Search

US-12626023-B2 - Method and apparatus for detecting an attack on or degradation of an electronic circuit

US12626023B2US 12626023 B2US12626023 B2US 12626023B2US-12626023-B2

Abstract

An apparatus for detecting an attack on, or degradation of, an electric circuit is disclosed herein. The apparatus comprises a voltage level detector configured to determine whether the voltage level of the electric circuit exceeds a maximum selected threshold value, and to generate a first binary voltage limitation signal having if the voltage level exceeds the maximum selected threshold value. The apparatus also comprises a marginal voltage level detector configured to determine whether the voltage level of the electric circuit exceeds a marginal selected threshold value, the marginal selected threshold value being less than the maximum selected threshold value, and to generate a second binary voltage limitation signal having if the voltage level exceeds the marginal selected threshold value. A safety monitoring system monitors the first and second binary voltage limitation signals and is configured to determine that a possible attack or degradation has taken place based on at least one of the first binary voltage limitation signal and the second binary voltage limitation signal.

Inventors

  • Tim Ramsdale
  • Katarzyna Muszynska

Assignees

  • AGILE ANALOG LTD

Dates

Publication Date
20260512
Application Date
20220915
Priority Date
20210924

Claims (17)

  1. 1 . An apparatus for detecting an attack on, or degradation of, an electric circuit, wherein the electric circuit comprises: a voltage level detector circuit configured to determine whether voltage level of the electric circuit exceeds a maximum selected threshold value, and to generate a first binary voltage limitation signal having if the voltage level exceeds the maximum selected threshold value; a marginal voltage level detector circuit configured to determine whether the voltage level of the electric circuit exceeds a marginal selected threshold value, the marginal selected threshold value being less than the maximum selected threshold value, and to generate a second binary voltage limitation signal having if the voltage level exceeds the marginal selected threshold value; a safety monitoring system circuit for monitoring the first and second binary voltage limitation signals configured to determine that a possible attack or degradation has taken place based on the first binary voltage limitation signal or the second binary voltage limitation signal, wherein the safety monitoring system circuit is configured to determine that a possible attack or degradation has taken place in the event that: (i) the first binary voltage limitation signal indicates that the voltage level exceeds the maximum selected threshold value; or (ii) the second binary voltage limitation signal indicates that the voltage level has exceeded the marginal selected threshold value more than a selected number of times in a selected period of time.
  2. 2 . The apparatus of claim 1 wherein the safety monitoring system circuit is configured to determine that a possible attack has taken place in the event that the first binary voltage limitation signal indicates that the voltage level exceeds the maximum selected threshold value for more than a selected period of time.
  3. 3 . The apparatus of claim 1 wherein the maximum selected threshold value comprises a maximum selected threshold range and/or wherein the marginal selected threshold value comprises a marginal selected threshold range.
  4. 4 . The apparatus of claim 1 wherein the maximum selected threshold value comprises a lower maximum selected threshold value and a higher maximum selected threshold value, wherein the voltage level detector circuit comprises a first comparator configured to determine whether the voltage level of the electric circuit exceeds the lower maximum selected threshold value, and a second comparator configured to determine whether the voltage level of the electric circuit exceeds the higher maximum selected threshold value, and wherein the first and second comparators are adjustable to adjust the threshold values.
  5. 5 . The apparatus of claim 1 wherein the marginal selected threshold value comprises a lower marginal selected threshold value and a higher marginal selected threshold value, wherein the marginal voltage level detector circuit comprises a first marginal comparator configured to determine whether voltage level of the electric circuit exceeds the lower marginal selected threshold value, and a second marginal comparator configured to determine whether the voltage level of the electric circuit exceeds the higher marginal selected threshold value, and wherein the first and second comparators are adjustable to adjust the threshold values.
  6. 6 . The apparatus of claim 1 wherein the safety monitoring system circuit comprises counting logic configured count the first and second binary voltage limitation signals, wherein the counting logic is configured to determine the time between receipt of the first and/or second binary voltage limitation signals, and wherein the safety monitoring system circuit is configured to determine that a possible attack or degradation has taken place in the event that the counting logic determines that the voltage level exceeds the marginal selected threshold value a plurality of times within a selected time interval.
  7. 7 . The apparatus of claim 1 wherein the safety monitoring system circuit is configured to take action in the event that it determines that a possible attack or degradation has taken place.
  8. 8 . The apparatus of claim 1 wherein each of the voltage level detector circuit and the marginal voltage detector circuit are configured to compare a level of the voltage level to a level of a reference signal and are configured to generate the first and/or second binary voltage limitation signal based on the comparison, wherein the reference signal is provided by a bandgap.
  9. 9 . The apparatus of claim 1 wherein the apparatus comprises a first apparatus of a plurality of apparatuses, and wherein a respective apparatus of the plurality of apparatuses is provided for each respective power supply of a plurality of power supplies.
  10. 10 . A method of detecting an attack on, or degradation of, an electric circuit, the method comprising: determining whether voltage level of the electric circuit exceeds a selected maximum threshold value; determining whether voltage level of the electric circuit exceeds a marginal selected threshold value; generating a first binary voltage limitation signal if the voltage level exceeds the selected maximum threshold value; generating a second binary voltage limitation signal if the voltage level exceeds the selected marginal threshold value; monitoring the maximum and marginal binary voltage limitation signals over a predetermined time interval; detecting a possible attack on, or degradation of, the electric circuit based on the monitored maximum binary voltage limitation signal or the marginal voltage limitation signal, further comprising detecting a possible attack on, or degradation of, the electric circuit in the event that: (i) the first binary voltage limitation signal indicates that the voltage level exceeds the maximum selected threshold value; or (ii) the second binary voltage limitation signal indicates that the voltage level has exceeded the marginal selected threshold value more than a selected number of times in a selected period of time.
  11. 11 . The method of claim 10 comprising determining that a possible attack has taken place in the event that the first binary voltage limitation signal indicates that the voltage level exceeds the maximum selected threshold value for more than a selected period of time.
  12. 12 . The method of claim 10 wherein the maximum selected threshold value comprises a maximum selected threshold range and/or wherein the marginal selected threshold value comprises a marginal selected threshold range.
  13. 13 . The method of claim 10 wherein the maximum selected threshold value comprises a lower maximum selected threshold value and a higher maximum selected threshold value, and the method comprising determining with a first comparator whether the voltage level of the electric circuit exceeds the lower maximum selected threshold value and determining with a second comparator whether the voltage level of the electric circuit exceeds the higher maximum selected threshold value.
  14. 14 . The method of any of claim 10 wherein the marginal selected threshold value comprises a lower marginal selected threshold value and a higher marginal selected threshold value, and the method comprising determining with a first marginal comparator whether the voltage level of the electric circuit exceeds the lower marginal selected threshold value and determining with a second marginal comparator whether the voltage level of the electric circuit exceeds the higher marginal selected threshold value.
  15. 15 . The method of claim 10 comprising: counting the first and second binary voltage limitation signals with counting logic; determining, with the counting logic, the time between receipt of the first and/or second binary voltage limitation signals; and determining that a possible attack or degradation has taken place in the event that the counting logic determines that the voltage level exceeds the marginal selected threshold value a plurality of times within a selected time interval.
  16. 16 . The method of claim 10 wherein determining whether the voltage level of the electric circuit exceeds a selected maximum threshold value and/or a marginal selected threshold level comprises comparing a level of the voltage supply to a level of a reference signal and generating the first and/or second binary voltage limitation signal based on the comparison.
  17. 17 . A computer readable non-transitory storage medium comprising a program for a computer configured to cause a processor to perform: determining whether voltage level of an electric circuit exceeds a selected maximum threshold value; determining whether voltage level of the electric circuit exceeds a marginal selected threshold value; generating a first binary voltage limitation signal if the voltage level exceeds the selected maximum threshold value; generating a second binary voltage limitation signal if the voltage level exceeds the selected marginal threshold value; monitoring the maximum and marginal binary voltage limitation signals over a predetermined time interval; detecting a possible attack on, or degradation of, the electric circuit based on the monitored maximum binary voltage limitation signal or the marginal voltage limitation signal, further comprising detecting a possible attack on, or degradation of, the electric circuit in the event that: (i) the first binary voltage limitation signal indicates that the voltage level exceeds the maximum selected threshold value; or (ii) the second binary voltage limitation signal indicates that the voltage level has exceeded the marginal selected threshold value more than a selected number of times in a selected period of time.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a U.S. national stage entry of PCT Application No. PCT/GB2022/052332, filed Sep. 15, 2022, which claims priority to, and the benefit of, GB 2113642.9, filed 24 Sep. 24, 2021, and PL P.438970, filed 17 Sep. 2021, the disclosures of which are expressly incorporated herein by reference in their entireties. FIELD OF THE INVENTION The present disclosure relates to a method and apparatus for detecting an attack on or degradation of an electronic circuit, and in particular to a method and apparatus for detecting an attack on or degradation of an electronic circuit due to glitches in the supply voltage. BACKGROUND Modern electronic devices may be ‘hacked’ in order to gain access to a network, or to obtain secret information that can be used to further exploit the network. The process may involve an untrusted party manipulating the power supply pins of a chip to introduce ‘voltage glitches’ into a device. This can alter the ability of the circuit to function or can randomise the state of some of the logic. By doing this, the device can be made to falsely validate firmware as ‘trusted’ or enable a debug mode, which then enables access to secrets within the device. An approach to counter this, for example as described in US2007182421, is to monitor the power supply for glitches. This may be done either using a digital or analog scheme. In the analog scheme, the supply is compared against a low and high threshold which represent the operating regime of the chip, and if the signal goes outside of these limits, the device is reset. U.S. Pat. No. 8,892,903 also describes a similar approach and discusses a circuit for detecting power analysis attacks that includes at least one load circuit, a power supply line, and a switch coupled to the load circuit and to the power supply line. The switch is configured to enable and disable the at least one load circuit, and a voltage monitor is configured to sample voltage levels of the supply voltage. However, attacks are usually an iterative approach, seeking a specific failure sequence, and often exploit the marginality at the edge of the operating regime. As such-a number of glitches can be not detected, as they didn't quite exceed the operating regime of the chip but are still ‘unusual’ events. In safety-critical systems in particular, but all systems in general, aging of components can present a challenge to the operators, as aging of digital circuits tends to make them slower, plus aging of power supply circuits tends to make them poorer at regulating the supply, and thus more voltage droop on load step events. A solution to this may involve the monitoring of long-term average power supply values, but this averaging only answers whether there has been long-term drift in the nominal value of the supply. It doesn't give any indication of the minimum and maximum level of the supply, which is actually the values that affects the operation of the circuit (a similar analogy being a treadmill with poor speed control-measuring the average value at 10 kph is interesting but doesn't give any confidence in the machine. The fact that the instantaneous value could still range between 5 kph and 30 kph, whilst maintaining a 10 kph average, is of far more use). Embodiments of the disclosure may seek to address such problems. SUMMARY OF THE INVENTION Aspects of the invention are as set out in the independent claims and optional features are set out in the dependent claims. Aspects of the invention may be provided in conjunction with each other and features of one aspect may be applied to other aspects. In a first aspect there is provided an apparatus for detecting an attack on, or degradation of, an electric circuit is disclosed herein. The apparatus comprises a voltage level detector configured to determine whether the voltage level of the electric circuit exceeds a maximum selected threshold value, and to generate a first binary voltage limitation signal having if the voltage level exceeds the maximum selected threshold value. The apparatus also comprises a marginal voltage level detector configured to determine whether the voltage level of the electric circuit exceeds a marginal selected threshold value, the marginal selected threshold value being less than the maximum selected threshold value, and to generate a second binary voltage limitation signal having if the voltage level exceeds the marginal selected threshold value. A safety monitoring system monitors the first and second binary voltage limitation signals and is configured to determine that a possible attack or degradation has taken place based on at least one of the first binary voltage limitation signal and the second binary voltage limitation signal. The safety monitoring system may be configured to monitor the first and second binary voltage limitation signals over a predetermined time interval. It will be understood that there may be three binary signals-a first signal