CN104392188B - A kind of secure data store method and system - Google Patents
A kind of secure data store method and system Download PDFInfo
- Publication number
- CN104392188B CN104392188B CN201410619453.2A CN201410619453A CN104392188B CN 104392188 B CN104392188 B CN 104392188B CN 201410619453 A CN201410619453 A CN 201410619453A CN 104392188 B CN104392188 B CN 104392188B
- Authority
- CN
- China
- Prior art keywords
- untrusted
- rpmb
- storage service
- data objects
- safe storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The present invention proposes a kind of secure data store method and system, it is adaptable to support the processor of ARM TrustZone technologies, and uses the eMMC for supporting RPMB subregions as storage medium, and wherein method includes:The secured data objects of trusted application program, safe storage service program and its generation are protected by trusted execution environments;Safe storage service program provides the foundation and access of secured data objects to trusted application program, and calls encryption/decryption module that secured data objects are encrypted and decrypted with processing;Secured data objects after encryption appoint the eMMC RPMB drivers in performing environment to share by the shared drive page and untrusted;Untrusted appoints the eMMC RPMB drivers in performing environment to complete access and storage to eMMC RPMB subregions.The present invention ensure that the reliable memory of secured data objects.
Description
Technical field
The present invention relates to technical field of data storage, more particularly to a kind of secure data store method and system.
Background technology
Embedded device, including mobile phone, TV, tablet personal computer etc., there is the demand that safe storage is carried out to sensitive data,
The accounts information of user is preserved for example on non-volatile memory medium, by the key of mandate, and various multimedia copyrights
Information and license passport etc..
Existing secure data store method, is usually to be encrypted in untrusted performing environment, such as normal operating system
Processing.Encryption and decryption program and calculating process, and clear data and encryption and decryption key, are in untrusted environment;Data are deposited
Data object after encryption, is saved in non-volatile memories by the file system interface that storage mode is typically provided using operating system
On medium, such as embedded multi-media card (eMMC, embedded Multi Media Card) or flash memory (Flash).
Fig. 1 is the brief block diagram of existing secure data storage system, main to include four functional entitys:Application program, plus
Deciphering module, normal operating system, flash storage medium.Common flow is:Application call encryption/decryption module is to safety
Data object is encrypted, and calls normal operating system file system interface, and the data object storage after encryption is arrived
On eMMC subregions;When application program needs to access data object, call operation system file system interface, from eMMC subregions
Data object is re-read, and calls encryption/decryption module that processing is decrypted.On non-volatile memory medium, data object with
The form of encryption is saved, therefore ensure that basic data safety.
In the prior art to the storage method of secure data, it is saved in generally by generic file system interface non-volatile
Property storage medium on, such as in eMMC or Flash.But it is stored in the data content in Flash partition and is possible to meeting by hacker
Distort, even carry out pressure erasing by physical block.As an improvement, eMMC specifications provide for replay protection memory block (RPMB,
Replay Protect Memory Block) subregion mandate write-protect mechanism, using preset key to data object press RPMB
Data packet format carries out Hash calculation and obtains its message authentication code (MAC), and eMMC cards are reruned and compared, illegally write with resisting
Enter.But RPMB drivers need first to obtain preset key, and it is stored in the common memory page, therefore equally exists and cut
The risk taken, once and preset key is compromised, then MAC can be just regenerated by using replacement data, come reading of out-tricking
Inspection of the extract operation to MAC.
The process of encryption and decryption is carried out to secure data in the prior art, is usually the normal operating system environment in untrusted
Middle to carry out, its calculating process is possible to be intercepted and captured by hacker, the Key that encryption and decryption is used, or the clear data that computing is used, and has
It may be read and replace.A kind of improved method is in the prior art, the ARM trust regions for supporting An Mou companies
(TrustZone) key and encryption process, can be placed in credible performing environment, then the data after encryption are led to by equipment
Cross shared drive and return to untrusted performing environment.This calculating process can use Global Platform organizational standards
TEE API realize communication and believable interaction, but the follow-up storage of its encrypted data, it is still desirable to by general
Lead to the file system interface of operating system to complete, so there are still the risk for being replaced or bypassing.
The content of the invention
The invention provides a kind of secure data store method, the reliable memory of secured data objects ensure that.
Present invention also offers a kind of secure data storage system, the reliable memory of secured data objects ensure that.
The technical proposal of the invention is realized in this way:
A kind of secure data store method, it is adaptable to support the processor of ARM TrustZone technologies, and use support
The eMMC of RPMB subregions includes as storage medium, methods described:
The secured data objects of trusted application program, safe storage service program and its generation are by trusted execution environments
Protection;
Safe storage service program to trusted application program provide secured data objects foundation and access, and call plus
Deciphering module secured data objects is encrypted and decrypted processing;
Secured data objects after encryption appoint the eMMC RPMB in performing environment to drive by the shared drive page and untrusted
Dynamic program is shared;
Untrusted appoints the eMMC RPMB drivers in performing environment to complete access and storage to eMMC RPMB subregions.
On a kind of secure data storage system, the processor for operating in ARM trust regions (TrustZone) technology of support,
And the embedded multi-media card (eMMC) of replay protection memory block (RPMB) subregion is used as storage medium, the system bag
Trusted application program is included, encryption/decryption module, safe storage service program, communication module, untrusted appoints operating system and eMMC
RPMB drivers;
The trusted application program is operated in trusted execution environments, by the user program of security context certification,
Access safety data object;
The encryption/decryption module is operated in trusted execution environments, is realized using driving hardware engine or software algorithm
Encryption and decryption functions;
The safe storage service program is operated in trusted execution environments, and safe number is provided to trusted application program
According to the establishment of object, reading, modification, the function of deleting or store;
The eMMC RPMB drivers operate in untrusted and appointed in performing environment, complete the reading to eMMC RPMB subregions
Write.
It can be seen that, secure data store method proposed by the present invention and system pass through the credible performing environments of ARM TrustZone
Generation and access to plaintext secure data object are controlled, and prevent from being read or being distorted by untrusted program;Encryption process
And its key used is isolated in trusted execution environments, it is impossible to appoint performing environment to obtain by untrusted;Peace after encryption
Full data object passes to the eMMC RPMB drivers in untrusted performing environment by shared drive, is driven by eMMC RPMB
Traverse completes the access and storage to eMMC RPMB subregions, so as to ensure the safety of data object.
Brief description of the drawings
Fig. 1 is existing secure data storage system and method block diagram;
Fig. 2 is the secure data storage system block diagram of the embodiment of the present invention one;
Fig. 3 is the secured data objects Stored Procedure figure in the embodiment of the present invention two;
Fig. 4 is that the secured data objects in the embodiment of the present invention two read flow chart.
Embodiment
The embodiment of the invention discloses a kind of secure data store method based on ARM TrustZone and system, it is applicable
In embedded devices of the eMMC with ARM TrustZone processors and comprising RPMB subregions as storage medium, including but
It is not limited only to smart mobile phone, tablet personal computer, intelligent television, top box of digital machine, Internet video player etc..The system includes can
Trust performing environment and untrusted appoints performing environment.
Wherein, the trusted execution environments include communication module, trusted application program, safe storage service program and
Encryption/decryption module.Trusted execution environments appoint performing environment shared processor time, its operating instruction and data quilt with untrusted
Safe memory headroom is placed in, by TrustZone IP insulation blocking, it is to avoid execution environment program malice is appointed by untrusted
Attack.
Wherein, the untrusted appoints performing environment to appoint operating system comprising untrusted, and untrusted appoints application program, eMMC
RPMB drivers.Untrusted appoints performing environment easily by various attacks, including is possessed the superuser execution of root authority
Illegal operation, such as modification instruction and reading user program memory pages.
It is preferred that, the communication module operates in the privileged mode of trusted execution environments, receives to appoint execution from untrusted
The request of environment and message transmission, and complete untrusted appoint between performing environment and trusted execution environments context switching,
Simultaneously by the mapping to the shared drive page, untrusted is supported to appoint the data between performing environment and trusted execution environments to be total to
Enjoy.
Further, during communication module can also complete untrusted times between performing environment and trusted execution environments
Disconnected forwarding, it is to avoid the influence that interrupt response latency is caused to respective running environment.
It is preferred that, the trusted application program, including executable ELF files and digital signature information can be from non-
Trusted execution environments send into trusted execution environments by shared drive, and signature inspection is carried out to it by trusted execution environments
Look into, carry out load and execution after being verified again.
It is preferred that, the safe storage service program, the user model run in trusted execution environments or privilege
Pattern.
It is preferred that, the safe storage service program, when receiving the establishment data object request of trusted application program,
Specific works step includes:
1) secured data objects of plaintext are created, and are stored in trusted execution environments.
2) encryption/decryption module is called, secured data objects are encrypted using symmetric cryptography mode.
3) software interrupt mode is used, notifies untrusted to appoint the eMMC RPMB drivers in performing environment, and reading is worked as
The block address of preceding available eMMC RPMB subregions and write count value.
4) according to RPMB data packet formats, data content is filled, random value and count value is write, and use preset key, led to
Cross HMAC SHA256 and calculate message authentication code (MAC).
5) the RPMB packets comprising the secured data objects after encryption and MAC value are inserted shared drive, and using soft
Part interrupt mode, notifies untrusted to appoint the eMMC RPMB drivers in performing environment.
It is preferred that, the safe storage service program, when receiving the modification data object request of trusted application program,
Specific works step includes:
1) the plaintext secure data object is searched in trusted execution environments, and is modified.
2) encryption/decryption module is called, amended secured data objects are encrypted using symmetric cryptography mode.
3) software interrupt mode is used, notifies untrusted to appoint the eMMC RPMB drivers in performing environment, and reading is worked as
The block address of preceding available eMMC RPMB subregions and write count value.
4) according to RPMB data packet formats, data content is filled, random value and count value is write, and use preset key, led to
Cross HMAC SHA256 and calculate message authentication code (MAC).
5) the RPMB packets comprising the secured data objects after encryption and MAC value are inserted shared drive, and using soft
Part interrupt mode, notifies untrusted to appoint the eMMC RPMB drivers in performing environment.
It is preferred that, the safe storage service program, when receiving the deletion data object request of trusted application program,
Specific works step includes:
1) the plaintext secure data object is searched in trusted execution environments, it is found in eMMC according to its mark
Block address in RPMB subregions.
2) software interrupt mode is used, notifies untrusted to appoint the eMMC RPMB drivers in performing environment, and reading should
EMMC RPMB subregions write count value.
3) according to RPMB data packet formats, fill empty data content, random value and write count value, and using preset close
Key, passes through Hash operation message authentication code (Hash-based Message Authentication Code, HMAC) SHA256
Calculate message authentication code (MAC).
4) the RPMB packets comprising empty data and MAC value are inserted shared drive, and uses software interrupt mode, led to
Know that untrusted appoints the eMMC RPMB drivers in performing environment.
5) the plaintext secure data object in trusted execution environments is deleted.
It is preferred that, the safe storage service program, when receiving the reading data object request of trusted application program,
Specific works step includes:
1) the plaintext secure data object is searched in trusted execution environments, if it is found, then directly returning to its data
Contents of object.
If 2) data object content is sky, using software interrupt mode, untrusted is notified to appoint in performing environment
EMMC RPMB drivers read secured data objects and eMMC RPMB subregions after the encryption in eMMC RPMB blockettes and returned
The message authentication code MAC returned, and insert shared drive.
3) according to RPMB data packet formats, using preset key, message authentication code is recalculated by HMAC SHA256
MAC, and compared with the MAC in shared drive, if it is inconsistent, abandoning the data, error result is returned to trusted application
Program.
If 4) consistent, encryption/decryption module is called, the secured data objects in shared drive are symmetrically decrypted.
5) secured data objects after decrypting, are added to the data object list in trusted execution environments, and data
Contents of object returns to trusted application program.
It is preferred that, the safe storage service program can also be when system starts, be notified by software interrupt mode
Untrusted appoints the eMMC RPMB drivers in performing environment, and the secured data objects on RPMB blockettes are disposably read in,
And be decrypted one by one, and be added to data after the inspection of completion message authentication code MAC value in trusted execution environments
List object.
It is preferred that, in above-mentioned steps, plaintext secure data object is searched in trusted execution environments, can be from caching
Or the datarams page is searched.
It is preferred that, the software interrupt mode in above-mentioned steps can be by being programmed reality to universal interrupt controller GIC
It is existing, on monokaryon or multi-core platform, it can be acted on by the interruption forwarding of communication module, complete untrusted and appoint performing environment
Quick response of the operating system to the interruption.
It is preferred that, the encryption/decryption module can come real by driving encryption and decryption hardware engine, or using software algorithm
Existing encryption and decryption functions.Encryption/decryption module is run in trusted execution environments, while its key, data buffer storage and internal memory for using
The page, by trusted execution environments insulation blocking, untrusted appoints performing environment not access.
It is preferred that, the embedded device injects before dispatching from the factory, it is necessary to carry out the programming of the keys of SHA 256 to eMMC RPMB;
Key injection programming is that single is effective, can not subsequently be modified again.
It is preferred that, the eMMC RPMB drivers operate in untrusted and appointed in performing environment, its job step includes:
1) when receiving credible performing environment software interrupt, its request type is checked.
2) when needing write-in secured data objects, read from the shared drive page comprising encrypted secured data objects
With the RPMB packets of MAC value, and eMMC RPMB subregion block address is write.
3) when needing to read secured data objects, read in from eMMC PRMB subregion block address comprising encrypted peace
The RPMB packets of full data object and MAC value, and write shared drive.
Wherein, the eMMC RPMB drivers itself do not manage key, can not also be obtained from eMMC RPMB subregions
The key having been injected into is taken, preset same key can not be obtained from trusted execution environments;Therefore, the eMMC RPMB
Driver can not use replacement data to produce the MAC value of forgery, can so avoid being cheated by the mode of man-in-the-middle attack
EMMC or trusted execution environments, it is ensured that the nonvolatile safe storage of data object.
It is preferred that, the untrusted appoints operating system and untrusted to appoint application program, operates in untrusted performing environment,
By TrustZone IP buffer action, it is impossible to access execute instruction in any trusted execution environments, data content or
Person's memory pages, therefore can not access or change perhaps any key information in the secured data objects of plaintext;And own
Secured data objects in shared drive, its content is encrypted state, is not exposed to untrusted and appoints in performing environment
Malicious application, it is ensured that the security isolation of data object during operation.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
Embodiment one:
Present embodiments provide a kind of secure data storage system based on ARM TrustZone.The system uses branch
Hold ARM TrustZone processor, and use support RPMB eMMC as memory, it is adaptable to as mobile phone, tablet personal computer,
The various consumer electronics embedded platforms such as DTV.Shown in Figure 2, the system software performing environment passes through ARM
TrustZone technologies appoint performing environment and trusted execution environments to be isolated into untrusted;Wherein, untrusted appoints performing environment bag
Include untrusted and appoint operating system (i.e. normal operating system) and eMMC RPMB drivers;Trusted execution environments include communication
Module, trusted application program, safe storage service program and encryption/decryption module are specifically included:
Normal operating system in the present embodiment, which is responsible for providing necessary system interface to various application programs, to be supported, in it
Core can handle various external device interrupts and software interrupt, and according to interrupt type, call registered driver.This
Embodiment is Linux or Android or other general-purpose operating systems.
EMMC RPMB drivers in the present embodiment operate in normal operating system kernel spacing, and its function is mainly wrapped
Include:
1) shared drive is registered in the communication module into trusted execution environments.
2) the normal operating system kernel in performing environment is appointed to register software interrupt handler to untrusted.
3) in processing routine of breaking in software, processing is read or write according to the requirement of trusted execution environments.
4) count value is write from the reading of eMMC RPMB subregions is currently valid, and notifies the safety in trusted execution environments
Storage service program.
5) shared drive is accessed, is read or RPMB bag data of the write packet containing the data object after encryption and MAC value.
6) read-write operation to eMMC RPMB blockette data is completed, the order of the RPMB defined in eMMC specifications is performed
With response flow, various error handles etc. are completed.
Trusted application program in the present embodiment is the application program Jing Guo safety certification, operates in trusted and performs ring
In border, digital copyright management drm service is included but are not limited to, the function such as user's certificate of authority management.The trusted application
Program, using the function of safe storage service program, is used during running to create, change, delete and preserve inside
Various secured data objects.
Safe storage service program in the present embodiment is operated in trusted execution environments, is carried to trusted application program
For service interface, its function mainly includes:
1) managed data object list is inserted there is provided the lookup to specified data object, the function such as deletion.
2) receive request to create of the trusted application program to secured data objects, and be added to data object list.
3) receive modification of the trusted application program to secured data objects to ask, and update the data list object.
4) data removal request of the trusted application program to secured data objects is received, and it is clear from data object list
Remove.
5) encryption/decryption module is called, the data object to be stored in data object list is encrypted.
6) count value is write according to what is read in from eMMC RPMB, constructs RPMB packets, calculate message authentication code MAC.
7) the RPMB packets comprising the secured data objects after encryption and MAC value are inserted shared drive, passes through software
Interrupt mode, notifies that untrusted performing environment eMMC RPMB drivers are stored.
8) data object and MAC after the encryption in shared drive reading eMMC RPMB subregions, according to RPMB packets
Form, calculates from new and checks whether its MAC is effective.
9) secured data objects after encryption are decrypted, and are added to data object list.
Encryption/decryption module in the present embodiment is the hardware enciphering and deciphering engine and its driver of on-chip system, is supported such as
The symmetrical encryption and decryption functions such as AES ECB/CTR/CBC, while supporting HMAC_SHA256 to calculate message authentication code.Real system
It can be software algorithm module.
Communication module in this implementation, its running environment is privileged mode trusty, and its function mainly includes:
1) request that untrusted appoints performing environment, the various command parameters of parsing general register transmission are received.
2) carry out untrusted and appoint the performing environment shared drive page re-mapping to trusted execution environments, carry out data and be total to
Enjoy.
3) various hardware or software interrupt in performing environment is appointed to forward trusted execution environments and untrusted, and
It is switched to the corresponding performing environment of the interruption and carries out interrupt processing.
Embodiment two
Present embodiments provide a kind of method of the secure data storage based on ARM TrustZone.
Fig. 3 is the flow chart of secured data objects establishment and storage in this example, and the step includes:
Step 301:In trusted execution environments, trusted application program sends the establishment of secured data objects, modification,
The request such as deletion.
Step 302:The processing that safe storage service program is responded according to the request type of trusted application program, tool
Body includes:
For request to create, secured data objects are searched, if there is no, then new secured data objects are created, it is no
Then return to failure;
For modification request, secured data objects are searched, if it is present, corresponding secured data objects are changed, it is no
Then return to failure;
For removal request, secured data objects are searched, if it is present, corresponding secured data objects are deleted, it is no
Then return to failure;
List object is updated the data, and result is returned to trusted application program.
Step 303:Periodically, safe storage service program uses AES key, to the secured data objects changed
Carry out symmetric cryptography, and can select the different masses pattern such as CBC/CTR/ECB as needed, after the completion of send software interrupt to non-
Credible performing environment eMMC RPMB drivers.
Step 304:Software interrupt is forwarded to untrusted by communication module and appoints the untrusted in performing environment to appoint operating system
In kernel, so as to call eMMC RPMB drivers, read RPMB and write count value, and insert shared drive.
Step 305:Safe storage service program according to RPMB data packet formats, to the secured data objects after encryption, with
Machine value and write count value, and use preset key, pass through HMAC SHA256 and calculate message authentication code (MAC).
Step 306:Safe storage service program is inserted complete packet in shared according to RPMB data packet formats
Deposit, and send software interrupt to the eMMC RPMB drivers in untrusted times performing environment.
Step 307:EMMC RPMB drivers read RPMB packets from shared drive, wherein including the peace after encryption
Full data object and MAC value, then write RPMB subregions.
Fig. 4 is the flow chart being read out to secured data objects, and the step includes:
Step 401:In trusted execution environments, trusted application program sends the read requests of secured data objects.
Step 402:Safe storage service program looks secured data objects, if it is present, directly returning to the safety
Data object.
Step 403:If there is no, then safe storage service program sends software interrupt and appoints performing environment to untrusted
In eMMC RPMB drivers.
Step 404:EMMC RPMB drivers read in packet from eMMC RPMB subregions, wherein after comprising encryption
Data object content and message authentication code MAC, and insert shared drive.
Step 405:Safe storage service program is recalculated to the data object content after encryption using preset key
Message authentication code MAC, and matching is checked whether, if mismatched, illustrate data exception, error result is returned to trusted application
Program.
Step 406:After MAC inspections are fitted through, safe storage service program needs to parse RPMB packets, to wherein adding
Close data object is decrypted after processing using AES key, is updated and is arrived data object list.
Step 407:Plaintext secure data object after decryption is returned to trusted application program by safe storage service program.
RPMB data packet formats and the idiographic flow for calculating message authentication code, refer in eMMC specifications to eMMC RPMB
Description.
Compared with prior art, the beneficial effects of the invention are as follows:By using ARM TrustZone technologies to trusted and
Untrusted appoints the separation of performing environment, and the encryption and decryption calculating process of secured data objects is isolated in trusted execution environments, and
And the key that uses of encryption process and clear data content are protected in believable memory pages, it is to avoid during operation by it is non-can
Trust the risk that performing environment is illegally stolen.Simultaneously when needing storage secured data objects, safe storage service program is can
Trust and preset key is used in performing environment, calculate and eMMC RPMB message authentication code MAC are provided, to ensure to eMMC RPMB
The legal write-in of subregion;When reading secured data objects, safe storage service program recalculates and compared eMMC RPMB's
Message authentication code MAC, it is to avoid data are illegally replaced.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.Herein
In apply specific case carried out by lock and has been stated for the principle and embodiment of the present invention, the explanation of above example is only intended to side
The method and its core concept of the assistant solution present invention;Simultaneously for those of ordinary skill in the art, the think of according to the present invention
Think, will change in specific embodiments and applications.In summary, this specification content should not be construed as pair
The limitation of the present invention.Any modification, equivalent substitution and improvements made within the spirit and principles of the invention etc., are included
Within the scope of the present invention.
Claims (27)
1. a kind of secure data store method, it is characterised in that the place suitable for supporting ARM trust region TrustZone technologies
Device is managed, and uses the embedded multi-media card eMMC for supporting replay protection memory block RPMB subregions as storage medium, the side
Method includes:
The secured data objects of trusted application program, safe storage service program and its generation are protected by trusted execution environments
Shield;
Safe storage service program provides the foundation and access of secured data objects to trusted application program, and calls encryption and decryption
Module secured data objects is encrypted and decrypted processing;
Secured data objects after encryption appoint the eMMC RPMB in performing environment to drive journey by the shared drive page and untrusted
Sequence is shared;
Untrusted appoints the eMMC RPMB drivers in performing environment to complete access and storage to eMMC RPMB subregions.
2. according to the method described in claim 1, it is characterised in that the trusted application program and safe storage service program
Operationally protected by trusted execution environments, its execute instruction can not be appointed the untrusted in performing environment to appoint application by untrusted
Program reads or changed.
