CN100442277C - Method and apparatus for optimizing test of Hasche tree integrity - Google Patents

Method and apparatus for optimizing test of Hasche tree integrity Download PDF

Info

Publication number
CN100442277C
CN100442277C CNB200410046692XA CN200410046692A CN100442277C CN 100442277 C CN100442277 C CN 100442277C CN B200410046692X A CNB200410046692X A CN B200410046692XA CN 200410046692 A CN200410046692 A CN 200410046692A CN 100442277 C CN100442277 C CN 100442277C
Authority
CN
China
Prior art keywords
hash
node
subtree
window
tree
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB200410046692XA
Other languages
Chinese (zh)
Other versions
CN1741010A (en
Inventor
侯方勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CNB200410046692XA priority Critical patent/CN100442277C/en
Publication of CN1741010A publication Critical patent/CN1741010A/en
Application granted granted Critical
Publication of CN100442277C publication Critical patent/CN100442277C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention relates to a method and an apparatus for optimizing test of Hasche tree integrity. The present invention relates to the technology of data safety, and mainly aims at optimizing test of the data integrity of Hasche trees. The present invention has the technical scheme that a Hasche tree is divided into Hasche subtrees; a node of a Hasche subtree which has high visit frequency is buffered, and then the top node of the Hasche subtree is kept at a dependability state; the rest part of the Hasche tree at high level and top nodes of Hasche subtrees which have low visit frequency are buffered; the buffered node, the top node of the Hasche subtree in the dependability state and a root node of the Hasche tree are combined with other effective optimizing measures to reduce the cost of the test for the Hasche tree integrity. The method and apparatus provided by the present invention are suitable for applying occasions to provide integrity test for data.

Description

Optimize the method for Hash tree completeness check
Technical field
The present invention relates to the data security technology, be meant a kind of method that data integrity verifying based on Hash tree is optimized especially.
Background technology
The safeguard protection of data relates to all many-sides; Wherein, the important point is the integrality (integrity) of checking data.The integrality of data is meant error (promptly makeing mistakes) or the unauthorized modification that prevents data; It is by the information in the register system and be used in the future comparison, to find distorting of content.That is to say that completeness check is to provide a tamper-proofing environment for data.In the completeness check technology of data, Hash tree (Hash Tree, or Merkle Tree; Consult " R.C.Merkle.Protocols for public key cryptography.In IEEE Symposium on Security andPrivacy, pages 122-134,1980 ") be a kind of effective completeness check technology.For example, on storer, use Hash tree, the completeness check of online (on-line refers to that verification is carried out in visit immediately to data) can be provided for storer, and have ability preventing playback attack (replay attack).
Though Hash tree can provide the tamper-proofing ability of strong on-line mode, it is difficult directly using Hash tree.Its basic reason is to look protected data as a whole based on the completeness check technical requirement of Hash tree; That is,, rely on the integrality of believable Hash tree root node checking data based on protected data creation Hash tree.This just makes each integrity verification all relate to the read-write and the intermediate computations step of a lot of related datas, thereby makes runnability reduce.Such as; if with a completeness check that directly applies to calculator memory (finger processor chip external memory) without the Hash tree of optimizing (claiming original or basic Hash tree); because each verification all needs to read the many interdependent nodes on the verification path, can bring too high memory access cost and make system move slowly unusually.There are some technology to be devoted to address this problem, typical " buffer-type Hash tree (CHTree, Cached Hash Tree that the researchist proposed as Massachusetts Institute of Technology (MIT) (MIT); Consult ' B.Gassend, G.E.Suh, D.Clarke, M.van Dijk, and S.Devadas.Caches and merkle trees for efficient memory authentication.In Proceedings ofNinth International Symposium on High Performance Computer Architecture, February2003 ') ".This method is considered as the storage space of credible (trusted promptly refers to can not victim distort) with secondary high-speed buffer in the sheet of processor (on-chip L2-Cache), and utilizes the part of nodes of secondary high-speed buffer buffering Hash tree in the sheet of processor.Like this, the completeness check of internal storage access is not needed to be performed until the root node of Hash tree, verification can stop on the node that is buffered in processor inside and shorten the length in verification path, thereby has reduced the cost of data access.But this optimization method needs secondary high-speed buffer in the very jumbo processor piece, so that cushion abundant Hash tree internal node; In addition, also have the effect of some other secondary faces, rise such as secondary high-speed buffer crash rate in the processor piece that causes other application program owing to contention aggravation to secondary high-speed buffer in the processor piece.
In a word, Hash tree is a kind ofly can provide online and have very strong anti-completeness check technology of distorting ability, but the run cost of original Hash tree is too high.Though have the method for some optimizations, still be difficult to the effect that obtains to be entirely satisfactory.Therefore, be necessary to provide more effective Hash tree optimization method, to satisfy the demand of data security protecting.
Summary of the invention
The objective of the invention is to provide a kind of method, make when using the Hash tree checking data integrity, can optimize checking procedure effectively; That is, can significantly reduce the cost (wherein, mainly being the cost of data access) of Hash tree verification.
For realizing purpose of the present invention, the technical solution adopted in the present invention is: it is believable keeping the root node of Hash tree; Cut apart Hash tree and form a series of Hash subtrees at bottom, be called window Hash subtree; Access frequency is called thermal window Hash subtree for high window Hash subtree relatively, other be called cold window Hash subtree; The node of buffering thermal window Hash subtree comprises its top node, and the top node of maintenance thermal window Hash subtree is believable; Buffering is positioned at the Hash tree internal node that window Hash subtree top node is above, the Hash tree root node is following, comprises cold window Hash subtree top node; For thermal window Hash subtree corresponding check, by the thermal window Hash subtree node that is cushioned and believable thermal window Hash subtree top node and realize; For the verification outside the thermal window Hash subtree, by the Hash tree internal node more than the window Hash subtree top node that is cushioned, below the Hash tree root node, comprise window Hash subtree top node, carry out; According to concrete data access situation of when operation, thermal window Hash subtree is along with the reduction of access frequency is converted to cold window Hash subtree, and cold window Hash subtree is converted to thermal window Hash subtree along with the rising of access frequency.
In for the realization the technical solution adopted in the present invention, window Hash subtree is that width is identical.
Keeping the credibility of Hash tree root node and Hash subtree top node in the technical solution adopted in the present invention, be directly to be placed in the trusted area for realizing.
In for the realization the technical solution adopted in the present invention, completeness check for thermal window Hash subtree correspondence, by the thermal window Hash subtree node that is cushioned and believable thermal window Hash subtree top node to realization, be meant: verification is finished verification according to thermal window Hash subtree top node, and needn't all rely on the Hash tree root node at every turn; The required renewal operation to node stops at thermal window Hash subtree top node, and needn't just be updated to the Hash tree root node at once always; Checking procedure is directly utilized the node that is cushioned.
For realizing in the technical solution adopted in the present invention, thermal window Hash subtree node, be buffered in credible or untrusted regional in; If thermal window Hash subtree node is buffered in the trusted area, the completeness check of thermal window Hash subtree correspondence is as long as arriving arbitrary node that is cushioned just stops so, and node updates is to arrive arbitrary node that is cushioned just to stop.
In for the realization the technical solution adopted in the present invention, for the completeness check outside the thermal window Hash subtree, by the Hash tree internal node more than the window Hash subtree top node that is cushioned, below the Hash tree root node, comprise window Hash subtree top node, carry out, be meant: directly utilize the node that is cushioned during verification; When thermal window Hash subtree is converted to cold window Hash subtree, directly utilize the node that is cushioned.
In for the realization the technical solution adopted in the present invention, the Hash tree internal node that window Hash subtree top node is above, the Hash tree root node is following comprises cold window Hash subtree top node, is to be buffered in the zone of believable or untrusted; If be buffered in the trusted area, so corresponding completeness check just stops as long as arriving arbitrary node that is cushioned.
In for the realization the technical solution adopted in the present invention, Hash tree adopts different branched structures; Be the branched structure that window Hash subtree adopts a kind of width, and the above level of window Hash subtree adopt the branched structure of another kind of width to the part of Hash tree root node.
In for the realization the technical solution adopted in the present invention.Hash tree adopts different branched structures, and promptly different window Hash subtrees adopts the branched structure of different in width.
By method proposed by the invention, because most data accesses carry out completeness check by thermal window Hash subtree, the length in the required verification of face thermal window Hash subtree path is far smaller than and relies on the path that whole Hash tree carries out verification; Therefore, the cost of at every turn finishing verification will significantly reduce.Secondly, it is believable only requiring the root node of Hash tree and the top node of thermal window Hash subtree, and other node can be buffered in the buffer zone of untrusted; Thereby required credible buffer zone has compares other optimization method and the size of Yan Gengxiao.In addition, by Hash tree being carried out regular cutting and appropriate node buffering, be suitable for taking some structure optimization measures efficiently.In a word, method proposed by the invention can reduce the cost based on the completeness check of Hash tree effectively.
Description of drawings
Instructions comprises 5 width of cloth accompanying drawings:
Fig. 1 is basic Hash tree schematic diagram;
Fig. 2 is that the present invention implements optimization principle figure to Hash tree;
Fig. 3 is the Hash tree of different branched structures;
Fig. 4 uses Hash tree optimization method proposed by the invention, during verification computer system memory integrality, and the Hash tree structure explanation of employing.
Fig. 5 uses Hash tree optimization method proposed by the invention, during verification computer system memory integrality, and the logic diagram of enforcement.
Embodiment
What the present invention considered is the data integrity verifying process of how optimizing effectively based on Hash tree.In view of known reason, the present invention does not do explicit definition or explanation to employed some term, noun and expression way etc., such as: expression way, one-way hash function (One-wayhash function), Hash (Hash), MD5 algorithm (The MD5 Message-Digest Algorithm), SHA1 algorithm (SHA1 Secure Hash Algorithm), processor, memory device, internal memory, the disk of data, data block, position (bit), byte (Byte), node, connection, number, or the like.
In order clearly to describe method proposed by the invention, at first Hash tree itself is made necessary introduction and explanation.
(1) basic Hash tree
Accompanying drawing 1 has been described basic (or original) Hash tree.In the accompanying drawing 1, the node of the bottom is called the leaf node of Hash tree, all is leaf node as node 201,202,203 and 204.Middle node, or claim internal node 301 and 302, be two node crash-resistants of its subordinate Hash result (collision-resistant hash result promptly is difficult to find 2 different message to have same Hash result); Such as, internal node 301 is after connecting leaf node 202 by leaf node 201, to obtain through Hash calculation.Node topmost is called the root node 100 of Hash tree, is that believable (that is, root node 100 can not be distorted by victim; Such as, be placed in the trusted storage district).Hash tree shown in the accompanying drawing 1 is one 2 yuan (2-ary), i.e. corresponding 2 child nodes of each father node.For the Hash tree shown in the accompanying drawing 1, two basic operations are arranged.These two operations are respectively:
Operation 1: the integrality of a certain node in the verification tree the steps include:
A. read this node and its brotgher of node;
B. the data that connect them;
C. the data after connecting are carried out Hash calculation;
D. whether result and father node mate;
E. repeat these steps up to root node.
Operation 2: upgrade a certain node in the tree, the steps include:
A. the as above integrality of this node of verification;
B. the data that change this node are new data;
C. connect the new data of this node and the data of the brotgher of node;
D. calculate the cryptographic hash that connects the back result;
E. upgrade father node with new cryptographic hash;
F. repeating these steps is updated up to root node.
Basic Hash tree shown in the accompanying drawing 1, though integrality that can the verification protected data, its cost is difficult to bear.For the m unit Hash tree of (m-ary refers to m child node of each father node subordinate), the renewal of data will cause log on each leaf m(N) inferior Hash calculation (N is the number of protected leaf node, represents protected memory size), and the cost of each Hash calculation be directly proportional with m (data that need read a corresponding subordinate m node).This make to use original Hash tree and effective optimization in addition not, and the height of its cost is very significant.
(2) optimization of Hash tree
In order to reduce the cost of Hash tree checking procedure, the optimization method that the present invention proposes is called the Hash tree of being with thermal window.
Accompanying drawing 2 has been described the optimization method of the present invention to Hash tree.We know that data access has the locality feature; That is, in a certain definite time period, visit clusters in certain zone, rather than equiprobability is dispersed in the whole accessed space.Like this, in the accompanying drawing 2, a certain in the given time period by the zone of frequent access, just constitute the district that clusters of a visit; With a visit cluster the district pairing Hash subtree be called a thermal window Hash subtree.For example, if the zone at leaf node 501,502,503 and 504 places has the relative high access frequency that is, then corresponding leaf node 501,502,503 and 504 just forms a thermal window Hash subtree 1001.Obviously, if the top node 701 of thermal window Hash subtree 1001 (is to distinguish obviously with the Hash tree root node, Hash subtree the top node is called top node) be believable, so, at the completeness check process of thermal window Hash subtree 1001 (such as, check-node 501,502,503 or 504 integrality) only need proceed to the top node 701 of corresponding Hash subtree, and needn't be performed until the root node 100 of whole Hash tree.So, because obviously shorten in the verification path, the cost that occurs in the completeness check in the thermal window Hash subtree will significantly reduce; And, can make most visits all directly finish verification owing to the locality of reference feature, thereby make that whole cost obtains to effectively reduce via thermal window Hash subtree.
For convenience, only consider a Hash tree; In addition, the root node of Hash tree, leaf node, and inner (or middle) node can be called node.
For the Hash tree that makes the band thermal window shown in the accompanying drawing 2 can move effectively, the present invention provides following definition, rule and handles.
Definition: a given Hash tree, cut apart Hash tree and form a series of Hash subtrees at bottom, be called window Hash subtree; In the preset time section, access frequency is called thermal window Hash subtree for high window Hash subtree relatively, other window Hash subtree is called cold window Hash subtree.
Rule 1: window Hash subtree has fixing width M; That is, all window Hash subtrees are to wait width, perhaps substantially are to wait width.
Rule 2: can have a plurality of thermal window Hash subtrees and a plurality of cold window Hash subtree to exist simultaneously; Several thermal window Hash subtrees can continuous distribution with corresponding bigger high access frequency zone; Thermal window Hash subtree also can Discrete Distribution with discontinuous high access frequency zone, a plurality of positions of correspondence.
Rule 3: after access frequency changed, thermal window Hash subtree can be converted to cold window Hash subtree, and cold window Hash subtree also can be converted to thermal window Hash subtree.
Handle 1: thermal window Hash subtree forms; Carry out according to following process---
A. generate the node and all or part of node of buffer memory of thermal window Hash subtree.(remarks: begin down to leaf node from thermal window Hash subtree top node, the Hash subtree level that is cushioned is many more, and it is good more to optimize effect.)
B. create the backup (in accompanying drawing 2, the backup 802 of the top node 701 in the thermal window Hash subtree 1001) of this thermal window Hash subtree top node.
C. keeping thermal window Hash subtree top node is that believable (in accompanying drawing 2, in trusted area 1003, promptly top node 701 is merged into node 801 to the top node 701 in the thermal window Hash subtree 1001 by dump; In other words, node 701 is " empty " or " logic ", and node 801 is " real " or " physics "; And node 801 is positioned in the trusted area 1003, thereby can not victim distorts).
Handle 2: verification thermal window Hash subtree node; Carry out according to following process---
A. read this node and its brotgher of node (in accompanying drawing 2, node 502 is the brotgher of node of node 501, and node 602 is the brotgher of node of node 601).
B. the data that connect them.
C. calculate the cryptographic hash that connects the back result.
D. whether result and father node (in accompanying drawing 2, node 601 is father nodes of node 501 and node 502) mate.
E. these processes are performed until this thermal window Hash subtree top node.
Handle 3: upgrade thermal window Hash subtree node; Carry out according to following process---
A. according to the integrality of " handle 2 " this node of verification.
B. the data that change this node are new data.
C. connect the new data of this node and the data of its brotgher of node.
D. calculate the cryptographic hash that connects the back result.
E. upgrade father node with this result.
F. these processes are performed until this thermal window Hash subtree top node and are updated.
Handle 4: thermal window Hash subtree and cold window Hash subtree are changed mutually; Carry out according to following process---
A. judge whether to take place to upgrade, whether the backup that promptly contrasts thermal window Hash subtree top node to be converted is identical (such as accompanying drawing 2 with current epimerite point value, whether the top node 701 in the contrast thermal window Hash subtree 1001 also is a node 801, identical with its backup 802); If identical, then directly change step j.
B. the currency that is thermal window Hash subtree top node to be converted generates a backup, and this backup also places in the trusted area, recover this Hash subtree top node (such as accompanying drawing 2 with its former backup value then, top node 701 for thermal window Hash subtree 1001, it also is node 801, generate a backup, and this backup is in the trusted area, is arranged in a temporary storage location of trusted area 1003 such as use; Then top node 701 is replaced with former backup value 802).
C. according to the integrality of " operation 1 " the verification thermal window Hash to be converted subtree top node of basic Hash tree in the accompanying drawing 1.
D. the currency backup with thermal window Hash subtree top node to be converted recovers this thermal window Hash subtree top node.
E. connect thermal window Hash subtree top node to be converted and its brotgher of node.
F. calculate the cryptographic hash that connects the back result.
G. upgrade the father node (in accompanying drawing 2, the father node of the Hash subtree top node 701 in the thermal window 1001 is a node 901) of thermal window Hash subtree top node to be converted with this result.
H. upwards be updated to Hash tree root node (in accompanying drawing 2, the root node 100 of bringing in constant renewal in the father node of last level and being performed until Hash tree is updated) always.
I. the buffer memory (not containing its top node) of thermal window Hash subtree node to be converted cancels;
J. in other position (refer to new visit cluster district or cold window Hash subtree place to be converted), carry out " handling 1 ".
Handle 5: outside thermal window Hash subtree, visit; Carry out according to following process---
(remarks: the node that is cushioned of indication quickens in will " being handled 6 ") carried out in " operation 1 " and " operation 2 " according to basic Hash tree in the accompanying drawing 1.
Handle 6: initialization; Carry out according to following process---
A. press selected window Hash subtree width from bottom cutting Hash tree (the window Hash subtree that cutting obtains will be distinguished corresponding thermal window Hash subtree or cold window Hash subtree in a certain amount of time according to the difference of accessed frequency follow-up operation).
B. the top node of all window Hash subtrees of buffer memory.
C. generate the node of remainder of the Hash tree that is arranged in last level (such as accompanying drawing 2, based on node 701 and node 702, structure node 901 based on the top node of all window Hash subtrees; Based on node 901 and node 902, structure node 100).
D. the buffer memory previous step rapid in the whole intermediate nodes of gained, and to keep the root node of whole Hash tree be credible (in accompanying drawing 2, buffer memory intermediate node 901 and 902, and preserve root node 100 in trusted area 1003).
E. the node that is cushioned can be handled the operation renewal by other in subsequent process.
In accompanying drawing 1 and accompanying drawing 2, Hash tree is considered as balanced tree simply, promptly Shu structure is symmetrical.Such as, accompanying drawing 1 is a binary tree; When bottom had 4 nodes, it was a balance; If bottom has only 3 nodes, then can't form balanced tree.In actual applications, differing to establish a capital to construct balanced tree, but this can't run counter to above-mentioned given summary of the invention.Because can replenish " making mute " node to constitute balanced tree.In accompanying drawing 1,, can replenish " making a mute " node 204 if original bottom has only node 201,202 and 203; Node 204 reality do not exist and can be not accessed, so the value of " making mute " node 204 can be taken as complete zero (or other value); So, just formed balanced tree.Same reason not necessarily can be divided equally Hash tree according to selected window Hash subtree width, and not necessarily can keep all window Hash subtrees in other words in form is to wait width, but can make in fact that the width of all window Hash subtrees is identical.In accompanying drawing 1, if original bottom has only node 201,202 and 203, and the width of corresponding 2 bottom layer node of each window Hash subtree; At this moment,, can replenish " making a mute " node 204, thereby form two window Hash subtrees that width is identical in fact though 3 nodes can't form the window Hash subtree that two width all are 2 nodes in form.Therefore, no matter how many concrete sizes in protected space is, always can substantially form a series of window Hash subtrees that wait width, and make that simultaneously Hash tree is a balanced tree.
We are considered as Hash tree root node and thermal window Hash subtree top node credible.In the practical application, credible can reaching by direct or substantial mode.These nodes can directly place in the trusted area, can not distort and this trusted area is the assailant, thereby be kept credible.Such as, if think that processor is believable, the Hash tree root node places high-speed buffer in the processor piece so, perhaps in the interior register of sheet, in perhaps other that is provided with in the sheet or the special storer, can keep credible in the trusted area owing to being located immediately at.Also have, even Hash tree root node and thermal window Hash subtree top node are stored in the untrusted zone, also can add one deck Hash operation (such as, root node is calculated a cryptographic hash again, perhaps to calculating cryptographic hash again one time behind the root node connection top node) and result of calculation is placed in the trusted area; So, Hash tree root node and thermal window Hash subtree top node just keep credible in fact.
Thermal window Hash subtree internal node (not containing top node), can be buffered in is in the non-trusted area.If be buffered in the trusted area, the completeness check process of thermal window Hash subtree even must not proceed to the top node of thermal window Hash subtree so; Verification just can stop (because the result of verification is reliable) as long as arrive arbitrary node that is in the trusted area; The renewal of interdependent node also can just stop when arriving the arbitrary node that is in the trusted area, upwards transmits when thermal window Hash subtree is converted to cold window Hash subtree then again and upgrades the result.Certainly, this needs more jumbo relatively trusted area.
Similarly, if with the Hash tree internal node more than the window Hash subtree top node, below the Hash tree root node, comprise cold window Hash subtree top node, be buffered in the trusted area, the checking procedure beyond the thermal window Hash subtree also needn't be performed until the root node of whole Hash tree so; Verification is as long as the arbitrary node in these nodes of arrival institute buffer memory just can stop (because the result of verification is reliable).Obviously, this also needs more jumbo relatively trusted area.
Though the Hash tree branch described in the accompanying drawing 2 is (accompanying drawing 2 is an example with 2-unit branched structure, i.e. 2 child nodes of 1 father node subordinate) of fixing, and in fact can adopt argument or different branched structures.That is to say that the branched structure of window Hash subtree can be different with the branched structure of the above level of window Hash subtree.In accompanying drawing 3, window Hash subtree 1501 adopts 3-unit branched structure (i.e. 3 child nodes of 1 father node subordinate), and the Hash tree remainder 1502 of the above level of window Hash subtree can adopt 2-unit branched structure (i.e. 2 child nodes of 1 father node subordinate).Certainly, the branched structure of other quantity also is corresponding to described summary of the invention on principle.Similar ground, it also is feasible choosing different branch's width for different window Hash subtrees; As long as check system according to the branch of current Hash subtree carry out checking procedure (such as, the different branches of foundation is determined the different son node number and the number of plies).
Also have, when the practical application Hash tree, usually Hash tree is configured on the protected data space.Consideration is by a data space that Hash tree covered; fasten from the pass of Hash tree and protected data space; the leaf node of a Hash tree can be by a data block (such as; a memory block of internal memory; perhaps disk sector) obtain through uni-directional hash conversion (or hash conversion): all data blocks of whole protected data space correspondingly generates whole Hash tree leaf nodes.All data blocks can be to wait width, perhaps get different width.Even the size of whole data space can not be divided exactly by the data block width, also can replenish " making mute " data cell and make that all data block width are identical.
The present invention is by adding the notion of thermal window in the Hash tree to, make under thermal window Hash subtree covers visit (most visit), can finish completeness check according to the verification path of having shortened greatly; In addition, occur in the visit outside the thermal window Hash subtree, also owing to interdependent node is made the verification cost significantly reduce by buffer memory in advance.Therefore, the present invention can reduce the cost based on the completeness check of Hash tree effectively.
Below, by completeness check, provide a concrete example of using of the present invention to calculator memory.
(3) example: by the integrality of method verification calculator memory proposed by the invention
As shown in Figure 4, whole calculator memory is divided into memory block, and 1 memory block generates the leaf node of 1 Hash tree through uni-directional hash conversion (or hash conversion).Trusted area 2001 can not be distorted; Untrusted zone 2002 can be distorted by victim.At first, (annotate: parameter has the combination of multiple choices, can change according to concrete situation to select relevant various parameters; This place only with cited all parameter values as example):
1. suppose that protected calculator memory 2501 is 256MByte.
The size of 2. getting 1 memory block is that (line length is 64Byte to 64Byte for the L2-Cache of assumed calculation machine processor, i.e. 2 grades of high-speed buffers; And processor is always capable to fill L2-Cache at the 64Byte of storer boundary read data); Such as memory block 2401,2402,2403 and 2404 all is the 64Byte size.
3. 1 of Hash tree leaf node through the uni-directional hash conversion, is created in 1 memory block; Obtain through uni-directional hash conversion (or hash conversion) by memory block 2401 such as Hash tree leaf node 2301.
3. get Hash tree and be 4-unit branched structure, i.e. 4 child nodes of each father node subordinate; Such as node 2301,2302,2303 and 2304 corresponding 1 father node 2201.
4. get the memory headroom of the corresponding 64KByte of 1 window Hash subtree, or the width of 1 window Hash subtree is 64KByte/64Byte=1K leaf node, and system at a time keeps 64 thermal window Hash subtrees; Like this, the memory headroom of total 64KByte * 64=4MByte was in the section under the covering of thermal window Hash subtree in preset time, and all the other memory headrooms are covered by cold window Hash subtree.
5. adopt MD5 uni-directional hash mapping algorithm (or hash algorithm) to calculate cryptographic hash; Like this, each node of Hash tree all is after being interconnected by its subordinate's child node, through the MD5 algorithm, and 128bit that obtains or 16Byte cryptographic hash.
After so selected all parameters,, have according to the given content of the present invention:
1. the root node that keeps believable Hash tree, and 64 thermal window Hash subtree top nodes need (1+64) * 16Byte ≈ 1KByte trusted memory; Such as, trusted area 2001 in the accompanying drawing 4 constitutes (if processor is believable, then can use the interior high-speed buffer of sheet of processor) by trusted memory, and its keeps the root node 100 of Hash tree, and the top node 2101,2102 of thermal window Hash subtree, etc.
2. the whole thermal window Hash of buffer memory subtree node (comprise leaf node, be backup value of its top node buffer memory), all cold window Hash subtree top nodes, and the window Hash subtree remaining internal node of whole Hash tree on upper strata more.Because each thermal window Hash subtree has 1K leaf node, therefore, the node number of each thermal window Hash subtree need buffer memory is about 1365, and (bottom has 1K node, its upper strata is 256, being 64,16,4 then, is 1 top node backup at last), and each node is 16Byte; So the required memory capacity of each thermal window Hash subtree node of buffer memory is about 21.33KByte, stores the about 21.33KByte of the above-mentioned node desired volume * 64 ≈ 1.33MByte of 64 thermal window Hash subtrees.System storage for 256MByte, be total to corresponding 256MByte/64KByte=4K window Hash subtree, so store the Hash tree residue internal node of cold window Hash subtree top node and the last level of window Hash subtree, need approximately [(4K-64)+1K+256+64+16+4] * 16Byte ≈ 84.31KByte.That is, need the storer of a 1.33MByte+84.31KByte ≈ 1.4MByte (desirable 1.5MByte) (to be raising speed, can to add the memory circuit for preparing by sram chip and constitute as job buffer; Also can directly in internal memory, open up one section special region as this buffer zone).This part buffer zone needs not to be believable; Such as, can be positioned at the untrusted zone 2002 of accompanying drawing 4.
Concrete enforcement logic can be as accompanying drawing 5.In accompanying drawing 5:
1. calculator memory 3000 is protected storage space; Rambus 3001 is passages of access memory 3000.
2. coupling mechanism 3002 is coupling on the rambus 3001; Promptly all send to and flow out the signal of internal memory 3000, comprise signals such as address, data, read-write control, all switch to coupling mechanism 3002.Coupling mechanism 3002 inside are provided with a buffer queue; This formation can cushion a plurality of continuous rambus accessing works when sending out in that the rambus accessing work is pure, thereby can allow normal internal storage access and the completeness check of internal storage access is carried out asynchronously.Coupling mechanism has two basic functions.The one, according to address information, be responsible for the visiting frequency of the pairing region of memory of each window Hash subtree of ordering, determine the position of current thermal window Hash subtree, and cluster the district when changing in visit, thermal window Hash subtree is carried out in indication and cold window Hash subtree is changed mutually; The 2nd, with the rambus accessing work in the buffer queue,, transmit to controller 3003 according to the time sequencing that visit takes place.
3. the information that passed over according to coupling mechanism 3002 of controller 3003, the method for calibration of the Hash tree of the band thermal window that provides according to the present invention is finished relevant processing procedure.This part relates to the logical and flow process of processing and controls, impact damper 3004 (is cushioned whole thermal window Hash subtree nodes, all cold window Hash subtree top nodes, and the operations such as computing of uni-directional hash conversion (or hash conversion) and the remaining internal node of whole Hash tree on upper strata more) and the visit of trusted memory 3005 (storing the root node of 64 thermal window Hash subtree top nodes and whole Hash tree).
So, as can be seen;
1. thermal window Hash subtree is far smaller than whole Hash tree, therefore will be well below the verification cost according to whole Hash tree according to the completeness check cost of thermal window Hash subtree; Just cause renewal when having only thermal window Hash subtree to be converted to cold window Hash subtree to whole Hash tree root node, this makes to upgrade to be delayed and repeatedly to upgrade operation and is merged, and the verification effect remains " online " character (remarks: because the existence of buffer queue in the coupling mechanism makes that said " online " is not accurate here; That is, the permission verification lags behind finishing of visit and finishes, and the degree of hysteresis depends on that coupling contains the length of buffer queue in the device).
2. by whole nodes of buffering thermal window Hash subtree, the visit under check thermal window Hash subtree covers does not need access memory extraly, thereby has avoided and normal application memory collision bandwidth and the correlation delay that brought.By the top node of buffer window Hash subtree and the Hash tree internal node of last level, the visit beyond the check thermal window Hash subtree only need read a window Hash subtree the internal memory of corresponding width; And thermal window Hash subtree need not read internal memory (disregarding the process that forms thermal window Hash subtree on new position) when being converted to cold window Hash subtree.
3. depend on the visit that thermal window Hash subtree finished and to occupy most ratios of visit, thereby can both realize completeness check efficiently as a rule.
4. when a plurality of accessing works essence are sent out, even the bandwidth of operation of check system is less than the bandwidth of rambus, because the existence of buffer queue in the coupling mechanism, verification can be on the backstage asynchronous carrying out, and allow the rambus accessing work of some (relying on the size of buffer queue) to carry out continuously in the clear.
5. to whole thermal window Hash subtree nodes (do not contain and remain believable thermal window Hash subtree top node), all cold window Hash subtree top nodes, and the more remaining internal node of whole Hash tree on upper strata cushions required impact damper and needs not be believable; Like this, this impact damper needn't be inserted in the interior high-speed buffer (as L2-Cache) of processor piece, thereby has avoided the contention to high-speed buffer in the processor piece.Also have, it is very little that the required memory span of this buffering is compared whole protected memory headroom, if utilize existing internal memory to construct, needing can avoid the storage great deal of nodes and the problem in memory collision space.
This shows, use method proposed by the invention, can reduce cost effectively, make it to become a kind of technology of effective practicality based on the completeness check of Hash tree; Such as, be applied in the completeness check of calculator memory.
The present invention is not limited to above-mentioned specifically described realization form, but is applicable to the obtainable system that can checking data integrity of all foundations content of the present invention.This comprises realization form software, hardware and that hardware and software combines, and does not need the ability of other invention and the change shape that can directly obtain.Such as, one-way hash algorithm (being hash algorithm) can be selected any transforming function transformation function with enough cipher safeties, comprises hash algorithms such as MD5 and SHA1; The root node of Hash tree and thermal window Hash subtree top node can directly place in the trusted memory and keep credible, also can make it to come down to believable by other resist technology; The trusted memory here is meant the storer of can not victim distorting, such as when the assailant can't attack processor, it is trusted memory that the interior cache memory of the sheet of processor just can be considered, for another example during the verification disk if think that the assailant can not distort internal memory, then internal memory also just becomes trusted memory; Data block can be earlier through the uni-directional hash conversion and as the leaf node of Hash tree, also can be directly as the Hash tree leaf node; The node of buffering thermal window Hash subtree can be whole nodes or part of nodes, and employed impact damper can be (the untrusted impact damper can not be used to keep thermal window Hash subtree top node) of believable or untrusted; Cushion all cold window Hash subtree top nodes, and the window Hash subtree Hash tree residue node on upper strata more, also can use the impact damper of credible or untrusted; Required impact damper can be finished by independent hardware unit, also can directly utilize the existing storer of computing machine; The data space of whole desire protection is covered by a Hash tree, also can be covered by a plurality of Hash tree, and the optimization of the checking procedure of each Hash tree can be carried out according to content of the present invention; The present invention not only can be applied to the integrity protection of calculator memory, also can be applicable to the piece memory device of any kind of the data integrity protection (such as, with sector, piece, bunch etc. be data integrity in the unit verification disk), perhaps other applicable situation; Or the like.
The present invention is applicable to all foundations content of the present invention and the method for constructing, and does not need other ability of creating character and obtainable version.Therefore, the present invention is applicable to principle as described herein and feature the widest corresponding to scope.

Claims (9)

1. method that the data integrity verifying based on Hash tree is optimized is characterized in that:
It is believable keeping the root node of Hash tree;
Cut apart Hash tree and form a series of Hash subtrees at bottom, be called window Hash subtree;
Access frequency is called thermal window Hash subtree for high window Hash subtree relatively, other be called cold window Hash subtree;
The node of buffering thermal window Hash subtree comprises its top node, and the top node of maintenance thermal window Hash subtree is believable;
Buffering is positioned at the Hash tree internal node that window Hash subtree top node is above, the Hash tree root node is following, comprises cold window Hash subtree top node;
For the completeness check of thermal window Hash subtree correspondence, by the thermal window Hash subtree node that is cushioned and believable thermal window Hash subtree top node and realize;
For the completeness check outside the thermal window Hash subtree, by the Hash tree internal node more than the window Hash subtree top node that is cushioned, below the Hash tree root node, comprise window Hash subtree top node, carry out;
According to concrete data access situation of when operation, thermal window Hash subtree is along with the reduction of access frequency is converted to cold window Hash subtree, and cold window Hash subtree is converted to thermal window Hash subtree along with the rising of access frequency.
2. the method that the data integrity verifying based on Hash tree is optimized according to claim 1 is characterized in that, described window Hash subtree is that width is identical.
3. the method that the data integrity verifying based on Hash tree is optimized according to claim 1 is characterized in that, described maintenance Hash tree root node and maintenance thermal window Hash subtree top node are believable, are directly to be placed in the trusted area.
4. the method that the data integrity verifying based on Hash tree is optimized according to claim 1, it is characterized in that, described completeness check for thermal window Hash subtree correspondence, by the thermal window Hash subtree node that is cushioned and believable thermal window Hash subtree top node and realize, be meant:
Verification is finished verification according to thermal window Hash subtree top node, and needn't all rely on the Hash tree root node at every turn; The required renewal operation to node stops at thermal window Hash subtree top node, and needn't just be updated to the Hash tree root node at once always;
Checking procedure is directly utilized the node that is cushioned.
5. the method that the data integrity verifying based on Hash tree is optimized according to claim 1 is characterized in that, described thermal window Hash subtree node, be buffered in credible or untrusted regional in; If thermal window Hash subtree node is buffered in the trusted area, the completeness check of thermal window Hash subtree correspondence is as long as arriving arbitrary node that is cushioned just stops so, and node updates is to arrive arbitrary node that is cushioned just to stop.
6. the method that the data integrity verifying based on Hash tree is optimized according to claim 1, it is characterized in that, described for the completeness check outside the thermal window Hash subtree, by the Hash tree internal node more than the window Hash subtree top node that is cushioned, below the Hash tree root node, comprise window Hash subtree top node, carry out, be meant: directly utilize the node that is cushioned during verification;
When thermal window Hash subtree is converted to cold window Hash subtree, directly utilize the node that is cushioned.
7. the method that the data integrity verifying based on Hash tree is optimized according to claim 1, it is characterized in that, the Hash tree internal node that described window Hash subtree top node is above, the Hash tree root node is following, comprising cold window Hash subtree top node, is to be buffered in the zone of believable or untrusted; If be buffered in the trusted area, so corresponding completeness check just stops as long as arriving arbitrary node that is cushioned.
8. the method that the data integrity verifying based on Hash tree is optimized according to claim 1, it is characterized in that, described Hash tree, adopt different branched structures, be the branched structure that window Hash subtree adopts a kind of width, and the above level of window Hash subtree adopt the branched structure of another kind of width to the part of Hash tree root node.
9. the method that the data integrity verifying based on Hash tree is optimized according to claim 1 is characterized in that, described Hash tree adopts different branched structures, and promptly different window Hash subtrees adopts the branched structure of different in width.
CNB200410046692XA 2004-08-24 2004-08-24 Method and apparatus for optimizing test of Hasche tree integrity Expired - Fee Related CN100442277C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB200410046692XA CN100442277C (en) 2004-08-24 2004-08-24 Method and apparatus for optimizing test of Hasche tree integrity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB200410046692XA CN100442277C (en) 2004-08-24 2004-08-24 Method and apparatus for optimizing test of Hasche tree integrity

Publications (2)

Publication Number Publication Date
CN1741010A CN1741010A (en) 2006-03-01
CN100442277C true CN100442277C (en) 2008-12-10

Family

ID=36093400

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB200410046692XA Expired - Fee Related CN100442277C (en) 2004-08-24 2004-08-24 Method and apparatus for optimizing test of Hasche tree integrity

Country Status (1)

Country Link
CN (1) CN100442277C (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413313A (en) * 2010-09-26 2012-04-11 索尼公司 Data integrity authentication information generation method and device as well as data integrity authentication method and device
CN101976322B (en) * 2010-11-11 2012-05-23 清华大学 Safety metadata management method based on integrality checking
AT522276B1 (en) * 2019-04-03 2021-01-15 Tributech Solutions Gmbh Device and method for checking the integrity of sensor data streams
CN110175840B (en) * 2019-04-19 2021-08-03 华中科技大学 Method, client, alliance chain and system for realizing light wallet mechanism in alliance chain
CN112767154B (en) * 2021-01-18 2024-06-21 中国工商银行股份有限公司 Merker tree calculation method and system applied to blockchain system
WO2024171317A1 (en) * 2023-02-14 2024-08-22 日本電気株式会社 Information processing device, information processing device control method, and non-transitory computer-readable medium in which program is stored

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997043842A1 (en) * 1996-05-14 1997-11-20 Valicert, Inc. Apparatus and method for demonstrating and confirming the status of digital certificates and other data
WO1999044151A1 (en) * 1998-02-26 1999-09-02 Sap Aktiengesellschaft Fast string searching and indexing
JP2002208947A (en) * 2001-01-12 2002-07-26 Nec Corp Route retrieval system and its method and route recording medium with route retrieval program recorded

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997043842A1 (en) * 1996-05-14 1997-11-20 Valicert, Inc. Apparatus and method for demonstrating and confirming the status of digital certificates and other data
WO1999044151A1 (en) * 1998-02-26 1999-09-02 Sap Aktiengesellschaft Fast string searching and indexing
JP2002208947A (en) * 2001-01-12 2002-07-26 Nec Corp Route retrieval system and its method and route recording medium with route retrieval program recorded

Also Published As

Publication number Publication date
CN1741010A (en) 2006-03-01

Similar Documents

Publication Publication Date Title
US10261902B2 (en) Parallel processing of a series of data units for writing
US10102356B1 (en) Securing storage control path against unauthorized access
JP4140863B2 (en) Cryptographically protected paging system
US8005227B1 (en) Key information consistency checking in encrypting data storage system
US11171774B2 (en) System for synchronizing a cryptographic key state through a blockchain
US8555088B2 (en) Method and apparatus for implementing secure and selectively deniable file storage
Ren et al. Integrity verification for path oblivious-ram
US11431488B1 (en) Protecting local key generation using a remote key management service
US7281010B2 (en) Trusted computing platform with dual key trees to support multiple public/private key systems
CN112149146A (en) Deterministic encryption key rotation
JP4876053B2 (en) Trusted device integrated circuit
US11030119B2 (en) Storage data encryption and decryption apparatus and method
JP2016021224A (en) Memory management device, program, and method
US8977865B2 (en) Data encryption conversion for independent agents
CN105243334B (en) A kind of data storage protection method and system
WO2023216783A1 (en) Log-structured security data storage method and device
US11349643B2 (en) Techniques for using local key management in a data storage system
CN109783474A (en) The safety transfer method of virtual credible root example and its oneself state data
CN100442277C (en) Method and apparatus for optimizing test of Hasche tree integrity
US7761662B2 (en) Cache memory device and microprocessor
CN109584071A (en) Block chain processing method and electronic equipment
EP4083842B1 (en) Inline encryption/decryption for a memory controller
CN113273132B (en) Blockchain protected by reverse link elements
CN105335663B (en) A kind of encrypted file system based on double image file
US20240020047A1 (en) Network-Ready Storage Products with Cryptography based Access Control

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20081210

Termination date: 20110824