CN111752747A - Memory security verification method for enhancing error detection capability - Google Patents
Memory security verification method for enhancing error detection capability Download PDFInfo
- Publication number
- CN111752747A CN111752747A CN202010526205.9A CN202010526205A CN111752747A CN 111752747 A CN111752747 A CN 111752747A CN 202010526205 A CN202010526205 A CN 202010526205A CN 111752747 A CN111752747 A CN 111752747A
- Authority
- CN
- China
- Prior art keywords
- crc2
- data
- check
- modulo
- error detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000015654 memory Effects 0.000 title claims abstract description 27
- 238000001514 detection method Methods 0.000 title claims abstract description 24
- 238000012795 verification Methods 0.000 title claims abstract description 17
- 230000002708 enhancing effect Effects 0.000 title claims abstract description 8
- 101100258328 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) crc-2 gene Proteins 0.000 claims abstract description 49
- 238000013461 design Methods 0.000 claims abstract description 7
- 230000001360 synchronised effect Effects 0.000 claims abstract description 5
- 238000013500 data storage Methods 0.000 claims abstract description 4
- 230000001172 regenerating effect Effects 0.000 claims description 3
- 230000001960 triggered effect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012937 correction Methods 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000873 masking effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/08—Error detection or correction by redundancy in data representation, e.g. by using checking codes
- G06F11/10—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
- G06F11/1004—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/08—Error detection or correction by redundancy in data representation, e.g. by using checking codes
- G06F11/10—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
- G06F11/1008—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
- G06F11/1072—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices in multilevel memories
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Detection And Correction Of Errors (AREA)
- Error Detection And Correction (AREA)
Abstract
A memory security verification method for enhancing error detection capability comprises the following steps: 1) selecting matched CRC2 generation formula according to information code length, and dividing x by selected generation formula according to modulo-2 division in modulo-2 operationn+1, where n is the total number of bits of the codeword; 2) performing parallel algorithm design implementation on the selected CRC2 generating formula; 3) when data is transmitted in the bus, a random number is used for carrying out synchronous mask; 4) with CRC2 check on data storage: when the CRC2 check value generated during data writing and the CRC2 check value generated during data reading are different during data accessing, an alarm signal is automatically generated. The invention has no operation delay, does not need extra hardware space to store a lookup table, and is suitable for checking each minimum storage unit, namely, real-time checking can be triggered for the change of each byte, thereby achieving the highest detection precision.
Description
Technical Field
The invention discloses a memory security check method for enhancing error detection capability, and belongs to the technical field of memory security check.
Background
Storage security refers to ensuring complete, reliable, and efficient invocation on data preservation, including both the reliability and availability of the storage device itself (device security) and the logical security of the data stored on the storage device (application security).
When resisting attack of attackers, especially attack from hardware, the hardware platform is relied on to solve the problems, so that the data in the storage system is protected by confidentiality and integrity. In order to seek the most effective protection measures, the structure of the system must be considered. Confidentiality of data depends entirely on encryption, but care must be taken to minimize the delay incurred in encryption when data in memory is encrypted. The integrity must be able to cope with various types of tampering attacks and must rely on verification techniques to combat it.
As described above, the safety circuit of the main memory must have a self-check function: mismatch errors can be detected when reading data and reported to the system in time. The basic principle of error control detection is a redundancy check technique.
The conventional self-detection method is a common parity check for reading and writing of the memory, and is simple and economical because of high check speed, high coding efficiency, no limit on the length of information bits. Parity encoding makes the code pitch 2 by adding one bit of check bits to make the number of 1's in the encoding odd (odd check) or even (even check). However, the parity check can detect odd errors, cannot find even errors, has no error correction capability, and cannot detect burst errors with continuous multiple bits, so that the error detection capability is limited, and the error omission ratio is high (approximately equal to 1/2). With the development of information technology, the verification method is more and more difficult to meet the requirement of information security.
To address the above technical problems, the prior art uses Cyclic Redundancy Check (CRC), which uses the principle of remainder and division to detect errors. The CRC is characterized in that: the error detection capability is extremely strong, the resource occupation is less, and the method is easy to realize by using an encoder and a detection circuit. Most importantly, the error detection capability and the safety of the system accord with the requirements of a safety embedded system. Generally, the probability of failure of a CRC check is only 0.0047%. The method is superior to other checking methods, such as arithmetic and check or parity check, in terms of memory overhead and system performance. The CRC international standard encoding methods are CRC4, CRC8, CRC12, CRC16, and CRC32, and are applied to various data communication networks. The more check bits, the stronger the error detection and correction capability, but the greater the requirement of redundancy space.
In addition, serial data input calculation of CRC is usually implemented by a Linear Feedback Shift Register (LFSR). The serial circuit has the advantages that the circuit is simple, but each clock pulse only completes the calculation of 1bit, thereby greatly influencing the data transmission rate and being not suitable for high-speed parallel memory data reading and writing. In practical application, most of CRC is realized by adopting a parallel computing mode. The existing parallel algorithm is commonly used for national standard CRC16 and CRC32, the parallelism is usually 8bit parallel, and the typical coding modes are not suitable for the memory check of the embedded system with compact system resources.
In addition to the above, the following related patent documents are disclosed in the art:
in CN102739258A, the cyclic redundancy check code is calculated using a lookup table, and an additional hardware space is required to store the lookup table. In the chinese patent document CN104598342B, a bypass CRC check is used for a section of memory, and two check codes need to be extracted during writing and reading respectively to compare whether the memory is abnormal, so this method is not suitable for performing an independent check on each memory cell. The check code of the entire data message is processed in batches and cannot be extracted within one clock pulse. In chinese patent document CN109299938A, the memory is encrypted by using an encryption algorithm with a random mask, which results in a high hardware overhead. The method needs a plurality of clock pulses to finish encryption, influences the access speed of memory data, and does not relate to the protection of a bus.
In summary, the following technical problems still exist for the memory security check:
1. when the parity check is adopted to carry out integrity detection on data in the prior art, only odd errors can be detected, even errors cannot be found, and burst errors with multiple continuous bits cannot be detected, so that the error detection capability is limited, and the error omission rate is high.
2. In the prior art, when the CRC is adopted to carry out integrity detection on data, resources are occupied, and operation delay exists, so that the CRC is not suitable for checking the minimum storage unit, and the requirements of low memory overhead, high checking speed and high safety are difficult to meet.
3. When the prior art refers to the random number mask, the protection of the bus can not be realized, and the corresponding speed of the memory can be reduced.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides a memory security verification method for enhancing the error detection capability, which is suitable for various volatile and nonvolatile memories with 2-bit verification.
Technical term interpretation:
1. redundancy check techniques add some additional bits called "redundancy check bits" (i.e., "error control coding") to each data unit. This technique is called a "redundancy check technique" because once the transmission is confirmed, the additional redundancy bits are automatically discarded. Fig. 5 is a schematic diagram of redundancy check, which adds some redundancy codes to the transmitted information data, so that a definite relation is established between the parity code element and the information code element, and the error control coding and the error control decoding functions are realized. And calculating the coding efficiency, wherein R is k/(k + R) is k/n. In the formula, the number of information bits in k-code words; r-the number of redundant bits in the codeword; n-total number of bits of codeword.
2. The modulo-2 operation is a core part of a binary algorithm, the CRC check technique. Like the four arithmetic operations, the modulo-2 arithmetic also includes four binary operations of modulo-2 addition, modulo-2 subtraction, modulo-2 multiplication, and modulo-2 division. Unlike the four arithmetic operations, the modulo-2 arithmetic is based on polynomial operations in coding theory, without considering carry and borrow.
The technical scheme of the invention is as follows:
a memory security verification method for enhancing error detection capability is characterized by comprising the following steps:
1) selecting matched CRC2 generation formula according to information code length, and dividing x by selected generation formula according to modulo-2 division in modulo-2 operationn+1, where n is the total number of bits of the codeword;
2) the selected CRC2 generating formula is designed and realized by a parallel algorithm, the parallel algorithm design is a design method which is well known by the technical personnel in the field, the parallel algorithm is firstly applied to CRC2, and the CRC2 parallel check algorithm is pure combinational logic, so that the method can be completely carried out while data access is carried out without increasing trunk delay, and the reading and writing speed is not influenced;
3) when data is transmitted in the bus, a random number is used for carrying out synchronous mask; the method carries out synchronous mask when transmitting in the bus, not only does not influence the access speed of the memory, but also increases the protection to the bus and effectively resists replay attack;
4) with CRC2 check on data storage: when the CRC2 check value generated during data writing and the CRC2 check value generated during data reading are different during data accessing, an alarm signal is automatically generated.
Preferably, in step 1), CRC2 is generated according to the following formula: g (x) x2+1 or g (x) x2+x+1。
According to the invention, preferably, in the step 4), when data is written, the corresponding CRC2 check code is automatically generated according to the length of the information code of the data and is stored synchronously with the data; when data is read out, automatically regenerating a corresponding CRC2 check code according to the information code length of the data, and comparing the check code with a CRC2 check code when the data is stored; when the CRC2 check values are different, an alarm signal is automatically generated.
The technical advantages of the invention are as follows:
1. the verification method of the invention uses the matched parallel CRC2 verification algorithm to carry out integrity detection, reduces resource occupation and operation delay, does not need an additional hardware space storage lookup table, and is suitable for verifying each minimum storage unit, namely, real-time verification can be triggered for the change of each byte, thereby achieving the highest detection precision.
2. The CRC2 parallel algorithm is introduced, is pure combinational logic, has no extra clock delay, can be performed while data access is performed, and does not influence the reading and writing speed.
3. The checking method only needs 2-bit check bits, only 1bit more than parity check, but the error detection capability is greatly improved, and the missing rate is obviously reduced; meanwhile, the checking method can also detect odd errors, can detect all burst errors with the length less than or equal to 2 bits, can detect the burst errors with the length of 3 bits according to the probability of 1/2, and can detect the burst errors with the length of more than 3 bits according to the probability of 3/4.
4. The verification method of the invention combines the random number as a mask and has the function of anti-replay attack.
Drawings
FIG. 1 is a block diagram of the verification method of the present invention;
FIG. 2 is a schematic diagram of a calibration method of the present invention;
FIG. 3 is a flow chart of data access in the verification method of the present invention;
FIG. 4 is a schematic diagram of a CRC2 check serial circuit;
fig. 5 is a schematic diagram of redundancy check.
Detailed Description
In order to facilitate a better understanding of the invention for those skilled in the art, the invention will be described in further detail with reference to the accompanying drawings and specific examples, which are given by way of illustration only and do not limit the scope of the invention.
Examples of the following,
The present invention will be described in further detail with reference to fig. 3, taking the case where the information code length is 16 bits as an example. As shown in fig. 1-5.
A memory security verification method for enhancing error detection capability comprises the following steps:
1) selecting matched CRC2 generation formula according to information code length, and dividing x by selected generation formula according to modulo-2 division in modulo-2 operationn+1, where n is the total number of bits of the codeword, i.e. the total length of the information code + the check code; the CRC2 is generated according to the following formula: g (x) x2+1 or g (x) x2+x+1。
In this embodiment, the linear block code can be represented by (n, k), and if [ n, k, d ], d represents the minimum code distance, i.e. the minimum hamming distance, where the number of information bits in k-code word; r-the number of redundant bits in the codeword; n-total number of bits of codeword; so the design requirement in this embodiment is to design the [18,16,2] code with CRC 2.
The CRC2 has a generation formula of xnOne factor for +1, CRC2 may only be x2+1 or x2One of + x + 1. To form the formula g (x) ═ x2+1, abbreviated as 0x1, denoted by G1. To form the formula g (x) ═ x2+ x +1, abbreviated as 0x3, denoted by G3.
When n is 18, there is x according to modulo-2 division in modulo-2 arithmetic18+1=(x2+1)(x16+x14+x12+x10+x8+x6+x4+x2+1),x2+1 may be a generating formula. Has x18+1=(x2+x+1)(x16+x15+x13+x12+x10+x9+x7+x6+x4+x3+x+1),x2+ x +1 may be a generator. Thus, x2+1、x2+ x +1 may be a generating formula.
2) And carrying out parallel algorithm design on the selected CRC2 generating formula:
the serial data input calculation of the CRC2 is usually implemented by a Linear Feedback Shift Register (LFSR), as shown in fig. 4, the CRC2 serial circuit has the advantage of simple circuit, but only 1bit of calculation is completed per clock pulse, which greatly affects the data transmission rate. Since the memory access is data input and output at the same time, a CRC2 logical relation of 16-bit parallel computation needs to be derived so as to realize a 16-bit parallel CRC2 hardware operation circuit. The parallel circuit is a pure combinational logic circuit, does not increase trunk delay, can complete the calculation of all check codes in real time, can be completely carried out while accessing data, and does not influence the reading and writing speed. Even if the system has high running frequency and tense time sequence, only 1 clock pulse can be used for solving the problem. In the case of continuous access, there is little additional time overhead.
3) Data is transmitted in the bus by using a random number for synchronous masking: before data is sent to the system bus, it is subjected to an exclusive or (XOR) operation with a random number from an independent random source and then sent to the system bus. The masked bus data may be resistant to replay attacks. The data from the bus is again subjected to an exclusive or (XOR) operation with the random number from the independent random source, the mask is removed, and the access of the original data is restored.
4) With CRC2 check on data storage: when the CRC2 check value generated during data writing and the CRC2 check value generated during data reading are different during data accessing, an alarm signal is automatically generated:
when data is written, automatically generating a corresponding CRC2 check code according to the information code length of the data and synchronously storing the check code and the data; when data is read out, automatically regenerating a corresponding CRC2 check code according to the information code length of the data, and comparing the check code with a CRC2 check code when the data is stored; when CRC2 check values are different, an alarm signal is automatically generated; when the two CRC2 check values are the same, it indicates that the integrity check of the data passes and the data is not tampered with, as shown in fig. 3, which is a schematic diagram of a data access flow.
According to this embodiment, the verification capabilities of the two generation equations are compared as follows:
table 1:
in summary, compared with parity check, both of the above CRC2 check methods have the advantages of greatly improved error detection capability and significantly reduced false-positive rate.
The foregoing merely illustrates the principles and preferred embodiments of the invention and many variations and modifications may be made by those skilled in the art in light of the foregoing description, which are within the scope of the invention.
Claims (3)
1. A memory security verification method for enhancing error detection capability is characterized by comprising the following steps:
1) selecting matched CRC2 generation formula according to information code length, and dividing x by selected generation formula according to modulo-2 division in modulo-2 operationn+1, where n is the total number of bits of the codeword;
2) performing parallel algorithm design implementation on the selected CRC2 generating formula;
3) when data is transmitted in the bus, a random number is used for carrying out synchronous mask;
4) with CRC2 check on data storage: when the CRC2 check value generated during data writing and the CRC2 check value generated during data reading are different during data accessing, an alarm signal is automatically generated.
2. The method as claimed in claim 1, wherein in step 1), CRC2 is generated as follows: g (x) x2+1 or g (x) x2+x+1。
3. The method for memory security check with enhanced error detection capability according to claim 1 or 2, wherein in the step 4), when data is written, a corresponding CRC2 check code is automatically generated according to the information code length of the data and is stored synchronously with the data; when data is read out, automatically regenerating a corresponding CRC2 check code according to the information code length of the data, and comparing the check code with a CRC2 check code when the data is stored; when the CRC2 check values are different, an alarm signal is automatically generated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010526205.9A CN111752747A (en) | 2020-06-09 | 2020-06-09 | Memory security verification method for enhancing error detection capability |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010526205.9A CN111752747A (en) | 2020-06-09 | 2020-06-09 | Memory security verification method for enhancing error detection capability |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111752747A true CN111752747A (en) | 2020-10-09 |
Family
ID=72675087
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010526205.9A Pending CN111752747A (en) | 2020-06-09 | 2020-06-09 | Memory security verification method for enhancing error detection capability |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111752747A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023165034A1 (en) * | 2022-03-04 | 2023-09-07 | 长鑫存储技术有限公司 | Data error correction circuit and data transmission method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040243885A1 (en) * | 2003-06-02 | 2004-12-02 | Fujitsu Limited | Methods and apparatus for correcting data and error detection codes on the fly |
| CN101159514A (en) * | 2007-10-31 | 2008-04-09 | 中兴通讯股份有限公司 | Method of adding cyclic redundancy code of transmission block |
| US7398449B1 (en) * | 2004-06-16 | 2008-07-08 | Azul Systems, Inc. | Encoding 64-bit data nibble error correct and cyclic-redundancy code (CRC) address error detect for use on a 76-bit memory module |
| CN104598342A (en) * | 2014-12-31 | 2015-05-06 | 曙光信息产业(北京)有限公司 | Internal storage detection method and device |
| CN107943609A (en) * | 2016-10-12 | 2018-04-20 | 三星电子株式会社 | Memory module, Memory Controller and system and its corresponding operating method |
| CN109936376A (en) * | 2019-01-31 | 2019-06-25 | 西南电子技术研究所(中国电子科技集团公司第十研究所) | The method of byte-oriented operation cyclic code CRC16-CCITT verification |
-
2020
- 2020-06-09 CN CN202010526205.9A patent/CN111752747A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040243885A1 (en) * | 2003-06-02 | 2004-12-02 | Fujitsu Limited | Methods and apparatus for correcting data and error detection codes on the fly |
| US7398449B1 (en) * | 2004-06-16 | 2008-07-08 | Azul Systems, Inc. | Encoding 64-bit data nibble error correct and cyclic-redundancy code (CRC) address error detect for use on a 76-bit memory module |
| CN101159514A (en) * | 2007-10-31 | 2008-04-09 | 中兴通讯股份有限公司 | Method of adding cyclic redundancy code of transmission block |
| CN104598342A (en) * | 2014-12-31 | 2015-05-06 | 曙光信息产业(北京)有限公司 | Internal storage detection method and device |
| CN107943609A (en) * | 2016-10-12 | 2018-04-20 | 三星电子株式会社 | Memory module, Memory Controller and system and its corresponding operating method |
| CN109936376A (en) * | 2019-01-31 | 2019-06-25 | 西南电子技术研究所(中国电子科技集团公司第十研究所) | The method of byte-oriented operation cyclic code CRC16-CCITT verification |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023165034A1 (en) * | 2022-03-04 | 2023-09-07 | 长鑫存储技术有限公司 | Data error correction circuit and data transmission method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6041430A (en) | Error detection and correction code for data and check code fields | |
| US4569052A (en) | Coset code generator for computer memory protection | |
| US7278085B1 (en) | Simple error-correction codes for data buffers | |
| US7398449B1 (en) | Encoding 64-bit data nibble error correct and cyclic-redundancy code (CRC) address error detect for use on a 76-bit memory module | |
| US5805799A (en) | Data integrity and cross-check code with logical block address | |
| JP2003507985A (en) | System and method for detecting 2-bit errors and correcting errors due to component failure | |
| JP3234130B2 (en) | Error correction code decoding method and circuit using this method | |
| US5384788A (en) | Apparatus and method for optimal error correcting code to parity conversion | |
| US4473902A (en) | Error correcting code processing system | |
| US7137057B2 (en) | Method and apparatus for performing error correction code (ECC) conversion | |
| US8769373B2 (en) | Method of identifying and protecting the integrity of a set of source data | |
| KR20090028507A (en) | Non-volatile memory error correction system and method | |
| US20050188292A1 (en) | Method and apparatus for encoding special uncorrectable errors in an error correction code | |
| KR19990028535A (en) | Method and device for protecting data in disk drive buffer | |
| US20100299575A1 (en) | Method and system for detection and correction of phased-burst errors, erasures, symbol errors, and bit errors in a received symbol string | |
| CN111143107B (en) | FPGA single event reversal verification circuit and method | |
| EP0373764A2 (en) | Correction of random and burst errors | |
| US8196011B2 (en) | Error detection and correction circuit and semiconductor memory | |
| US20050149834A1 (en) | (18, 9) Error correction code for double error correction and triple error detection | |
| CN111752747A (en) | Memory security verification method for enhancing error detection capability | |
| US20040088497A1 (en) | Methods and apparatus for exchanging data using cyclic redundancy check codes | |
| US5943348A (en) | Method to check for burst limiting in error correcting systems | |
| US5974582A (en) | High-speed chien search logic | |
| CN108572882B (en) | Data storage method and storage device | |
| Ge et al. | Secure memories resistant to both random errors and fault injection attacks using nonlinear error correction codes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |