CN114840863A - Secure storage method and system based on trusted embedded device and FTP - Google Patents

Secure storage method and system based on trusted embedded device and FTP Download PDF

Info

Publication number
CN114840863A
CN114840863A CN202210492880.3A CN202210492880A CN114840863A CN 114840863 A CN114840863 A CN 114840863A CN 202210492880 A CN202210492880 A CN 202210492880A CN 114840863 A CN114840863 A CN 114840863A
Authority
CN
China
Prior art keywords
ftp
trusted
ftp server
embedded device
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210492880.3A
Other languages
Chinese (zh)
Inventor
冯伟
秦宇
王辉
李为
齐兵
尚科彤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
Original Assignee
Institute of Software of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS filed Critical Institute of Software of CAS
Priority to CN202210492880.3A priority Critical patent/CN114840863A/en
Publication of CN114840863A publication Critical patent/CN114840863A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Abstract

The invention discloses a safe storage method and a system based on a trusted embedded device and an FTP. The method comprises the following steps: 1) the trusted cryptographic module is used as a trust root of the trusted embedded equipment, so that the trusted embedded equipment has a trusted computing environment; the trusted embedded device comprises a trusted password module, an FTP server and an encryption partition management subsystem; 2) connecting the external storage device with the trusted embedded device, initializing the external storage device into an encryption partition, associating the encryption partition with a randomly generated key file, and encrypting and storing the key file in the trusted embedded device by using a trust root; binding a root directory of the FTP server with the encryption partition; 3) the FTP client is deployed on the host environment, the host environment sends a security operation request to the FTP server by using the FTP client, and the FTP server performs encryption partition access authorization on the FTP client and responds to the received security operation request.

Description

Secure storage method and system based on trusted embedded device and FTP
Technical Field
The invention belongs to the field of secure and trusted storage of computer systems, and particularly relates to a secure storage method and system based on a trusted embedded device and an FTP.
Background
With the development of internet information technology, mass data is continuously stored and used by various forms of computer systems and information devices. For individuals, some data and files may relate to personal privacy; for an enterprise, much of the data may relate to intellectual property and trade secrets; even for countries where some data covers important information of the country, leakage may pose a threat to national security. Since these security sensitive data are often of high value, they are easily targeted for hackers and lawless persons to attack or steal.
Secure storage is an important technology used to secure sensitive data, and generally contains two basic security attributes: firstly, data is encrypted and protected, so that the data is only stored persistently in a ciphertext form, any attack can only obtain the ciphertext (a heap of messy codes for an attacker), and the ciphertext can not leak any information of the data plaintext based on the security of an encryption algorithm; and secondly, the access of the data is authenticated and authorized, and only the user with the legal certificate can decrypt and use the sensitive data, so that the illegal access of other users or malicious users is prevented. Therefore, important sensitive data can be safely protected through the safe storage technology.
Methods for implementing secure storage generally include OTP (One-Time Programmable) based methods and disk encryption based methods. OTP is a special type of Non-Volatile Memory NVM (Non-Volatile Memory), such as the eFuse technology invented by IBM in 2004, which can be programmed only once, and once programmed, it is permanently valid and cannot be tampered with, because the storage space of OTP is limited, it is usually used to securely store the most core data such as encryption key, and only the root code on the system can be trusted to access the OTP for secure operation, so the OTP-based method is mainly suitable for secure storage protection of a small amount of core data such as encryption key. The disk encryption-based method is mainly characterized in that data to be protected is encrypted by using an encryption algorithm and then stored on a disk, and the protected data volume is determined by the storage space of the disk and is suitable for the safe storage of a large amount of data.
The safe storage method based on disk encryption generally has two technical modes of software and hardware. The disk encryption technology based on software can integrate an encryption algorithm in an application layer (such as PGP, OpenSSL), a file system layer (such as ecryptfs, fscrypt) or a block subsystem layer (such as BitLocker), and data to be stored is encrypted and then stored when passing through a corresponding hierarchy of a storage architecture. The hardware-based disk encryption technology generally implements a special hardware module in a controller of a storage device, and the hardware automatically encrypts all data written into the storage device; when the user wants to read the data, the special hardware in the storage device controller can automatically decrypt the data after the user inputs legal credential data through the physical security path. Representative techniques for hardware-based disk encryption are Self-Encrypting Drive SED (Self-Encrypting Drive) and TCG Opal, where TCG Opal is a set of Self-Encrypting Drive specifications established by the international trusted computing organization. The TCG Opal provides a security management standard hierarchy that protects data from theft and tampering by unauthorized persons (unauthorized persons who have access to the storage device or host system). The TCG Opal encrypts the entire drive using hardware encryption techniques, and the user does not have to worry about having his data illegally accessed and leaked if the drive or the host using the drive is stolen or lost.
Although the above-mentioned secure storage techniques have been used to some extent, some disadvantages have been revealed with the progress of research. For the disk encryption technology based on software, encryption and decryption are completed in a host environment using data, no isolation protection mechanism exists, an encryption and decryption key is also located in a DRAM (dynamic random access memory) of the host environment, various memory attacks are easily suffered, once the key is leaked, all data stored on a disk can be threatened, the method usually depends on complex configuration, and performance overhead caused by encryption is unacceptable for many application scenarios. For the full disk encryption technology based on the hardware driver, such as TCG Opal, the encryption key and the encryption and decryption operations are all arranged in the hardware driver of the storage device, the isolation from the host memory environment can be achieved to a certain extent, the encryption is automatically completed by the hardware driver, and the encryption technology is completely transparent for users.
Disclosure of Invention
The invention aims to provide a new safe storage scheme based on a trusted embedded device and an FTP mechanism by taking the flexibility of a software encryption technology and the isolation of a hardware driver encryption technology as reference, and the scheme can meet the requirements of the flexibility and the isolation while keeping the persistent safe storage of data, and is specifically embodied in that: firstly, connecting an external storage device with a trusted embedded device through a hardware interface, configuring the external storage device into a secure storage device with encryption protection based on the trusted embedded device, wherein the secure storage device is isolated from a host environment (the host refers to any machine using FTP client function to use secure data, and can be a PC or a server), and a secret key cannot be threatened by host memory attack; secondly, a trusted embedded device is constructed based on a trusted computing technology, the trusted embedded device has an independent software running environment, flexible software encryption and safe storage management functions can be realized, and the expandability is stronger; finally, the trusted embedded device and the host environment are connected through the FTP, so that data in the secure storage device can be operated (such as display, uploading, downloading, modification and the like) very conveniently, meanwhile, in order to ensure the security of the FTP connection, a remote certification mechanism of trusted computing is expanded into an authentication system of the FTP, and only a user who passes authentication can obtain the access permission of the FTP by using the authenticated device.
The invention relates to a safe storage method based on a trusted embedded device and FTP, which comprises the following construction principles and steps:
1) customizing the trusted embedded equipment, using a trusted cryptographic module as a trust root of the trusted embedded equipment, and completing system trusted boot on the trusted embedded equipment by using a trusted computing technology based on the trusted cryptographic module so that the trusted embedded equipment has a trusted computing environment;
2) connecting an external storage device with the trusted embedded device, initializing the external storage device into an encryption partition by using an encryption partition management subsystem, associating the encryption partition with a randomly generated key file sskeyfile, and encrypting and storing the sskeyfile in the trusted embedded device by using the trusted cryptographic module trust root to ensure that only the trusted cryptographic module can decrypt the sskeyfile and only when the correct sskeyfile is obtained by successful decryption, the encryption partition can be opened and used;
3) modifying an FTP client and an FTP server to enable the FTP to support a remote certification function and a secure storage management function of an encryption partition, deploying the FTP client on a host environment, deploying the FTP server in the trusted embedded device, binding a root directory of the FTP server with the encryption partition, and responding all FTP operations in a file system corresponding to the encryption partition after binding; after the FTP client side binds, files transmitted by the FTP client side are stored in the encryption partition by default, and the FTP client side can also directly download the files from the encryption partition;
4) the host environment can use the modified FTP client to complete a security operation request (such as security display data, security upload data, security download data, security modification data and the like), after the FTP client and the server complete remote certification, the FTP server performs encryption partition access authorization on the FTP client, and the trusted embedded device uses the modified FTP server to complete a corresponding security operation response.
Further, the method of the present invention includes a trusted embedded device configuration stage, an FTP transformation and deployment stage, and a secure storage use stage, which are specifically described as follows:
1. a trusted embedded device configuration stage:
a) customizing or selecting embedded equipment with a network port, an external IO interface and a trusted cryptography module, wherein the network port enables the embedded equipment to carry out FTP communication with a host environment, the external IO interface enables the embedded equipment to be connected with external storage equipment (for example, the external IO interface is connected with an external high-capacity hard disk through a USB port), and the trusted cryptography module can provide a trust root and a hardware cryptography algorithm interface for the trusted embedded equipment;
b) when the trusted embedded device system is started, a cryptographic algorithm and a measurement verification function are built in the starting firmware to form a safe starting firmware, the kernel image of the embedded operating system is measured and verified, and the kernel of the embedded operating system and the application program of the embedded system are started in a safe mode to ensure the credibility of the kernel of the embedded device and the application of the system;
c) connecting the external storage device with the trusted embedded device through an external IO interface, configuring the external storage device into an encryption partition, randomly generating a key file sskeyfile, and associating the encryption partition with the sskeyfile;
d) generating a key protection key kpk (key protection key) by using a trusted cryptography module, encrypting a key file sskeyfile by using kpk to generate a sskeyfile.
e) The key protection key kpk is protected by the trusted cryptography module, and only a user who has access right of the trusted cryptography module and has a legal access password pwd _ tcmkey can use the kpk key;
f) a legal user or an administrator decrypts the sskeyfile by using kpk key based on a trusted password module in a mode of inputting correct access password pwd _ tcmkey to obtain sskeyfile, opens an encryption partition by using sskeyfile and mounts the encryption partition to an appointed path (such as/media/secure) of an embedded device file system, and writes a UUID (universal unique identifier) value of the encryption partition into the appointed path corresponding to the encryption partition;
g) a legal user or an administrator runs an inspection program, and carries out verification and inspection on external storage equipment, an encryption partition, a mounted file system, a trusted password module, a UUID (universal unique identification code) identifier and the like in a software program mode to ensure that various software and hardware configurations depending on safe storage are normal;
h) after the checking operation in step 1.g) is passed, a legal user or administrator restores the secure storage configuration to the initial state, that is, the encryption partition is closed and the sskeyfile is deleted.
FTP transformation and deployment stage:
a) and (3) transforming an FTP server: it only saves the hash value of the legitimate user (i.e. hash (pwd _ user)) as the verification data for login; an authentication interface is added, so that the integrity state of the equipment where the server is located can be signed, and the signature data submitted by the client can be verified; an encryption partition management interface is added, and after a management password (pwd _ ss) of an encryption partition is verified in a mode of verifying the access authority of a safe storage encryption partition, the encryption partition can be opened and closed; different users can correspond to different encryption partitions and management passwords;
b) and (3) modifying the FTP client: after carrying out hash calculation on a password pwd _ user input by a user, connecting a modified FTP server by using a hash (pwd _ user) value; an authentication interface is added, so that the integrity state of the equipment where the client is positioned can be signed, and the signature data submitted by the server can be verified; adding an encryption partition management interface, allowing a user to open or close an encryption partition by inputting a management password (pwd _ ss) of the corresponding encryption partition;
c) generating public and private key pairs (sk _ FTPs, pk _ FTPs) for FTP server by trusted third party, and generating public and private key pairs (sk _ ftpc) for each legal FTP client user i i ,pk_ftpc i );
d) Deploying a server: FTP service end to be retrofittedDeploying on the embedded device in the step 1, and connecting the FTP server public and private key pair (sk _ FTPs, pk _ FTPs) in the step 2.c) and the public keys pk _ ftpc of all legal FTP client users i The modified FTP server can complete the one-way or two-way authentication function based on the authentication interface;
e) deploying a client: deploying the modified FTP client on a host environment using a secure storage function, and deploying the FTP server public key pk _ FTP in the step 2.c) on the host environment, wherein each legal FTP client user i corresponds to a public and private key pair (sk _ ftpc) i ,pk_ftpc i ) The private keys are all deployed in a host environment, and are protected by the mode selected by each user;
f) the integrity state in step 2.b) is a value that can represent the security state of the software and hardware environment of the device system where the integrity state is located, and can be selected by an administrator according to the actual application scenario, for example, the integrity state can be a process state, a memory state, a network connection state and the like of system operation;
g) the one-way authentication in the step 2 and d) refers to the authentication of a client side with a server side or the authentication of the server side with the client side; the bidirectional authentication means that the client and the server finish mutual authentication; the specific selection of which mode depends on the actual application scenario; the authentication means that the prover uses a private key thereof to sign the integrity state based on a public key algorithm, and the verifier uses the public key to check the validity of the signature and the credibility of the integrity state.
3. And a safe storage use stage:
a) and (3) logging in an FTP user: the user inputs a password pwd _ user, the FTP client calculates a hash (pwd _ user) as a user certificate to log in the FTP server, and a file root directory which can be accessed by the FTP server is temporarily empty after the login is successful;
b) FTP secure storage authentication: generating and configuring a key based on the step 2 to complete one-way authentication or two-way authentication; the authentication function adopts a remote certification technology, the FTP client needs to use a private key thereof to sign the environment integrity state value and send the environment integrity state value and the integrity list to the FTP server, and a receiver uses a corresponding public key to verify and ensures that the integrity list per se meets the safety requirement;
c) opening FTP secure storage: after the authentication in the step 3.b) is carried out, a user inputs a management password pwd _ ss of the encryption partition, the FTP server verifies the validity of the management password, decrypts the management password by using a trusted password module to obtain a key file sskeyfile, and then opens the encryption partition and mounts the encryption partition to a designated path corresponding to the FTP server;
d) FTP secure storage use: after the encrypted partition is opened through the step 3.c), the user can perform remote FTP operation (such as display, uploading, downloading, modification and the like) on the data and the files in the secure storage path;
e) closing FTP secure storage: after the safe storage using operation in the step 3.d) is completed, the user inputs the management password pwd _ ss of the encryption partition, the FTP server removes the mount of the root path of the FTP server after verifying the validity of the management password, then closes the encryption partition and deletes the sskeyfile.
Correspondingly to the above method, the present invention further provides a secure storage system based on a trusted embedded device and an FTP, where the architecture of the secure storage system is as shown in fig. 1, and the secure storage system specifically includes:
the trusted password module is responsible for providing a trust root and a password function for the trusted embedded device;
the external storage device is connected with the trusted embedded device through a hardware interface, and the trusted embedded device configures the trusted embedded device into a safe storage device and is responsible for providing a storage space for the safe storage system;
the trusted environment construction subsystem is responsible for providing secure boot, trusted cryptographic module drive, trusted software stack and cryptographic algorithm functions for the trusted embedded device; the safe boot is to ensure the integrity of each started component in the starting process of the trusted embedded equipment by taking the trusted cryptographic module as a trust root; the trusted cryptographic module driver and the trusted software stack are dependent components which can present the security function of the trusted cryptographic module to the system software; the cryptographic algorithm provides functions of hashing, encryption and decryption, signature verification and the like;
the encryption partition management subsystem is responsible for configuring the external storage device into an encryption partition and providing four functions of encryption partition initialization, encryption partition check, encryption partition opening and encryption partition closing;
the modified FTP server not only provides common FTP functions of the server (namely processing the requests of display, uploading, downloading, modification and the like of the client), but also adds a server authentication subsystem and a server safe storage subsystem; the server side authentication subsystem realizes double authentication of the FTP client side, namely password authentication based on a hash value and remote certification authentication based on an integrity state, and can also sign the integrity state of the system environment of the trusted embedded equipment so as to pass the verification of the client side authentication subsystem; the server side safe storage subsystem is responsible for carrying out safe management on the opening and closing of the encryption partition and binding the FTP server side root path with the encryption partition;
the modified FTP client provides common client FTP functions (namely sending requests for display, uploading, downloading, modification and the like to a server), and is additionally provided with a client authentication subsystem and a client safety storage subsystem; the client authentication subsystem provides a hash value of a user password for the server and signs the integrity state of the host environment where the client authentication subsystem is located so as to be verified by the FTP server authentication subsystem, and the client authentication subsystem is also responsible for verifying the signature legality of the server and the credibility of the integrity state of the server; the client side safe storage subsystem provides a management password corresponding to the user encryption partition, and the encryption partition corresponding to the user at the server side can be opened or closed.
The invention has the following advantages:
1. compared with a disk encryption safe storage technology based on software, the encryption partition function is moved from the host environment to the isolated trusted embedded device, so that an encryption key depending on safe storage is no longer located in the RAM memory of the host environment, the mutual isolation between the use of safe storage and the key protection of safe storage is ensured, and various memory attacks aiming at the use environment of safe storage are prevented; meanwhile, by modifying the FTP, the invention ensures that the invention is convenient and easy to use like a local operation encryption disk while increasing the remote certification function to provide security.
2. The invention also provides better flexibility and expandability, can be easily expanded to multi-user safe use through the encryption partition management subsystem and the improved FTP function, and each user can correspond to the respective encryption partition key file and the encryption partition path without mutual interference. Compared with the full disk encryption technology based on a hardware driver, such as TCG Opal, the key is not solidified in hardware any more, the trusted embedded device provides a safe and trusted software environment and a cryptographic function, management functions such as updating/revocation of the key and replacement of a cryptographic algorithm are supported, a more fine-grained safe storage function can be realized, and the trusted cryptographic module can provide hardware-level key protection for an encryption partition.
3. The invention ensures the permanent safe storage of the data in the external storage device through the encryption partition, and an attacker can not acquire the data stored in the external storage device even if the external storage device is stolen or lost without the support of the management password and the decryption function of the trusted password module. In addition, the FTP is improved to support double authentication functions of password hashing and remote certification, so that the access to the data has stronger authentication and authorization functions.
Drawings
Fig. 1 is an architecture diagram of the secure storage system based on the trusted embedded device and the FTP according to the present invention.
Fig. 2 is a flow chart of the secure storage method based on the trusted embedded device and the FTP.
Detailed Description
The following description will take an ordinary PC device as a host environment (an entity using secure storage) and a raspberry pi equipped with a TCM secure chip as a trusted embedded device (an entity providing secure storage) as an example, to illustrate a specific implementation of the present invention:
the invention provides a safe storage method based on a trusted embedded device and an FTP (file transfer protocol), and for a person skilled in the art, a corresponding safe storage system can be designed and realized by referring to the method.
In the secure storage method based on the trusted embedded device and the FTP, a use flow of the secure storage is shown in fig. 2, and the method specifically includes the following steps:
1. following the substep a) of the step 1 of the invention content, the raspberry group is provided with a network port and a USB interface, the network port can be connected with a PC host environment through a network cable, a mobile hard disk can be connected through the USB interface to serve as an external storage device, and the trusted password module adopts a TCM security chip which meets the national standard of 'trusted computing password support platform function and interface specification'.
2. And (2) following the substep b) of the step 1 of the invention content, using an SM3(SM3 cryptographic hash algorithm standard) algorithm following the national commercial cryptographic algorithm standard as a measurement algorithm, and using SM2(SM2 public key cryptography algorithm standard) following the national commercial cryptographic algorithm standard as a signature verification algorithm (SM2 algorithm adopts parameters recommended by the national cryptographic administration), and measuring and verifying the raspberry pi Linux kernel image.
3. Following substeps c) to h) of the step 1 of the invention content, providing a random byte stream by using a/dev/urandom of a raspberry-derived Linux system to generate a key file sskeyfile, calling a key creation interface of a TCM security chip to generate an kpk key (SM4 key), and calling an encryption interface of the TCM to encrypt the sskeyfile by using SM4(SM4 block cipher algorithm) following the national commercial cipher algorithm standard; and meanwhile, the external storage device is converted into a secure storage device in a mode that a Cryptnetup tool provided by the raspberry Linux system configures a USB-connected mobile hard disk into an encryption partition, the secure storage device is bound with the sskeyfile, after the availability of the encryption partition is opened and checked, the encryption partition is closed, the sskeyfile is deleted, and only the sskeyfile.
4. According to the step 2 of the invention, an open source ftp is used as a reference ftp function, an ftp client class and an ftp server class are respectively expanded to complete the transformation of the functions of an ftp client and a server, and the functions of remote certification and safe storage are added, wherein the transformed ftp client is ssftpClient, and the transformed ftp server is ssftpServer; the hash algorithm of the user password adopts SM3, the signature mechanism in the remote certification adopts SM2, and the secure storage opening and closing adopts an access control authorization method based on a management password; ssftpClient is deployed on a host environment of a PC device, ssftpServer is deployed on a raspberry serving device, public and private key pairs all use a key pair of SM2, a server-side key pair of the raspberry serving device is (sk _ ftps, pk _ ftps), and a client-side key pair of the PC device host environment is (sk _ ftpc, pk _ ftpc).
5. Following substep a) of inventive content step 3, the user enters a user name _ user and a login password pwd _ user, and initiates an FTP request req _ FTP (FTP function such as display, upload, download or modification); ssftpci calculates the hash value hpwd of the login password SM3(pwd _ user), and sends (name _ user, hpwd, req _ ftp) together to ssftpServer; after the ssftpServer verifies the legality of the name _ user and the hpwd, if the verification is successful, the user can call the trusted storage service of the server through the client.
6. Following sub-step b) of inventive content step 3), a mutual authentication procedure is selected: ssftpServer generates a random challenge value N _ s using a random number algorithm and sends the random challenge value N _ s to ssftpClient; the ssftpClient acquires a value M _ c representing the integrity state of the host environment of the ssftpClient, completes signature calculation by using a private key of the ssftpClient to obtain a signature value V _ c, namely V _ c is Sig (sk _ ftpc, N _ s | M _ c), and generates a random challenge value N _ c and sends the random challenge value N _ c to ssftpServer together with V _ c and M _ c; the ssftpServer firstly verifies whether the signature is legal, namely R1 is Verify (pk _ ftpc, N _ s | M _ c), if R1 is True, the signature is legal, the M _ c is continuously compared by using a standard integrity state value, the credibility of a host environment of the ssftpClient is ensured, and the connection is terminated when any verification fails; after all verification succeeds, the ssftpServer similarly calculates a signature value for representing the integrity status of the raspberry device, i.e., V _ s ═ Sig (sk _ ftps, N _ c | M _ s), and sends V _ s and M _ s together to the ssftpci; the ssftpClient firstly verifies whether the signature is legal, namely R2 is Verify (pk _ ftps, N _ c | M _ s), if R2 is True, the signature is legal, the M _ s is continuously compared by using a standard integrity state value, the credibility of the embedded device environment where the ssftpServer is located is ensured, if all the verifications are passed, the process is continued, otherwise, the connection is terminated.
7. Following sub-step c) of inventive content step 3), the user inputs an encrypted partition management password pwd _ ss and initiates an encrypted partition opening request req _ ssopen; ssftpci calculates the hash value hss SM3(pwd _ ss), and sends the hash value hss and req _ ssopen to ssftpServer; the ssftpServer processes the req _ ssopen request, after verifying the validity of hss, calls an encryption partition function secptt _ open (name _ user, hss) to open an encryption partition corresponding to the user, and uses the encryption partition as an ftp root directory path of the authenticated user; the secpt _ open function requests the TCM to decrypt the sskeyfile before opening the encrypted partition.
8. Following substep d) of step 3 of the invention, after the encrypted partition corresponding to the user is opened, the ssftpServer completes corresponding FTP operation processing (such as FTP functions of display, upload, download, modification and the like) according to the FTP request req _ FTP, and generates an FTP response rsp _ FTP; and the ssftpClient judges whether the FTP request is successful according to the rsp _ FTP, and presents the result to the user.
9. Following sub-step e) of the inventive content step 3, after the FTP request processing of the encryption partition is completed, the user inputs an encryption partition management password pwd _ ss and initiates an encryption partition closing request req _ ssclose; ssftpci calculates the hash value hss SM3(pwd _ ss), and sends the hash value hss and req _ ssclose together to ssftpServer; the ssftpServer processes the req _ ssclose request, and after verifying hss validity, calls a cryptographic partition function secptt _ close (name _ user, hss) to close the cryptographic partition corresponding to the user, so that any FTP request cannot access the data of the cryptographic partition again unless the user initiates login, authentication and secure storage requests again; the secpt _ close function will automatically delete the sskeyfile, leaving only its encrypted version sskeyfile.
Another embodiment of the present invention provides a secure storage system based on a trusted embedded device and an FTP, where an architecture formed by modules of the secure storage system is shown in fig. 1, and specifically includes:
based on a host environment of a common PC, SM2 and SM3 cryptographic algorithms and a modified FTP client ssftpClient are deployed for a user to use a safe storage function; the ssftpClient not only provides common client FTP function (namely, sends requests of display, uploading, downloading, modification and the like to a server), but also adds a client authentication subsystem and a client safe storage subsystem; the client authentication subsystem provides a hash value of a user password and an integrity state signature value of the host environment to the server so as to pass the verification of the server authentication subsystem, and is also responsible for verifying the signature validity of the server and the credibility of the integrity state of the server; the client side safe storage subsystem provides a management password corresponding to the user encryption partition, and can open or close the encryption partition corresponding to the user at the server side;
the trusted embedded device based on the TCM and the raspberry is provided with a TCM security chip and an external mobile hard disk, and is provided with a trusted environment construction subsystem, an encryption partition management subsystem and a modified FTP server ssftpServer; the TCM security chip is responsible for providing a trust root and a password function for the trusted embedded equipment; the external mobile hard disk connected through the USB is responsible for providing a storage space for the safe storage system; the trusted environment construction subsystem is responsible for providing secure boot, TCM hardware drive, trusted software stack and SM2, SM3 and SM4 cryptographic algorithm functions for the trusted embedded device; the secure boot is to take the TCM as a trust root and ensure the integrity of each started component in the starting process of the trusted embedded device; the TCM driver and the trusted software stack are matched with software of a TCM security chip and provide a command interface for system software to use a TCM trusted function; the cryptographic algorithm provides functions of SM3 hashing, SM4 encryption and decryption, SM2 signature verification and the like; the encryption partition management subsystem is responsible for configuring the external mobile hard disk into an encryption partition by using a cryptetup tool, and the specific process is realized by four functions of an encryption partition initialization function secpt _ init, an encryption partition check function secpt _ check, an encryption partition opening function secpt _ open and an encryption partition closing function secpt _ close; the ssftpServer not only provides common server FTP functions (namely processing requests of client for display, uploading, downloading, modification and the like), but also adds a server authentication subsystem and a server safe storage subsystem; the server authentication subsystem realizes double authentication of the client, namely password authentication based on a hash value and remote certification authentication based on an integrity state, and can also sign the integrity state of the system environment of the embedded equipment so as to pass the verification of the client authentication subsystem; and the server side safe storage subsystem is responsible for carrying out safe management on the opening and closing of the encryption partition and binding the FTP server side root path with the encryption partition.
The specific implementation manner of each module is described in the above description of the specific method.
Although specific embodiments of the invention have been disclosed for purposes of illustration, and for purposes of aiding in the understanding of the contents of the invention and its implementation, those skilled in the art will appreciate that: various substitutions, changes and modifications are possible without departing from the spirit and scope of the present invention and the appended claims. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed as the best mode contemplated for carrying out this invention, but that the invention will include all embodiments falling within the scope of the appended claims.

Claims (10)

1. A safe storage method based on a trusted embedded device and an FTP comprises the following steps:
1) the trusted cryptographic module is used as a trust root of the trusted embedded device to complete the system trusted boot on the trusted embedded device, so that the trusted embedded device has a trusted computing environment; the trusted embedded device comprises a trusted password module, an FTP server and an encryption partition management subsystem;
2) connecting an external storage device with the trusted embedded device, initializing the external storage device into an encryption partition by using an encryption partition management subsystem, associating the encryption partition with a randomly generated key file sskeyfile, and encrypting and storing the sskeyfile in the trusted embedded device by using the trust root; binding a root directory of the FTP server with the encryption partition;
3) deploying an FTP client on a host environment, wherein the host environment uses the FTP client to send a security operation request to the FTP server; after the FTP client and the FTP server finish remote certification, the FTP server performs encryption partition access authorization on the FTP client, and the trusted embedded device uses the FTP server to respond to the received security operation request.
2. Method according to claim 1, characterized in that a public-private key pair (sk _ FTPs, pk _ FTPs) is generated for the FTP server by a trusted third party and a public-private key pair (sk _ ftpc) is generated for a legitimate user i i ,pk_ftpc i ) (ii) a Public and private key pairs (sk _ FTPs, pk _ FTPs) of the FTP server and a public key pk _ ftpc of a legal user i Storing on the trusted embedded device; a public key pk _ FTPs of the FTP server side and a public and private key pair (sk _ ftpc) corresponding to the user i are used i ,pk_ftpc i ) Deployed on the host environment.
3. The method of claim 2, wherein the method for the FTP client and the FTP server to complete the remote attestation is as follows: a user i inputs a login password pwd _ user through an FTP client, and the FTP client calculates a hash (pwd _ user) as a user certificate to log in the FTP server; the FTP client signs the environment integrity state value by using a private key of a user i, and sends the signature and the integrity list to the FTP server, and the FTP server verifies the received information by using a public key of the user i.
4. The method of claim 3, wherein the method for the trusted embedded device to respond to the received security operation request by using the FTP server is as follows:
41) the FTP client sends an encrypted partition management password pwd _ ss input by a user to the FTP server, after verifying the validity of the pwd _ ss, the FTP server decrypts the pwd _ ss by using a trusted password module to obtain a key file sskeyfile, and then the FTP server opens an encrypted partition by using the key file sskeyfile and mounts the encrypted partition to a designated path corresponding to the FTP server;
42) a user i carries out remote operation on the data in the encryption partition through an FTP client; after the remote operation is completed, the FTP client sends an encrypted partition management password pwd _ ss input by a user to the FTP server, and after the FTP server verifies the validity of the pwd _ ss, the FTP server removes the mount of the appointed path of the FTP server, then closes the encrypted partition and deletes the sskeyfile.
5. The method of claim 1, wherein the trusted embedded device is an embedded device having a network port, an external IO interface, and a trusted cryptography module; when the trusted embedded device is started, the kernel image of the embedded operating system of the trusted embedded device is measured and verified through the built-in secure starting firmware, and the kernel of the embedded operating system and the application program of the embedded system are started in a secure mode, so that the credibility of the kernel of the embedded device and the application of the system is ensured.
6. The method of claim 1, wherein the FTP client and the FTP server complete the remote attestation as bidirectional authentication or unidirectional authentication; the one-way authentication means that the FTP client authenticates the FTP server or the FTP server authenticates the FTP client; the bidirectional authentication means mutual authentication between the FTP client and the FTP server.
7. The method of claim 1, wherein the FTP server saves the verification data of the legal user for the remote authentication of the access user; the FTP server is provided with an authentication interface for signing the integrity state of the equipment where the FTP server is located and verifying the signature data submitted by the FTP client; an encryption partition management interface is arranged in the FTP server and is used for opening an encryption partition after an encryption partition management password pwd _ ss is verified; the FTP client performs hash calculation on a password pwd _ user input by a user, and sends a hash value hash (pwd _ user) serving as the verification data to the FTP server; the FTP client is provided with an authentication interface for signing the integrity state of the equipment where the FTP client is located and verifying the signature data submitted by the FTP server; and an encryption partition management interface is arranged in the FTP client and used for receiving an encryption partition management password input by a user.
8. The method of claim 1, wherein different users correspond to different encryption partitions and encryption partition management passwords.
9. The method according to claim 1, wherein in step 1), the trusted cryptographic module is used to complete trusted booting of the system on the trusted embedded device based on the trusted cryptographic module, so that the trusted embedded device has a trusted computing environment.
10. A safe storage system based on a trusted embedded device and an FTP is characterized by comprising a host and the trusted embedded device; the trusted embedded device comprises a trusted password module, an FTP server and an encryption partition management subsystem, wherein the FTP client is deployed on the host;
the trusted password module is used for providing a trust root and a password function for the trusted embedded equipment;
the trusted embedded device is used for being connected with the external storage device, initializing the external storage device into an encryption partition by using an encryption partition management subsystem, associating the encryption partition with a randomly generated key file sskeyfile, and encrypting and storing the sskeyfile in the trusted embedded device by using the trusted cryptographic module trust root; binding a root directory of the FTP server with the encryption partition;
the FTP client is used for sending a security operation request to the FTP server; after the FTP client and the FTP server finish remote certification, the FTP server performs encryption partition access authorization on the FTP client, and the trusted embedded device uses the FTP server to respond to the received security operation request.
CN202210492880.3A 2022-05-07 2022-05-07 Secure storage method and system based on trusted embedded device and FTP Pending CN114840863A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210492880.3A CN114840863A (en) 2022-05-07 2022-05-07 Secure storage method and system based on trusted embedded device and FTP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210492880.3A CN114840863A (en) 2022-05-07 2022-05-07 Secure storage method and system based on trusted embedded device and FTP

Publications (1)

Publication Number Publication Date
CN114840863A true CN114840863A (en) 2022-08-02

Family

ID=82567907

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210492880.3A Pending CN114840863A (en) 2022-05-07 2022-05-07 Secure storage method and system based on trusted embedded device and FTP

Country Status (1)

Country Link
CN (1) CN114840863A (en)

Similar Documents

Publication Publication Date Title
US20190089527A1 (en) System and method of enforcing a computer policy
JP4615601B2 (en) Computer security system and computer security method
JP6275653B2 (en) Data protection method and system
US20080077592A1 (en) method and apparatus for device authentication
US11115208B2 (en) Protecting sensitive information from an authorized device unlock
US10498712B2 (en) Balancing public and personal security needs
US20050283826A1 (en) Systems and methods for performing secure communications between an authorized computing platform and a hardware component
CN113545006A (en) Remote authorized access locked data storage device
CN102271037A (en) Key protectors based on online keys
US20070226514A1 (en) Secure biometric processing system and method of use
Studer et al. Mobile user location-specific encryption (MULE) using your office as your password
JP7309261B2 (en) Authentication method for biometric payment device, authentication device for biometric payment device, computer device, and computer program
KR20090033191A (en) System and method for controlling information supplied from memory device
US11398906B2 (en) Confirming receipt of audit records for audited use of a cryptographic key
US11405201B2 (en) Secure transfer of protected application storage keys with change of trusted computing base
CN114840863A (en) Secure storage method and system based on trusted embedded device and FTP
CN108985079B (en) Data verification method and verification system
JP7431382B2 (en) Exclusive self-escrow methods and equipment
AU2016429414B2 (en) Balancing public and personal security needs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination