KR20160097073A - Apparatus and Method for Guaranteeing Communication Integrity Between Real-time Operating System Partitions - Google Patents

Apparatus and Method for Guaranteeing Communication Integrity Between Real-time Operating System Partitions Download PDF

Info

Publication number
KR20160097073A
KR20160097073A KR1020150018926A KR20150018926A KR20160097073A KR 20160097073 A KR20160097073 A KR 20160097073A KR 1020150018926 A KR1020150018926 A KR 1020150018926A KR 20150018926 A KR20150018926 A KR 20150018926A KR 20160097073 A KR20160097073 A KR 20160097073A
Authority
KR
South Korea
Prior art keywords
partitions
integrity
key
real
time operating
Prior art date
Application number
KR1020150018926A
Other languages
Korean (ko)
Other versions
KR102055751B1 (en
Inventor
하영목
김태호
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR1020150018926A priority Critical patent/KR102055751B1/en
Publication of KR20160097073A publication Critical patent/KR20160097073A/en
Application granted granted Critical
Publication of KR102055751B1 publication Critical patent/KR102055751B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems

Abstract

The present invention relates to an integrity guaranteeing device between real time operating system partitions which comprises: a scheduler configured to combine symmetrical keys and public key-private key combinations and provide the symmetrical keys and the public key-private key combinations to at least two partitions; and the at least two partitions configured to check integrity of a different partition and data to be transmitted/received by using the symmetrical keys and configured to mutually authenticate the different partition and the data by using the public key-private key combinations.

Description

Technical Field [0001] The present invention relates to an apparatus and method for guaranteeing communication integrity between real-time operating system partitions,

The present invention relates to a real-time operating system using partitioning concepts, and more particularly to an apparatus and method for ensuring communications integrity between partitions.

In recent years, systems have been developed in which a plurality of real-time partitions (partitions) are designed to be implemented in one hardware set, for example, due to the SWaP problem, which refers to the problem of space, weight, and power. In such a system, partitions share a set of hardware according to the scheduler-defined order. However, in some cases, perfect temporal / resource independence between partitions may not be guaranteed.

In addition, communication between partitions exchanges data through a channel which is a logical communication link. At this point, the port supports the resources needed to send or receive messages on a particular channel in the partition. However, system error generation and propagation may be caused by improper or unexpected errors or resource sharing during communication between partitions.

The present invention provides an apparatus and method for guaranteeing communication integrity between real-time operating system partitions in order to prevent errors that may occur in a real-time operating system using partitioning.

The present invention relates to an apparatus for guaranteeing integrity between real-time operating system partitions, comprising: a scheduler for generating and providing symmetric keys and public key-private key combinations to two or more partitions; To verify integrity and to mutually authenticate with other partitions using the public key-private key combination.

According to the configuration of the present invention, a real-time operating system using partitioning can secure the integrity of inter-partition communication through dynamic algorithms, and can prevent system errors such as improper or unexpected partitioning and erroneous resource sharing of partitions that may arise from inter- Generation and propagation can be prevented.

1 is a block diagram illustrating an apparatus for guaranteeing integrity between real-time operating systems according to an embodiment of the present invention.
2 is a flowchart illustrating a method for guaranteeing integrity between real-time operating systems in a scheduler according to an embodiment of the present invention.
3 is a flowchart illustrating a method for guaranteeing integrity between real-time operating systems partitioned between partitions according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

The terms used throughout the specification are defined in consideration of the functions in the embodiments of the present invention and can be sufficiently modified according to the intentions and customs of the user or the operator. It should be based on the contents of.

1 is a block diagram illustrating an apparatus for guaranteeing integrity between real-time operating systems according to an embodiment of the present invention.

Referring to Figure 1, a real-time operating system partition inter-partition integrity device comprises two or more partitions 110-1, 110, 2, ..., 110-N sharing a hardware set 10, Includes a scheduler 120 that schedules the order in which the processors 110-1, 110,2, ..., 110-N share the hardware set 10.

In accordance with an embodiment of the present invention, the scheduler 120 may include a symmetric key encryption algorithm and a public key certificate (e.g., a public key certificate) to ensure communication integrity between two or more partitions 110-1, 110, Algorithms are used to create and manage symmetric keys and public key-private key combinations to be shared by two or more partitions 110-1, 110, 2, .... 110-N. The scheduler 120 includes an encryption key generation unit 121, an authentication key generation unit 122, a key DB 123, and a communication order control unit 124.

The encryption key generation unit 121 generates a symmetric key for guaranteeing inter-partition communication integrity using an encryption algorithm. The authentication key generation unit 122 generates public key-private key combinations to be used for inter-division authentication. The generated symmetric key and public key-private key combinations are stored in the key DB 123.

According to one embodiment, the encryption key generation unit 121 and the authentication key generation unit 122 update the key DB 123 irregularly. For example, if the number of randomly generated clocks is 1000, the encryption key generating unit 121 and the authentication key generating unit 122 calculate the time corresponding to the clock 1000 After this elapses, the key is updated. Then randomly regenerates the number of clocks that will determine the next update interval.

The communication order control unit 124 performs scheduling for two or more partitions 110-1, 110, 2, ..., 110-N, and simultaneously allocates two or more partitions 110-1, 110, ..., 110-N) in accordance with the communication order among the plurality of partitions 110-1, 110,2, .... 110-N. At this time, since the allocated channel is a unidirectional channel that can only be transmitted to two or more partitions 110-1, 110, 2, ..., 110-N, the communication order control unit 124 can not be modified do.

When two or more partitions 110-1, 110, 2... 110-N are in data communication with different partitions, using the symmetric key and public key-private key combination provided by the scheduler 120 And performs authentication for integrity. That is, the second data is generated by combining parts extracted randomly from the first data to be transmitted / received, and transmitted / received together with the first data. At this time, the position of the first data extracted for generating the second data is represented by a symmetric key And integrity verification is performed using encryption / decryption. Also, the mutual authentication is performed using the public key-private key combination between the segments transmitting / receiving data.

2 is a flowchart illustrating a method for guaranteeing integrity between real-time operating systems in a scheduler according to an embodiment of the present invention.

2, the scheduler 120 uses a symmetric key encryption algorithm and a public key authentication algorithm to ensure communication integrity between two or more partitions 110-1, 110, 2, ..., 110-N. To generate and manage symmetric keys and public key-private key combinations to be shared by the two or more partitions 110-1, 110, 2, .... 110-N (S210, S220).

The scheduler 120 performs scheduling for two or more partitions 110-1, 110, 2, ..., 110-N and simultaneously allocates two or more partitions 110-1, 110- 110, ..., 110-N) according to the communication order among the plurality of partitions 110-1, 110, 2, .... 110-N (S230).

In addition, the scheduler 120 periodically updates symmetric keys and public key-private key combinations. The update interval may be computed using a randomly generated clock number. For example, if the randomly generated clock number is 1000, The scheduler 120 updates the key after a time corresponding to the clock 1000 has elapsed. Then randomly regenerates the number of clocks that will determine the next update interval.

Accordingly, the scheduler 120 randomly generates a clock for the update period after S230 (S240), monitors whether or not the update period is the S2 period (S250), and proceeds to S210 if it is the update period.

3 is a flowchart illustrating a method for guaranteeing integrity between real-time operating systems partitioned between partitions according to an embodiment of the present invention. Here, an example in which the first 110-1 and the second 110-2 perform communication will be described.

Referring to FIG. 3, partition 1 (110-1) and partition 2 (110-2) obtain a symmetric key and a public key, respectively, from the scheduler 120 for communication with each other (S310).

The partition 1 110-1 and partition 2 110-2 perform mutual authentication using the obtained public key-private key combination (S315). Thereafter, the first data (110-1) generates randomly extracted second data (S320) from the first data to be transmitted, and then the randomly extracted position is encrypted with the symmetric key (S330). The partition 1 (110-1) transmits the first data, the second data, and the encryption information to the partition 2 (110-2) (S340). Then, the second partition 110-2 can decrypt the second data location with the symmetric key (S350), and compare the first data with the second data to verify the integrity.

Claims (1)

A scheduler for generating and providing symmetric keys and public key-private key combinations to two or more partitions;
Authenticating the data to be transmitted / received by another partition, verifying integrity using the symmetric key, and mutually authenticating the other partition using the public key-private key combination. The integrity assurance device between.
KR1020150018926A 2015-02-06 2015-02-06 Apparatus and Method for Guaranteeing Communication Integrity Between Real-time Operating System Partitions KR102055751B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150018926A KR102055751B1 (en) 2015-02-06 2015-02-06 Apparatus and Method for Guaranteeing Communication Integrity Between Real-time Operating System Partitions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150018926A KR102055751B1 (en) 2015-02-06 2015-02-06 Apparatus and Method for Guaranteeing Communication Integrity Between Real-time Operating System Partitions

Publications (2)

Publication Number Publication Date
KR20160097073A true KR20160097073A (en) 2016-08-17
KR102055751B1 KR102055751B1 (en) 2019-12-13

Family

ID=56873767

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150018926A KR102055751B1 (en) 2015-02-06 2015-02-06 Apparatus and Method for Guaranteeing Communication Integrity Between Real-time Operating System Partitions

Country Status (1)

Country Link
KR (1) KR102055751B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112527522A (en) * 2020-12-04 2021-03-19 中国航空工业集团公司成都飞机设计研究所 Partitioned message subscribing and publishing method based on two-stage data pool

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100635280B1 (en) * 2005-04-27 2006-10-19 삼성전자주식회사 Security method using electronic signature

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100635280B1 (en) * 2005-04-27 2006-10-19 삼성전자주식회사 Security method using electronic signature

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112527522A (en) * 2020-12-04 2021-03-19 中国航空工业集团公司成都飞机设计研究所 Partitioned message subscribing and publishing method based on two-stage data pool

Also Published As

Publication number Publication date
KR102055751B1 (en) 2019-12-13

Similar Documents

Publication Publication Date Title
US11190496B2 (en) Fast oblivious transfers
US10601585B1 (en) Methods and apparatus for blockchain encryption
US10218499B1 (en) System and method for secure communications between controllers in a vehicle network
US11063754B2 (en) Systems, devices, and methods for hybrid secret sharing
US20190288854A1 (en) Blockchain-based identity authentication method, device, node and system
WO2022199290A1 (en) Secure multi-party computation
CN108134789B (en) Method for synchronizing data between devices through cloud and cloud server
US11374975B2 (en) TLS integration of post quantum cryptographic algorithms
CN105450620A (en) Information processing method and device
US11595187B2 (en) Communication device and communication method used in decentralized network
CN104580208A (en) Identity authentication method and device
US11424913B2 (en) Key exchange system and key exchange method
CN111737366A (en) Private data processing method, device, equipment and storage medium of block chain
US10158706B2 (en) Communication method for data sharing system, data sharing system, and communication node
CN110688666B (en) Data encryption and preservation method in distributed storage
CN114157415A (en) Data processing method, computing node, system, computer device and storage medium
CN111079158B (en) Data storage and reading method and device
CN112765642A (en) Data processing method, data processing apparatus, electronic device, and medium
US10356064B1 (en) Distributed on-demand key management for rangeless environments
CN116155491B (en) Symmetric key synchronization method of security chip and security chip device
CN106487761B (en) Message transmission method and network equipment
KR20160097073A (en) Apparatus and Method for Guaranteeing Communication Integrity Between Real-time Operating System Partitions
CN114120498B (en) Method and related device for migrating data
CN115865460A (en) Data transmission method and device, electronic equipment and storage medium
US11496287B2 (en) Privacy preserving fully homomorphic encryption with circuit verification

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant