CN115310136A - Data security guarantee method based on SATA bridging chip - Google Patents

Data security guarantee method based on SATA bridging chip Download PDF

Info

Publication number
CN115310136A
CN115310136A CN202211226163.2A CN202211226163A CN115310136A CN 115310136 A CN115310136 A CN 115310136A CN 202211226163 A CN202211226163 A CN 202211226163A CN 115310136 A CN115310136 A CN 115310136A
Authority
CN
China
Prior art keywords
sata
key
chip
partition
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211226163.2A
Other languages
Chinese (zh)
Other versions
CN115310136B (en
Inventor
孙玉玺
杜辉
苏云学
高凯
宗成强
李铁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Huayi Microelectronic Material Co Ltd
Original Assignee
Shanghai Huayi Microelectronic Material Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Huayi Microelectronic Material Co Ltd filed Critical Shanghai Huayi Microelectronic Material Co Ltd
Priority to CN202211226163.2A priority Critical patent/CN115310136B/en
Publication of CN115310136A publication Critical patent/CN115310136A/en
Application granted granted Critical
Publication of CN115310136B publication Critical patent/CN115310136B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • G06F13/4004Coupling between buses
    • G06F13/4027Coupling between buses using bus bridges
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data security guarantee method based on a SATA bridging chip, and belongs to the technical field of information security storage. According to the method, an HY0168 SATA bridging chip is connected between a host/server and SATA storage equipment, the SATA bridging chip is used as a bridge for data transmission between the host/server and the SATA storage equipment, SATA instructions and user data are encrypted and forwarded, meanwhile, a security policy is stored in the SATA bridging chip, the SATA instructions and the data are controlled, and illegal intrusion and back door monitoring are prevented; the security policy comprises a white list system, data filtering, three-party authentication and partition protection, and the data is respectively subjected to security protection from instructions, data, the whole system and partition dimensions.

Description

Data security guarantee method based on SATA bridging chip
Technical Field
The invention relates to the field of information security storage, in particular to a data security guarantee method based on a SATA bridging chip.
Background
With the vigorous development of the fields of artificial intelligence, deep learning, knowledge maps, big data and the like, data scale and data safety serve as important bases for supporting the development of the fields, new economy represented by digital economy becomes a new economic growth engine, and data serving as core production elements becomes basic strategic resources.
The mass storage device mainly comprises SATA interface and PCIe interface hard disk device, PCIe solid state disk is the main technical development direction at present, and occupies more and more markets. However, in the SATA interface, in the mechanical hard disk (HDD for short), the solid state hard disk (SSD for short), especially the HDD, due to the characteristics of recoverability, high DSATA Retention (data Retention time) performance, and low cost of the magnetic storage medium, stability and price sensitivity are concerned more in the scenarios such as: the fields of small-scale data centers, college databases, security video servers and the like often have irreplaceable functions.
The current method adopted by the secure SSD is to encrypt data using a standard international (AES)/national (SM 4) cryptographic algorithm and store the ciphertext. The hard disk (also referred to as SSD/HDD of SATA interface) is protected from the legitimacy of the user through a certain authentication mechanism (such as OPAL instruction set) by means of password, hard disk serial number and the like. The method has a certain safety precaution effect on the SSD which is not approved, but the third party implicit attack after the authentication is passed, such as the attack means of updating the hard disk firmware through the SATA standard instruction set, tampering the partition table, forging the serial number of the hard disk and the like, is insufficient in protection capability. Due to the fact that the host and the hard disk are directly bound, because both sides store safety information and the compatibility and universality of products are considered, snooping, brute force cracking and the like of data are often quite tolerant, for example, keys are stored on the host side or the hard disk locally, and key guessing is carried out by reading a memory or monitoring a specific position of the hard disk. In addition, the destruction of the partition table may serve the purpose of damage to the entire data hard disk.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a data security guarantee method based on a SATA bridging chip, which comprehensively protects an SSD in an operating state, effectively prevents instruction backdoor, firmware tampering, boot sector attack and contact attack, endows a universal hard disk with authority classification and equipment binding functions, and achieves the purpose of special application of a universal storage product.
In order to solve the technical problem, the technical scheme adopted by the invention is as follows: according to the data security guarantee method based on the SATA bridge chip, an HY0168 SATA bridge chip is connected between a host/server and SATA storage equipment, the SATA bridge chip is used as a bridge for data transmission between the host/server and the SATA storage equipment, the SATA bridge chip plays roles in encrypting and forwarding SATA instructions and user data, meanwhile, a security strategy is stored in the SATA bridge chip, the SATA instructions and the data are controlled, and illegal invasion and back door monitoring are prevented; the security policy comprises a white list system, data filtering, three-party authentication and partition protection, and the data is respectively subjected to security protection from instructions, data, the whole system and the partition dimensions.
In the invention, the SATA bridge chip adopts a SATA bridge chip HY0168 of Shandong Hua wing semiconductor Limited.
And setting a white list system aiming at malicious instruction attacks, such as illegal firmware upgrading, overlay administrator passwords and the like aiming at the SATA instruction set. The white list system is characterized in that the SATA bridging chip screens the SATA instruction set, the instruction set is divided into three states of activation, prohibition and management, in the activation state, the SATA bridging chip forwards a host instruction to SATA storage equipment as a data communication bridge to carry out SATA instruction data forwarding, and the SATA storage equipment serves as a SATA instruction final receptor response instruction and feeds back the SATA instruction to the host through the SATA bridging chip; in a forbidden state, the SATA bridging chip directly responds to a host instruction and responds to the SATA instruction through explicit failure or implicit failure, the SATA bridging chip serves as a final SATA instruction acceptor and does not forward, and SATA storage equipment cannot acquire all instructions in the forbidden state; in the management state, the SATA bridging chip participates in instruction judgment and determines to enter an activated state or a forbidden state according to the current running state of the SATA bridging chip.
Specifically, the SATA bridge chip filters the SATA instruction set through the SATA instruction set filter, the activated state and the deactivated state are directly processed by the SATA instruction set filter, the management state is determined by the SATA instruction set filter, and then transmitted to the SATA bridge chip, and the SATA bridge chip determines the instruction and the state.
The method comprises the steps that data filtering is set aiming at malicious damage attack on a partition table, the data filtering is to protect an MBR partition table and prevent a master boot partition attack, the specific method is that MBR partition table modification depends on a customization tool and cannot be modified through a third-party tool, when an SATA bridge chip detects MBR data modification, whether current operation is legal user behavior is judged, if yes, the MBR partition table modification continues, if not, feedback modification fails, then the SATA bridge chip randomly generates an LBA address S outside the actual capacity range of a hard disk, the third-party tool generates new partition table information after acquiring the address S and writes the new partition table information through the S address, the SATA bridge chip analyzes the partition table information and judges whether the analyzed S is consistent with the originally generated S, if yes, the partition table information is written into the SATA bridge chip, the information and the position of an SATA storage device partition table are modified according to the partition table, the SATA bridge chip resets and returns that the partition table modification succeeds.
In order to ensure safety, the S has certain keep-alive time, the SATA bridging chip is used for timing through a timer, and the S fails after the keep-alive time is exceeded. When the MBR partition table is modified each time, S is generated again, and after S is used each time, the SATA bridging chip discards S and does not use S any more.
Under normal conditions, the system can read the MBR address (LBA 0)/GPT (LBA 2) to obtain the partition information, but when the LBA0/LBA2 is subjected to an illegal write attack, the HY0168 firmware rejects the write operation, and the repartitioning or formatting needs to be modified by a special tool, so that the validity of the partition table and the partition allocation is ensured. After successful partitioning, the partition table is stored in the HY0168 internal storage area and is not stored in the external hard disk. When the HY0168 is separated from the hard disk, since the partition table stored in the hard disk is incorrect, the separately connected hard disk presents an uninitialized state when the corresponding HY0168 is separated. For GPT partition, partition table protection can also be accomplished by storing LBA2 (critical data of the GPT partition table is stored in LBA 2).
Aiming at the behaviors of resisting attacks, tampering serial numbers and the like of general equipment, HY0168 provides a set of three-party authentication method taking HY0168 as an intermediate medium. The three-party authentication is that the SATA bridging chip respectively authenticates the host and the SATA storage device based on a state-of-manufacture cryptographic algorithm, the host, the SATA bridging chip and the SATA storage device are bound in three parties, and the host end requires the BIOS or the TPM module to support an SM2 encryption and decryption algorithm and has a nonvolatile storage function; the three-party authentication process comprises the following steps:
upon power-up, the BIOS/TPM obtains an SM2 key pair (Pub _ a, pri _ a) generated by the SATA bridge chip HY0168, pub _ a represents a public key of the key pair, pri _ a represents a private key of the key pair, the BIOS/TPM obtains the public key Pub _ a, the BIOS/TPM generates a set of SM2 key pairs (Pub _ b, pri _ b), pub _ b represents a public key of the key pair, pri _ b represents a private key of the key pair, reads a key component R1 of the BIOS/TPM storage, generates a set of random numbers R11, R11 is the same as R1 in length, connects R1, R11 and Pub _ b to generate C, i.e., C = R1 | R11 | Pub b _ b, encrypts C using Pub _ a, the encryption result is C1, then C1= SM _ a (C) is generated, sends HY1 to the SATA bridge chip 0168, SATA bridge chip 0168 is decrypted using Pri _ a, reads the R2 stored in the SATA bridge chip, and calculates HY ,R = R1XOR R2, calculate SM3 (R) ) And comparing whether SM3 (R) stored in an HY0168 SATA bridge chip is consistent or not, if so, the authentication is passed, calculating R22, R22 = R XOR R11, R is a calculation parameter set in the SATA bridge chip, R = R1XOR R2, and R is stored in the SATA bridge chip in a hash value mode, encrypting R11 by using Pub _ b, namely C2= SM2Pub _ b (R11), sending C2 to BIOS/TPM, decrypting C2 by using SM2 private key Pri _ b generated by a BIOS/TPM module to obtain R2 11, comparison R Whether 11 is consistent with R11 or not, if so, updating R1 to R11, and updating R2 to R22 by the HY0168 SATA bridge chip;
the method comprises the steps that a serial number S1 of the SATA storage device is read, key information S2 of a hidden space enters an SATA bridging chip to be mutually acknowledged with the storage device, after the authentication is consistent, the three devices trust each other, the SATA storage device releases a data channel, real partition table information stored in the SATA storage device is sent to a host, and the host starts to identify a hard disk.
And setting a partition protection mechanism aiming at the problem that the protection strength of a single secret key on the whole disk data is not enough. The partition protection is that an LBA analyzer and a partition key expansion module are integrated in the SATA bridging chip, the partition key expansion module corresponds to a partition and is used for storing the range, the key and the mode of each partition, and the partition key expansion module performs key expansion to complete key assembly of each partition; during data transmission, the LBA analyzer analyzes the corresponding relation between the LBA and the partition according to the address and the length of the data written each time, and calls the key information of the corresponding partition key expansion module to perform data encryption and decryption operations.
The partition key source comprises automatic generation and external import, and the HY0168 firmware volume production stage determines the key generation mode.
Automatically generating: after the HY0168 firmware is manufactured in a mass mode, a mass production tool generates key information, the key is stored in an HY0168 internal nonvolatile storage area, and the external import and key generation functions are locked.
External introduction: after the HY0168 firmware is manufactured in a large scale, a manufacturing tool does not generate key information, the key is imported from the outside through a safety method, the key is stored in an HY0168 internal nonvolatile storage area, and the key generation function is locked.
From a data recovery perspective, external import keys are more user friendly. Because the external import is finished by the user manufacturer, the key is kept and maintained by the user manufacturer, and after HY0168 is damaged or rapidly destroyed, the key can be imported into the domestic product by re-importing the key, so that the hard disk data can still be used.
From the data security perspective, the security of automatically generating keys is higher. The automatically generated key cannot be exported to the outside, and once the automatically generated key locks the external import and key generation functions, HY0168 automatically regenerates a new key to replace the old key after HY0168 is damaged or enters quick destruction, the key is permanently lost, and hard disk data cannot be recovered.
The invention has the beneficial effects that: the SATA bridging chip is defined as a 'entrance guard' role between the host/server and the SATA storage device, SSD is comprehensively protected in an operating state through mechanisms such as a white list system, data filtering, partition keys, three-party authentication and the like, and the aim that the general hard disk storage device is changed into the special storage device with high security level is fulfilled by adding HY0168 to the main board. The invention can solve the problems of safety and stability of stored data, is beneficial to rapid market popularization, especially for the industry concerned about storage safety, and has very wide industrialization prospect.
Drawings
FIG. 1 is a diagram illustrating control of data storage in a SATA bridge chip;
FIG. 2 is a diagram illustrating SATA command screening status;
FIG. 3 is a schematic diagram of MBR (LBA 0)/GPT (LBA 2) modification using a third party tool;
FIG. 4 is a schematic diagram of a three-party authentication process of BIOS, HY0168 and hard disk;
FIG. 5 is a schematic view of partition protection.
Detailed Description
The invention is further described with reference to the following figures and specific embodiments.
Example 1
The embodiment discloses a data security guarantee method based on a SATA bridge chip, as shown in fig. 1, the method connects the SATA bridge chip between a host/server and SATA storage equipment, defines HY0168 as a role of gatekeeper, and performs data security protection on the SATA storage equipment from several dimensions of instructions, data, partitions and an overall system through a white list system, data filtering, partition keys and a three-party authentication mechanism, so as to effectively prevent instruction backdoor and firmware tampering, boot sector attack and contact attack, and endow a universal hard disk with authority classification and equipment binding functions, thereby achieving the purpose of special application of a universal storage product.
In this embodiment, the SATA bridge chip is a SATA bridge chip HY0168 developed and produced by santong hua wing semiconductor limited, hereinafter abbreviated as HY0168, and the SATA storage device is an SSD hard disk, hereinafter abbreviated as a hard disk.
As shown in fig. 2, the SATA instruction set is attacked by malicious instructions, such as illegal firmware upgrade, overlay administrator password, etc. HY0168 divides the instruction set into Active (Active), forbidden (Forbidden) and management (management) states through SATA instruction set filter, the Active state and Forbidden state are determined after HY0168 is produced in volume, and the management state is flexibly controlled by HY0168 firmware according to the use scene.
And in the activated state, HY0168 forwards the host command to the hard disk, the hard disk is used as a data communication bridge to carry out SATA command data forwarding, and the hard disk is used as a final receptor response command of the SATA command and is fed back to the host through HY0168. Specifically, when the command is in an Active (Active) state, HY0168 transfers the command from the firmware control to the SATA host through the SATA storage device (the SATA host transfers the command to the SATA storage device), and the actual command recipient is the hard disk device and transfers data to the host according to the response result and content of the hard disk command, for example, IDENTIFY DEVICE (0 xEC).
HY0168 directly responds to host instructions in the forbidden state, responds to SATA instructions through explicit failure and implicit failure, and HY0168 serves as a final SATA instruction acceptor and does not forward. The hard disk cannot acquire all instructions in the prohibited state. Specifically, when the instruction is in a Forbidden (Forbidden) state, the specific instruction content is processed by the filtering module, and when the instruction is a read instruction, the data with the read length is automatically filled, and the data content is meaningless; when the command is a write command, the data is automatically discarded, the command success at the host end is returned, the command function has no actual significance, for example, DOWNLOAD Microcode, the command has no actual efficacy, but the command processing result obtained from the SATA command initiator is successful.
Under the management state, the HY0168 firmware participates in instruction judgment, and further analysis and processing are carried out according to the current running state of HY0168 so as to determine whether the HY0168 firmware enters the activated state or the prohibited state.
Specifically, when the instruction is in the management (management) state, the HY0168 analyzes the instruction by the firmware, and determines whether the response is made by the HY0168 or the hard disk according to the current security state of the HY0168. In this embodiment, the state control is realized by the SATA private instruction, and the method of the private instruction refers to a secure encryption solid-state storage method in patent CN 107729777B.
For example, when secure DISABLE PASSWORD (0 xF6 h) is performed, HY0168 confirms that the identity is illegal according to the SATA private instruction, the firmware directly rejects the instruction behavior, and explicitly notifies the host of the instruction failure or implicitly notifies the host of the instruction success but does not actually forward the instruction to the hard disk.
Or when SECURITY DISABLE PASSWORD (0 xF6 h) is performed, HY0168 confirms that the identity is legal according to the SATA private instruction, and the instruction and data are forwarded to the hard disk device starting function.
In this embodiment, the activated state and the deactivated state are directly processed by the SATA isa hardware, and no recognition or determination is performed by the HY0168 firmware. The management state is judged by the hardware of the SATA instruction set filter firstly and then transmitted to the HY0168 firmware, and the HY0168 firmware carries out instruction and state judgment and carries out subsequent processing according to the current state.
As shown in fig. 3, data filtering is set for malicious attack on a partition table, the data filtering is to protect an MBR partition table and prevent a master boot partition attack, and the specific method is that MBR partition table modification depends on a customization tool and cannot be modified by a third-party tool, when detecting MBR data modification, a SATA bridge chip determines whether current operation is legal user behavior, if so, the operation continues, if not, the feedback modification fails, then the SATA bridge chip randomly generates an LBA address S outside the actual capacity range of a hard disk, the third-party tool generates new partition table information after acquiring the address S, and writes the new partition table information through the S address, the SATA bridge chip analyzes the partition table information and determines whether the analyzed S is consistent with the originally generated S, if so, the partition table information is written into the SATA bridge chip, and modifies the information and the position of a SATA storage device partition table according to the partition table, the SATA bridge chip resets and returns that partition table modification succeeds.
In this embodiment, S is an address outside the visible partition of the system, similar to the hidden partition. For example, the actual capacity of the hard disk is 1024G, the firmware control presents the visible area to the user as 1000G, and the rest 24G controls the access through the firmware and cannot be accessed through the system or tools. And selecting an address in the 24G range as S to backup the partition table. This is a protection of the partition table, the default system partition table being at LBA0, and brute force modifying the MBR may cause another partition to be presented.
S will be regenerated each time MBR (LBA 0)/GPT (LBA 2) is modified and HY0168 will discard S from use after each use of S. HY0168 provides a time-limited modification function, after every use of S, HY0168 starts a timer to count, and if S is not returned within a specified time, HY0168 discards S for no use.
When an illegal user/virus performs partition table operation through a partition tool or a formatting tool carried by the system, the HY0168 firmware returns successful operation but does not forward instructions, and the system is prevented from triggering retry or long-time jamming.
Under normal conditions, the system can read the MBR address (LBA 0)/GPT (LBA 2) to obtain the partition information, but when the LBA0/LBA2 is subjected to an illegal write attack, the HY0168 firmware rejects the write operation, and the repartitioning or formatting needs to be modified by a special tool, so that the validity of the partition table and the partition allocation is ensured. After successful partitioning, the partition table is stored in the internal storage area of the HY0168 and is not stored in the external hard disk. When the HY0168 is separated from the hard disk, since the partition table stored in the hard disk is incorrect, the separately connected hard disk presents an uninitialized state when the corresponding HY0168 is separated.
For GPT partition, partition table protection can also be accomplished by storing LBA2 (critical data of the GPT partition table is stored in LBA 2).
Aiming at the behaviors of resisting attacks, tampering serial numbers and the like of general equipment, HY0168 provides a set of three-party authentication method taking HY0168 as an intermediate medium. The three-party certification is that the SATA bridging chip respectively certifies the host and the hard disk based on a state-of-manufacture cryptographic algorithm, the host, the SATA bridging chip and the hard disk are bound in three parties, and the host end requires the BIOS or the TPM module to support an SM2 encryption and decryption algorithm and has a nonvolatile storage function.
As shown in fig. 4, the flow of the three-party authentication is as follows:
upon power-up, the BIOS/TPM obtains an SM2 key pair (Pub _ a, pri _ a) generated by the SATA bridge chip HY0168, pub _ a represents a public key of the key pair, pri _ a represents a private key of the key pair, the BIOS/TPM obtains the public key Pub _ a, the BIOS/TPM generates a set of SM2 key pairs (Pub _ b, pri _ b), pub _ b represents a public key of the key pair, pri _ b represents a private key of the key pair, reads a key component R1 of the BIOS/TPM storage, generates a set of random numbers R11, R11 is the same as R1 in length, connects R1, R11 and Pub _ b to generate C, i.e., C = R1 | R11 | Pub b _ b, encrypts C using Pub _ a, the encryption result is C1, then C1= SM _ a (C) is generated, sends HY1 to the SATA bridge chip 0168, SATA bridge chip 0168 is decrypted using Pri _ a, reads the R2 stored in the SATA bridge chip, and calculates HY ,R = R1XOR R2, calculate SM3 (R) ) And comparing whether SM3 (R) stored in HY0168 SATA bridge chip is consistent or not, if so, the authentication is passed and R22 is calculated, R22 = R XOR R11, R is a calculation parameter set in the SATA bridge chip, R = R1XOR R2, R is stored in the SATA bridge chip in a hash value mode, R11 is encrypted by Pub _ b, namely C2= SM2Pub _ b (R11), C2 is sent to BIOS/TPM, and the SM2 private key Pri _ b generated by the BIOS/TPM module is used for decrypting C2 to obtain R2 11, comparison R Whether 11 is consistent with R11 or not, if so, updating R1 to R11, and updating R2 to R22 by the HY0168 SATA bridge chip;
reading the serial number S1 of the SATA storage device and the key information S2 of the hidden space, entering the SATA bridging chip to mutually recognize with the storage device, specifically: after the SATA bridging chip acquires the information S1 and S2, making M = SM3 (SM 3 (S1) XOR S2), comparing whether M is consistent with M1 stored by the SATA bridging chip, if so, authenticating the M, mutually trusting through three-party equipment, releasing a data path by the SATA storage equipment, sending real partition table information stored in the SATA storage equipment to a host, and identifying the hard disk by the host.
The authentication process of the BIOS/TPM and the SATA bridging chip adopts a one-time pad mechanism: i.e., R is unchanged (R = R1XOR R2), each time authentication is completed, R22 is calculated with BIOS/TPM generated R11, R22 = R XOR R11, and then R1 and R2 are replaced. In order to ensure the safety of the transmission process, two groups of keys are introduced, and R11 and R22 are encrypted and protected in the communication process. Further, HY1068 does not store the plaintext of R2 and R22, and identifies whether the authenticated data is correct by SM3 (R2)/SM 3 (R22). Further, HY0168 stores SM3 (R) without storing the plaintext of R, and identifies whether or not the authentication is correct by calculating whether SM3 (R') matches SM3 (R).
After HY0168 is produced in volume, the equipment is in an initial installation state, HY0168 does not store any equipment authentication information in the initial installation state, and HY0168 can be connected with any hard disk host for use before the equipment is not bound and the host is bound.
After HY0168 binds storage equipment, HY0168 takes the serial number S1 of hard disk equipment as an operation factor, writes a section of random data S2 into a hidden area of the hard disk, takes S1 and S2 as authentication information of the hard disk, generates M1 through a multiple hash algorithm, and stores the M1 into HY0168.
The BIOS/host TPM module needs to have storage capability and SM2 cryptographic operation capability. If the password authentication method does not exist, HY0168 manages the slave disk equipment, and the three-party authentication is performed in Windows or Linux system by realizing the cryptographic algorithm through software, so that the security is lower than that in the mode that the BIOS or TPM directly performs key data storage and operation
The BIOS/TPM module gets the key component R1 and encrypts the connection-generated factor C with the SM2 key generated by HY0168 power-up.
HY0168 decrypts the authentication data, then obtains R2 to calculate, and compares if they are consistent, to verify if the BIOS/TPM and HY0168 bridge chip are matched.
After the BIOS/TPM and the HY0168 bridging chip are successfully matched, HY0168 regenerates authentication data, and authentication data R11 is encrypted and transmitted through Pub _ b to update the authentication data R11, the purpose of doing so is to transmit R11 to the BIOS/TPM, the BIOS/TPM judges whether the process is successful or not, the next operation is carried out, the BIOS/TPM updates the authentication data after calculation, R1 is updated to R11, R2 is updated to R22, the purpose of dynamically updating authentication information is achieved, and the safety intensity is improved.
After HY0168 authenticates the host, the serial numbers S1 and S2 of the devices are acquired, operation is carried out to determine the legality of the HDD/SSD, binary operation is carried out by reading information stored in the HY0168 hidden space, and hard disk cloning can be prevented from being carried out by tampering the serial number in the identity instruction.
And when the M is consistent with the M1, the HY0168 is considered to be bound with the hard disk, the real partition table information stored in the HY0168 is loaded, and the MBR/LBA2 is replaced and fed back to the host. Here, the MBR/LBA2 replacement is not an overwriting write to the hard disk, but when the firmware detects that the MBR/LBA0 address is read, the data is directly returned to the host from HY0168, and the information in the hard disk is not acquired.
After the authentication is completed, HY0168 releases the path from the host to the hard disk, so that all data is forwarded under the supervision of HY0168, and the instructions are filtered under the supervision of HY0168.
And setting a partition protection mechanism aiming at the problem that the protection strength of a single secret key on the whole disk data is not enough. As shown in fig. 5, the partition protection refers to integrating an LBA analyzer and a partition key expansion module in the SATA bridge chip, where the partition key expansion module corresponds to a partition and is used to store a range, a key, and a mode of each partition, and the partition key expansion module performs key expansion to complete key assembly of each partition; during data transmission, the LBA analyzer analyzes the corresponding relation between the LBA and the partition according to the address and the length of the data written each time, and calls the key information of the corresponding partition key expansion module to perform data encryption and decryption operations.
The partition key source comprises automatic generation and external import, and the HY0168 firmware volume production stage determines the key generation mode.
Automatically generating: after the HY0168 firmware is manufactured in a mass mode, a mass production tool generates key information, the key is stored in an HY0168 internal nonvolatile storage area, and the external import and key generation functions are locked.
External introduction: after the HY0168 firmware is manufactured in a large scale, a manufacturing tool does not generate key information, the key is imported from the outside through a safety method, the key is stored in an HY0168 internal nonvolatile storage area, and the key generation function is locked.
From a data recovery perspective, external import keys are more user friendly. Because the external import is finished by the user manufacturer, the key is kept and maintained by the user manufacturer, and after HY0168 is damaged or rapidly destroyed, the key can be imported into the domestic product by re-importing the key, so that the hard disk data can still be used.
From the data security perspective, the security of automatically generating keys is higher. The automatically generated key cannot be exported to the outside, and once the automatically generated key locks the external import and key generation functions, HY0168 automatically regenerates a new key to replace the old key after HY0168 is damaged or enters quick destruction, the key is permanently lost, and hard disk data cannot be recovered.
The foregoing description is only for the basic principle and the preferred embodiments of the present invention, and modifications and substitutions by those skilled in the art are included in the scope of the present invention.

Claims (10)

1. A data security guarantee method based on SATA bridging chip is characterized in that: according to the method, an SATA bridging chip is connected between a host/server and SATA storage equipment, the SATA bridging chip is used as a bridge for data transmission between the host/server and the SATA storage equipment, SATA instructions and user data are encrypted and forwarded, a security policy is stored in the SATA bridging chip, the SATA instructions and the data are controlled, and illegal invasion and back door monitoring are prevented; the security policy comprises a white list system, data filtering, three-party authentication and partition protection, and the data is respectively subjected to security protection from instructions, data, the whole system and the partition dimensions.
2. The SATA bridge chip-based data security method of claim 1, wherein: the white list system is characterized in that the SATA bridging chip screens the SATA instruction set, the instruction set is divided into three states of activation, prohibition and management, in the activation state, the SATA bridging chip forwards a host instruction to SATA storage equipment as a data communication bridge to carry out SATA instruction data forwarding, and the SATA storage equipment serves as a SATA instruction final receptor response instruction and feeds back the SATA instruction to the host through the SATA bridging chip; in a forbidden state, the SATA bridging chip directly responds to a host instruction and responds to the SATA instruction through an explicit failure or an implicit failure, the SATA bridging chip serves as a final SATA instruction acceptor and does not forward, and SATA storage equipment cannot acquire all instructions in the forbidden state; in the management state, the SATA bridging chip participates in instruction judgment and determines to enter an activated state or a forbidden state according to the current running state of the SATA bridging chip.
3. The SATA bridge chip-based data security method of claim 2, wherein: the SATA bridging chip screens the SATA instruction set through the SATA instruction set filter, the activated state and the deactivated state are directly processed by the SATA instruction set filter, the management state is judged by the SATA instruction set filter firstly and then transmitted to the SATA bridging chip, and the SATA bridging chip judges the instruction and the state.
4. The SATA bridge chip-based data security method of claim 1, wherein: the data filtering is to protect an MBR partition table and prevent a master boot partition attack, and the specific method is that MBR partition table modification depends on a customization tool and cannot be modified by a third-party tool, when the MBR data modification is detected by an SATA bridge chip, whether current operation is legal user behavior is judged, if yes, the operation is continued, if not, the feedback modification fails, then the SATA bridge chip randomly generates an LBA address S outside the actual capacity range of a hard disk, the third-party tool generates new partition table information after acquiring the address S and writes the new partition table information in the address S through the S address, the SATA bridge chip analyzes the partition table information and judges whether the analyzed S is consistent with the originally generated S, if so, the partition table information is written into the SATA bridge chip, the information and the position of the partition table of the SATA storage device are modified according to the partition table, the SATA bridge chip resets and returns that the partition table modification succeeds.
5. The SATA bridge chip-based data security method of claim 4, wherein: s has certain keep-alive time, the SATA bridging chip is timed through a timer, and after the keep-alive time is exceeded, the S is invalid.
6. The SATA bridge chip-based data security method of claim 4, wherein: and when the MBR partition table is modified each time, S is regenerated, and after S is used each time, the SATA bridging chip discards S and is not used any more.
7. The SATA bridge chip-based data security method of claim 1, wherein: the three-party authentication is that the SATA bridging chip respectively authenticates the host and the SATA storage device based on a state-of-manufacture cryptographic algorithm, the host, the SATA bridging chip and the SATA storage device are bound in three parties, and the host end requires the BIOS or the TPM module to support an SM2 encryption and decryption algorithm and has a nonvolatile storage function; the three-party authentication process comprises the following steps:
upon power-up, the BIOS/TPM obtains an SM2 key pair (Pub _ a, pri _ a) generated by the SATA bridge chip HY0168, pub _ a represents a public key of the key pair, pri _ a represents a private key of the key pair, the BIOS/TPM obtains the public key Pub _ a, the BIOS/TPM generates a set of SM2 key pairs (Pub _ b, pri _ b), pub _ b represents a public key of the key pair, pri _ b represents a private key of the key pair, reads a key component R1 stored in the BIOS/TPM, generates a set of random numbers R11, R11 is the same as R1 in length, connects R1, R11 and Pub _ b to generate C, i.e., C = R1 | R11 | Pub b _ b, encrypts C using Pub _ a, the encryption result is C1, sends C1 to the SATA bridge chip HY0168, the SATA bridge chip HY0168 decrypts C1 using Pri a, reads the SATA bridge chip 01c 68, and calculates R2 stored in the SATA bridge chip HY to obtain the set of SM2 key pairs ,R = R1XOR R2, calculate SM3 (R) ) And comparing whether SM3 (R) stored in an HY0168 SATA bridge chip is consistent or not, if so, the authentication is passed, calculating R22, R22 = R XOR R11, R is a calculation parameter set in the SATA bridge chip, R = R1XOR R2, R is stored in the SATA bridge chip in a hash value mode, using Pub _ b to encrypt R11 to obtain C2, sending C2 to BIOS/TPM, and using SM2 private key Pri _ b generated by the BIOS/TPM module to decrypt C2 to obtain R 11, comparison of R Whether 11 is consistent with R11, if so, updating R1 to R11,the HY0168 SATA bridge chip updates R2 to R22;
reading a serial number S1 of the SATA storage device and key information S2 of a hidden space, entering an SATA bridging chip to mutually recognize with the storage device, after the three devices are authenticated to be consistent, mutually trusting the three devices, releasing a data path by the SATA storage device, sending real partition table information stored in the SATA storage device to a host, and identifying the hard disk by the host.
8. The SATA bridge chip-based data security method of claim 7, wherein: the mutual recognition process of the storage devices according to the residual information S1 and S2 is as follows: after the SATA bridge chip acquires the information S1 and S2, let M = SM3 (S1) XOR S2), compare whether M matches M1 stored in the SATA bridge chip, and if so, the authentication is passed.
9. The SATA bridge chip-based data security method of claim 1, wherein: the partition protection is that an LBA analyzer and a partition key expansion module are integrated in the SATA bridging chip, the partition key expansion module corresponds to a partition and is used for storing the range, the key and the mode of each partition, and the partition key expansion module performs key expansion to complete key assembly of each partition; when data is transmitted, the LBA analyzer analyzes the address and length of each written data to obtain the corresponding relation between the LBA and the partition, and calls the key information of the corresponding partition key expansion module to perform data encryption and decryption operations.
10. The SATA bridge chip-based data security method of claim 9, wherein: the partition key source includes automatic generation and external import.
CN202211226163.2A 2022-10-09 2022-10-09 Data security guarantee method based on SATA bridging chip Active CN115310136B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211226163.2A CN115310136B (en) 2022-10-09 2022-10-09 Data security guarantee method based on SATA bridging chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211226163.2A CN115310136B (en) 2022-10-09 2022-10-09 Data security guarantee method based on SATA bridging chip

Publications (2)

Publication Number Publication Date
CN115310136A true CN115310136A (en) 2022-11-08
CN115310136B CN115310136B (en) 2023-02-03

Family

ID=83866969

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211226163.2A Active CN115310136B (en) 2022-10-09 2022-10-09 Data security guarantee method based on SATA bridging chip

Country Status (1)

Country Link
CN (1) CN115310136B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115993525A (en) * 2023-03-22 2023-04-21 山东华翼微电子技术股份有限公司 Chip batch sample testing and verifying method based on Ymodem protocol

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201017311Y (en) * 2006-12-29 2008-02-06 深圳易拓科技有限公司 Hard disk capable of thermal connect-disconnect
US20080294421A1 (en) * 2007-05-23 2008-11-27 Kwok-Yan Leung Hard Disk Drive Adapter For Emulating Hard Disk Drive Interface
JP2012059308A (en) * 2010-09-06 2012-03-22 Workbit Corp Bridge chip, hard disk device, and address conversion program
CN106169041A (en) * 2016-07-06 2016-11-30 北京天芯微鸿科技有限公司 A kind of safety encryption portable hard drive based on USBKEY authentication and data transmission method thereof
CN108830097A (en) * 2018-06-21 2018-11-16 湖南君瀚信息技术有限公司 A kind of SATA bridge encryption equipment
US20190095118A1 (en) * 2017-09-26 2019-03-28 Canon Kabushiki Kaisha Storage control apparatus, control method thereof, storage medium, and information processing apparatus
CN109657502A (en) * 2018-12-11 2019-04-19 于哲 A kind of SATA bridge based on domestic cryptographic algorithm connects real-time Transmission encryption system and method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201017311Y (en) * 2006-12-29 2008-02-06 深圳易拓科技有限公司 Hard disk capable of thermal connect-disconnect
US20080294421A1 (en) * 2007-05-23 2008-11-27 Kwok-Yan Leung Hard Disk Drive Adapter For Emulating Hard Disk Drive Interface
JP2012059308A (en) * 2010-09-06 2012-03-22 Workbit Corp Bridge chip, hard disk device, and address conversion program
CN106169041A (en) * 2016-07-06 2016-11-30 北京天芯微鸿科技有限公司 A kind of safety encryption portable hard drive based on USBKEY authentication and data transmission method thereof
US20190095118A1 (en) * 2017-09-26 2019-03-28 Canon Kabushiki Kaisha Storage control apparatus, control method thereof, storage medium, and information processing apparatus
CN108830097A (en) * 2018-06-21 2018-11-16 湖南君瀚信息技术有限公司 A kind of SATA bridge encryption equipment
CN109657502A (en) * 2018-12-11 2019-04-19 于哲 A kind of SATA bridge based on domestic cryptographic algorithm connects real-time Transmission encryption system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
付园园: "一种SAN存储网络安全保护方案", 《科技资讯》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115993525A (en) * 2023-03-22 2023-04-21 山东华翼微电子技术股份有限公司 Chip batch sample testing and verifying method based on Ymodem protocol
CN115993525B (en) * 2023-03-22 2023-08-22 山东华翼微电子技术股份有限公司 Chip batch sample testing and verifying method based on Ymodem protocol

Also Published As

Publication number Publication date
CN115310136B (en) 2023-02-03

Similar Documents

Publication Publication Date Title
US9722977B2 (en) Secure host authentication using symmetric key crytography
US10057065B2 (en) System and method for securely storing and utilizing password validation data
US7426747B2 (en) Methods and systems for promoting security in a computer system employing attached storage devices
US8751821B2 (en) Secure read-write storage device
JP4912879B2 (en) Security protection method for access to protected resources of processor
US20060005046A1 (en) Secure firmware update procedure for programmable security devices
CN107908574B (en) Safety protection method for solid-state disk data storage
US20030236992A1 (en) Method and system for providing secure logging for intrusion detection
US20030188162A1 (en) Locking a hard drive to a host
US9672333B2 (en) Trusted storage
JP2010539584A (en) Data security device
US8307217B2 (en) Trusted storage
CN115310136B (en) Data security guarantee method based on SATA bridging chip
CN110837634B (en) Electronic signature method based on hardware encryption machine
US8667278B2 (en) Information processing apparatus and data transmission method of information processing apparatus
CN109891823B (en) Method, system, and non-transitory computer readable medium for credential encryption
CN111539042A (en) Safe operation method based on trusted storage of core data files
CN113486399A (en) Data storage method and system based on RISC-V architecture
KR20230012488A (en) Security elements for secure processing of digital information
CN112784321B (en) Disk resource security system
US20210409196A1 (en) Secure Key Storage Systems Methods And Devices
Bel et al. Inkpack
Bel et al. Inkpack: A Secure, Data-Exposure Resistant Storage System
CN117113369A (en) Data reading and writing method and device, computer equipment and storage medium
CN117786683A (en) Application program anti-halving system, method, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant