CN102981428B - Microcontroller order protection structure based on security application and encryption and decryption method thereof - Google Patents
Microcontroller order protection structure based on security application and encryption and decryption method thereof Download PDFInfo
- Publication number
- CN102981428B CN102981428B CN201210422172.9A CN201210422172A CN102981428B CN 102981428 B CN102981428 B CN 102981428B CN 201210422172 A CN201210422172 A CN 201210422172A CN 102981428 B CN102981428 B CN 102981428B
- Authority
- CN
- China
- Prior art keywords
- instruction
- des
- microcontroller
- information
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a microcontroller order protection structure based on security application. The microcontroller order protection structure comprises an encryption/decryption module and a random number generator (RNG), wherein the encryption/decryption module is formed by an encryption module data encryption standard (DES) using the DES algorithm and a decryption module De_DES, order information processed by encryption is written into program storages read only memory (ROM) of microcontrollers, encryption is carried out before orders are executed, then the orders are sent to microcontroller decoders DECODER to be executed, the random number generator RNG is used for automatically generating secrete keys to enable all microcontrollers to have unique secret key information, information stored in the program storages ROM of the microcontrollers has non portability, and even if the order information in the program storages ROM are extracted, the order information cannot be executed in another microcontrollers. Thus, attackers cannot extract order sets easily, information security is greatly improved, using requirements can be met, and information safety is guaranteed.
Description
Technical field
The present invention designs a kind of operator guards of microcontroller, particularly relates to a kind of micro-controller instructions operator guards based on safety applications.
Background technology
Along with the appearance of VLSI (very large scale integrated circuit) and the raising of manufacture level, microcontroller, since 20 century 70s come out, has obtained application widely in the field such as industrial, civilian, instrument and meter, navigation and vehicle controL, telecommunication.The MCS-51 series monolithic that Intel Company released in 1980 due to feature richness, use flexibly and enjoy favor.Along with the opening of 8051 technology, the company such as Siemens, Philip is also proposed the microcontroller based on 51 kernels successively, in the hope of meeting the application of more multi-embedding formula.The development of microcontroller all achieves larger improvement in operating rate and voltage, power consumption, and on the basis based on public order set, is proposed the microcontroller of various model by integrated different external device.
In recent years, the development of microcontroller all achieves certain achievement in research in reliability and anti-interference etc., can run steadily in the long term, to adapt to working environment complicated and changeable.In addition, the instruction word length of microcontroller, also from 8 Bits Expanding to 16 even 32, is widely used in different field.The security of develop rapidly to chip design of integrated circuit technique is had higher requirement, and microcontroller, as the core of control system, plays vital effect to the normal work of whole system and safe operation.Therefore, design the microcontroller with highly reliable attack resistance and become a kind of inexorable trend.
Logical organization based on 51 kernel microcontrollers comprises: central processing unit, internal data memory, internal program memory, timer/counter, Parallel I/O, serial port, interrupt control circuit etc., its command information is stored in its program storage.Traditional microcontroller can only process presumptive instruction information, and therefore assailant can read or data in alter program storer easily, thus constitutes a threat to whole control system.This improves the project organization of microcontroller with regard to needing, to guarantee information security.
The instruction read operations of microcontroller has been coordinated by programmable counter PC, program memory ROM and instruction code translator DECODER.Pending command information stores in program memory, programmable counter provides address pointer for storer, often perform an instruction, command information in program storage under corresponding current address can be sent in code translator by storer and perform, and unison counter pointer can add that corresponding instruction cycle length points to the memory address of next instruction.If assailant finds the position of program storage, just can obtain the instruction set of microcontroller easily, it is perfectly clear to solve its controlling functions, and whole control system will face huge threat.Therefore, in program storage, the confidentiality of information will directly have influence on the security of whole control system.If the command information stored in program storage can be stashed, even if assailant can therefrom information extraction, the data acquisition instruction set but can not extracted by Direct Analysis is a kind of protection to whole control system function.
Summary of the invention
For above-mentioned prior art; the invention provides a kind of micro-controller instructions operator guards based on safety applications; by to the improvement based on 51 kernel microcontrollers; make it have the function that command information is maintained secrecy, make assailant obtain by the information in extraction procedure storer or to distort instruction.
In order to solve the problems of the technologies described above, the technical scheme that the micro-controller instructions operator guards that the present invention is based on safety applications is achieved is: comprising: enciphering/deciphering module and randomizer RNG, wherein, enciphering/deciphering module is made up of the encrypting module DES and deciphering module De_DES adopting DES algorithm, by writing the command information through encryption in micro-controller program storer ROM, first need carry out decryption processing when performing instruction, and then send into microcontroller code translator DECODER and perform; Randomizer RNG, for automatically generating key, each microcontroller is made to have the key information of only, the information stored in micro-controller program storer ROM is had not portable, even if extract the command information in described program memory ROM, can not perform in other microcontroller.
The present invention is based on the method for the enciphering/deciphering of the micro-controller instructions operator guards of safety applications, wherein, ciphering process is by micro controller data memory RAM, encrypting module DES and randomizer RNG has coordinated, instruction to be encrypted is provided by data-carrier store RAM, key is generated automatically by randomizer RNG, the mode adopting randomizer RNG to generate key makes each microcontroller have the key information of only, the information stored in program memory ROM is had not portable, even if extract the command information in this program memory ROM, can not perform in other microcontroller, when microcontroller comes into operation, coordinated by micro-controller program counter PC, program memory ROM, deciphering module De_DES and randomizer RNG, information to be decrypted sends into deciphering module De_DES by program memory ROM, and key information is provided by randomizer RNG, in addition, deciphering module De_DES and programmable counter PC has the control clock of different frequency, matches to make deciphering speed and instruction execution speed.
Compared with prior art, the invention has the beneficial effects as follows:
Microcontroller, as the core of control system, plays extremely important effect, and its security also more and more obtains the attention of people.Although the development of microcontroller obtains breakthrough in highly reliable and anti-interference, be all can the research that launches of stability and high efficiency work for it.But, at special control field, for artificial attack means, conventional microcontroller just seems that insufficiency of function, the present invention pass through a microcontroller based on safety applications of design, improves the conventional microcontroller structure based on 51 kernels, enciphering/deciphering module is inserted in the integrated circuit (IC) design stage, write the command information through encryption in program storage, when performing instruction, first need carry out decryption processing, then send into code translator execution.This makes assailant cannot extract instruction set easily, the confidentiality of information just can be made to be promoted significantly, substantially increase the security performance of chip, can reach request for utilization, can ensure information safety again.
Accompanying drawing explanation
Fig. 1 is micro-controller instructions operator guards block diagram of the present invention;
Fig. 2 (a) is randomizer structural representation in the present invention;
Fig. 2 (b) is Fig. 2 (a) randomizer internal ring oscillator structural representation;
Fig. 3 deciphers structured flowchart in microcontroller of the present invention;
Fig. 4 is the process flow diagram of microcontroller implementation instruction enciphering/deciphering of the present invention operation.
Embodiment
Below in conjunction with embodiment, the present invention is described in further detail.
As shown in Figure 1, the micro-controller instructions operator guards that the present invention is based on safety applications is to the improvement of tradition based on 51 kernel microcontrollers, inserts enciphering/deciphering module and randomizer, thus is all completed by hardware the enciphering/deciphering process of program.
The present invention is based on the micro-controller instructions operator guards of safety applications, comprise enciphering/deciphering module and randomizer RNG; Described enciphering/deciphering module is made up of the encrypting module DES and deciphering module De_DES adopting DES algorithm, by instruction after write encryption in micro-controller program storer ROM, first need carry out decryption processing when performing instruction, and then after deciphering, microcontroller code translator DECODER execution is sent in instruction; Randomizer RNG, for automatically generating key K ey, each microcontroller is made to have the key information of only, the information stored in micro-controller program storer ROM is had not portable, even if extract the command information in described program memory ROM, can not perform in other microcontroller.
Ciphering process has been coordinated by micro controller data memory RAM, encrypting module DES and randomizer RNG, and presumptive instruction is sent in data-carrier store RAM temporary by interface circuit, and key is generated automatically by randomizer RNG.Instruction in data-carrier store RAM is sent in program memory ROM through key information encryption and by instruction after encryption and is preserved.When microcontroller comes into operation, coordinated by micro-controller program counter PC, program memory ROM, deciphering module De_DES and randomizer RNG, information to be decrypted sends into deciphering module De_DES by program memory ROM, and key information is provided by randomizer RNG.Finally instruction after deciphering is sent in microcontroller code translator DECODER and perform.
Wherein, deciphering module De_DES and programmable counter PC has the control clock of different frequency, matches to make deciphering speed and instruction execution speed.
As shown in Figure 2 (a) shows, randomizer RNG is realized by the output XOR of three ring oscillators (OCS1, OCS2, OCS3), to ensure the randomness exported of sampling.The structure of ring oscillator is shown in Fig. 2 (b), it is made up of odd number not gate, the cascade of annular not gate makes circuit play pendulum, the input and output of static any one not gate lower all can not be stabilized in high level or low level, periodically low and high level transition status can only be in, produce self-sustained oscillation, the not gate quantity changing cascade can change oscillation period.Three oscillators in Fig. 2 (a) adopt the not gate cascade of varying number to obtain different oscillation period respectively, through two-stage XOR, are finally sampled by trigger and export random number.
The micro-controller instructions bit wide of 80C51 structure is 8bit, DES algorithm one group length is expressly 64bit, and presumptive instruction is divided into some groups by ciphering process, and often organizing data is 64bit, i.e. 8 byte instructions.Encrypting module DES once exports 8bit data, according to OPADD by 64bit data stored in 8 unit of RAM.Decrypting process is also similar with encryption, and instruction length is minimum is 1 byte, and mostly be 3 bytes most, namely a decoding can obtain 2 to 8 instructions.
As shown in Figure 3, define a register REG, being used for temporary command information sending in code translator DECODER performs, and sends the duty that enable signal controls deciphering module De_DES during deciphering by code translator DECODER.Due to the last item instruction not necessarily complete instruction in every group, be ensure to perform continuity, the bit wide of register REG is defined as 128bit, and the instruction obtained after decoding is alternately stored in low 64 and high 64, and code translator DECODER is sent in circulation.Under normal circumstances, instruction sequences performs, and register REG once sends into four byte datas to code translator DECODER, and code translator DECODER, except detecting current execution instruction, also can detect the byte number of next instruction.When detecting that (namely complete command information is not loaded in register REG) is overflowed in next instruction in register REG, the address of present instruction will be sent to PC, now, instruction address to be decrypted is sent to program memory ROM by PC, and deciphering module De_DES can carry out the deciphering of new one group of data from this address.When there is jump instruction, deciphering module De_DES just needs the instruction again processing corresponding jump address, instead of order performs.Therefore, when code translator DECODER detects that next instruction is jump instruction, send control information just to deciphering module De_DES, the command information of deciphering module De_DES to jump address is decrypted, and be stored in register REG, the instruction next time performed has been exactly the information of corresponding jump address.Data after such design can make deciphering are fully utilized, and can process jump instruction in time, and do not affect the travelling speed of CPU.
The framework of enciphering/deciphering module and microcontroller, nucleus module adopt absolute coding comprehensively to realize, data-carrier store RAM in structure and program memory ROM module use IP kernel to realize, wherein the storage space of data-carrier store RAM is 128B, and the storage space of program memory ROM is 64Kb.As shown in Figure 4, be the process flow diagram that instruction enciphering/deciphering operates.The basic framework basis of microcontroller inserts enciphering/deciphering module and randomizer module, pre-service and decrypting process are encrypted to presumptive instruction.Presumptive instruction is first temporary in data-carrier store RAM, after des encryption process will be encrypted, program memory ROM is sent in instruction, first decipher through De_DES when performing instruction, deciphering module De_DES adopts the control clock higher than micro-controller processor frequency, enables the speed of instruction decryption meet the data processing speed requirement of microcontroller.Instruction after deciphering kept in through REG, that can avoid instruction repeats deciphering, can ensure that again jump instruction correctly performs.Finally send into each module by command decoder DECODER decoding process again to perform.
By carrying out corresponding improvement to conventional microcontroller structure, add enciphering/deciphering module, can the safe storage of guarantee information, do not affect again the serviceability of microcontroller, there is more satisfactory practical value.
Although invention has been described for composition graphs above; but the present invention is not limited to above-mentioned embodiment; above-mentioned embodiment is only schematic; instead of it is restrictive; those of ordinary skill in the art is under enlightenment of the present invention; when not departing from present inventive concept, can also make a lot of distortion, these all belong within protection of the present invention.
Claims (3)
1. the micro-controller instructions operator guards based on safety applications, comprise: enciphering/deciphering module, be made up of the encrypting module DES and deciphering module De_DES that adopt DES algorithm, by writing the command information through encryption in micro-controller program storer ROM, first need carry out decryption processing when performing instruction, and then send into microcontroller code translator DECODER and perform;
Randomizer RNG, for automatically generating key, each microcontroller is made to have the key information of only, the information stored in micro-controller program storer ROM is had not portable, even if extract the command information in described program memory ROM, can not perform in other microcontroller;
Micro controller data memory RAM in data encryption write phase, as the temporary memory space of instruction to be encrypted; After ciphering process terminates, the presumptive instruction information in data-carrier store RAM is carried out power-off destruction; Use as general data storer when microcontroller comes into operation;
Described randomizer RNG is realized by the output XOR of three ring oscillators, to realize the randomness exported of sampling; Described ring oscillator is made up of odd number not gate, the cascade of annular not gate makes circuit play pendulum, the input and output of static any one not gate lower all can not be stabilized in high level or low level, periodically low and high level transition status can only be in, produce self-sustained oscillation, the not gate quantity changing cascade can change oscillation period; Described three ring oscillators adopt the not gate cascade of varying number to obtain different oscillation period respectively, through two-stage XOR, are finally sampled by trigger and export random number; It is characterized in that:
The length being 8bit, DES algorithm one group plaintext based on 51 kernel micro-controller instructions bit wides is 64bit, and presumptive instruction is divided into some groups by ciphering process, and often organizing data is 64bit; Encrypting module DES once exports 8bit data, according to OPADD by 64bit data stored in 8 unit of described data-carrier store RAM; In decrypting process, instruction length is minimum is 1 byte, and mostly be 3 bytes most, a decoding obtains 2 to 8 instructions.
2. according to claim 1 based on the micro-controller instructions operator guards of safety applications, it is characterized in that: define a register REG, being used for temporary command information sending in code translator DECODER performs, due to the last item instruction not necessarily complete instruction in every group, for ensureing to perform continuity, the bit wide of register REG is defined as 128bit, and the instruction obtained after decoding is alternately stored in low 64 and high 64, and code translator DECODER is sent in circulation; When instruction sequences performs, register REG once sends into four byte datas to code translator DECODER, and code translator DECODER detects current execution instruction, and meanwhile, code translator DECODER also detects the byte number of next instruction;
If when the instruction detected is overflowed in register REG, will send the address of present instruction to programmable counter PC, now, deciphering module De_DES can carry out the deciphering of new one group of data from this address;
If when the instruction detected is jump instruction, deciphering module De_DES just needs the instruction again processing corresponding jump address.
3. the method for encryption/decryption of a kind of micro-controller instructions operator guards based on safety applications according to claim 1, is characterized in that:
Ciphering process has been coordinated by micro controller data memory RAM, encrypting module DES and randomizer RNG, instruction to be encrypted is provided by data-carrier store RAM, key is generated automatically by randomizer RNG, the mode adopting randomizer RNG to generate key makes each microcontroller have the key information of only, the information stored in program memory ROM is had not portable, even if extract the command information in this program memory ROM, can not perform in other microcontroller;
When microcontroller comes into operation, coordinated by micro-controller program counter PC, program memory ROM, deciphering module De_DES and randomizer RNG, information to be decrypted sends into deciphering module De_DES by program memory ROM, and key information is provided by randomizer RNG;
Wherein, deciphering module De_DES and programmable counter PC has the control clock of different frequency, matches to make deciphering speed and instruction execution speed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210422172.9A CN102981428B (en) | 2012-10-29 | 2012-10-29 | Microcontroller order protection structure based on security application and encryption and decryption method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210422172.9A CN102981428B (en) | 2012-10-29 | 2012-10-29 | Microcontroller order protection structure based on security application and encryption and decryption method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102981428A CN102981428A (en) | 2013-03-20 |
| CN102981428B true CN102981428B (en) | 2014-12-31 |
Family
ID=47855585
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210422172.9A Active CN102981428B (en) | 2012-10-29 | 2012-10-29 | Microcontroller order protection structure based on security application and encryption and decryption method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102981428B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| IL234956A (en) * | 2014-10-02 | 2017-10-31 | Kaluzhny Uri | Bus protection with improved key entropy |
| CN106250099A (en) * | 2016-07-18 | 2016-12-21 | 青岛大学 | A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm |
| TWI691896B (en) * | 2018-12-28 | 2020-04-21 | 新唐科技股份有限公司 | Microcontroller, decryption method for microcontroller and decryption system |
| CN111506324B (en) * | 2020-06-30 | 2020-11-06 | 上海泰矽微电子有限公司 | Method for realizing MCU chip safety by combining traditional ROM with storage island |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1782987A (en) * | 2004-09-28 | 2006-06-07 | 迈克纳斯公司 | Random number generator and method for random number generation |
-
2012
- 2012-10-29 CN CN201210422172.9A patent/CN102981428B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1782987A (en) * | 2004-09-28 | 2006-06-07 | 迈克纳斯公司 | Random number generator and method for random number generation |
Non-Patent Citations (1)
| Title |
|---|
| 一种高可靠性微控制器的设计与VLSI实现;刘岑;《计算机工程与应用》;20120331;第48卷(第6期);总体架构的第四段 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102981428A (en) | 2013-03-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106775583A (en) | A kind of production method of high-speed, true random-number | |
| CN102981428B (en) | Microcontroller order protection structure based on security application and encryption and decryption method thereof | |
| CN204066121U (en) | A kind of PCI-E encrypted card | |
| CN107038015A (en) | A kind of high-speed, true random-number generator | |
| CN103019648A (en) | True random number generator with digital post-processing circuit | |
| CN103237021A (en) | FPGA-chip-based (field programmable gate array chip-based) PCI-E (peripheral component interconnect-express) high-speed cipher card | |
| CN103634102A (en) | Protection method for side channel attack and fault attack | |
| US20180183574A1 (en) | Efficient cryptographically secure control flow integrity protection | |
| CN103258172A (en) | Off-chip Nor Flash bus interface hardware encryption device | |
| CN108470129A (en) | A kind of data protection special chip | |
| CN102096783B (en) | FPGA (Field Programmable Gate Array)-based algorithm encryption card specially for tax control | |
| US20210004495A1 (en) | Method and apparatus for encrypting and decrypting data on an integrated circuit | |
| CN202870835U (en) | External chip RAM bus interface hardware encryption device | |
| CN1968085B (en) | Method for high-speed safety communication of intelligent card | |
| CN203930840U (en) | A kind of hardware encryption card | |
| CN105933120A (en) | Spark platform-based password hash value recovery method and device | |
| CN103414555A (en) | Array key management method based on IO block encryption | |
| CN102567689A (en) | Phase-change storage unit based non-volatile internal storage data confidentiality protecting method | |
| Jothi et al. | Parallel RC4 Key Searching System Based on FPGA | |
| Hong et al. | Dynamic encryption key design and management for memory data encryption in embedded systems | |
| CN104486069A (en) | GOST encryption and decryption equipment and method based on FPGA (field programmable gate array) | |
| CN104539417A (en) | Encryption device based on stream ciphers | |
| CN203086489U (en) | Decoding circuit for FPGA encrypted data flow | |
| CN103154967A (en) | Modifying a length of an element to form an encryption key | |
| US8782430B2 (en) | Secure external buffer for hard disk drive system on a chip |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |