CN103488916B - A kind of software encryption and protection method on bullet - Google Patents
A kind of software encryption and protection method on bullet Download PDFInfo
- Publication number
- CN103488916B CN103488916B CN201310347652.8A CN201310347652A CN103488916B CN 103488916 B CN103488916 B CN 103488916B CN 201310347652 A CN201310347652 A CN 201310347652A CN 103488916 B CN103488916 B CN 103488916B
- Authority
- CN
- China
- Prior art keywords
- protection module
- hardware protection
- ciphertext
- target program
- missile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to field of computer information security.Software encryption and protection method on specifically related to a kind of bullet.Technical solution of the present invention is after based on the design, exploitation and debugging of kernel software is carried out under conventional method, generation target program is in plain text.It is different under conventional method and program plaintext programming to missile-borne computer is directly solidified into the way in memory, encryption flow is added in the present invention, target program is encrypted to ciphertext using the AES of high security in plain text, then solidified ciphertext programming to missile-borne computer in memory.In missile-borne computer hardware structure, hardware protection module is added, mainly the program ciphertext preserved in solidification memory is decrypted.After missile-borne computer system electrification; hardware protection module reading program ciphertext from solidification memory; ciphertext is decrypted using the algorithm logic of itself; obtain target program in plain text; processor loading being given by plaintext again and being performed, follow-up work and the startup optimization flow of traditional missile-borne computer is consistent.
Description
Technical field
The invention belongs to field of computer information security.Software encryption and protection method on specifically related to a kind of bullet.
Background technology
Guided missile is most important weaponry in modern war.With the continuous improvement of China's Missile Information level, branch
Software also becomes increasingly complex in the missile-borne computer system of support Missile Equipment systemic-function and the bullet run thereon.So
And, under the conditions of the Missile Equipment system design of current China, the kernel software for containing many important informations is not all done
Any protection is stored in the memory cell of embedded system, and software executable code can easily be read, and add the fortune of software
Row environment is almost transparent, and core algorithm and the pass hidden in software can be obtained by conversed analysis and dis-assembling means
Key data.So, condensed war industry design and develop the substantial amounts of painstaking effort of personnel, time and fund technology be easily cracked and
Steal.For the model number software of Missile Equipment, especially for foreign trade guided missile model, if on bullet kernel software by
Crack, be not only related to model number software independent intellectual property right, be even more related to national interests and national defense safety.Accordingly, it would be desirable to right
Kernel software in Missile Equipment takes corresponding safety precautions, it is ensured that core algorithm, data and index parameter
Safety.
Opened to realize the safeguard protection to Missile Equipment kernel software, it is necessary to be fully understood by general missile-borne computer
Dynamic and workflow.As shown in Figure 1, the start-up course of system is traditional missile-borne computer system architecture:a)After system electrification,
Cpu reset signal is uniformly controlled on circuit board, and CPU startup optimizations are made after reset signal is dragged down on plate;b)CPU reads plate first
BIOS program in upper ROM, is loaded into RAM and performs, and the one-level for completing system starts;c)BIOS program completes corresponding initial
After chemical industry is made, solidification memory is directed to(EPROM or Flash)Program storage address, CPU reads the target program that solidification is preserved
It is loaded into RAM, and performs, this completes two grades of startups, subsequent target program operation completes corresponding systemic-function.
The content of the invention
(One)The technical problem to be solved
The technical problem to be solved in the present invention is:How general missile-borne computer system architecture is directed to, it is hard by design
How part protection module and working-flow, realize encryption storage and online decryption of the kernel software in in-line memory
Operation, prevents kernel software from easily being read and cracked, so as to improve the security of kernel software.
(Two)Technical scheme
In order to solve the above technical problems, the present invention provides a kind of software encryption and protection method on bullet, methods described is based on hard
Part protection module is implemented, and the hardware protection module is communicated by bus with CPU, for controlling in missile-borne computer
Central processor CPU reset signal and debugging signal, meanwhile, the hardware protection module connection solidification memory;The hardware
Protection module includes:Programmable gate array FPGA and SRAM;Wherein, by gate array logic realization AES in the FPGA,
For decrypting target program ciphertext;The SRAM is used to cache the plaintext obtained after decryption target program ciphertext;Wherein,
Methods described comprises the following steps:
Step S1:After based on the design, exploitation and debugging of kernel software is carried out under conventional method, generation target program is bright
Text;Target program is encrypted to ciphertext by host computer in plain text using the AES of high security, then by ciphertext programming to missile-borne
In the solidification memory of computer;
Step S2:After system electrification, cpu reset signal is tieed up after electricity in hardware protection module control, hardware protection module
Reset signal high-end trim is held, prevents CPU from starting;
Step S3:Hardware protection module reads the target program ciphertext that solidification is preserved from solidification memory, passes through inside
Decipherment algorithm decrypts ciphertext, synchronous that the plaintext obtained after decryption is saved in the SRAM inside hardware protection module;
Step S4:After completion target program is integrally decrypted, i.e., target program is integrally stored in hardware protection mould in plain text
After in the internal SRAM of block, hardware protection module drags down cpu reset signal;
Step S5:CPU reads the BIOS program in ROM on plate first, is loaded into RAM and performs, and completes the one-level of system
Start;
Step S6:BIOS program is completed after corresponding initial work, is directed to the ground of hardware protection module internal SRAM
Location maps, CPU using hardware protection module internal SRAM as conventional architectures under solidification memory, read the mesh that caches in SRAM
Beacon course sequence is loaded into RAM in plain text, and is performed, and completes two grades of startups;
Step S7:Then, target program is run, and completes corresponding systemic-function.
Wherein, the AES that the host computer is used and the AES that the hardware protection module is used are mutually symmetrical
The decipherment algorithm in AES and hardware protection module in AES, host computer is consistent, while AES institute
Key key agreement used when also will be with being decrypted in hardware protection module.
Wherein, the AES that the AES that the host computer is used is used with the hardware protection module adds for AES
Close algorithm.
Wherein, the AES that the AES that the host computer is used is used with the hardware protection module adds for commercialization
The close algorithm of close algorithm or state.
(Three)Beneficial effect
The present invention is by using reliability height, the close algorithm of the commercial encryption algorithm of cryptographical Iy secure or state, by missile-borne meter
Stored again after calculation machine kernel software code encryption, the reading to kernel software program, inverting can be prevented and analysis is cracked, effectively
The security for improving core knowledge property right.
Brief description of the drawings
Fig. 1 is traditional missile-borne computer system architecture.
Fig. 2 is the principle schematic of technical solution of the present invention.
Fig. 3 is the missile-borne computer framework in the present invention.
Embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's
Embodiment is described in further detail.
To solve problem of the prior art, technical solution of the present invention is being set based on carrying out kernel software under conventional method
After meter, exploitation and debugging, generation target program is in plain text.It is different under conventional method and directly calculates program plaintext programming to missile-borne
An encryption flow is added in way in machine solidification memory, the present invention, by target program in plain text using high security
AES is encrypted to ciphertext, then solidifies ciphertext programming to missile-borne computer in memory.
In missile-borne computer hardware structure, a hardware protection module is added, major function is to solidification memory
The program ciphertext of middle preservation is decrypted.So, after missile-borne computer system electrification, hardware protection module is from solidification memory
Reading program ciphertext, is decrypted using the algorithm logic of itself to ciphertext, is obtained target program and is given processor in plain text, then by plaintext
Loading and execution, follow-up work and the startup optimization flow of traditional missile-borne computer are consistent.
Specifically, as shown in Fig. 2 software encryption and protection method on bullet provided by the present invention, it is based on hardware protection
Module is implemented, and the hardware protection module communicated by bus with CPU, the center processing for controlling missile-borne computer
Device CPU reset signal and debugging signal, meanwhile, the hardware protection module connection solidification memory;The hardware protection mould
Block includes:Programmable gate array FPGA and SRAM;Wherein, by gate array logic realization AES in the FPGA, for solving
Close target program ciphertext;The SRAM is used to cache the plaintext obtained after decryption target program ciphertext;Wherein,
Methods described comprises the following steps:
Step S1:After based on the design, exploitation and debugging of kernel software is carried out under conventional method, generation target program is bright
Text;Target program is encrypted to ciphertext by host computer in plain text using the AES of high security, then by ciphertext programming to missile-borne
In the solidification memory of computer;
Step S2:After system electrification, cpu reset signal is tieed up after electricity in hardware protection module control, hardware protection module
Reset signal high-end trim is held, prevents CPU from starting;
Step S3:Hardware protection module reads the target program ciphertext that solidification is preserved from solidification memory, passes through inside
Decipherment algorithm decrypts ciphertext, synchronous that the plaintext obtained after decryption is saved in the SRAM inside hardware protection module;
Step S4:After completion target program is integrally decrypted, i.e., target program is integrally stored in hardware protection mould in plain text
After in the internal SRAM of block, hardware protection module drags down cpu reset signal;
Step S5:CPU reads the BIOS program in ROM on plate first, is loaded into RAM and performs, and completes the one-level of system
Start;
Step S6:BIOS program is completed after corresponding initial work, is directed to the ground of hardware protection module internal SRAM
Location maps, CPU using hardware protection module internal SRAM as conventional architectures under solidification memory, read the mesh that caches in SRAM
Beacon course sequence is loaded into RAM in plain text, and is performed, and completes two grades of startups;
Step S7:Then, target program is run, and completes corresponding systemic-function.
Wherein, the AES that the host computer is used and the AES that the hardware protection module is used are mutually symmetrical
The decipherment algorithm in AES and hardware protection module in AES, host computer is consistent, while AES institute
Key key agreement used when also will be with being decrypted in hardware protection module.
Wherein, the AES that the AES that the host computer is used is used with the hardware protection module adds for AES
Close algorithm.
Wherein, the AES that the AES that the host computer is used is used with the hardware protection module adds for commercialization
The close algorithm of close algorithm or state.
Described in detail with reference to specific embodiment.
Embodiment
As shown in Figure 2, the core of this embodiment scheme is target program encryption solidify afterwards storage to the present embodiment, and system is opened
Real time decrypting is run again after dynamic.In order to ensure the speed of encryption/solution, the encryption used in host computer encryption and hardware protection module
Algorithm is symmetric encipherment algorithm, such as AES(Advanced Encryption Standard, Advanced Encryption Standard)AES,
The close algorithm of commercial encryption algorithm or its other country.In realization, it is desirable in the AES and hardware protection module in host computer
Decipherment algorithm is consistent, while the key one used when also will be with being decrypted in hardware protection module of the key used in AES
Cause.
(2)The design of hardware protection module.Hardware protection module be the present invention emphasis, as shown in Figure 3, the module by
Programmable gate array FPGA and the design realization of SRAM SRAMs, wherein, encrypted in FPGA by gate array logic realization
Algorithm, can decrypt target program ciphertext;SRAM is used to cache the plaintext obtained after decryption target program ciphertext.
(3)There is part to change compared with conventional method the startup workflow of missile-borne computer in the present embodiment, in detail
Carefully as shown in Figure 3.The main distinction is the reset signal and debugging signal of the central processor CPU of missile-borne computer by hardware package
Module control is protected, while solidifying memory is no longer attached to cpu bus, but is connected with hardware protection module.System it is specific
Start-up course is:
a)After system electrification, cpu reset signal maintains to reset after electricity in hardware protection module control, hardware protection module
Signal high-end trim, prevents CPU from starting;
b)Hardware protection module reads the target program ciphertext that solidification is preserved from solidification memory, is patrolled by inside decryption
Collect and decrypt ciphertext, it is synchronous that the plaintext obtained after decryption is saved in the internal SRAM of hardware protection module;
c)After completion target program is integrally decrypted, i.e., target program is integrally stored in the interior of hardware protection module in plain text
After in portion SRAM, hardware protection module drags down cpu reset signal;
d)Similar with conventional situation, CPU reads the BIOS program in ROM on plate first, is loaded into RAM and performs, and completes
The one-level of system starts;
e)BIOS program is completed after corresponding initial work, and the address for being directed to hardware protection module internal SRAM is reflected
Penetrate, so, the solidification memory under the conventional architectures that CPU just treats as hardware protection module internal SRAM, CPU is read in SRAM
The target program of caching is loaded into RAM in plain text, and is performed, and this completes two grades of startups;
f)Subsequent target program operation, completes corresponding systemic-function, and consistent under conventional architectures.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, some improvement and deformation can also be made, these improve and deformed
Also it should be regarded as protection scope of the present invention.
Claims (4)
1. a kind of software encryption and protection method on bullet, it is characterised in that methods described is implemented based on hardware protection module, described
Hardware protection module is communicated by bus with CPU, the reset signal of the central processor CPU for controlling missile-borne computer
With debugging signal, meanwhile, hardware protection module connection solidification memory;The hardware protection module includes:Programmable gate
Array FPGA and SRAM;Wherein, by gate array logic realization decipherment algorithm in the FPGA, for decrypting target program ciphertext;
The SRAM is used to cache the plaintext obtained after decryption target program ciphertext;Wherein,
Methods described comprises the following steps:
Step S1:After based on the design, exploitation and debugging of kernel software is carried out under conventional method, generation target program is in plain text;
Target program is encrypted to ciphertext by host computer in plain text using the AES of high security, then calculates ciphertext programming to missile-borne
In the solidification memory of machine;
Step S2:After system electrification, cpu reset signal remains multiple after electricity in hardware protection module control, hardware protection module
Position signal high-end trim, prevents CPU from starting;
Step S3:Hardware protection module reads the target program ciphertext that solidification is preserved from solidification memory, passes through inside modules
The decipherment algorithm realized of programmable gate array FPGA ciphertext is decrypted, it is synchronous that the plaintext obtained after decryption is saved in hardware package
In the SRAM for protecting inside modules;
Step S4:After completion target program is integrally decrypted, i.e., target program is integrally stored in hardware protection module in plain text
After in internal SRAM, hardware protection module drags down cpu reset signal;
Step S5:CPU reads the BIOS program in ROM on plate first, is loaded into RAM and performs, and the one-level for completing system starts;
Step S6:BIOS program is completed after corresponding initial work, and the address for being directed to hardware protection module internal SRAM is reflected
Penetrate, CPU using hardware protection module internal SRAM as conventional architectures under solidification memory, read the target journey that caches in SRAM
Sequence is loaded into RAM in plain text, and is performed, and completes two grades of startups;
Step S7:Then, target program is run, and completes corresponding systemic-function.
2. software encryption and protection method on bullet as claimed in claim 1, it is characterised in that the password that the host computer is used is calculated
Cryptographic algorithm and hardware package in the mutually symmetrical cryptographic algorithm of cryptographic algorithm that method is used with the hardware protection module, host computer
Cryptographic algorithm in shield module is consistent, while the key used in cryptographic algorithm also will be with cryptographic algorithm in hardware protection module
Key agreement used.
3. software encryption and protection method on bullet as claimed in claim 1, it is characterised in that the password that the host computer is used is calculated
The cryptographic algorithm that method is used with the hardware protection module is AES encryption algorithm.
4. software encryption and protection method on bullet as claimed in claim 1, it is characterised in that the password that the host computer is used is calculated
The cryptographic algorithm that method is used with the hardware protection module is the close algorithm of commercial encryption algorithm or state.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310347652.8A CN103488916B (en) | 2013-08-12 | 2013-08-12 | A kind of software encryption and protection method on bullet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310347652.8A CN103488916B (en) | 2013-08-12 | 2013-08-12 | A kind of software encryption and protection method on bullet |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103488916A CN103488916A (en) | 2014-01-01 |
CN103488916B true CN103488916B (en) | 2017-09-19 |
Family
ID=49829131
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310347652.8A Active CN103488916B (en) | 2013-08-12 | 2013-08-12 | A kind of software encryption and protection method on bullet |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103488916B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105528548A (en) * | 2015-12-09 | 2016-04-27 | 乐鑫信息科技(上海)有限公司 | Method for encoding and automatically decoding codes in chip OutNvMem in batches |
CN106066829A (en) * | 2016-06-13 | 2016-11-02 | 江西洪都航空工业集团有限责任公司 | A kind of missile-borne time-consuming real-time computing technique of embedded Control software cycle |
CN107808099B (en) * | 2016-09-08 | 2021-03-16 | 北京自动化控制设备研究所 | Embedded software encryption/decryption system and method |
CN108881223A (en) * | 2018-06-17 | 2018-11-23 | 张红卫 | A method of protecting computer software is realized based on network communication |
CN109255258B (en) * | 2018-08-27 | 2020-07-14 | 重庆天箭惯性科技股份有限公司 | Encrypted navigation computer circuit |
CN112446055A (en) * | 2019-08-10 | 2021-03-05 | 丹东东方测控技术股份有限公司 | Method for preventing embedded electronic circuit equipment from being copied |
CN111814208B (en) * | 2020-07-02 | 2023-07-28 | 国家广播电视总局广播电视科学研究院 | Method for defending fault injection during secure start of soc national security chip |
CN112417521B (en) * | 2020-11-05 | 2023-09-05 | 中国航空工业集团公司西安航空计算技术研究所 | Information security system based on FPGA+processor architecture and working method thereof |
CN112363956A (en) * | 2020-11-11 | 2021-02-12 | 上海磐启微电子有限公司 | Method and device for encrypting and decrypting FLASH memory |
CN112685758B (en) * | 2020-12-31 | 2024-02-06 | 南方电网科学研究院有限责任公司 | Data encryption system based on elliptic curve encryption algorithm |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102799819A (en) * | 2012-07-04 | 2012-11-28 | 北京京航计算通讯研究所 | Embedded software safety protection system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010032318A1 (en) * | 1999-12-03 | 2001-10-18 | Yip Kun Wah | Apparatus and method for protecting configuration data in a programmable device |
-
2013
- 2013-08-12 CN CN201310347652.8A patent/CN103488916B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102799819A (en) * | 2012-07-04 | 2012-11-28 | 北京京航计算通讯研究所 | Embedded software safety protection system |
Non-Patent Citations (2)
Title |
---|
FPGA在硬盘加密卡中的应用与研究;王毅;《中国优秀硕士学位论文全文数据库 信息科技辑》;20071015(第04期);I138-78 * |
基于FPGA的数据加密设备的设计;高帅娜;《中国优秀硕士学位论文全文数据库 信息科技辑》;20121015(第10期);I138-1544 * |
Also Published As
Publication number | Publication date |
---|---|
CN103488916A (en) | 2014-01-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103488916B (en) | A kind of software encryption and protection method on bullet | |
US9418027B2 (en) | Secure boot information with validation control data specifying a validation technique | |
US9792229B2 (en) | Protecting a memory | |
US10536274B2 (en) | Cryptographic protection for trusted operating systems | |
CN101782956B (en) | Method and device for protecting data on basis of AES real-time encryption | |
CN103607279B (en) | Cryptographic key protection method based on polycaryon processor and system | |
TW201717030A (en) | Supporting configurable security levels for memory address ranges | |
US10261854B2 (en) | Memory integrity violation analysis method and apparatus | |
US9471793B2 (en) | System on chip with embedded security module | |
CN204242180U (en) | A kind of security password input system based on safe touch screen control chip | |
CN103210396A (en) | Method and apparatus including architecture for protecting sensitive code and data | |
EP3271828B1 (en) | Cache and data organization for memory protection | |
CN102118512A (en) | Method and system for preventing application program of mobile phone from being cracked | |
CN102918539A (en) | Methods and apparatuses for securing playback content | |
CN109960903A (en) | A kind of method, apparatus, electronic equipment and storage medium that application is reinforced | |
US20150301957A1 (en) | Secured memory system and method therefor | |
CN106383790A (en) | Bus management unit and high safety system on chip | |
CN106295257A (en) | A kind of authentication method being reinforced software and device | |
CN104246784A (en) | Method, device, and system for protecting and securely delivering media content | |
CN103051460A (en) | Dynamic token system based on inertial technology and encryption method thereof | |
CN105678173A (en) | vTPM safety protection method based on hardware transactional memory | |
CN103347017A (en) | Data processing method and system on chip | |
CN103051963A (en) | Safety control method of digital television terminal equipment | |
CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
CN103745170A (en) | Processing method and device for disk data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20180409 Address after: 300308 Tianjin District of Dongli City Airport Economic Zone bonded Road No. 357 Patentee after: TIANJIN JINHANG INSTITUTE OF COMPUTING TECHNOLOGY Address before: 300308 Tianjin District of Dongli City Airport Economic Zone bonded Road No. 357 Patentee before: NO.8357 Research Institute of the Third Academy of China Aerospace Science & Industry Corp. |
|
TR01 | Transfer of patent right |