CN103488916B - A kind of software encryption and protection method on bullet - Google Patents

A kind of software encryption and protection method on bullet Download PDF

Info

Publication number
CN103488916B
CN103488916B CN201310347652.8A CN201310347652A CN103488916B CN 103488916 B CN103488916 B CN 103488916B CN 201310347652 A CN201310347652 A CN 201310347652A CN 103488916 B CN103488916 B CN 103488916B
Authority
CN
China
Prior art keywords
protection module
hardware protection
ciphertext
target program
missile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310347652.8A
Other languages
Chinese (zh)
Other versions
CN103488916A (en
Inventor
王可
朱天成
李红军
鲁毅
李鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Jinhang Computing Technology Research Institute
Original Assignee
No 8357 Research Institute of Third Academy of CASIC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by No 8357 Research Institute of Third Academy of CASIC filed Critical No 8357 Research Institute of Third Academy of CASIC
Priority to CN201310347652.8A priority Critical patent/CN103488916B/en
Publication of CN103488916A publication Critical patent/CN103488916A/en
Application granted granted Critical
Publication of CN103488916B publication Critical patent/CN103488916B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to field of computer information security.Software encryption and protection method on specifically related to a kind of bullet.Technical solution of the present invention is after based on the design, exploitation and debugging of kernel software is carried out under conventional method, generation target program is in plain text.It is different under conventional method and program plaintext programming to missile-borne computer is directly solidified into the way in memory, encryption flow is added in the present invention, target program is encrypted to ciphertext using the AES of high security in plain text, then solidified ciphertext programming to missile-borne computer in memory.In missile-borne computer hardware structure, hardware protection module is added, mainly the program ciphertext preserved in solidification memory is decrypted.After missile-borne computer system electrification; hardware protection module reading program ciphertext from solidification memory; ciphertext is decrypted using the algorithm logic of itself; obtain target program in plain text; processor loading being given by plaintext again and being performed, follow-up work and the startup optimization flow of traditional missile-borne computer is consistent.

Description

A kind of software encryption and protection method on bullet
Technical field
The invention belongs to field of computer information security.Software encryption and protection method on specifically related to a kind of bullet.
Background technology
Guided missile is most important weaponry in modern war.With the continuous improvement of China's Missile Information level, branch Software also becomes increasingly complex in the missile-borne computer system of support Missile Equipment systemic-function and the bullet run thereon.So And, under the conditions of the Missile Equipment system design of current China, the kernel software for containing many important informations is not all done Any protection is stored in the memory cell of embedded system, and software executable code can easily be read, and add the fortune of software Row environment is almost transparent, and core algorithm and the pass hidden in software can be obtained by conversed analysis and dis-assembling means Key data.So, condensed war industry design and develop the substantial amounts of painstaking effort of personnel, time and fund technology be easily cracked and Steal.For the model number software of Missile Equipment, especially for foreign trade guided missile model, if on bullet kernel software by Crack, be not only related to model number software independent intellectual property right, be even more related to national interests and national defense safety.Accordingly, it would be desirable to right Kernel software in Missile Equipment takes corresponding safety precautions, it is ensured that core algorithm, data and index parameter Safety.
Opened to realize the safeguard protection to Missile Equipment kernel software, it is necessary to be fully understood by general missile-borne computer Dynamic and workflow.As shown in Figure 1, the start-up course of system is traditional missile-borne computer system architecture:a)After system electrification, Cpu reset signal is uniformly controlled on circuit board, and CPU startup optimizations are made after reset signal is dragged down on plate;b)CPU reads plate first BIOS program in upper ROM, is loaded into RAM and performs, and the one-level for completing system starts;c)BIOS program completes corresponding initial After chemical industry is made, solidification memory is directed to(EPROM or Flash)Program storage address, CPU reads the target program that solidification is preserved It is loaded into RAM, and performs, this completes two grades of startups, subsequent target program operation completes corresponding systemic-function.
The content of the invention
(One)The technical problem to be solved
The technical problem to be solved in the present invention is:How general missile-borne computer system architecture is directed to, it is hard by design How part protection module and working-flow, realize encryption storage and online decryption of the kernel software in in-line memory Operation, prevents kernel software from easily being read and cracked, so as to improve the security of kernel software.
(Two)Technical scheme
In order to solve the above technical problems, the present invention provides a kind of software encryption and protection method on bullet, methods described is based on hard Part protection module is implemented, and the hardware protection module is communicated by bus with CPU, for controlling in missile-borne computer Central processor CPU reset signal and debugging signal, meanwhile, the hardware protection module connection solidification memory;The hardware Protection module includes:Programmable gate array FPGA and SRAM;Wherein, by gate array logic realization AES in the FPGA, For decrypting target program ciphertext;The SRAM is used to cache the plaintext obtained after decryption target program ciphertext;Wherein,
Methods described comprises the following steps:
Step S1:After based on the design, exploitation and debugging of kernel software is carried out under conventional method, generation target program is bright Text;Target program is encrypted to ciphertext by host computer in plain text using the AES of high security, then by ciphertext programming to missile-borne In the solidification memory of computer;
Step S2:After system electrification, cpu reset signal is tieed up after electricity in hardware protection module control, hardware protection module Reset signal high-end trim is held, prevents CPU from starting;
Step S3:Hardware protection module reads the target program ciphertext that solidification is preserved from solidification memory, passes through inside Decipherment algorithm decrypts ciphertext, synchronous that the plaintext obtained after decryption is saved in the SRAM inside hardware protection module;
Step S4:After completion target program is integrally decrypted, i.e., target program is integrally stored in hardware protection mould in plain text After in the internal SRAM of block, hardware protection module drags down cpu reset signal;
Step S5:CPU reads the BIOS program in ROM on plate first, is loaded into RAM and performs, and completes the one-level of system Start;
Step S6:BIOS program is completed after corresponding initial work, is directed to the ground of hardware protection module internal SRAM Location maps, CPU using hardware protection module internal SRAM as conventional architectures under solidification memory, read the mesh that caches in SRAM Beacon course sequence is loaded into RAM in plain text, and is performed, and completes two grades of startups;
Step S7:Then, target program is run, and completes corresponding systemic-function.
Wherein, the AES that the host computer is used and the AES that the hardware protection module is used are mutually symmetrical The decipherment algorithm in AES and hardware protection module in AES, host computer is consistent, while AES institute Key key agreement used when also will be with being decrypted in hardware protection module.
Wherein, the AES that the AES that the host computer is used is used with the hardware protection module adds for AES Close algorithm.
Wherein, the AES that the AES that the host computer is used is used with the hardware protection module adds for commercialization The close algorithm of close algorithm or state.
(Three)Beneficial effect
The present invention is by using reliability height, the close algorithm of the commercial encryption algorithm of cryptographical Iy secure or state, by missile-borne meter Stored again after calculation machine kernel software code encryption, the reading to kernel software program, inverting can be prevented and analysis is cracked, effectively The security for improving core knowledge property right.
Brief description of the drawings
Fig. 1 is traditional missile-borne computer system architecture.
Fig. 2 is the principle schematic of technical solution of the present invention.
Fig. 3 is the missile-borne computer framework in the present invention.
Embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's Embodiment is described in further detail.
To solve problem of the prior art, technical solution of the present invention is being set based on carrying out kernel software under conventional method After meter, exploitation and debugging, generation target program is in plain text.It is different under conventional method and directly calculates program plaintext programming to missile-borne An encryption flow is added in way in machine solidification memory, the present invention, by target program in plain text using high security AES is encrypted to ciphertext, then solidifies ciphertext programming to missile-borne computer in memory.
In missile-borne computer hardware structure, a hardware protection module is added, major function is to solidification memory The program ciphertext of middle preservation is decrypted.So, after missile-borne computer system electrification, hardware protection module is from solidification memory Reading program ciphertext, is decrypted using the algorithm logic of itself to ciphertext, is obtained target program and is given processor in plain text, then by plaintext Loading and execution, follow-up work and the startup optimization flow of traditional missile-borne computer are consistent.
Specifically, as shown in Fig. 2 software encryption and protection method on bullet provided by the present invention, it is based on hardware protection Module is implemented, and the hardware protection module communicated by bus with CPU, the center processing for controlling missile-borne computer Device CPU reset signal and debugging signal, meanwhile, the hardware protection module connection solidification memory;The hardware protection mould Block includes:Programmable gate array FPGA and SRAM;Wherein, by gate array logic realization AES in the FPGA, for solving Close target program ciphertext;The SRAM is used to cache the plaintext obtained after decryption target program ciphertext;Wherein,
Methods described comprises the following steps:
Step S1:After based on the design, exploitation and debugging of kernel software is carried out under conventional method, generation target program is bright Text;Target program is encrypted to ciphertext by host computer in plain text using the AES of high security, then by ciphertext programming to missile-borne In the solidification memory of computer;
Step S2:After system electrification, cpu reset signal is tieed up after electricity in hardware protection module control, hardware protection module Reset signal high-end trim is held, prevents CPU from starting;
Step S3:Hardware protection module reads the target program ciphertext that solidification is preserved from solidification memory, passes through inside Decipherment algorithm decrypts ciphertext, synchronous that the plaintext obtained after decryption is saved in the SRAM inside hardware protection module;
Step S4:After completion target program is integrally decrypted, i.e., target program is integrally stored in hardware protection mould in plain text After in the internal SRAM of block, hardware protection module drags down cpu reset signal;
Step S5:CPU reads the BIOS program in ROM on plate first, is loaded into RAM and performs, and completes the one-level of system Start;
Step S6:BIOS program is completed after corresponding initial work, is directed to the ground of hardware protection module internal SRAM Location maps, CPU using hardware protection module internal SRAM as conventional architectures under solidification memory, read the mesh that caches in SRAM Beacon course sequence is loaded into RAM in plain text, and is performed, and completes two grades of startups;
Step S7:Then, target program is run, and completes corresponding systemic-function.
Wherein, the AES that the host computer is used and the AES that the hardware protection module is used are mutually symmetrical The decipherment algorithm in AES and hardware protection module in AES, host computer is consistent, while AES institute Key key agreement used when also will be with being decrypted in hardware protection module.
Wherein, the AES that the AES that the host computer is used is used with the hardware protection module adds for AES Close algorithm.
Wherein, the AES that the AES that the host computer is used is used with the hardware protection module adds for commercialization The close algorithm of close algorithm or state.
Described in detail with reference to specific embodiment.
Embodiment
As shown in Figure 2, the core of this embodiment scheme is target program encryption solidify afterwards storage to the present embodiment, and system is opened Real time decrypting is run again after dynamic.In order to ensure the speed of encryption/solution, the encryption used in host computer encryption and hardware protection module Algorithm is symmetric encipherment algorithm, such as AES(Advanced Encryption Standard, Advanced Encryption Standard)AES, The close algorithm of commercial encryption algorithm or its other country.In realization, it is desirable in the AES and hardware protection module in host computer Decipherment algorithm is consistent, while the key one used when also will be with being decrypted in hardware protection module of the key used in AES Cause.
(2)The design of hardware protection module.Hardware protection module be the present invention emphasis, as shown in Figure 3, the module by Programmable gate array FPGA and the design realization of SRAM SRAMs, wherein, encrypted in FPGA by gate array logic realization Algorithm, can decrypt target program ciphertext;SRAM is used to cache the plaintext obtained after decryption target program ciphertext.
(3)There is part to change compared with conventional method the startup workflow of missile-borne computer in the present embodiment, in detail Carefully as shown in Figure 3.The main distinction is the reset signal and debugging signal of the central processor CPU of missile-borne computer by hardware package Module control is protected, while solidifying memory is no longer attached to cpu bus, but is connected with hardware protection module.System it is specific Start-up course is:
a)After system electrification, cpu reset signal maintains to reset after electricity in hardware protection module control, hardware protection module Signal high-end trim, prevents CPU from starting;
b)Hardware protection module reads the target program ciphertext that solidification is preserved from solidification memory, is patrolled by inside decryption Collect and decrypt ciphertext, it is synchronous that the plaintext obtained after decryption is saved in the internal SRAM of hardware protection module;
c)After completion target program is integrally decrypted, i.e., target program is integrally stored in the interior of hardware protection module in plain text After in portion SRAM, hardware protection module drags down cpu reset signal;
d)Similar with conventional situation, CPU reads the BIOS program in ROM on plate first, is loaded into RAM and performs, and completes The one-level of system starts;
e)BIOS program is completed after corresponding initial work, and the address for being directed to hardware protection module internal SRAM is reflected Penetrate, so, the solidification memory under the conventional architectures that CPU just treats as hardware protection module internal SRAM, CPU is read in SRAM The target program of caching is loaded into RAM in plain text, and is performed, and this completes two grades of startups;
f)Subsequent target program operation, completes corresponding systemic-function, and consistent under conventional architectures.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, some improvement and deformation can also be made, these improve and deformed Also it should be regarded as protection scope of the present invention.

Claims (4)

1. a kind of software encryption and protection method on bullet, it is characterised in that methods described is implemented based on hardware protection module, described Hardware protection module is communicated by bus with CPU, the reset signal of the central processor CPU for controlling missile-borne computer With debugging signal, meanwhile, hardware protection module connection solidification memory;The hardware protection module includes:Programmable gate Array FPGA and SRAM;Wherein, by gate array logic realization decipherment algorithm in the FPGA, for decrypting target program ciphertext; The SRAM is used to cache the plaintext obtained after decryption target program ciphertext;Wherein,
Methods described comprises the following steps:
Step S1:After based on the design, exploitation and debugging of kernel software is carried out under conventional method, generation target program is in plain text; Target program is encrypted to ciphertext by host computer in plain text using the AES of high security, then calculates ciphertext programming to missile-borne In the solidification memory of machine;
Step S2:After system electrification, cpu reset signal remains multiple after electricity in hardware protection module control, hardware protection module Position signal high-end trim, prevents CPU from starting;
Step S3:Hardware protection module reads the target program ciphertext that solidification is preserved from solidification memory, passes through inside modules The decipherment algorithm realized of programmable gate array FPGA ciphertext is decrypted, it is synchronous that the plaintext obtained after decryption is saved in hardware package In the SRAM for protecting inside modules;
Step S4:After completion target program is integrally decrypted, i.e., target program is integrally stored in hardware protection module in plain text After in internal SRAM, hardware protection module drags down cpu reset signal;
Step S5:CPU reads the BIOS program in ROM on plate first, is loaded into RAM and performs, and the one-level for completing system starts;
Step S6:BIOS program is completed after corresponding initial work, and the address for being directed to hardware protection module internal SRAM is reflected Penetrate, CPU using hardware protection module internal SRAM as conventional architectures under solidification memory, read the target journey that caches in SRAM Sequence is loaded into RAM in plain text, and is performed, and completes two grades of startups;
Step S7:Then, target program is run, and completes corresponding systemic-function.
2. software encryption and protection method on bullet as claimed in claim 1, it is characterised in that the password that the host computer is used is calculated Cryptographic algorithm and hardware package in the mutually symmetrical cryptographic algorithm of cryptographic algorithm that method is used with the hardware protection module, host computer Cryptographic algorithm in shield module is consistent, while the key used in cryptographic algorithm also will be with cryptographic algorithm in hardware protection module Key agreement used.
3. software encryption and protection method on bullet as claimed in claim 1, it is characterised in that the password that the host computer is used is calculated The cryptographic algorithm that method is used with the hardware protection module is AES encryption algorithm.
4. software encryption and protection method on bullet as claimed in claim 1, it is characterised in that the password that the host computer is used is calculated The cryptographic algorithm that method is used with the hardware protection module is the close algorithm of commercial encryption algorithm or state.
CN201310347652.8A 2013-08-12 2013-08-12 A kind of software encryption and protection method on bullet Active CN103488916B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310347652.8A CN103488916B (en) 2013-08-12 2013-08-12 A kind of software encryption and protection method on bullet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310347652.8A CN103488916B (en) 2013-08-12 2013-08-12 A kind of software encryption and protection method on bullet

Publications (2)

Publication Number Publication Date
CN103488916A CN103488916A (en) 2014-01-01
CN103488916B true CN103488916B (en) 2017-09-19

Family

ID=49829131

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310347652.8A Active CN103488916B (en) 2013-08-12 2013-08-12 A kind of software encryption and protection method on bullet

Country Status (1)

Country Link
CN (1) CN103488916B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105528548A (en) * 2015-12-09 2016-04-27 乐鑫信息科技(上海)有限公司 Method for encoding and automatically decoding codes in chip OutNvMem in batches
CN106066829A (en) * 2016-06-13 2016-11-02 江西洪都航空工业集团有限责任公司 A kind of missile-borne time-consuming real-time computing technique of embedded Control software cycle
CN107808099B (en) * 2016-09-08 2021-03-16 北京自动化控制设备研究所 Embedded software encryption/decryption system and method
CN108881223A (en) * 2018-06-17 2018-11-23 张红卫 A method of protecting computer software is realized based on network communication
CN109255258B (en) * 2018-08-27 2020-07-14 重庆天箭惯性科技股份有限公司 Encrypted navigation computer circuit
CN112446055A (en) * 2019-08-10 2021-03-05 丹东东方测控技术股份有限公司 Method for preventing embedded electronic circuit equipment from being copied
CN111814208B (en) * 2020-07-02 2023-07-28 国家广播电视总局广播电视科学研究院 Method for defending fault injection during secure start of soc national security chip
CN112417521B (en) * 2020-11-05 2023-09-05 中国航空工业集团公司西安航空计算技术研究所 Information security system based on FPGA+processor architecture and working method thereof
CN112363956A (en) * 2020-11-11 2021-02-12 上海磐启微电子有限公司 Method and device for encrypting and decrypting FLASH memory
CN112685758B (en) * 2020-12-31 2024-02-06 南方电网科学研究院有限责任公司 Data encryption system based on elliptic curve encryption algorithm

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799819A (en) * 2012-07-04 2012-11-28 北京京航计算通讯研究所 Embedded software safety protection system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010032318A1 (en) * 1999-12-03 2001-10-18 Yip Kun Wah Apparatus and method for protecting configuration data in a programmable device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799819A (en) * 2012-07-04 2012-11-28 北京京航计算通讯研究所 Embedded software safety protection system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
FPGA在硬盘加密卡中的应用与研究;王毅;《中国优秀硕士学位论文全文数据库 信息科技辑》;20071015(第04期);I138-78 *
基于FPGA的数据加密设备的设计;高帅娜;《中国优秀硕士学位论文全文数据库 信息科技辑》;20121015(第10期);I138-1544 *

Also Published As

Publication number Publication date
CN103488916A (en) 2014-01-01

Similar Documents

Publication Publication Date Title
CN103488916B (en) A kind of software encryption and protection method on bullet
US9418027B2 (en) Secure boot information with validation control data specifying a validation technique
US9792229B2 (en) Protecting a memory
US10536274B2 (en) Cryptographic protection for trusted operating systems
CN101782956B (en) Method and device for protecting data on basis of AES real-time encryption
CN103607279B (en) Cryptographic key protection method based on polycaryon processor and system
TW201717030A (en) Supporting configurable security levels for memory address ranges
US10261854B2 (en) Memory integrity violation analysis method and apparatus
US9471793B2 (en) System on chip with embedded security module
CN204242180U (en) A kind of security password input system based on safe touch screen control chip
CN103210396A (en) Method and apparatus including architecture for protecting sensitive code and data
EP3271828B1 (en) Cache and data organization for memory protection
CN102118512A (en) Method and system for preventing application program of mobile phone from being cracked
CN102918539A (en) Methods and apparatuses for securing playback content
CN109960903A (en) A kind of method, apparatus, electronic equipment and storage medium that application is reinforced
US20150301957A1 (en) Secured memory system and method therefor
CN106383790A (en) Bus management unit and high safety system on chip
CN106295257A (en) A kind of authentication method being reinforced software and device
CN104246784A (en) Method, device, and system for protecting and securely delivering media content
CN103051460A (en) Dynamic token system based on inertial technology and encryption method thereof
CN105678173A (en) vTPM safety protection method based on hardware transactional memory
CN103347017A (en) Data processing method and system on chip
CN103051963A (en) Safety control method of digital television terminal equipment
CN105933117A (en) Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage
CN103745170A (en) Processing method and device for disk data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20180409

Address after: 300308 Tianjin District of Dongli City Airport Economic Zone bonded Road No. 357

Patentee after: TIANJIN JINHANG INSTITUTE OF COMPUTING TECHNOLOGY

Address before: 300308 Tianjin District of Dongli City Airport Economic Zone bonded Road No. 357

Patentee before: NO.8357 Research Institute of the Third Academy of China Aerospace Science & Industry Corp.

TR01 Transfer of patent right