CN102694649A - Method for implementing public key cryptography for resisting cold boot attack - Google Patents
Method for implementing public key cryptography for resisting cold boot attack Download PDFInfo
- Publication number
- CN102694649A CN102694649A CN2012101713064A CN201210171306A CN102694649A CN 102694649 A CN102694649 A CN 102694649A CN 2012101713064 A CN2012101713064 A CN 2012101713064A CN 201210171306 A CN201210171306 A CN 201210171306A CN 102694649 A CN102694649 A CN 102694649A
- Authority
- CN
- China
- Prior art keywords
- public key
- key cryptography
- resource
- internal memory
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for implementing public key cryptography for resisting a cold boot attack. The method comprises the following steps that: support of a system for streaming single instruction multiple data (Simd) extensions (SSE) and advanced vector extensions (AVX) is disabled, and contents in a YMM register group are prevented from being exchanged into a memory by a system kernel during process switching; only registers of a central processing unit (CPU) instead of a memory is used to implement a public key encryption algorithm; system call is increased for setting a secret key, encrypting a private key, allocating resources and recycling resources; a function of recycling public key cryptography calculation resources which are allocated to a process is added at a position where an operating system recycles the resources when the process exits; and a user space process calls the system call to implement a public key cryptography algorithm which can resist a side channel attack aiming at the memory. By the method, the capability of resisting the side channel attack aiming at the memory can be increased for the public key cryptography algorithm on a computer which uses an X86-64 CPU hardware platform under the condition that additional hardware is not added, so that in the running process of a cryptosystem, the private key of the system cannot be leaked due to the side channel attack aiming at the memory.
Description
Technical field
The invention belongs to field of information security technology, be specifically related to a kind of public key cryptography implementation method that cold start-up is attacked of resisting.
Background technology
In theory, to the attack of cryptographic system generally through carrying out to the analysis of cryptographic algorithm weakness with to two kinds of methods of Brute Force of key.Because the abundant check of academic research and industrial practice is often passed through in the fail safe of the cryptographic algorithm of main flow; The key length that uses is long enough often also; So once successful attack often need consume great amount of time and computational resource; Its cost is much larger than can getable income, thereby guaranteed the fail safe of cryptographic system.
Yet for the cryptographic system in the actual deployment, its fail safe is not only relevant with the fail safe of algorithm itself, also depends on many-sided factors such as concrete realization of algorithm and software and hardware computing environment.A kind of attack pattern that bypass attack (side channel attack) comes to this: through utilizing the safety defect in concrete realization of cryptographic system and the computing environment; The assailant can or carry out under the condition of Brute Force key in a background mathematics difficult problem that need not the decryption system; The acquisition system carries out the intermediateness that can be used for going back original cipher key in the encryption and decryption process, even directly obtains key itself.Bypass attack greatly reduces the difficulty that the assailant effectively cracks real cryptographic system, the fail safe of serious threat reality system.Especially generally believed it is the system design scheme of safety even the basic premise that is taken as system safety hypothesis for some, in case the feasible bypass attack method that come to light tends to produce extensive and great potential safety hazard.
(cold boot attack) attacked in cold start-up is a kind of bypass attack method that occurs in recent years and receive much concern.Past; It is conventionally believed that, after the power supply of computer system is cut off the back, be kept at internal memory (dynamic memory; Dynamic RAM; DRAM) data in can disappear because of power down immediately, only if obtained sufficiently high authority, the assailant can't access system in the internal storage data of other processes.So a lot of developers select direct sensitive datas such as dispatch list with key and key directly to be kept in the internal memory.Yet; The research of academia and technos shows; For the internal memory of the computer that is moving, even extracted from mainboard at normal temperatures, data wherein also can be after power down encumbrance second and (the value counter-rotating that is memory cell) can not take place significantly to lose; If used simple cooling technology to lower the temperature, the time that data keep can increase greatly.Although the BIOS of user's computer or operating system possibly carried out the operation of removing internal memory in normal shutdown of system or restarting process, if the assailant directly cuts off the electricity supply, these mechanism can't play a role.Like this, the assailant just can transfer to the target internal memory on another ready computer that does not have associated safety mechanism, with a homemade boot with the data dump of target internal memory on disk or other permanent storage appliance.To sum up, the assailant can attack according to the cold start-up of following operations flow performing:
Prepare:
● the computer to be attacked that is moving, be called for short target machine.
● cooling agent such as bottled air (canned air), is used to cool off internal memory.
● a computer that does not have the internal memory purge mechanism, be used for carrying out and attack, the internal memory of dump target machine is called the execution machine in the following text.
● a simple boot is used for core dump to memory devices such as hard disk, USB flash disks.Because it need take a part of internal memory in guiding, so writing of this boot is simple as far as possible, and takies few internal memory of trying one's best, can accomplish the dump function and get final product.Can select load mode flexibly according to the hardware case of the machine of execution, such as USB flash disk, PXE etc.
Execution in step:
1) use cooling agent that the internal memory of the target machine that moving is cooled off.
2) power supply of cut-out target machine is pulled up internal memory, is inserted into rapidly in the execution machine, starts the execution machine.According to the experimental result of correlative study, the data degradation in this process in the internal memory of target machine is very little, and after the execution machine started, internal memory powered up, and data will no longer be lost.
3) will load boot automatically after the execution machine starts, boot with the core dump of target machine to disk.
4) assailant adopts special algorithm from the memory mapping of target machine, to recover intermediateness crucial in key or the crypto-operation, breaks through cryptographic system.
The process that a successful execution cold start-up is attacked is as shown in Figure 1.
Be not difficult to find out, carry out cold start-up and attack not too high technical threshold, in case assailant's ready (execution machine, boot, cooling agent etc.), and have an opportunity physically to touch computer to be attacked, just can be with its core dump within several minutes; And the correlative study result shows, recovers the work of key and also can within several minutes, accomplish.Simultaneously; Receive the restriction of all-purpose computer architecture up till now; A large amount of cryptographic systems all are placed on key or intermediateness in the internal memory; So the present computer security system structure that appears as that cold start-up is attacked has been brought huge security threat, all obtained paying close attention to widely in academia and industrial quarters.
The modern password system mainly comprises two types of DSE arithmetic and public-key cryptosystems.In DSE arithmetic, encryption and decryption adopts same key, so the necessary completion in advance of communicating pair key agreement, and trust the other side can compromised keys.The symmetric key encryption/decryption speed is very fast, and resource consumption is less, can be used to guarantee the integrality and the confidentiality of data, but have the as offered of needs key, can't verify encipherer's identity, shortcoming such as multi-party communication key management difficult.Symmetric cryptographic algorithm commonly used comprises DES, AES, IDEA etc.
To the shortcoming of DSE arithmetic, academia has proposed public-key cryptosystem.In public-key cryptosystem, encryption and decryption are separate, use two different keys respectively, can only be deciphered with another key by the information of a secret key encryption.In two keys, one being called private key by its key holder oneself is secret certainly, and another can openly be distributed to any people of communicating by letter with the key owner of wanting, is called PKI.Can only decipher the information of secret key encryption with another key with one.The cryptographic system that uses public-key, other users can send to the private key holder with the public key encryption data, the confidentiality of guarantee information; The private key holder can carry out digital signature to information with private key, the source of the just available public key verifications information of the user who receives information, and the integrality of guarantee information, and the third party can verify that realization is to the anti-property denied of information through PKI to information.The key length of public-key cryptosystem is often longer relatively, and computational speed is relatively slow, therefore often is used in combination with DSE arithmetic.Public key algorithm commonly used comprises Diffie Hellman, RSA, EIGamal, elliptic curve (Elliptic Curve Cryptography) etc.
At present; The effectively method of search keys in memory mirror has appearred in academia, therefore, no matter is public-key cryptosystem or DSE arithmetic; In case key or important intermediateness are placed in the internal memory, all receive the cold start-up attack easily and cause key to be revealed; In other words, resist cold start-up and attack, just need the important intermediateness of key and cryptographic algorithm computational process be shifted out internal memory, be put in the safer equipment that is difficult to attack.In academia, occurred several kinds at present and similarly resisted the method for attacking to the cold start-up of DSE arithmetic.But with respect to the advantages of simplicity and high efficiency symmetric cryptographic algorithm; Public key algorithm often calculation of complex, key is longer; Implement need be bigger memory space and the specification requirement of Geng Gao, still be that industrial quarters is not all also effectively resisted the method for attacking to the cold start-up of public key cryptography in academia at present.And public key algorithm is the important foundation of security frameworks such as nowadays various IKEs, signature authentication agreement; Have widely and use; Attack if can not effectively solve, will carry out all trades and professions of information exchange and bring serious potential safety hazard for relying on these agreements to the cold start-up of public-key cryptosystem.
Summary of the invention
The present invention is intended to propose a kind of way that can resist the cold start-up attack to public-key cryptosystem.
Technical scheme of the present invention is following:
A kind of public key cryptography implementation method of resisting the cold start-up attack comprises the steps:
A. forbid the support of system to the expansion of SSE, AVX instruction set, and prevent system kernel in process switching with the content exchange in the YMM registers group in internal memory;
B. only utilize the register of CPU and do not utilize internal memory to realize public key encryption algorithm, promptly key, intermediateness all only are present in the registers group in the ciphering process;
C. increase following system call:
A) key is set: be used for private key is kept at the YMM register;
B) encrypted private key: be used to carry out the encrypted private key operation;
C) resource allocation: it is that a process is carried out the public key cryptography calculating that the present invention proposes that the core of the CPU of X86-64 architecture can also only can be used at synchronization; Therefore the present invention becomes one group of public key cryptography computational resource with the core of CPU, and the number of assignable resource is corresponding to the core number of CPU.Native system calls when being used to ask to distribute available public key cryptography computational resource that idle computational resource is arranged for current process and is distributed into merit, and the result of resource allocation (being that which process which core cpu has been assigned to) is written into and is used for follow-up resource allocation inquiry and resource recovery in the overall array in the system space;
D) resource reclaims: be used to reclaim the public key cryptography computational resource that current process has been distributed;
D. the function of the public key cryptography computational resource of having distributed to this process increase is reclaimed in the place that operating system can reclaim resource when process withdraws from;
E. the described system call of user space processes invocation step C realizes resisting the public key algorithm to the bypass attack of internal memory.
Described public key cryptography implementation method is characterized in that, the said public key algorithm of step e is following:
1) using system calls c) distribution public key cryptography computational resource;
2) user loads the private key of encrypting usefulness through secure way, and using system calls private key a) is set, and removes the internal memory that private key took in loading procedure afterwards;
3) using system calls b) carry out to use the public key cryptography AES of private key;
4) the public key cryptography computational resource that release had distributed before process withdrawed from.
Described public key cryptography implementation method is characterized in that, among the step C, when each system call begins, needs disable interrupts, realizes atomic operation, and launches the support of CPU to SSE, the expansion of AVX instruction set; When system call finishes, need the support to SSE, the expansion of AVX instruction set with forbidding CPU, launch interruption.
Described public key cryptography implementation method is characterized in that, system call a) and b) begin need call c according to using system in the place) situation of the Resources allocation CPU that selects to be assigned to current process carries out core and carries out.
Described public key cryptography implementation method is characterized in that, among the step B, expressly input, ciphertext output are all duplicated completion through the data between register and the internal memory.
Described public key cryptography implementation method is characterized in that, in the step 1), if public key cryptography resource allocation failure, the user can select to wait for a period of time or close other processes that take the password resource and reattempt and redistribute; After the resource allocation success, the process that is assigned with resource will be monopolized this password resource, and other process will be under an embargo to the trial of the visit of this password resource.
Beneficial effect of the present invention does; Can be under the condition that does not increase additional hardware; For the public key algorithm on the computer that uses X86-64 CPU hardware platform increases the ability of opposing to the bypass attack of internal memory; Make that in the cryptographic system running private key of system can not revealed because of suffering to be directed against the bypass attack of internal memory.
Description of drawings
Fig. 1 is for general cryptographic system, and the assailant obtains being stored in the flow process of the key in the internal memory through the cold start-up success attack;
The flow chart of Fig. 2 the method for the invention.
Embodiment
Implementation condition of the present invention is following:
● hardware: use the X86-64 architecture to support the computer system of the CPU (the AMD CPU that Intel CPU that Sandy Bridge framework is later or Bulldozer framework are later) of AVX instruction set
● software: the operating system that can make amendment and recompilate the kernel source code
The practical implementation step is (flow process ginseng Fig. 1) as follows:
A. the code for other part in the anti-locking system uses SSE or AVX instruction set visit YMM registers group; Cause private key to reveal or be destroyed; The present invention need be forbidden the support of system to SSE, the expansion of AVX instruction set; Make that except that the particular code that the present invention is correlated with other any code all can not use the instruction access YMM registers group in SSE, the expansion of AVX instruction set; When process switching, system generally can be saved in the content in the YMM registers group in the internal memory, and this will bring the security threat of private key leakage to the present invention, also need forbid through revising kernel.For example; In (SuSE) Linux OS; Can revise the native cpuid function in the kernel, the correlating markings position zero clearing of representing the expansion of instruction set such as SSE, AVX in its return value can be forbidden that other code in the system uses SSE or AVX instruction set and in process switching, can not preserve the content of YMM registers group.
B. in order to prevent that private key or the intermediateness of using private key to carry out cryptographic calculations are leaked to the private key that causes in the internal memory and reveal, the present invention need use assembler language, only utilizes the register of CPU to realize public key encryption algorithm as memory space.Begin from the AVX instruction set; The CPU of X86-64 architecture has 16 256 YMM register; Add 14 64 general registers (not using RSP and RIP); The memory space of (16*256+14*64)=4992 at least can be provided; In addition instruction set to add, subtract, the good support of basic operation such as multiplication and division, XOR, no-carry multiplication, can realize the elliptic curve operations on 163,233 the binary field, the basic public key algorithms such as computing of the elliptic curve on 192,224 prime field.
C. because having forbidden other code in whole system, the present invention uses SSE, AVX instruction set; But the public key algorithm that the present invention realizes needs the support of SSE, AVX instruction set again; So need in kernel, realize cryptographic algorithm; And before the code of algorithm begins, launch the support of system, and after algorithm is complete, forbid support again to SSE, AVX instruction set to SSE, AVX instruction set.This can realize through the flag bit that modification is kept in the CR4 register.Simultaneously; Because cryptographic algorithm is realized in kernel; And the present invention hopes that the application of client layer also can use cryptographic algorithm provided by the invention to realize; So the present invention provides an interface that calls cryptographic algorithm with the form of system call to client layer, the DLL of function in the confession client layer routine access system kernel that said system call refers in operating system nucleus, realize.According to the computing flow process of cryptographic algorithm, the present invention need realize that two system calls are respectively applied for the user and key are set and carry out crypto-operation.Because crypto-operation will be monopolized the YMM of this CPU and deposit group after key is written into CPU always; So the same time can only be moved the instance of a cryptographic algorithm and can only be monopolized by a process on the core of CPU, different core then can be assigned to different processes and be used for the different ciphers computing.So the present invention need realize that two other system call is respectively applied for the distribution and the recovery of crypto-operation resource.Preserve the intermediateness of computing owing to can use general purpose register set in the crypto-operation process; So before crypto-operation begins, need close interruption is atomic operation with the process that guarantees a crypto-operation; Process switching can not take place before computing is accomplished to be caused content in the general purpose register set to be switched in the internal memory going, and after computing finishes, open interruption with the assurance system in the normal operation of other code.
D. in order to prevent that process from withdrawing from the resource that causes having distributed unusually and can't be recovered after having applied for the public key cryptography computational resource; Reclaim the code of resource when the present invention needs the process of retouching operation system to withdraw from, increase the function that reclaims the public key cryptography computational resource of having distributed to this process.
E. utilize the work of above each several part, the code in the user's space can call the public key algorithm that prevents to the bypass attack of internal memory provided by the invention according to following steps:
1) use system call provided by the invention to attempt obtaining available public key cryptography computational resource (being called for short " resource " down).
Because the number of available resources is identical with the core number of CPU, mainstream CPU often has only 4 cores, so this step possibly not fail because there being allowable resource.If distribute failure, the user can select to wait for a period of time or close other processes that take resource and reattempt.After the resource allocation success, the process that is assigned with resource will be monopolized this resource, and other process will be under an embargo to the trial of the visit of this resource.
2) after successfully obtaining the public key cryptography computational resource; The user can use code to read private key in internal memory from USB flash disk or other safe memory device; Re-use system call provided by the invention and private key in the internal memory is deposited in be used for crypto-operation among the CPU, again with the internal storage location zero clearing that once was used to preserve private key in the internal memory.Principle according to the cold start-up attack; The authority that has physics contact target computer under the situation that the assailant need be absent from the scene the user of object-computer could be carried out attack; So though private key can stop in internal memory momently in the process that private key is written into; But, can think that this process is safe because user's responsible key on the scene is written into.And private key will no longer appear in the internal memory after this, so the process that is written into and uses of whole key can be thought safe.
3) after successful loading secrete key, consumer process can use system call provided by the invention to carry out encrypted private key operation (can carry out repeatedly after private key is set).Because expressly the leakage with ciphertext can not threaten system safety,, import into and spread out of through system call so plaintext and ciphertext can be kept in the core buffer.
4) before process withdraws from, the resource that personal code work need distribute through the explicit release of system call, or withdraw from machine for resource recovery system by the process of revising in the system kernel and discharge automatically.
Claims (6)
1. resist the public key cryptography implementation method that cold start-up is attacked for one kind, comprise the steps:
A. forbid the support of system to the expansion of SSE, AVX instruction set, and prevent system kernel in process switching with the content exchange in the YMM registers group in internal memory;
B. only utilize the register of CPU and do not utilize internal memory to realize public key encryption algorithm, promptly key, intermediateness all only are present in the registers group in the ciphering process;
C. increase following system call:
A) key is set: be used for private key is kept at the YMM register;
B) encrypted private key: be used to carry out the encrypted private key operation;
C) resource allocation: be used to ask distribute available public key cryptography computational resource into current process;
D) resource reclaims: be used to reclaim the public key cryptography computational resource that current process has been distributed;
D. the function of the public key cryptography computational resource of having distributed to this process increase is reclaimed in the place that operating system can reclaim resource when process withdraws from;
E. the described system call of user space processes invocation step C realizes resisting the public key algorithm to the bypass attack of internal memory.
2. public key cryptography implementation method as claimed in claim 1 is characterized in that, the said public key algorithm of step e is following:
1) using system calls c) distribution public key cryptography computational resource;
2) user loads the private key of encrypting usefulness through secure way, and using system calls private key a) is set, and removes the internal memory that private key took in loading procedure afterwards;
3) using system calls b) carry out to use the public key cryptography AES of private key;
4) the public key cryptography computational resource that release had distributed before process withdrawed from.
3. public key cryptography implementation method as claimed in claim 1 is characterized in that, among the step C, when each system call begins, needs disable interrupts, realizes atomic operation, and launches the support of CPU to SSE, the expansion of AVX instruction set; When system call finishes, need the support to SSE, the expansion of AVX instruction set with forbidding CPU, launch interruption.
4. public key cryptography implementation method as claimed in claim 3 is characterized in that, system call a) and b) begin need call c according to using system in the place) situation of the Resources allocation CPU that selects to be assigned to current process carries out core and carries out.
5. public key cryptography implementation method as claimed in claim 1 is characterized in that, among the step B, expressly input, ciphertext output are all duplicated completion through the data between register and the internal memory.
6. public key cryptography implementation method as claimed in claim 2 is characterized in that, in the step 1), if public key cryptography resource allocation failure, the user can select to wait for a period of time or close other processes that take the password resource and reattempt and redistribute; After the resource allocation success, the process that is assigned with resource will be monopolized this password resource, and other process will be under an embargo to the trial of the visit of this password resource.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210171306.4A CN102694649B (en) | 2012-05-29 | 2012-05-29 | Method for implementing public key cryptography for resisting cold boot attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210171306.4A CN102694649B (en) | 2012-05-29 | 2012-05-29 | Method for implementing public key cryptography for resisting cold boot attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102694649A true CN102694649A (en) | 2012-09-26 |
| CN102694649B CN102694649B (en) | 2014-09-24 |
Family
ID=46859941
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210171306.4A Active CN102694649B (en) | 2012-05-29 | 2012-05-29 | Method for implementing public key cryptography for resisting cold boot attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102694649B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103607279A (en) * | 2013-11-14 | 2014-02-26 | 中国科学院数据与通信保护研究教育中心 | Multi-core processor-based secret key protection method and system |
| CN104809414A (en) * | 2015-05-04 | 2015-07-29 | 深圳市创世达实业有限公司 | USB (universal serial bus) flash disk encryption key storing method capable of preventing cold boot attack |
| CN104881611A (en) * | 2014-02-28 | 2015-09-02 | 国际商业机器公司 | Method and apparatus for protecting sensitive data in software product |
| CN106130719A (en) * | 2016-07-21 | 2016-11-16 | 中国科学院信息工程研究所 | A kind of cryptographic algorithm multinuclear implementation method resisting memory overflow attack and device |
| CN109522736B (en) * | 2018-12-13 | 2021-12-10 | 中国科学院信息工程研究所 | Method and system for carrying out password operation in operating system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1822539A (en) * | 2005-12-16 | 2006-08-23 | 清华大学 | Register file of elliptic curve cipher |
| CN101751534A (en) * | 2008-12-16 | 2010-06-23 | 联想(新加坡)私人有限公司 | Computers having a biometric authentication device |
-
2012
- 2012-05-29 CN CN201210171306.4A patent/CN102694649B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1822539A (en) * | 2005-12-16 | 2006-08-23 | 清华大学 | Register file of elliptic curve cipher |
| CN101751534A (en) * | 2008-12-16 | 2010-06-23 | 联想(新加坡)私人有限公司 | Computers having a biometric authentication device |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103607279A (en) * | 2013-11-14 | 2014-02-26 | 中国科学院数据与通信保护研究教育中心 | Multi-core processor-based secret key protection method and system |
| CN103607279B (en) * | 2013-11-14 | 2017-01-04 | 中国科学院数据与通信保护研究教育中心 | Cryptographic key protection method based on polycaryon processor and system |
| CN104881611A (en) * | 2014-02-28 | 2015-09-02 | 国际商业机器公司 | Method and apparatus for protecting sensitive data in software product |
| CN104881611B (en) * | 2014-02-28 | 2017-11-24 | 国际商业机器公司 | The method and apparatus for protecting the sensitive data in software product |
| US9852303B2 (en) | 2014-02-28 | 2017-12-26 | International Business Machines Corporation | Protecting sensitive data in software products and in generating core dumps |
| US10496839B2 (en) | 2014-02-28 | 2019-12-03 | International Business Machines Corporation | Protecting sensitive data in software products and in generating core dumps |
| CN104809414A (en) * | 2015-05-04 | 2015-07-29 | 深圳市创世达实业有限公司 | USB (universal serial bus) flash disk encryption key storing method capable of preventing cold boot attack |
| CN104809414B (en) * | 2015-05-04 | 2017-07-07 | 深圳市创世达实业有限公司 | A kind of USB flash disk encryption key deposit method for preventing cold boot attack |
| CN106130719A (en) * | 2016-07-21 | 2016-11-16 | 中国科学院信息工程研究所 | A kind of cryptographic algorithm multinuclear implementation method resisting memory overflow attack and device |
| CN109522736B (en) * | 2018-12-13 | 2021-12-10 | 中国科学院信息工程研究所 | Method and system for carrying out password operation in operating system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102694649B (en) | 2014-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103069428B (en) | Secure virtual machine in insincere cloud infrastructure guides | |
| JP6227728B2 (en) | System and method for wireless data protection | |
| US9734355B2 (en) | System and method for an efficient authentication and key exchange protocol | |
| CN100449558C (en) | Sleep protection | |
| US9898624B2 (en) | Multi-core processor based key protection method and system | |
| US7577851B2 (en) | Multitask execution apparatus and multitask execution method | |
| CN103797489A (en) | System and method for securely binding and node-locking program execution to a trusted signature authority | |
| Garmany et al. | PRIME: private RSA infrastructure for memory-less encryption | |
| CN102694649B (en) | Method for implementing public key cryptography for resisting cold boot attack | |
| CN103038746A (en) | Method and apparatus for trusted execution in infrastructure as a service cloud environments | |
| CN105450620A (en) | Information processing method and device | |
| CN110032884A (en) | The method and node, storage medium of secret protection are realized in block chain | |
| CN109508224A (en) | A kind of user data isolating and protecting system and method based on KVM virtual machine | |
| Bossi et al. | What users should know about full disk encryption based on LUKS | |
| CN105678173A (en) | vTPM safety protection method based on hardware transactional memory | |
| Chang et al. | User-friendly deniable storage for mobile devices | |
| CN102769525A (en) | Backup and recovery method of user key of TCM (Trusted Cryptography Module) | |
| Hu et al. | Taming energy cost of disk encryption software on data-intensive mobile devices | |
| Hu | Study of file encryption and decryption system using security key | |
| EP3935543A1 (en) | Side-channel-attack-resistant memory access on embedded central processing units | |
| JP2008242665A (en) | Encryption processing device, encryption processing method and file dividing and storing system | |
| CN109344632A (en) | A kind of OPENSTACK volumes of encryption method based on hardware encryption card | |
| Xiong et al. | Cloudsafe: Securing data processing within vulnerable virtualization environments in the cloud | |
| CN114254335A (en) | Encryption method and device based on GPU, encryption equipment and storage medium | |
| Strackx et al. | Idea: State-continuous transfer of state in protected-module architectures |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |