CN102184369A - Method for reducing cryptographic algorithm of binary system application program - Google Patents
Method for reducing cryptographic algorithm of binary system application program Download PDFInfo
- Publication number
- CN102184369A CN102184369A CN2011100784439A CN201110078443A CN102184369A CN 102184369 A CN102184369 A CN 102184369A CN 2011100784439 A CN2011100784439 A CN 2011100784439A CN 201110078443 A CN201110078443 A CN 201110078443A CN 102184369 A CN102184369 A CN 102184369A
- Authority
- CN
- China
- Prior art keywords
- disk
- initialization vector
- adjacent
- sector
- cryptographic algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a method for reducing a cryptographic algorithm of a binary system application program, which is specifically suitable for applying authentication encipherment designed by IEEEP 1619.1 to data protection of a disk. According to the invention, on the one hand, the problem of storage of initialization vectors and message authentication codes by an authentication encryption algorithm is solved, on the other hand, the defect of incapability of confrontation replay attack of the authentication encryption algorithm is solved. Furthermore, the method and device provided by the invention directly act on a disk sector, and therefore, any data stored in the disk can be protected. Meanwhile, a bottom layer protective mechanism of a sector layer is conveniently integrated into the traditional system. Therefore, the method and device provided by the invention can effectively provide confidentiality and integrality protection of data storage.
Description
Technical field
The present invention relates to the method in a kind of software analysis and cryptological technique field, specifically is a kind of method of reducing of cryptographic algorithm of binary application program.
Background technology
Cryptographic algorithm relates to the technology of all many-sides, comprises design and safety analysis on mathematics and the cryptography, also comprises simultaneously how realizing in actual applications.Wherein, the software of cryptographic algorithm is realized and is applied in using very extensively on present personal computer and even other software of server level, this type of realization compiles cryptographic algorithm among software with binary mode, calls cryptographic algorithm during program run and carries out the encrypting and decrypting computing.Wherein, the data layout of the algorithm logic of cryptographic algorithm, the data structure of use, key information and encrypting and decrypting all is the content of cryptography analysis and the required understanding of information security analysis.The Kerckhoff principle of cryptography theory points out that the safety analysis of cryptographic algorithm must suppose that the inner structure of cryptographic algorithm is disclosed, therefore, is the steps necessary that software security is analyzed for the extraction of the cryptographic algorithm in the software.
The application software that comprises cryptographic algorithm, usually can be divided into two kinds according to its cryptographic algorithm type that comprises, a kind of is to comprise the software that standard cipher is learned algorithm, and so-called standard cipher is learned algorithm, and promptly information such as the design of algorithm, logic, structure disclose and accepted cryptography analysis widely already; Another kind is the software that comprises the cryptographic algorithm that the software developer designs voluntarily, wherein may have the diverse algorithm of structure of learning algorithm with standard cipher, also may exist to learn algorithm based on standard cipher and carry out the algorithm that minor modifications obtains.In addition, according to the working method of cryptographic algorithm in the software, can be divided into the software that comprises key and do not comprise key.
Summary of the invention
The objective of the invention is at above-mentioned the deficiencies in the prior art, extraction standard and off-gauge cryptographic algorithm and relevant information thereof from the binary code of program are carried out the safety analysis of calling program effectively quickly and efficiently.
The present invention is achieved through the following technical solutions, among the present invention:
All there are corresponding with it an initialization vector and a message authentication code in each protected sector, and for writing each time for the disk operating of a definite protected sector, its corresponding initialization vector has unique value, thisly uniquely be meant neither identically with the corresponding initialization vector in other protected sector, also the pairing initialization vector of previous write operation with this protected sector is not identical;
By this initialization vector be not key known to the assailant, finish encryption, and generate the message authentication code of this protected sector correspondence corresponding protected sector;
On the pairing whole initialization vectors in whole protected sectors, construct Hash tree, protect these initialization vectors to be distorted by Hash tree;
Be adjacent to be stored in protected sector and corresponding initialization vector and message authentication code physics thereof on the disk, realize this physics adjacent be to be stored together with several initialization vectors and with the message authentication code of this pairing protected sector of several initialization vectors and protected sector, and be stored together and be meant and be stored on the adjacent disk position of physics, and be to be stored on the adjacent position of same magnetic track, and when same magnetic track should not hold fully, be distributed on the one or more adjacent magnetic track;
Be adjacent to be stored in other Hash tree node physics except that the Hash tree root node on the disk, realize this physics adjacent be that these Hash tree nodes are stored on the adjacent disk position of physics, and be to be stored on the adjacent position of same magnetic track, and when same magnetic track should not hold fully, be distributed on the one or more adjacent magnetic track.
Described initialization vector only is a count value, and increases progressively and obtain by counting disk write operation each time.
Described initialization vector only is a random number, and by obtaining for disk write operation each time generates random number.
Described initialization vector, its length are 64.
Described initialization vector, it comprises the address information of protected sector.
Described initialization vector, for the protected sector of determining the address, its memory location on disk is determined.
Method proposed by the invention is suitable for the authenticated encryption that IEEE P1619.1 is designed especially and is applied in the data protection of disk particularly; On the one hand, solved the storage problem of its authentication encryption algorithm to initialization vector and message authentication code, on the other hand, having solved its authentication encryption algorithm can not be to the weakness of preventing playback attack.Also have, method and apparatus proposed by the invention directly acts on the disk sector, thus any data that can protect in the disk to be stored; And,, be convenient to be integrated in the existing system as the protective underlayer mechanism of sector layer.In a word, method and apparatus proposed by the invention can provide the confidentiality and the integrity protection of data storage effectively.
Embodiment
Present embodiment is being to implement under the prerequisite with the technical solution of the present invention, provided detailed embodiment and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
What the present invention considered is from the level of sector, the confidentiality and the integrality of protection data in magnetic disk.In the present invention, disk (Disk) is meant hard disk or hard disc (Hard Disk), is also referred to as disc driver (Disk Driver) or hard disk drive, perhaps represents as the generality of memory device (Storage Devices).In view of known reason, the present invention does not describe the content of aspects such as disk structure, visit and lag characteristic, interface especially.Equally for known reason, to employed some term, noun and expression way etc. are not done explicit definition or explanation, such as: data, data block, position (bit), byte (byte), node, connect, the expression way of number, safety, credible, Hash (Hash, the uni-directional hash conversion, also claim hash), the Hash function, Hash tree (Hash Tree), the leaf node of Hash tree (Leaf node), the internal node of Hash tree (Internal node), the root node of Hash tree (Root node), child node, father node, encrypt (Encryption/Cipher), deciphering (Decryption/Decipher), key (key), the IV(initialization vector, for encrypting, the input parameter that identifying algorithm is required), the MAC(message authentication code), HMAC(Hash Message Authentication Code, hashed message authentication code; Be a kind of hash that has key), the Sector(sector), magnetic track, address (Address is used to discern the numbering or the position of sector), or the like.
For disk sector, remove information such as sign, address, error correcting code, the size that is used to store data is generally 512 bytes; Though there is the disk sector of other size, such as the 4K byte, the present invention is with the example of 512 bytes as description method and apparatus proposed by the invention.By description, can directly analogize the situation that applies to 4K byte sector or other size sector to 512 byte sector situations.
Below, provide concrete application example of the present invention, so that the concrete enforcement of method proposed by the invention more clearly to be described.
(example): the storage layout that uses method construct data in magnetic disk confidentiality of the present invention and integrity protection system
This example is according to the given method of the present invention; in conjunction with IEEE P1619.1(Standard for Authenticated Encryption with Length Expansion for Storage Devices) authentication encryption algorithm, when carrying out the data in magnetic disk protection, data, initialization vector and Hash tree node are carried out the physical store layout.
In IEEE P1619.1, the realization of authenticated encryption can be adopted AES-GCM (Galois Counter Mode), AES-CCM (Counter with CBC-MAC), AES-CBC with HMAC and XTS-AES with HMAC.With AES-CCM is example, and its course of work is: when writing the sector clear data to disk, the IV(requirement that generates a correspondence is a nonce numerical value; Its length requirement is 96bit, and when being not 96bit, algorithm can use the GHASH function and with rreturn value as the internal calculation process the actual IV that uses), and draw sector encrypt data and corresponding MAC based on IV and key; When disk is read sector data, corresponding IV is used to decipher the sector encrypt data and recomputates MAC, and the MAC that obtains by the MAC that will recomputate with when writing the sector compares, and whether judgment data is legal (that is, whether not distorted).
Get disk sector and be of a size of 512byte, and represent to be used to store the disk sector of data with DataSector; Getting IV and be this length of 64bit(, can to satisfy AES-CCM be the requirement of a nonce value to IV), MAC is 128bit; With HMAC-MD5(MD5 is Message-digest Algorithm 5) all nodes of function calculation Hash tree, so, the size of Hash tree leaf node and internal node is 128bit.
The present invention is not limited to above-mentioned specifically described realization form, can the protected data confidentiality or the system of integrality or confidentiality and integrality but be applicable to that all foundations content of the present invention is obtainable.This comprises realization form software, hardware and that hardware and software combines, and does not need the ability of other invention and the change shape that can directly obtain.As long as the device, chip, circuit module, place, equipment, service, space etc. of storage data can abstractly be the read-write mode of " block access ", just can utilize content enforcement protecting data of the present invention in fact.Except with equipment such as the locally-attached disk of computer system, can be conceptualized as data confidentiality and completeness protection method that the remote storage server of block server (Block Server) also can adopt the present invention to provide
The present invention is applicable to all foundations content of the present invention and the method and apparatus of constructing, and does not need other ability of creating character and obtainable version.Therefore, the present invention is applicable to principle as described herein and feature the widest corresponding to scope.
Claims (6)
1. the method for reducing of the cryptographic algorithm of a binary application program is characterized in that, and is specific as follows:
All there are corresponding with it an initialization vector and a message authentication code in each protected sector, and for writing each time for the disk operating of a definite protected sector, its corresponding initialization vector has unique value, thisly uniquely be meant neither identically with the corresponding initialization vector in other protected sector, also the pairing initialization vector of previous write operation with this protected sector is not identical;
By this initialization vector be not key known to the assailant, finish encryption, and generate the message authentication code of this protected sector correspondence corresponding protected sector;
On the pairing whole initialization vectors in whole protected sectors, construct Hash tree, protect these initialization vectors to be distorted by Hash tree;
Be adjacent to be stored in protected sector and corresponding initialization vector and message authentication code physics thereof on the disk, realize this physics adjacent be to be stored together with several initialization vectors and with the message authentication code of this pairing protected sector of several initialization vectors and protected sector, and be stored together and be meant and be stored on the adjacent disk position of physics, and be to be stored on the adjacent position of same magnetic track, and when same magnetic track should not hold fully, be distributed on the one or more adjacent magnetic track;
Be adjacent to be stored in other Hash tree node physics except that the Hash tree root node on the disk, realize this physics adjacent be that these Hash tree nodes are stored on the adjacent disk position of physics, and be to be stored on the adjacent position of same magnetic track, and when same magnetic track should not hold fully, be distributed on the one or more adjacent magnetic track.
2. the method for reducing of the cryptographic algorithm of binary application program according to claim 1 is characterized in that, described initialization vector only is a count value, and increases progressively and obtain by counting disk write operation each time.
3. the method for reducing of the cryptographic algorithm of binary application program according to claim 1 is characterized in that, described initialization vector only is a random number, and by obtaining for disk write operation each time generates random number.
4. the method for reducing of the cryptographic algorithm of binary application program according to claim 1 is characterized in that, described initialization vector, and its length is 64.
5. the method for reducing of the cryptographic algorithm of binary application program according to claim 1 is characterized in that, described initialization vector, and it comprises the address information of protected sector.
6. the method for reducing of the cryptographic algorithm of binary application program according to claim 1 is characterized in that, described initialization vector, and for the protected sector of determining the address, its memory location on disk is determined.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100784439A CN102184369A (en) | 2011-03-30 | 2011-03-30 | Method for reducing cryptographic algorithm of binary system application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100784439A CN102184369A (en) | 2011-03-30 | 2011-03-30 | Method for reducing cryptographic algorithm of binary system application program |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102184369A true CN102184369A (en) | 2011-09-14 |
Family
ID=44570544
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100784439A Pending CN102184369A (en) | 2011-03-30 | 2011-03-30 | Method for reducing cryptographic algorithm of binary system application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102184369A (en) |
-
2011
- 2011-03-30 CN CN2011100784439A patent/CN102184369A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102138300B (en) | Message authentication code pre-computation with applications to secure memory | |
| US9875378B2 (en) | Physically unclonable function assisted memory encryption device techniques | |
| CN108475237B (en) | Memory operation encryption | |
| Elbaz et al. | Tec-tree: A low-cost, parallelizable tree for efficient defense against memory replay attacks | |
| US10097349B2 (en) | Systems and methods for protecting symmetric encryption keys | |
| US8826035B2 (en) | Cumulative integrity check value (ICV) processor based memory content protection | |
| EP2680485B1 (en) | Key information generation device and key information generation method | |
| US9811478B2 (en) | Self-encrypting flash drive | |
| US11658808B2 (en) | Re-encryption following an OTP update event | |
| CN102355352B (en) | Data confidentiality and integrity protection method | |
| CN103154963A (en) | Scrambling an address and encrypting write data for storing in a storage device | |
| CN103620617A (en) | Method and apparatus for memory encryption with integrity check and protection against replay attacks | |
| US20080232581A1 (en) | Data parallelized encryption and integrity checking method and device | |
| JP2020535693A (en) | Storage data encryption / decryption device and method | |
| CN107908574A (en) | The method for security protection of solid-state disk data storage | |
| EP2922235B1 (en) | Security module for secure function execution on untrusted platform | |
| CN107078897A (en) | Cipher Processing for the presumption of out-of-sequence data | |
| JP2007336446A (en) | Data encryption apparatus | |
| EP3832945B1 (en) | System and method for protecting memory encryption against template attacks | |
| CN102184369A (en) | Method for reducing cryptographic algorithm of binary system application program | |
| US20240080193A1 (en) | Counter integrity tree | |
| KR20220108152A (en) | Apparatus and method for controlling access to data stored in untrusted memory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110914 |