Security chip is the critical component for information security system. Cryptographic modules for various algorithms and random number generation are usually provided inside the security chip. They are essential elements for achieving the confidentiality, integrity, and availability of the entire system. However, sensitive data in security chips are often assigned to other components through CPU operations, and transfers, so CPU security is also an essential part of the security chip. In order to improve the anti-side channel attack capability of CPU, this paper puts forward several countermeasures, including: unified instruction execution time, random switch of idle component, random switch of data bus, and randomization of program execution time. Some of these countermeasures are anti timing attack, some of which are anti power attack. By adopting multiple protection measures in CPU, it not only reduces the information leakage problem when sensitive information passes through the CPU, but also provides a powerful supplement to enhance the security of the other cryptographic components in the chip.
Read full abstract