Patent Grant
11308239
Various embodiments of the present disclosure are generally directed to data security by protecting against a jitter attack.
In accordance with some embodiments, an apparatus has a cryptographic processing integrated circuit (IC) configured to perform a cryptographic function on a set of input data to generate a corresponding set of transformed output data. An input line is configured to provide an input signal used by the cryptographic processing IC during execution of the cryptographic function. A monitor circuit is configured to monitor the input signal and temporarily disable the cryptographic processing IC responsive to a detection of time-varying changes to the input signal indicative of a potential jitter attack upon the cryptographic processing IC.
In further embodiments, a data storage device has a non-volatile memory and a controller circuit configured to direct a transfer of data between the NVM and a host device. The controller circuit includes a cryptographic processing circuit configured to perform a cryptographic function on a set of input data to generate a corresponding set of transformed output data. The cryptographic processing circuit receives an input signal from an input line to facilitate execution of the cryptographic function. A monitor circuit is configured to monitor the input signal, and to temporarily disable the cryptographic processing circuit responsive to a detection of time-varying changes to the input signal indicative of a potential jitter attack upon the cryptographic processing circuit.
In further embodiments, a method includes steps of supplying an input signal to a cryptographic processing IC; using the cryptographic processing IC to execute a cryptographic function on a set of input data to generate a corresponding set of transformed output data; monitoring the input signal during the execution of the cryptographic function; and interrupting the execution of the cryptographic function responsive to a detection of time-varying changes to the input signal indicative of a potential jitter attack upon the cryptographic processing circuit.
These and other features and aspects which characterize various embodiments of the present disclosure can be understood in view of the following detailed discussion and the accompanying drawings.
The present disclosure generally relates to data security, and more particularly to a novel method and apparatus for protecting against jitter attacks in a data storage system.
Data security schemes are used to reduce or eliminate unwanted access to data by unauthorized users of data storage systems. Data security schemes can employ a variety of security techniques in an effort to protect data. Some data security schemes employ cryptographic processes whereby data are processed using a selected cryptographic algorithm, such as an encryption or hash algorithm, to encode data in such a way that the underlying data cannot be easily recovered or otherwise altered by an attacker. A wide variety of cryptographic functions are known in the art.
Cryptographic systems are often configured to protect underlying data from discovery during a direct attack. A so-called side-channel attack is often used by a motivated attacker to glean a side channel, or a separate information stream, from a system that can ultimately reveal important information about the system or data, up to and including decoding of the data protected by the cryptographic algorithm. Side-channel attacks can take a variety of forms such as differential power analysis (DPA) attacks, timing analysis attacks, etc.
One commonly employed side-channel attack is sometimes referred to as a jitter attack. In this scheme, an input signal supplied to a cryptographic processing integrated circuit (IC) device, such as input power used by the device, is repetitively interrupted or otherwise manipulated (e.g., introducing jitter) in an effort to get the IC device into an indeterminate state. From this state, the attacker can analyze the device, such as by examining the output pins, to determine internal register values or other information that may lead the attacker to be able to decode the cryptographic processing that is applied by the device. Clock lines are another form of input signal that can be subjected to a jitter attack.
Various embodiments of the present disclosure are generally directed to an apparatus and method for protecting against a jitter attack. As explained below, some embodiments include a cryptographic processing IC supplied by an input signal line and a monitoring circuit that monitors the input signal line. The input signal can take a variety of forms, such as an input power line used to supply a source voltage, source current or other electrical power input to power the IC device. The input signal may alternatively take the form of an input clock line used to supply a clock signal at a selected frequency, an input PWM signal, a timing signal, etc.
The monitoring circuit is configured to detect the presence of electrical jitter on the input signal line. When the jitter is of sufficient magnitude and duration to place the IC device in an indeterminate state (indicating that a jitter attack may be taking place), the monitoring circuit temporarily disables the IC, which resets the output state and prevents further jitter from affecting the state of the device.
In some cases, the monitoring circuit may be arranged on a power island so as to remain operational irrespective of the state of the input power line feeding the cryptographic processing IC. Other arrangements can be used as well, such as using a separate energy storage device a capacitor, a battery, etc.) to power the monitoring circuit. The monitoring circuit can detect the presence of jitter in a number of ways, such as by accumulating repetitive anomalous events that are present on the input signal line, such as voltage level excursions, deviations in clock frequency, etc.
These and other features and advantages of various embodiments can be understood beginning with a review of
The memory 104 can take a variety of forms and can be used to store user data from a host device. The functionality of the controller 102 and the memory 104 can be incorporated into a single chip, or distributed among different integrated circuit devices and other components such as solid state memory, rotatable magnetic memory, mixtures of various types, etc.
The device 110 in
A write channel 118 operates to encode input write data from the host to provide a serialized data stream to a preamplifier/driver (preamp) 120. The preamp 120 provides a sequence of write currents to a perpendicular magnetic write element (W) 122 of a data transducer 124 to write data to the medium 116.
During a readback operation, readback signals are transduced by a magneto-resistive (MR) read element (R) 126 of the data transducer 124. The transduced signals are supplied to the preamp 120. The preamp 120 conditions and amplifies the readback signals and provides the same to a read channel 128. The read channel 128 applies signal processing techniques to recover the originally stored data to the buffer 114 pending subsequent transfer to the host.
During both read and write operations, specially configured servo positioning data on the medium 116 are transduced by the read element 126 and, after demodulation by a portion of the read channel 128, are supplied to a servo control circuit 130. The servo control circuit 130 provides positional control signals to a voice coil motor (VCM) 132 coupled to the data transducer 124 to position the respective write and read elements 122, 126 adjacent various data tracks defined on the medium 116.
The servo control circuit 130 further provides control inputs to a spindle motor 134 which rotates the medium 116 during operation. To avoid damage to the device 110, the servo circuit 130 moves the transducer(s) 124 to a safe parking position, such as on a ramp structure or a landing zone, prior to deactivation of the spindle motor 134.
As with the HDD device 110 of
The storage devices of
A monitor circuit 164 is configured to monitor the status of the input power line 161 in an effort to detect a jitter attack, which in this case may involve repeated toggling of the input voltage in an effort to place a set of output data pins 163 of the IC device 162 into an intermediate state.
The monitor circuit 164 in
The monitor circuit includes a detection circuit 166, a counter 168 and a chip disable circuit 170, although other configurations can be used. The detection circuit 166 can include a comparator or similar thresholding circuit to detect changes in the steady state power state on line 161. The counter 168 captures the occurrence of anomalous events associated with the input signal line over a specified interval or time period. This enables the circuit to detect the presence of applied jitter during an attack while filtering out normal excursions that may arise during normal operation.
When the characteristics of the input power on line 161 are determined to be indicative of a potential jitter attack, the disable circuit 170 operates to temporarily disable the crypto IC 162. In some cases, an enable/disable input (EN) of the crypto IC 162 may be set to an appropriate level by the disable circuit 170 to interrupt operation and clear the device. A timer 172 or other mechanism may be used to set the duration of time during which the crypto IC 162 is deactivated, after which the device can be re-enabled and resume operation.
The timer mechanism can further be used to filter the output of the counter circuit 168 to distinguish between a potential jitter attack and normal signal variations. It will be appreciated that, even if a jitter attack is not underway, significant amounts of jitter from other sources, such as variations in source voltage from an external device, may affect the operation of the crypto IC 162, making it prudent under such circumstances to temporarily disable the device until the condition is resolved.
The circuit 182 includes the use of an energy storage element 184, such as a capacitor, an electrical battery, etc., to provide backup power as well as a sensed state input to the monitor circuit 164. As before, the presence of sufficient accumulations of detected anomalous events in the input signal will be sufficient to cause the monitor circuit 164 to temporarily disable the crypto IC 162 (see
Steady state levels for the input voltage are generally denoted at regions 192 and 194 in the curve 190. Zone 196 represents the application of electrical jitter to the input voltage. In this case, the jitter is represented as a series of alternating spikes, or pulses, providing voltage excursion events that cross one or more thresholds T1 and/or T2.
As noted above, during a jitter attack, these and other forms of anomalous events may be intentionally induced in an effort to place the crypto IC 162 into an indeterminate state. The monitor circuit 164 can be configured to accumulate a count of such anomalous events and declare an unsafe condition accordingly (e.g., disable the crypto IC and other circuitry as required).
The clock signal is output by a clock source circuit 202 on a clock signal line 204 to the crypto IC 162, which uses various features of the clock signal, such as selected leading or trailing edges, to clock internal circuit elements associated with a cryptographic processing of data.
The clock signal is provided as an input to a monitor circuit 206, which as before, is configured to detect the presence of jitter in the clock signal and, when sufficiently pronounced, temporarily disable the crypto IC 162. The construction of the monitor circuit 206 can vary, but can include variable clock oscillator (VCO) and phase lock loop (PLL) circuitry to monitor abrupt frequency variations in the frequency and other characteristics of the clock signal, as well as counter and disable circuitry as described in
Each detected frequency variation in the input clock frequency beyond a predetermined threshold will be accumulated as an anomalous event. When a sufficient number of events have been detected over a predetermined time period, the circuit can declare an unsafe condition and temporarily suspend further operation of the crypto IC.
Intermediate zone 214 represents the application of electrical jitter to the clock signal. In this case, various abrupt changes in the frequency, pulse width, cycle time, amplitude and shapes of leading/trailing edges can arise as a result of the clock jitter. These can be induced by an attacker interfering with the operation of the clock source 202 and, as discussed above, can be applied in an effort to get the crypto IC to an indeterminate state.
Initially, a data security circuit such as in
At such time that a sufficient number of anomalous events are detected over a specified unit of time, an unsafe condition is declared at step 308, and a cryptographic processing circuit such as the IC device 162 is disabled at step 310 based on the declared unsafe condition. This may include providing a disable level to an input pin or other feature. It is contemplated that disabling the circuit will result in a clearing of existing states within the system in the form of registers, latches, etc. sufficient to prevent an attacker from gaining knowledge of the internal processing based on the intermediate states of the output pins 172.
As desired, the monitor circuit may provide a system notification of the event to the top level controller portion of the SOC to enable further steps be taken, such as temporarily halting cryptographic processing operations, switching to another operation, etc. SMART logs (self-monitoring reliability analysis testing) or other data structures may be updated at this time to log the occurrence for future evaluation.
Once disabled, the system remains disabled for a suitable time period, after which the system is reset at step 312 and the system proceeds to continue the input power monitoring. Other recovery sequences may be applied.
While the foregoing examples have contemplated monitoring input power and clock signals, other forms of inputs may be additionally or alternatively monitored, if such inputs are susceptible to a jitter attack of the form described herein. Moreover, while the various examples have been presented in the context of a data storage device (e.g., HDD, SSD, hybrid, etc.), substantially any form of processing circuit that uses cryptographic processing can be protected in similar fashion.
It is to be understood that even though numerous characteristics and advantages of various embodiments of the present disclosure have been set forth in the foregoing description, together with details of the structure and function of various embodiments of the disclosure, this detailed description is illustrative only, and changes may be made in detail, especially in matters of structure and arrangements of parts within the principles of the present disclosure to the full extent indicated by the broad general meaning of the terms in which the appended claims are expressed.
This application makes a claim of domestic priority to U.S. Provisional Patent Application No. 62/650,557 filed Mar. 30, 2018, the contents of which are hereby incorporated by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5231636 | Rasmussen | Jul 1993 | A |
| 6654884 | Jaffe et al. | Nov 2003 | B2 |
| 6748535 | Ryan, Jr. et al. | Jun 2004 | B1 |
| 6807232 | Nicholson et al. | Oct 2004 | B2 |
| 7417468 | Verbauwhede et al. | Aug 2008 | B2 |
| 7426629 | Piry et al. | Sep 2008 | B2 |
| 7599488 | Kocher et al. | Oct 2009 | B2 |
| 7639058 | Kuroawa et al. | Dec 2009 | B2 |
| 7870336 | Erlingsson et al. | Jan 2011 | B2 |
| 8334705 | Gunnam et al. | Dec 2012 | B1 |
| 8427194 | Deas et al. | Apr 2013 | B2 |
| 8635467 | Gunnam et al. | Jan 2014 | B2 |
| 8766707 | Younger et al. | Jul 2014 | B1 |
| 8879724 | Kocher et al. | Nov 2014 | B2 |
| 9250671 | Tucker | Feb 2016 | B2 |
| 9335809 | Younger et al. | May 2016 | B2 |
| 9343162 | Tasher et al. | May 2016 | B2 |
| 9411394 | Younger et al. | Aug 2016 | B2 |
| 9436603 | Pohlack | Sep 2016 | B1 |
| 9594928 | Langhammer | Mar 2017 | B1 |
| 9941880 | Lesea | Apr 2018 | B1 |
| 20020124178 | Kocher | Sep 2002 | A1 |
| 20030185392 | Sun | Oct 2003 | A1 |
| 20040260932 | Blangy | Dec 2004 | A1 |
| 20050102545 | Clavequin | May 2005 | A1 |
| 20070076890 | Muresan | Apr 2007 | A1 |
| 20070220263 | Ziener | Sep 2007 | A1 |
| 20080059826 | Kocher | Mar 2008 | A1 |
| 20110246119 | Feix | Oct 2011 | A1 |
| 20110246789 | Feix | Oct 2011 | A1 |
| 20110260749 | Deas | Oct 2011 | A1 |
| 20110285421 | Deas | Nov 2011 | A1 |
| 20110296198 | Motoyama | Dec 2011 | A1 |
| 20110299678 | Deas | Dec 2011 | A1 |
| 20120204056 | Airaud et al. | Aug 2012 | A1 |
| 20130007881 | Liem et al. | Jan 2013 | A1 |
| 20130312110 | Boulet | Nov 2013 | A1 |
| 20140250290 | Stahl et al. | Sep 2014 | A1 |
| 20140263646 | Manesh | Sep 2014 | A1 |
| 20150082434 | Sethumadhavan et al. | Mar 2015 | A1 |
| 20150288524 | Jaffe | Oct 2015 | A1 |
| 20150365228 | Belenky | Dec 2015 | A1 |
| 20150381351 | Kuenemund | Dec 2015 | A1 |
| 20180004944 | Nagata | Jan 2018 | A1 |
| 20180039581 | Hung | Feb 2018 | A1 |
| 20180323960 | Courtney | Nov 2018 | A1 |
| 20190007202 | Colombo | Jan 2019 | A1 |
| Number | Date | Country | |
|---|---|---|---|
| 20190303624 A1 | Oct 2019 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62650557 | Mar 2018 | US |
