JP2021043674A - Control device and method - Google Patents

Abstract

To perform verification of program data in a high-speed manner regardless of hardware performance.SOLUTION: An control device (10) comprises: a non-rewritable first memory (23) in which a referential value of program data, and an n-th hash chain out of first to n-th hash chains calculated from data in a prescribed length by using a hash function in a repetitive manner are stored; a writable second memory (24) in which either one of the first to n-first hash chains is stored; and a verification processing section (11) in which, when a hash value calculated from the program data is equal to the stored referential value, and further the stored n-th hash chain is equal to an n-th hash chain calculated from either one of the first to the n-first hash chains, the program data is determined to be authentic.SELECTED DRAWING: Figure 1

Description

The present invention relates to a control device and a method.

In a control device such as a microcontroller, secure boot is generally performed to start after verifying whether the application is authentic or not. This verification is performed by matching the program data of the application to be started with the reference data stored in the secure environment. By using a safe and tamper-resistant external chip or hardware with a special function called TrustZone (registered trademark) to store the reference data, the security against tampering of the reference data can be enhanced, but the performance is high. It is costly because it requires a lot of hardware.

On the other hand, a method of verifying program data by software processing in which a hash function is combined with an encryption technique such as a digital signature has also been proposed (see, for example, Patent Document 1). According to this software processing, it is possible to verify the application without depending on the special hardware function as described above.

JP-A-2018-88574

However, digital signatures are computationally intensive encryption techniques and require a large amount of computation. Poor hardware performance can result in very long verification process times due to the time required for computation.

An object of the present invention is to perform high-speed verification of program data regardless of hardware performance.

According to one aspect of the present invention, the authenticity of the program data is verified by calculating a hash value from the program data using a hash function and determining whether or not the hash value is the same as the reference value. The first memory (23) includes a verification processing unit (11), a first memory (23) in which data cannot be rewritten, and a second memory (24) in which data can be rewritten. , The reference value and the nth hash chain of the 1st to nth hash chains calculated from the data of a predetermined length by repeatedly using the hash function are stored in the second memory (24). Is stored in any of the 1st to n-1st hash chains among the 1st to nth hash chains, and the verification processing unit (11) uses the hash function to store the second memory (24). The nth hash chain is calculated from any of the 1st to n-1th hash chains stored in), and the hash value calculated from the program data is the same as the reference value and is calculated. When the nth hash chain and the nth hash chain stored in the first memory (23) are the same, a control device (10) for determining that the program data is genuine is provided. Hash function.

According to another aspect of the present invention, the authenticity of the program data is determined by calculating a hash value from the program data using a hash function and determining whether or not the hash value is the same as the reference value. The first memory (23) includes a verification processing unit (11) for verifying the above, a first memory (23) in which data cannot be rewritten, and a second memory (24) in which data can be rewritten. The hash value of the reference value and the nth hash chain of the 1st to nth hash chains calculated from the data of a predetermined length by repeatedly using the hash function are stored in the second memory. In (24), the reference value and any one of the 1st to n-1st hash chains of the 1st to nth hash chains are stored, and the verification processing unit (11) has the hash function. Is used to calculate the hash value from the reference value stored in the second memory (24), and n from any of the first to n-1th hash chains stored in the second memory (24). The second hash chain is calculated, the hash value calculated from the program data is the same as the reference value, and the hash value calculated from the reference value is the same as the hash value of the stored reference value. Therefore, when the calculated n-th hash chain is the same as the stored n-th hash chain, the control device (10) for determining that the program data is genuine is provided.

According to another aspect of the present invention, a control for verifying the authenticity of program data is provided with a first memory (23) in which data cannot be rewritten and a second memory (24) in which data can be rewritten. A method of initializing the device (10), in which a hash function is repeatedly used to calculate the 1st to nth hash chains from data of a predetermined length, and the hash function is used as a reference value used for the verification. The step of calculating the hash value from the program data, the calculated reference value, and the nth hash chain of the 1st to nth hash chains are stored in the first memory (23). A method is provided including a step and a step of storing any one of the 1st to n-1st hash chains in the 1st to nth hash chains in the second memory (24).

According to another aspect of the present invention, a program is provided in a control device (10) including a first memory (23) in which data cannot be rewritten and a second memory (24) in which data can be rewritten. It is a method of verifying the authenticity of data. By calculating a hash value from the program data using a hash function and determining whether or not the hash value is the same as the reference value, the program data Including the step of verifying the authenticity, the first memory (23) includes the nth hash chain of the 1st to nth hash chains calculated from the data of a predetermined length by repeatedly using the reference value and the hash function. The second hash chain and the second hash chain are stored, and any one of the 1st to n-1st hash chains among the 1st to nth hash chains is stored in the second memory (24), and the verification is performed. The step is a step of calculating the nth hash chain from any of the 1st to n-1st hash chains stored in the second memory (24) using the hash function, and from the program data. If the calculated hash value is the same as the reference value, and the calculated nth hash chain and the stored nth hash chain are the same, it is determined that the program data is authentic. Steps to do, and methods including.

According to one aspect of the present invention, a control device provided with a first memory (23) in which data cannot be rewritten and a second memory (24) in which data can be rewritten, and which verifies the authenticity of program data ( 10) is a method of initializing, wherein the hash function is repeatedly used to calculate the 1st to nth hash chains from data of a predetermined length, and the hash function is used as a reference value used for the verification. Of the steps of calculating the hash value from the program data, the step of calculating the hash value from the reference value using the hash function, the hash value calculated from the reference value, and the 1st to nth hash chains. The nth hash chain of the above is stored in the first memory (23), the reference value, and any of the 1st to n-1th hash chains of the 1st to nth hash chains. A method including a step of storing the hash in the second memory (24) is proposed.

According to another aspect of the present invention, the program data in the control device (10) including the first memory (23) in which the data cannot be rewritten and the second memory (24) in which the data can be rewritten. This is a method for verifying the authenticity of the program data. By calculating a hash value from the program data using a hash function and determining whether or not the hash value is the same as the reference value, the authenticity of the program data is determined. Including the step of verifying the property, the first memory (23) contains the hash value calculated from the reference value and the 1st to nth hashes calculated from the data of a predetermined length by repeatedly using the hash function. The nth hash chain of the chain is stored, and the reference value and the 1st to n-1th hash chains of the 1st to nth hash chains are stored in the second memory (24). One of the steps is saved, and the verification step is a step of calculating a hash value from a reference value saved in the second memory (24) using the hash function, and a step of saving in the second memory (24). The step of calculating the nth hash chain from any of the 1st to n-1th hash chains and the hash value calculated from the program data are the same as the reference value, and from the reference value. When the calculated hash value is the same as the hash value of the stored reference value and the calculated nth hash chain is the same as the stored nth hash chain, the program data. A method is provided that includes, and a step in determining that is authentic.

According to the present invention, the verification of program data can be performed at high speed regardless of the performance of the hardware.

It is a block diagram which shows the structure of the microcontroller of this embodiment. It is a flowchart of the process of generating a hash chain. It is a conceptual diagram of a hash chain. It is a figure which shows the data example of the OTP memory and non-OTP memory in the 1st Embodiment. It is a figure which shows the data example of the OTP memory and non-OTP memory in the 1st Embodiment. It is a figure which shows the data example of the OTP memory and non-OTP memory in the 1st Embodiment. It is a flowchart of the process for verifying the authenticity of the program data in 1st Embodiment. It is a figure which shows the data example of the OTP memory and non-OTP memory in the 2nd Embodiment. It is a figure which shows the data example of the OTP memory and non-OTP memory in the 2nd Embodiment. It is a figure which shows the data example of the OTP memory and non-OTP memory in the 2nd Embodiment. It is a flowchart of the process for verifying the authenticity of the program data in the 2nd Embodiment.

Hereinafter, the first to third embodiments of the control device and method of the present invention will be described with reference to the drawings. The configuration described below is an example (representative example) as an embodiment of the present invention, and the present invention is not limited to the configuration described below.

As the first to third embodiments of the control device of the present invention, an example of a microcontroller provided in an ECU (Electronic Control Unit) of a vehicle and controlling the running of the vehicle will be described, but a control device for verifying program data will be described. If so, the present invention can be applied to a control device mounted on a general PC (Personal Computer), a home electric appliance, or the like.
In the first to third embodiments, the processing contents of the microprocessor are different, but the basic configuration is the same. Therefore, after explaining the common configuration, the processing contents in each embodiment will be described.

(Microcontroller configuration)
FIG. 1 shows the configuration of the microcontroller 10 common to the first to third embodiments.
As shown in FIG. 1, the microcontroller 10 includes a CPU (Central Processing Unit) 11, a RAM (Random Access Memory) 12, an I / O interface 13, a random number generator 14, a timer 15, and a flash memory 16.

The CPU 11 reads and executes a program for an OS (Operating System) or a program of various applications stored in the flash memory 16. When the application is started, the CPU 11 functions as a verification processing unit that executes a secure boot to verify the authenticity of the program data.

The RAM 12 temporarily stores data or the like used by the CPU 11 to execute the program.

The I / O interface 13 communicates with various sensors mounted on the vehicle. When the external computer 50 is connected to the microcontroller 10, the I / O interface 13 communicates with the external computer 50.

The random number generator 14 generates a random number which is an arbitrary numerical value. For example, the random number generator 14 generates random numbers based on noise input from various sensors via the I / O interface 13.

The timer 15 continues counting until it reaches a specific value set by the CPU 11. When the count value reaches a specific value, the timer 15 resets the count value to 0 and restarts the count.

The flash memory 16 is a non-volatile memory that stores a program executed by various CPUs 11, data used for executing the program, for example, data used for verifying the authenticity of the program data.

The flash memory 16 is divided into sectors of a code flash 161 and a data flash 162. The code flash 161 can be used to store program data, and the data flash 162 can be used to store data used to execute applications.

The flash memory 16 has an OTP (One Time Programmable) memory 21 and a non-OTP memory 22 as subsectors of the code flash 161 and an OTP memory 23 and a non-OTP memory 24 as subsectors of the data flash 162.

The OTP memories 21 and 23 are memories in which the written data cannot be rewritten, and function as the first memory. The non-OTP memories 22 and 24 are memories in which the written data can be rewritten, and function as a second memory. The OTP memories 21 and 23 may be provided as one OTP memory, and the non-OTP memories 22 and 24 may also be provided as one non-OTP memory.

(External computer configuration)
The microprocessor 10 may be connected to the external computer 50 for the purpose of initializing the microprocessor 10 and upgrading the application version.

The external computer 50 is, for example, a PC (Personal Computer), an ECU provided separately from the microcontroller 10, and the like. The external computer 50 includes a CPU 51, a RAM 52, an I / O interface 53, a memory 54 such as a flash memory, and an operation unit 55, a display unit 56, and the like, if necessary.

The CPU 51 reads and executes a program for an OS (Operating System) or a program of various applications stored in the memory 54. For example, the CPU 51 executes an initialization process at the time of factory shipment of the microcontroller 10 or at the time of updating a program. At the time of the initialization process, the CPU 51 writes the data necessary for verifying the program data to the flash memory 16 of the microcontroller 10.

The RAM 52 temporarily stores data and the like used by the CPU 51 to execute the program.

The I / O interface 53 communicates with the microcontroller 10 when connected to the microcontroller 10.

The memory 54 is a storage medium for storing various program data, data necessary for executing the program, and the like. As the memory 54, a flash memory, a hard disk, or the like can be used.

The operation unit 55 outputs an operation signal corresponding to the operation to the CPU 51. Examples of the operation unit 55 include a keyboard, a mouse, a touch panel, and the like.
The display unit 56 is a display that displays an operation screen or the like according to the instructions of the CPU 51.

<First Embodiment>
(Initialization process)
The microprocessor 10 is connected to the external computer 50 and is initialized, so that the data necessary for verifying the program data is written to the flash memory 16.

FIG. 2 shows a processing procedure in which the external computer 50 generates the 1st to nth hash chains, which is one of the data required for verification. This process is executed offline, for example, during the initialization process of the microprocessor 10 at the time of shipment at the factory.

As shown in FIG. 2, the external computer 50 generates data having a predetermined length as the first hash chain x1 (step S11). It is preferable that this data is an arbitrarily determined numerical value, for example, a random number generated by a random number generator, because the security against falsification is enhanced. The length of the data is 256 bits when the hash function used for the hash chain x1 is SHA256, and 160 bits when SHA-1 is used.

Next, the external computer 50 repeatedly uses the hash function on the hash chain x1 n-1 times to sequentially generate the second hash chain x2 to the nth hash chain xn (step S12). n is a number of 2 or more representing the maximum number of times the application can be updated. Hereinafter, an example of using SHA256 as a hash function will be described, but a hash function other than SHA256 can also be used.

Specifically, the external computer 50 sets the coefficient i representing the hash chain generation order to i = 2. Then, the external computer 50 uses a hash function for the hash chain x (i-1) to generate the hash chain xi. The generation of the hash chain xi is expressed by the following formula.
Hash chain xi = SHA256 (hash chain x (i-1))
SHA256 () represents a hash function SHA256 that generates a hash value from the data value in ().

After generating the hash chain xi, the external computer 50 increments i and repeats the generation of the hash chain xi. By repeating this process until i reaches n, hash chains x2 to xn are generated.

FIG. 3 is a conceptual diagram of hash chains x1 to xn.
As shown in FIG. 3, the hash function SHA256 is used to generate the hash chain x2 from the hash chain x1 and the hash chain x3 from the hash chain x2. By repeating the process of using the hash value of the hash chain as the next hash chain in this way, the first hash chain x1 to the nth hash chain xn are sequentially generated.

The external computer 50 stores the last generated nth hash chain xn out of the n hash chains x1 to xn in the OTP memory 23 of the data flash 162 (step S13). Further, the external computer 50 stores the first hash chain x1 to the n-1th hash chain x (n-1) in a secure memory separate from the microcontroller 10 (step S14).

When the storage of the hash chains x1 to xn is completed, the microprocessor 10 is initialized by the external computer 50. Specifically, the external computer 50 stores the program data of the application in the non-OTP memory 22 of the code flash 161. Further, the external computer 50 calculates all the hash values of the program data of the application using the hash function SHA256, and stores the calculated hash values as reference values in the OTP memory 23 of the data flash 162.

When the application is updated and upgraded, the microprocessor 10 is connected to the external controller 50 and is initialized. In the initialization process at the time of update, the external computer 50 overwrites the program data of the application stored in the non-OTP memory 22 with the program data after the update. Further, the external computer 50 acquires the hash chain x (nk + 1) from the secure memory and writes it in the non-OTP memory 24. k is a number 1 to n representing the version of the application. Further, the external computer 50 calculates the hash value of the updated program data using the hash function SHA256, and stores the calculated hash value as a reference value in the OTP memory 23. Since the data cannot be rewritten in the OTP memory 23, the reference value of the latest version is stored in the OTP memory 23 together with the reference value of the previous version.

4A to 4C show data examples of the OTP memory 23 and the non-OTP memory 24. FIG. 4A shows an example of data at the time of version 1, FIG. 4B shows an example of data at the time of version 2, and FIG. 4C shows an example of data at the time of version 3.
As shown in FIGS. 4A to 4C, the OTP memory 23 is provided with n slots 231 to 23n. Each slot 231 to 23n corresponds to a reference value of each version. A coefficient k (k = 1 to n) representing the number of versions is assigned as the address of each slot 231 to 23n.

At the time of shipment from the factory, slot 231 is occupied by the reference value v1 of the program data of version 1, as shown in FIG. 4A. The other slots 223 to 23n are empty and unused. Although the reference value v1 of the OTP memory 23 cannot be rewritten, data can be written to the other unused slots 223 to 23n. On the other hand, the non-OTP memory 24 is provided with one slot 240, but at the time of version 1, this slot 240 is empty and is in an unused state.

When the application is updated, as shown in FIG. 4B, the hash value of the updated program data is written to the slot 232 of the OTP memory 23 as the reference value v2 of the latest version 2. When the reference value v2 is written in the slot 232, the reference value v1 of the previous version 1 expires. On the other hand, the hash chain x (n-1) is written in the slot 240 of the non-OTP memory 24.

When the application is further updated, the reference value v3 of the latest version 3 is written to slot 233 of the OTP memory 23, as shown in FIG. 4C. As a result, the reference values v1 and v2 of the previous versions 1 and 2 expire. On the other hand, the hash chain x (n-2) is overwritten in the slot 240 of the non-OTP memory 24.

In this way, the reference value vk of the latest version k is written in the OTP memory 23 every time the application is updated, and the hash chain x (n−k + 1) is overwritten in the non—OTP memory 24. N slots 231 to 23n are prepared for the reference value vk, and the application can be updated n times. The microcontroller 10 can use these data to verify the authenticity of the program data.

(Verification process)
FIG. 5 shows a processing procedure for verifying the authenticity of program data in the microprocessor 10. This process is executed by the CPU 11 as a secure boot when starting an application, for example.

As shown in FIG. 5, the CPU 11 calculates a hash value from all the program data of the application using the hash function SHA256 (step S21). Next, the CPU 11 searches the OTP memory 23 for the reference value vk of the latest version k (step S22). The reference value vk is stored in the slot whose address is k among the slots 231 to 23n of the OTP memory 23.

The CPU 11 collates the calculated hash value with the searched reference value vk, and determines whether or not they are the same (step S23). If the hash value is not the same as the reference value vk (step S23: NO), the secure boot fails because the program data has been tampered with. The CPU 11 resets the microprocessor 10 (step S24) and ends the secure boot.

Note that in step S24, the microcontroller 10 can continue secure boot, leaving a track of program corruption, for example by using a special flag in RAM. This is called an authenticated boot.

When the hash value is the same as the reference value vk (step S23: YES), the CPU 11 determines whether k = 1, that is, whether the application is version 1 which has never been updated (step S23: YES). S25). If k = 1 (step S25: YES), that is, version 1, the secure boot succeeds. The CPU 11 starts the application (step S29) and ends the secure boot.

When k = 1 (step S25: NO), that is, when the version is 2 or more, the CPU 11 reads the hash chain x (n−k + 1) from the non-OTP memory 24 (step S26). The CPU 11 repeatedly uses the hash function SHA256 k-1 times to calculate a hash value from the hash chain x (n−k + 1) (step S27). The hash value calculated should be the hash chain xn. For example, when k = 2, the hash chain x (n-1) is stored in the non-OTP memory 24. When the hash function SHA256 is used 1 (1 = 2-1) times for this hash chain x (n-1), the hash chain xn is calculated. When k = 3, the hash chain x (n-2) is stored in the non-OTP memory 24. By repeating the hash function SHA256 on the hash chain x (n-2) 2 (2 = 3-1) times, the hash chain x (n-1) is calculated from the hash chain x (n-2), and this hash chain is calculated. A hash chain xn is further calculated from x (n-1).

In this way, the hash chain xn can be recalculated by repeatedly applying the hash function SHA256 to the hash chains x1 to x (n-1) before the hash chain xn. Since the hash function SHA256 has pre-image resistance, it is possible to calculate the hash chain in the order in which it is generated, but it is not possible to calculate the hash chain on the head side from the hash chain on the tail side, that is, in the reverse order of the generation order. For example, the hash chain x (n-1) and xn can be calculated from the hash chain x (n-2), but the hash chain x (n-3) cannot be calculated.

The CPU 11 determines whether or not the calculated hash chain xn and the hash chain xn stored in the OTP memory 23 are the same (step S28). If they are the same (step S28: YES), the CPU 11 determines that the program data is genuine, and the secure boot succeeds. The CPU 11 starts the application (step S29) and ends the secure boot. On the other hand, if they are not the same (step S28: NO), secure boot fails. The CPU 11 resets the microprocessor 10 (step S24) and ends the secure boot.

As described above, according to the microcontroller 10 of the first embodiment, the hash value calculated from the program data and the reference value vk stored in the OTP memory 23 are the same, and are stored in the non-OTP memory 24. The authenticity of the program data is verified by determining whether the hash chain xn calculated from the hash chain x (n−k + 1) and the hash chain xn stored in the OTP memory 23 are the same.

It is impossible to falsify the reference value vk of the OTP memory 23 and the hash chain xn. When a malicious third party tries to forge the reference value vk, it is necessary to forge the hash chain x (n-k + 1), but due to the pre-image resistance characteristic of the hash function, the hash chain xn is before the hash chain xn. The hash chain x (n-k + 1) cannot be forged. Therefore, high security with a reference value vk can be maintained.

As described above, according to the microcontroller 10 of the first embodiment, it is possible to verify highly secure program data by using the OTP memory 23 and the non-OTP memory 24, which are general hardware. The hash chain x1 to xn used for verification can be obtained by performing the calculation of the hash function SHA256 at most n-1 times on a data piece having a data amount as small as 256 bits. Since the amount of calculation is small, the verification time can be shortened even if the hardware is not high-performance and secure. Therefore, the verification of the program data can be performed at high speed regardless of the performance of the hardware.

Tampering with the reference value vk can also be verified using a digital signature. When a digital signature is used, the program data of the application and its reference value are stored in the non-OTP memory, and the rewritable reference value is given a digital signature created by the private key. The public key corresponding to the private key is stored in the OTP memory. During secure boot, the application is launched when the hash value calculated from the program data of the application and the reference value are the same, and the public key is used to verify that the digital signature of the reference value is correct. Will be.

However, digital signature verification is computationally intensive and can take seconds on low performance microcontrollers. Even a high-performance microcontroller with a clock speed of 100 MHz or more may take several hundred milliseconds, which is not suitable for a system that needs to operate in a very short time such as starting a vehicle engine. The microcontroller 10 of the first embodiment can speed up verification by using a hash chain xn instead of a digital signature. The calculation speed of the hash function SHA256 is several orders of magnitude faster than the verification of digital signatures. Therefore, even if the microprocessor 10 has low performance, the reference value vk can be verified at high speed, and the system can be operated at high speed such as starting the engine of the vehicle.

<Second Embodiment>
In the first embodiment, all the hash values of the program data are calculated, but in the second embodiment, the hash value calculation is made a part of the program data, so that the hash value calculation is faster than in the first embodiment. To become.

(Initialization process)
In the initialization process in the second embodiment, as in the first embodiment, the external computer 50 generates hash chains x1 to xn, stores the last hash chain xn in the microcomputer 10, and then generates a reference value. .. The reference value of the second embodiment is a hash value of each of m data portions in which the program data is divided.

Specifically, the external computer 50 divides the program data of the application into m data portions, and calculates the hash value of each data portion using the hash function SHA256. The external computer 50 stores the calculated hash value of each data portion as the reference value y1 to ym of each data portion in the non-OTP memory 24.

Further, the external computer 50 calculates a hash value from each reference value y1 to ym. For example, the external computer 50 generates a data string in which the reference values y1 to ym are arranged in order and concatenated, and the hash function SHA256 is used to calculate the hash value of the data string. The external computer 50 stores the calculated hash value as the reference value wk of the version k in the slot 231 of the OTP memory 23. The reference value wk is used for verification of each reference value y1 to ym stored in the non-OTP memory 24.

The reference value wk is expressed by the following formula.
Reference value wk = SHA256 (reference value y1 || reference value y2 ||… || reference value ym)
|| in the formula represents a concatenation. SHA256 () represents a hash function SHA256 that generates a hash value from the data value in ().

When the application version is upgraded, the external computer 50 overwrites the program data of the application stored in the non-OTP memory 22 with the updated program data. Further, the external computer 50 acquires the hash chain x (nk + 1) from the secure memory and writes it in the non-OTP memory 24. The external computer 50 generates reference values y1 to ym from the updated program data and stores them in the non-OTP memory 24. Further, the external computer 50 calculates a hash value of a data string in which the generated reference values y1 to ym are arranged and concatenated, and stores the generated reference values wk in the OTP memory 23. The reference value wk of each version is additionally written in the OTP memory 23 in which the data cannot be rewritten.

6A to 6C show data examples of the OTP memory 23 and the non-OTP memory 24 in the second embodiment. FIG. 6A shows a version 1 data example, FIG. 6B shows a version 2 data example, and FIG. 6C shows a version 3 data example.
As shown in FIGS. 6A to 6C, the non-OTP memory 24 of the second embodiment is provided with m slots 241 to 24 m in addition to the slots 240. One slot corresponds to one reference value. Further, as in the first embodiment, the non-OTP memory 24 is provided with a slot 240, and the OTP memory 23 is provided with slots 231 to 23n.

At the time of shipment from the factory, as shown in FIG. 6A, the reference values y1 to ym of the version 1 are stored in the slots 241 to 24 m of the non-OTP memory 24, and the reference values of the version 1 are stored in the slots 231 of the OTP memory 23. w1 is stored. Slot 240 of the non-OTP memory 24 is in an unused state. Further, the slots 223 to 23n of the OTP memory 23 are also in an unused state.

When the program data of the application is updated, the external computer 50 generates the latest version 2 reference values y1 to ym from the updated program data as shown in FIG. 6B, and each slot 241 of the non-OTP memory 24. Overwrite and save to ~ 24m. Further, the external computer 50 calculates the hash value of the data string of the latest version 2 reference value y1 to ym, and stores it in the slot 232 of the OTP memory 23 as the version 2 reference value w2. As a result, the reference value w1 of version 1 expires. The external computer 50 acquires the hash chain x (n-1) stored in the secure memory and stores it in the slot 240 of the non-OTP memory 24.

When the application is further updated, the external computer 50 generates the latest version 3 reference values y1 to ym from the updated program data, and overwrites and saves the reference values y1 to ym of the latest version 3 in each slot 241 to 24 m of the non-OTP memory 24. Further, the external computer 50 calculates the hash value of the data string from the reference values y1 to ym of the latest version 2, and stores it in the slot 233 of the OTP memory 23 as the reference value w3 of the version 3. As a result, the reference values w1 and w2 of versions 1 and 2 expire. The external computer 50 acquires the hash chain x (n-2) from the secure memory and overwrites and stores it in the slot 240 of the non-OTP memory 24.

In this way, every time the application is updated, the reference value y1 to ym of the latest version k and the hash chain x (n−k + 1) are overwritten and saved in the non-OTP memory 24, and the reference value of the latest version k is saved. wk is stored in the OTP memory 23.

(Verification process)
FIG. 7 shows a processing procedure in which the microcotton roller 10 according to the second embodiment verifies the authenticity of the program data. This process is executed by the CPU 11 as a secure boot when starting an application, for example.

As shown in FIG. 7, the CPU 11 acquires the random number r (r is an integer of 1 to m) generated by the random number generator 14 (step S41). The CPU 11 divides the program data of the application into m data portions, and calculates a hash value from the r-th data portion r of the m data portions using the hash function SHA256 (step S42).

The CPU 11 reads the reference value wk of the latest version k from the OTP memory 23 (step S43). Further, the CPU 11 generates a data string in which the reference values y1 to ym stored in the non-OTP memory 24 are arranged and concatenated, and the hash value is calculated using the hash function SHA256. The CPU 11 determines whether or not the calculated hash value is the same as the reference value wk stored in the OTP memory 23 (step S44).

If the calculated hash value and the reference value wk are not the same (step S44: NO), the secure boot fails (step S45), and the CPU 11 ends the secure boot without starting the application. In step S45, the authentication boot may be executed in the same manner as in step S24 described above. On the other hand, when the calculated hash value is the same as the reference value wk (step S44: YES), the CPU 11 has the hash value of the calculated data portion r and the reference value yr of the data portion r stored in the non-OTP memory 24. Is the same or not (step S46).

If the calculated hash value and the stored reference value yr are not the same (step S46: NO), secure boot fails because part of the program data has been tampered with. The CPU 11 resets the microcontroller 10 (step S45) and ends the secure boot. On the other hand, when the calculated hash value and the stored reference value yr are the same (step S46: YES), the CPU 11 determines whether or not k = 1 (step S47).

When k = 1 (step S47: YES), that is, in the case of version 1, the secure boot succeeds. The CPU 11 starts the application (step S51) and ends the secure boot. When k = 1 (step S47: NO), that is, when the version is 2 or more, the CPU 11 reads the hash chain x (n-k + 1) from the non-OTP memory 24 (step S48). The CPU 11 repeatedly uses the hash function SHA256 k-1 times to calculate a hash value, that is, a hash chain xn from the hash chain x (n−k + 1) (step S49).

The CPU 11 determines whether or not the calculated hash chain xn and the hash chain xn stored in the OTP memory 23 are the same (step S50). If each hash chain xn is the same (step S50: YES), the CPU 11 determines that the program data is genuine, and the secure boot succeeds. The CPU 11 starts the application (step S51) and ends the secure boot. On the other hand, if they are not the same (step S50: NO), secure boot fails. The CPU 11 resets the microcontroller 10 (step S45) and ends the secure boot. The processing content of steps S47 to S50 is the same as the processing content of steps S25 to S28 in the first embodiment.

As described above, according to the second embodiment, the hash value of the data portion r of 1 / m of the program data may be calculated, and it is not necessary to calculate the entire hash value of the program data. Therefore, by using the hash chains x1 to xn as in the first embodiment, not only the verification can be speeded up, but also the calculation of the hash value of the program data can be speeded up by m times. For example, if it takes 100 ms to calculate the hash value of the entire program data, if m = 10 is set and the program data is divided into 10, the hash value calculation will be completed in 10 ms, which is 10 times faster. Can be converted. Even when the amount of program data is large, the system can be operated at high speed.

The falsified program data has at least a part different from the original program data. Since the data portion r to be verified by calculating the hash value is an arbitrary number from 1 to m, the falsified data portion can be found by performing secure boot a sufficient number of times.

In the second embodiment, since the reference values y1 to ym of each data portion are saved in the non-OTP memory 24 instead of the OTP memory 23, they can be overwritten and saved every time the program data is updated, which is necessary for saving. The memory capacity can be reduced. Whether or not the reference values y1 to ym of each data portion stored in the non-OTP memory 24 are authentic can be confirmed by the reference value wk stored in the OTP memory 23. When a malicious third party tries to forge the reference value yr in order to succeed in secure boot, the hash value of the data string consisting of the reference values y1 to ym is the non-rewritable reference value stored in the OTP memory 23. It is necessary to forge it so that it is the same as wk. However, due to the definition of the hash function SHA256, it is impossible to calculate the reference value yr so that the hash value of the data string is the same as the reference value wk. The reference value wk of each version k is stored in the OTP memory 23, but since the reference value wk is a hash value and the amount of data is small, the memory capacity of the OTP memory 23 required for storage can also be reduced.

As described above, according to the microcontroller 10 of the second embodiment, as in the first embodiment, the OTP memory 23 and the non-OTP memory 24, which are general hardware, are used to obtain highly secure program data. Verification can be performed. When the program data is divided into 10 for example, a non-OTP memory 24 having a capacity of 10 × 256 bits or 320 bytes is required to store 10 reference values y1 to y10, and this capacity is determined by the microcontroller 10. It is a capacity that can be easily realized even with low performance. Since the reference values y1 to ym and the hash chain x1 to xn used for verification can be calculated by the hash function SHA256, which requires less calculation than the digital signature, the verification time should be shortened even if the hardware is not high-performance and secure. Can be done. Therefore, it is possible to verify program data with higher security at high speed regardless of the performance of the hardware.

<Third Embodiment>
The microcontroller 10 of the third embodiment further enhances security by executing the verification process of the program data described in the first or second embodiment at a designated time.

In the microprocessor 10 according to the third embodiment, the time for the CPU 11 to execute the secure boot is set in the timer 15. When the time counted by the timer 15 reaches the secure boot execution time, the CPU 11 executes the secure boot similar to the first or second embodiment. The execution time of the secure boot may be a fixed interval or a time arbitrarily defined by a random number or the like.

As described above, according to the third embodiment, since the verification of the program data is performed at the designated time, the security can be further enhanced by shortening the interval for executing the verification. This is particularly effective in the second embodiment. In the verification process according to the second embodiment, since the verification by the hash value is performed not for all but a part of the program data, the security is enhanced by shortening the verification interval and increasing the data portion to be verified.

Although the preferred embodiments of the present invention have been described above, the present invention is not limited to these embodiments, and various modifications and modifications can be made within the scope of the gist thereof.
For example, security can be enhanced by saving a different hash chain each time the application version is updated, but one of the hash chains x1 to x (n-1) generated before the hash chain xn can be used. If so, the last hash chain xn can be calculated. Therefore, instead of writing a different hash chain for each update, one hash chain selected from the hash chains x1 to x (n-1), for example, the hash chain x5 may be saved each time.

10 ... Microcontroller, 11 ... CPU, 21 ... OTP memory, 22 ... non-OTP memory, 23 ... OTP memory, 24 ... non-OTP memory, 50 ... External controller

Claims (12)

A verification processing unit (11) that verifies the authenticity of the program data by calculating a hash value from the program data using a hash function and determining whether or not the hash value is the same as the reference value.
The first memory (23), which cannot be rewritten, and
It is equipped with a second memory (24) that can rewrite data.
In the first memory (23), the reference value and the nth hash chain of the 1st to nth hash chains calculated from data of a predetermined length by repeatedly using the hash function are stored. ,
One of the 1st to n-1st hash chains of the 1st to nth hash chains is stored in the second memory (24).
The verification processing unit (11) calculates the nth hash chain from any of the 1st to n-1th hash chains stored in the second memory (24) using the hash function, and the above-mentioned The hash value calculated from the program data is the same as the reference value, and the calculated nth hash chain and the nth hash chain stored in the first memory (23) are the same. If the program data is determined to be genuine,
Control device (10). The reference value is a hash value calculated from all of the program data.
The verification processing unit (11) calculates a hash value from all of the program data, and determines whether or not the calculated hash value is the same as the reference value.
The control device (10) according to claim 1. A verification processing unit (11) that verifies the authenticity of the program data by calculating a hash value from the program data using a hash function and determining whether or not the hash value is the same as the reference value.
The first memory (23), which cannot be rewritten, and
It is equipped with a second memory (24) that can rewrite data.
In the first memory (23), the hash value of the reference value and the nth hash chain of the 1st to nth hash chains calculated from the data of a predetermined length by repeatedly using the hash function are stored. Saved
The reference value and any one of the 1st to n-1st hash chains of the 1st to nth hash chains are stored in the second memory (24).
The verification processing unit (11) uses the hash function to calculate a hash value from a reference value stored in the second memory (24), and the above 1 to 1 stored in the second memory (24). The nth hash chain is calculated from any of the n-1th hash chains, the hash value calculated from the program data is the same as the reference value, and the hash value calculated from the reference value is the said. If it is the same as the hash value of the stored reference value and the calculated nth hash chain is the same as the stored nth hash chain, it is determined that the program data is genuine.
Control device (10). The reference value is a hash value of each of m pieces of data in which the program data is divided.
The verification processing unit (11) calculates a hash value of any data portion of the program data, and the calculated hash value is the same as the hash value of any of the data portions stored as the reference value. Judge whether or not
The control device (10) according to claim 3. The hash value of the reference value is a hash value of a data string in which the hash values of the data parts are concatenated.
The verification processing unit (11) generates a data string in which the hash values of the respective data portions saved as the reference value are concatenated, calculates the hash value of the data string, and hashes the saved reference value. Judge if it is the same as the value,
The control device (10) according to claim 4. The reference value is calculated and saved from the updated version of the program data each time the program data is updated.
The control device (10) according to any one of claims 1 to 5. When the number of versions of the program data is represented by k, any of the 1st to n-1st hash chains stored in the second memory (24) is the nk + 1th hash chain.
The verification processing unit (11) repeatedly uses the hash function for the nk + 1th hash chain to calculate the nth hash chain.
The control device (10) according to claim 6. The verification processing unit (11) executes the verification at a designated time.
The control device (10) according to any one of claims 1 to 7. This is a method of initializing a control device (10) that includes a first memory (23) in which data cannot be rewritten and a second memory (24) in which data can be rewritten, and verifies the authenticity of program data. hand,
The step of calculating the 1st to nth hash chains from the data of a predetermined length by repeatedly using the hash function, and
As a reference value used for the verification, a step of calculating a hash value from the program data using the hash function, and a step of calculating the hash value from the program data.
A step of storing the calculated reference value and the nth hash chain of the 1st to nth hash chains in the first memory (23).
A step of storing any one of the 1st to n-1st hash chains in the 1st to nth hash chains in the second memory (24), and
How to include. A method for verifying the authenticity of program data in a control device (10) including a first memory (23) in which data cannot be rewritten and a second memory (24) in which data can be rewritten. ,
A step of verifying the authenticity of the program data by calculating a hash value from the program data using a hash function and determining whether or not the hash value is the same as a reference value is included.
In the first memory (23), the reference value and the nth hash chain of the 1st to nth hash chains calculated from data of a predetermined length by repeatedly using the hash function are stored. ,
One of the 1st to n-1st hash chains of the 1st to nth hash chains is stored in the second memory (24).
The verification step is
Using the hash function, a step of calculating the nth hash chain from any of the 1st to n-1st hash chains stored in the second memory (24), and
When the hash value calculated from the program data is the same as the reference value, and the calculated nth hash chain and the stored nth hash chain are the same, the program data is authentic. And the steps to determine that
How to include. This is a method of initializing a control device (10) that includes a first memory (23) in which data cannot be rewritten and a second memory (24) in which data can be rewritten, and verifies the authenticity of program data. hand,
The step of calculating the 1st to nth hash chains from the data of a predetermined length by repeatedly using the hash function, and
As a reference value used for the verification, a step of calculating a hash value from the program data using the hash function, and a step of calculating the hash value from the program data.
A step of calculating a hash value from the reference value using the hash function, and
A step of storing the hash value calculated from the reference value and the nth hash chain of the 1st to nth hash chains in the first memory (23).
A step of storing the reference value and any of the 1st to n-1st hash chains of the 1st to nth hash chains in the second memory (24).
How to include. A method of verifying the authenticity of program data in a control device (10) including a first memory (23) in which data cannot be rewritten and a second memory (24) in which data can be rewritten.
A step of verifying the authenticity of the program data by calculating a hash value from the program data using a hash function and determining whether or not the hash value is the same as a reference value is included.
In the first memory (23), the hash value calculated from the reference value and the nth hash of the 1st to nth hash chains calculated from the data of a predetermined length by repeatedly using the hash function. The chain and is saved,
The reference value and any one of the 1st to n-1st hash chains of the 1st to nth hash chains are stored in the second memory (24).
The verification step is
A step of calculating a hash value from a reference value stored in the second memory (24) using the hash function, and
A step of calculating the nth hash chain from any of the first to n-1th hash chains stored in the second memory (24), and
The hash value calculated from the program data is the same as the reference value, and the hash value calculated from the reference value is the same as the hash value of the stored reference value, and the calculated nth position. If the hash chain of is the same as the stored nth hash chain, the step of determining that the program data is authentic and
How to include.

Images