases, the output voltage Vout size increases.

Conversely, when the magnitude of the output signal of the controller 125 increases, the duty ratio of the control signal Vcon provided by the modulator 123 increases. Accordingly, the interval in which the switch 110 is cut off and the second switch 120 is conducted per cycle increases. The inductor (L) temporarily functions as a current source by supplying the stored energy in the form of current. In addition, the second switch 112 is conducted to form a discharge path of the inductor (L). As inductor L provides current, the voltage across inductor L decreases. As a result, the magnitude of the output voltage Vout is reduced. Also, capacitor C smooths out the voltage change at the output node.

The controller 125 controls the random comparison voltage Vr based on the random number and the detection signal Vsense to have the same value. For example, when the detection voltage Vsense is higher than the random comparison voltage Vr, the controller controls the output voltage Vout to decrease, thereby decreasing the detection voltage Vsense. In this operation, since the random comparison voltage (Vr) is randomly changed, the controller output, the switch control signal, and the output voltage (Vout) are also randomly changed.

Also, a result of comparing the output signal of the amplifier 250 with the reference voltage Vref having a predetermined amplitude and frequency is also random. Accordingly, the duty ratio of the control signal output from the comparator 230 is random, and accordingly, the ripple of the output signal Vout formed when the switch 110 and the second switch 120 are turned on or off is also random.

5 is a diagram showing an outline of a power data transmission unit 100 according to another embodiment. In describing the present embodiment, descriptions of elements identical to or similar to those described above may be omitted. Referring to FIG. 5 , the power data transmission unit 100 may be a step down converter 100 that is a type of switch mode power supply (SMPS). The step-up converter 100 includes an inductor (L) and a capacitor (C) that store energy by the supplied DC voltage. In addition, the step-up converter 100 further includes a second switch 112 that operates complementarily with the switch 110 . For example, the second switch 112 may be replaced with a diode preventing reverse flow.

The controller 125 controls the output voltage Vout so that the detection voltage Vsense has the same voltage as the random comparison voltage Vr. The modulator 123 compares the reference voltage Vref with the output signal of the amplifier 125, forms and outputs a control signal Vcon for driving the switch 110 and the second switch 120 as a comparison result. For example, when the magnitude of the output signal of the controller 125 decreases, the duty ratio of the output signal of the modulator 123 decreases. Accordingly, the second switch 112 is cut off per cycle, but the rate at which the switch 110 is turned on increases, and the current flowing through the inductor L flows through the switch 110.

When the output signal of the controller 125 increases, the duty ratio of the output signal of the modulator 123 increases. Accordingly, the rate at which the switch 110 is cut off per cycle increases, and the energy stored in the inductor L flows through the second switch 112 in the form of current. As the inductor (L) provides the stored current, a voltage is formed at both ends, and the input voltage (Vin) and the voltage across the inductor (L) are inducted so that the output voltage (Vout) has a voltage greater than the input voltage (Vin). is formed

The capacitor C stores charge corresponding to the output voltage Vout. If the switching cycle of the switch 110 is adjusted quickly enough, the charge of the capacitor C is not completely discharged while the inductor L is being charged, so that the output voltage Vout is greater than the input voltage Vin.

Conversely, when the magnitude of the output signal of the amplifier 125 is greater than that of the reference voltage, the comparator 123 outputs the control signal Vcon in a logic high state. Therefore, the switch 110 is cut off and the inductor L provides the stored energy in the form of current to flow through the second switch 112 that is conducting. As the inductor (L) provides current, a voltage is formed at both ends, and a voltage greater than the input voltage (Vin) is formed at the output voltage (Vout) due to the induction of the input voltage (Vin) and the voltage across the inductor (L). . Capacitor C stores the output voltage Vout. If the duty cycle of the switch 110 is adjusted sufficiently high, the output voltage Vout is provided with a higher voltage than the input voltage Vin.

The controller 120 controls the random comparison voltage Vr based on the random number and the detection signal Vsense to have the same value. For example, when the detection voltage Vsense is higher than the random comparison voltage Vr, the controller controls the output voltage Vout to decrease, thereby reducing the detection voltage Vsense. In this operation, since the random comparison voltage (Vr) is randomly changed, the controller output, the switch control signal, and the output voltage (Vout) are randomly changed.

Referring back to FIG. 1 , the power receiving side 20 receives power SP from the power transmitting side 10 . The power SP may be, for example, a DC voltage into which ripples having random amplitudes, duty ratios, and frequencies are inserted.

The power receiving side 20 includes a power data receiving unit 200 that receives power SP and separates the ripple and DC voltage embedded in the power, and an authentication unit 300 that authenticates the power transmitting side 10 with the embedded ripple. ) and an encryption module that performs encryption using an encryption key.

In an embodiment, the power data receiving unit 200 further includes a data restoring unit 210 restoring embedded ripple from the provided power SP and a voltage restoring unit 220 providing a DC voltage.

6(a) is a schematic circuit diagram showing an embodiment of the data restoration unit 210, and FIG. 6(b) is a schematic timing diagram illustrating the operation of the data restoration unit 210. Referring to FIGS. 6(a) and 6(b), the data restoration unit 210 receives the output voltage Vout output by embedding the ripple from the power transmission side 10, and divides it into a desired voltage level ( It includes a voltage divider (212) including at least two resistors that voltage divide.

The voltage divider 212 divides the output voltage Vout at a predetermined voltage division ratio and outputs a divided voltage Vp. The voltage division ratio may be set so that the level of the voltage output from the voltage divider 212 has a voltage corresponding to an input dynamic range of the comparator 222 that follows. The divided voltage Vp includes ripples divided at the same division ratio as the DC voltage.

The comparator 222 compares the divided voltage Vp and the comparison voltage Vd and outputs a result of the comparison. The comparison voltage (Vd) may be a voltage having a predetermined value, for example, a voltage having a voltage value smaller than the maximum voltage of the divided voltage (Vp) but greater than the minimum voltage of the divided voltage (Vp). and may have a median value of a maximum voltage and a minimum voltage of the divided voltage Vp as a voltage value.

For example, the comparator 222 compares the comparison voltage Vd and the divided voltage Vp, and if the divided voltage Vp is greater than the comparison voltage, the comparator 222 may provide a logic high state voltage as an output, and the divided voltage ( If Vp) is smaller than the comparison voltage, a logic low state voltage may be provided as an output. The flip-flop 232 receives the output of the comparator 222, samples it with the clock CLK, and outputs it. As shown, flip-flop 232 may be a D flip-flop.

When the power transmission side 10 embeds a ripple based on a random number into a DC voltage, the data output by the data recovery unit 210 is binary random number data, which is a random number generator included in the power transmission side 10 ( RNG) corresponds to the random number provided. The data restoration unit 210 provides the restored data to the authentication unit 300 .

The voltage restoration unit 220 outputs a smoothed DC voltage by removing ripples from the ripple-containing output voltage Vout. In one embodiment, the voltage restoration unit 220 may be a voltage regulator, and may be implemented as an analog linear regulator or a digital linear regulator. In another embodiment, the voltage restorer 220 may be a switch mode power supply (SMPS).

For example, the voltage restoration unit 220 may be a step-up converter that outputs a higher voltage than the supplied voltage or a step-down converter that outputs a lower voltage than the supplied voltage. The voltage restoration unit 220 provides the restored direct current voltage (DC) to the encryption module.

As another embodiment, the voltage restoration unit 220 may be a low pass filter (LPF) that smoothes power in which a random signal is embedded.

According to another embodiment, the power data receiving unit 200 may not include the voltage restoration unit 220, power in which a random signal is embedded may be provided to the encryption module, and activation provided by the authentication unit 300 may be provided. A signal EN is provided so that driving can be controlled (see FIG. 9).

The authentication unit 300 receives data that the data recovery unit 210 restores and outputs. In one embodiment, the restored data corresponds to the binary random number data R provided by the random number generator 10 at the power transmission side 10 .

In one embodiment, the authentication unit 300 calculates any one or more of the average, standard deviation, and variance of the restored data, and when the result of the calculation satisfies a predetermined range, the power transmission side 10 uses the result. Decide whether to authenticate.

In another embodiment, the authentication unit 300 receives N-bit output values of the restored data, counts the number of bits in a logic high state or the number of bits in a logic low state, and calculates the number of bits in a logic low state, When satisfying the first range designated in advance, a method of performing authentication may be used.

In another embodiment, in another embodiment, the authenticator 300 receives N-bit output values of the restored data, counts the number of bits in a logic high state or the number of bits in a logic low state among them, and obtains uniformity of distribution. can be identified and authenticated.

As another embodiment, the authentication unit 300 may detect at least one of the voltage level, duty ratio, and frequency of the restored signal, and the average, deviation, and standard of the detected voltage level, duty ratio, and frequency. Any one or more of the deviations may be calculated, and the power transmission side 10 may be authenticated when the calculation result satisfies a predetermined range.

When the authentication unit 300 authenticates the power transmission side 10, voltage is supplied to the encryption module, and the encryption module performs a desired function. As another embodiment, when the authentication unit 300 authenticates the power transmission side 10, a signal for operating the encryption module is applied to perform a desired function.

According to this embodiment, the ripple included in the power (SP) provided by the power transmission side 10 is restored, and whether or not to authenticate the power transmission side 10 is determined using the restored data. Accordingly, an advantage of being able to neutralize a non-intrusive attack or a semi-intrusive attack to obtain a key value is provided.

Second embodiment

Hereinafter, a security system 2 according to an example of the present embodiment will be described with reference to FIGS. 7 and 8 . However, descriptions of the same or similar elements as those described above may be omitted. Fig. 7 is a block diagram showing the outline of the security system 2 according to this embodiment, and Fig. 8 is a diagram showing the operation flow of the security system 2 according to this embodiment.

Referring to FIGS. 7 and 8 , the random number generator (RNG) generates binary random number data (R) (S100). The power data transmission unit 100 receives binary random number data R, forms a power SP in which a random signal based on the binary random number data is embedded (S200), and transmits it to the power receiving side 20.

The data restoration unit 210 separates and restores the embedded random number data R' from the power SP output from the power data transmission unit 100 (S400) and provides the data to the authentication unit 300.

The authentication unit 300 determines whether the restored random number data R′ and the random number data R provided from the power transmission side 10 correspond (S600). In one embodiment, the authentication unit 300 determines whether the restored random number data R′ and the random number data R provided from the power transmission side 10 match each other, determines whether they correspond to each other, and if so, the password The module is activated (S700).

The authentication unit 300 provides power to the encryption module or activates the activation signal signal ( EN) can be provided (see FIG. 22)

As an embodiment, the authentication unit 300 determines at least one signal characteristic among data matching between the separated random number data R' and the random number data R, voltage level, frequency, and duty ratio. Based on this, it is possible to determine whether the two signals correspond.

Hereinafter, a security system 2 according to another example of the present embodiment will be described with reference to FIGS. 9 and 10 . However, descriptions of the same or similar elements as those described above may be omitted. Fig. 9 is a block diagram showing the outline of another example of the security system 3 according to this embodiment, and Fig. 10 is a diagram showing the operational flow of another example of the security system 3 according to this embodiment.

Referring to FIGS. 9 and 10 , the random number generator (RNG) included in the power receiving side 20 generates binary random number data (S100). The random number generator RNG provides the generated binary random number data R to the power data transmission unit 100 of the power transmission side 10 and the authentication unit 300 of the power reception side 20 .

The power data transmitter 100 embeds a ripple based on the random number data R provided into the DC voltage to form the power SP (S200) and provides it to the power receiver 20.

The data restoration unit 210 receives power SP, which is the output voltage Vout of the data restoration unit 210 in which the ripple based on the random number data R' is embedded, separates and restores the random number data (R', S400) and output to the authentication unit 300. As in the embodiment shown in FIG. 9 , power (SP) is provided to the encryption module, and it can be driven by the activation signal (EN) of the authentication unit 300 .

The authentication unit 300 checks whether the binary random number data R output from the random number generator RNG and the restored random number data R' correspond (S600), and activates the encryption module if they match each other (S700). . The authentication unit 300 provides power to the encryption module or transmits an activation signal only when the restored random number data R′ and the random number data R provided from the power transmission side 10 coincide with each other. can be provided (see Fig. 22)

Third embodiment

Hereinafter, an example of the security system 3 according to the third embodiment will be described with reference to FIGS. 11 and 12 . However, descriptions of the same or similar elements as those described above may be omitted. Fig. 11 is a block diagram showing the outline of the security system 3 according to the above-described third embodiment, and Fig. 12 is a diagram showing the operation flow of the security system 3 according to the above-described third embodiment.

The random signal generator 120 includes a random number generator RNG that outputs random number data R, an encryption unit 500 that encrypts the random number data R with a secret key, and a secret key storage unit 600 that provides the secret key. can include

The random number generator (RNG) generates random binary number data (R) (S100). The power data transmitter 100 receives binary random number data R, forms a power SP in which a random signal based on the binary random number data R is embedded (S200), and transmits it to the power receiver 20.

The encryption unit 500 receives the secret key (K) stored in the secret key storage unit 600, and encrypts (S300) the random number data (R) formed by the random number generator (RNG) with the secret key (K). Data (P) is formed and provided to the power receiving side (20).

The data restoration unit 210 separates and restores (S400) the embedded random number data R' from the power SP, which is the output voltage Vout output from the power data transmission unit 100, and provides it to the authentication unit 300. do.

The power receiving side 20 includes an authentication signal forming unit 150 . Authentication signal forming unit 150, as shown in the example shown in FIG. 11, the authentication secret key storage unit 650 for storing the secret key stored in the private key storage unit 600 of the transmission side and the corresponding private key, and authentication The authentication decryption unit 550 receives the secret key from the secret key storage unit 650 and decrypts the encryption data P to restore random number data.

As another example, the authentication signal forming unit 150 is an authentication private key storage unit 650 that stores a private key corresponding to the private key stored in the private key storage unit 600 of the transmission side, as in the embodiment illustrated in FIG. and an authentication encryption unit 560 receiving a secret key from the authentication secret key storage unit 650 and encrypting the random number data P to form encryption data.

11 and 12 again, the authentication decryption unit 550 receives encryption data P, and decrypts the encryption data P with the secret key K stored in the authentication secret key storage unit 650 ( S500), and the random number data R'' is restored and outputted to the authentication unit 300. The secret key stored in the authentication secret key storage unit 650 and the secret key stored in the secret key storage unit 600 included in the random signal generator 120 may or may not be the same, but may correspond to each other.

For example, the encryption unit 500 and the authentication decryption unit 550 use symmetric key methods of AES, SEED, and DES, public key methods of RSA and ECC, and HASH methods of SHA-1, SHA-2, and SHA-3. Encryption data P may be formed or decrypted using any one algorithm.

The authentication unit 300 determines whether the random number data R′ separated from the output voltage Vout and the decoded random number data R″, which is an authentication signal, are the same or correspond to each other (S600) to determine whether the power transmission side (10) is authenticated. If the random number data R' and the random number data R'' output from the data decryption unit 550 are the same or correspond to each other, power is provided to the encryption module or an activation signal EN is provided to operate the encryption module. You can (see FIG. 22).

As described above, the authenticator 300 may determine whether the restored random number data R' and the random number data R'' serving as an authentication signal match each other to determine whether they correspond to each other. Furthermore, the authentication unit 300 determines whether the data between the separated random number data R′ and the authentication signal random number data R″ match, voltage magnitude, frequency, and duty ratio, based on one or more signal characteristics. Thus, it is possible to determine whether the two signals correspond.

Hereinafter, another example of the security system 3 according to another example of the third embodiment will be described with reference to FIGS. 13 and 14 . However, descriptions of the same or similar elements as those described above may be omitted. Fig. 13 is a block diagram showing the outline of the security system 3 according to this embodiment, and Fig. 14 is a diagram showing the operation flow of the security system 3 according to this embodiment.

Referring to FIGS. 13 and 14 , the random number generator (RNG) included in the power receiving side 20 generates random binary number data R (S100). The random number generator RNG provides the generated binary random number data R to the encryption unit 500 of the power transmission side 10 and the authentication encryption unit 560 of the power reception side 20 .

The authentication encryption unit 560 of the power receiving side 20 receives the secret key K stored in the authentication secret key storage unit 650, and encrypts the binary random number data R with the secret key K (S300) The generated encryption data P is provided to the authentication unit 300 .

The encryption unit 500 of the power transmission side 10 receives the secret key K stored in the secret key storage unit 600 and encrypts the provided binary random number data R with the secret key K (S300). The formed encryption data P is provided to the power data transmitter 100.

As described above, the encryption unit 500 and the authentication encryption unit 560 use the symmetric key methods of AES, SEED, and DES, the public key methods of RSA and ECC, and the HASH methods of SHA-1, SHA-2, and SHA-3. Encryption may be performed using any one of the algorithms to form the encrypted data (P).

The power data transmission unit 100 forms (S310) power SP in which encryption data P in which the binary random number data R is encrypted is embedded, and provides the power to the power receiving side 20.

The data recovery unit 210 receives power in which a ripple based on the encryption data P is embedded, restores the encryption data (P', S410), and outputs the data to the authentication unit 300. The authentication unit 300 determines whether the encryption data P provided by the authentication encryption unit 550 and the restored encryption data P′ match (S610), and if they match, activates the encryption module (S700). .

4th embodiment

Hereinafter, an example of the security system 4 according to the fourth embodiment will be described with reference to FIGS. 15 and 16 . However, descriptions of the same or similar elements as those described above may be omitted. Fig. 15 is a block diagram showing the outline of the security system 4 according to this embodiment, and Fig. 16 is a diagram showing the operation flow of the security system 4 according to this embodiment.

In the example illustrated in FIGS. 15 and 16 , the random number generator RNG generates random number data R (S100) and provides it to the power data transmission unit 100 and the encryption unit 500. The power data transmitter 100 generates power in which the random number data R is embedded (S200) and outputs it to the power data receiver 200. The encryption unit 500 receives the secret key K stored in the secret key storage unit 600, encrypts it (S300), and provides it to the authentication unit of the receiving side 20.

The data restoration unit 210 restores and separates (S400) the random number data R embedded in the power SP, and outputs the data to the authentication encryption unit 560. The authentication encryption unit 560 encrypts (S510) the random number data (R′, 400) restored by the data restoration unit 210 with the secret key (K) stored in the authentication secret key storage unit 650, and then encrypts the encryption data (P). ') can be formed.

The authentication unit 300 determines whether the encryption data P provided by the encryption unit 500 of the power transmission side 10 and the encryption data provided by the authentication encryption unit 560 match (S610), and At this time, authentication may be performed to activate the encryption module (S700).

In the example illustrated in FIG. 15 , a random number generator (RNG) is located in the power transmission side 10 and provides random number data R to the power data transmission unit 100 . In contrast, according to the example illustrated in FIG. 17 , the random number generator (RNG) may be included in the power receiving side 10, and random number data R is generated in the random signal generator 120b located in the power transmitting side 10. can provide. Also, the random number generator RNG provides random number data R to the authentication unit 300 .

The random signal forming unit 120b encrypts the provided random number data R with the secret key K provided by the secret key storage unit 600, and provides the encrypted data P to the power data transmission unit 100. . The power data transmitter 100 outputs power obtained by embedding the encryption data P in DC voltage to the power receiver 20 .

The data recovery unit 210 restores the encryption data P′ from the power SP and provides it to the authentication decryption unit 550 . The authentication decryption unit 550 receives the secret key from the authentication secret key storage unit 650, decrypts the encryption data P', restores the random number data R', and provides it to the authentication unit 300.

The authentication unit 300 determines whether the random number data R provided by the random number generator RNG corresponds to the restored random number data R′, and authenticates the encryption module if they agree with each other.

Example 5

Hereinafter, a fifth embodiment of the security system 5 will be described with reference to FIGS. 18 and 19 . However, descriptions of the same or similar elements as those described above may be omitted. Fig. 18 is a block diagram showing the outline of the security system 5 according to the fifth embodiment described above, and Fig. 19 is a diagram showing the operation flow of the security system 5 according to the fifth embodiment.

The random number generator (RNG) forms binary random number data (R) (S100) and provides them to the encryption unit 500 and the authentication unit 300 of the power receiving side 20. The power data transmission unit 100 forms (S210) power SP in which random ripples are embedded and transmits it to the power reception side 20.

The encryption unit 500 of the transmission side receives the secret key K stored in the secret key storage unit 600 and encrypts the random number data R formed by the random number generator RNG with the secret key K (S300). ) is formed and provided to the power receiving side 20.

The authentication decryption unit 550 receives encryption data (P), decrypts the encryption data (P) with the secret key (K) stored in the authentication secret key storage unit 650 (S500), and decrypts the random number data (R'). ') is output to the authentication unit 300.

The authentication unit 300 determines whether the random number data R provided by the random number generator RNG of the power transmission side 10 and the random number data R″ output by the data decoding unit 550 correspond to each other, If so, the encryption module is activated by authenticating the power transmission side 10 (S600).

20 is a block diagram showing the outline of a security system 5 according to another example of the fifth embodiment, and FIG. 21 is a diagram showing an operation flow of the security system 5 according to another example of the fifth embodiment. In the examples illustrated in FIGS. 18 and 19 , the encryption data P provided from the power transmission side 10 to the power reception side 20 is decoded by the authentication decryption unit 550 to generate random number data R″. is formed The random number data R″ is provided to the authentication unit 300, and the authentication unit 300 includes the random number data R provided by the power transmission side 10 and the random number data restored by the authentication decoding unit 550 ( R'') is equivalent.

Hereinafter, another example of the security system 3 according to the present embodiment will be described with reference to FIGS. 20 and 21 . However, descriptions of the same or similar elements as those described above may be omitted. 20 is a block diagram showing the outline of the security system 3 according to the above-described another example of the present embodiment, and FIG. 21 shows the operation flow of the security system 3 according to the above-described another embodiment of the present embodiment. It is a drawing that represents

Referring to FIGS. 20 and 21 , the random number generator (RNG) included in the power receiving side 20 generates binary random number data (S100). The random number generator RNG provides the generated binary random number data R to the encryption unit 500 of the power transmission side 10 and the authentication encryption unit 560 of the power reception side 20 . The power data transmitter 100 provides power SP, which is a voltage in which random ripples are embedded, to the power receiver 20 (S200).

The authentication encryption unit 560 of the power receiving side 20 receives the secret key K stored in the secret key storage unit 650 of the receiving side, and encrypts the binary random number data R with the secret key K (S510). ) to provide the authentication unit 300 with the formed encryption data P.

The encryption unit 500 of the power transmission side 10 receives the secret key K stored in the transmission side secret key storage unit 600, and encrypts the provided binary random number data R with the secret key K (S510b). ) to provide the authentication unit 300 with the formed encryption data P'.

The authentication unit 300 determines whether the encryption data P′ provided by the power transmission side 10 and the encryption data P provided by the authentication encryption unit 560 of the power reception side 20 correspond to each other and authenticates the authentication. do

20 and 21 illustrate the encryption data P' provided by the authentication unit 300 from the power transmission side 10 and the encryption data provided by the authentication encryption unit 560 of the power reception side 20. Authentication was performed by checking the correspondence of (P).

However, in an example not shown, the power receiving side 20 further includes an authentication decryption unit (see 550 in FIG. 11 ) that decrypts the encryption data P′ provided by the encryption unit 500 . The authentication/decryption unit (see 550 in FIG. 11 ) decrypts the encryption data (P′) and provides the encryption data to the authentication unit, and the authentication unit 300 determines the relationship between the encryption data (R) provided by the random number provider (RNG). Authentication can be performed by determining whether or not they correspond.

Hereinafter, a case in which the authentication unit 300 of the power receiving side 20 drives the encryption module will be described with reference to FIGS. 22(a) and 22(b). Referring to FIG. 22(a), in the above-described embodiments, when the power transmission side 10 is authenticated, the authentication unit 300 may activate the encryption module by providing an activation signal EN to the encryption module. there is. However, when the power transmission side 10 is not authenticated, the authentication unit 300 may deactivate the encryption module by not providing an activation signal or by providing a deactivation signal to the encryption module instead of an activation signal.

In the embodiment illustrated in FIG. 22( b ), when the power transmission side 10 is authenticated, the authentication unit 300 provides an activation signal EN to conduct the power transfer switch SWp to power the encryption module. You can enable the cryptographic module by providing . However, when the power transmission side 10 is not authenticated, the authentication unit 300 does not provide an activation signal so that the power transfer switch SWp is turned off, or provides a deactivation signal rather than an activation signal to supply power to the encryption module. can block

Although it has been described with reference to the embodiments shown in the drawings to aid understanding of the present invention, this is an embodiment for implementation and is only exemplary, and those having ordinary knowledge in the field can make various modifications and equivalents therefrom. It will be appreciated that other embodiments are possible. Therefore, the true technical scope of protection of the present invention will be defined by the appended claims.

1, 2, 3, 4, 5: security system 10: power transmission side
20: power receiving side 100: power data transmission unit
110: switch 112: second switch
120: switch control unit 122: DAC
123: comparator 125: amplifier
130: output sensor 200: power data receiver
210: data restoration unit 212: voltage divider
222: comparator 232: flip flop
220: voltage restoration unit 300: authentication unit
500: data encryption unit 550: data decryption unit
600: Sending side secret key storage unit 650: Receiving side secret key storage unit
RNG: random number generator
S100~S700, S100~S700, S100c~S700c, S100d~S700d: Each stage of security system operation

Claims (56)

As a security system, the security system:
an encryption module that stores an encryption key;
A power transmission unit providing a power voltage capable of defending against power analysis attacks; and
An authentication unit for authenticating the power transmission unit,
When the authentication unit authenticates the power transmission unit, the encryption module is driven by the power supply voltage provided by the power transmission unit;
The power transmitter is any one of a linear regulator and a switch mode power supply that embeds and provides a random number signal or cryptographic data based on the random number signal in the power supply voltage Security system. According to claim 1,
The power transmitter embeds and provides the random number signal in the power supply voltage;
The authentication unit evaluates the separated random number signal to authenticate the power transmission unit. According to claim 1,
The security system,
Further comprising a random number generator for generating the random number signal;
The power transmission unit provides the power supply voltage in which the random number signal is embedded,
The security system of claim 1 , wherein the authentication unit recognizes whether the random number signal provided by the random number generator and the random number signal separated from the power supply voltage correspond to each other and authenticates the power transmission unit. According to claim 1,
The security system,
a random signal forming unit configured to form the random number signal and cryptographic data based on the random number signal;
The power transmission unit provides a power supply voltage in which the encryption data is embedded,
The security system of claim 1 , wherein the authentication unit recognizes whether a random number signal restored from the encryption data provided by the random signal forming unit corresponds to a random number signal restored from the encryption data separated from the power supply voltage, and authenticates the power transmission unit. According to claim 1,
The security system,
a random signal forming unit configured to form the random number signal and cryptographic data based on the random number signal;
The power transmission unit provides a power supply voltage in which the encryption data is embedded,
The authentication unit recognizes whether the encryption data formed from the random number signal provided by the random signal forming unit and the encryption data separated from the power supply voltage correspond to each other and authenticates the power transmission unit.
delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete

Images