3. according to the method described in claim 1, it is characterised in that the secured data objects are operationally performed by trusted
Environmental protection is in the memory pages of security isolation, and its clear data content can not be appointed the untrusted in performing environment by untrusted
Application program is appointed to read or change.
4. according to the method described in claim 1, it is characterised in that the safe storage service program is to trusted application program
The mode of foundation and access for providing secured data objects is:
Trusted application program calls the interface of safe storage service program, the safe number of dynamic creation in trusted execution environments
According to object, modification or deleting history secured data objects.
5. according to the method described in claim 1, it is characterised in that the safe storage service routine call encryption/decryption module pair
The mode that secured data objects are encrypted is:
Safe storage service program to secure data content carry out object encapsulation, using by trusted execution environments protect it is close
Key, and call encryption/decryption module to be encrypted.
6. method according to claim 5, it is characterised in that the mode of the encryption is symmetric cryptography mode.
7. method according to claim 6, it is characterised in that the key that the symmetric cryptography is used should for the trusted
It is privately owned close that the key or equipment used with the unsolicited key of program, the safe storage service program inside solidifies
Key.
8. according to the method described in claim 1, it is characterised in that the safe storage service program passes through software interrupt mode
Untrusted is notified to appoint the eMMC RPMB drivers in performing environment to read and currently write count value.
9. according to the method described in claim 1, it is characterised in that the safe storage service program is right the safety after encryption
Image data and count value is write according to RPMB packets fields forms, using preset key, and pass through Hash operation message authentication code
HMAC SHA256 algorithms calculate its message authentication code MAC, and construct complete RPMB packets.
10. method according to claim 9, it is characterised in that the preset key is stored in trusted execution environments
Safe storage service program inside, it is impossible to by untrusted appoint performing environment obtain.
11. method according to claim 9, it is characterised in that the safe storage service program is complete RPMB numbers
Shared drive is inserted according to bag, and notifies untrusted to appoint the untrusted in performing environment to appoint operating system by software interrupt.
12. method according to claim 11, it is characterised in that the untrusted appoints the untrusted in performing environment to appoint behaviour
Make after systems inspection software interrupt, call eMMC RPMB drivers, and copy the RPMB packets in shared drive, will
RPMB packets write eMMC RPMB subregions.
13. method according to claim 12, it is characterised in that the eMMC RPMB drivers do not allow to know use
To produce MAC preset key.
14. method according to claim 13, it is characterised in that eMMC equipment needs to complete preset key when dispatching from the factory
Injection, it is described to be injected to single effectively, it can not subsequently rewrite.
15. method according to claim 4, it is characterised in that trusted application program is carried in trusted execution environments
For secured data objects mark, the interface of safe storage service program is called, the secured data objects produced are accessed.
16. method according to claim 15, it is characterised in that the safe storage service program is according to secure data pair
As the local data object list caching in mark retrieval trusted execution environments, and subsequent treatment is carried out according to result.
17. method according to claim 16, it is characterised in that safe storage service program is in local data object list
The corresponding secured data objects of secured data objects mark are retrieved in caching, and the secured data objects are not invalid numbers
According to when, return to the data content required for trusted application program.
18. method according to claim 16, it is characterised in that safe storage service program is retrieved not in local cache
Corresponding secured data objects are marked to the secured data objects;Or can retrieve corresponding to secured data objects mark
Secured data objects, but its state is when being invalid data, notifies untrusted is appointed non-in performing environment by traps mode
Trusted operating system.
19. method according to claim 18, it is characterised in that the untrusted appoints the untrusted in performing environment to appoint behaviour
Received as system after traps, call eMMC RPMB drivers, from eMMCRPMB subregions read encryption after data object with
And the MAC value that eMMC RPMB subregions are returned, insert shared drive.
20. method according to claim 16, it is characterised in that safe storage service program is read from shared drive to be added
Close data object, and call encryption/decryption module that processing is decrypted, the plaintext secure data object after decryption is stored in credible
Appoint the memory pages in performing environment.
21. method according to claim 16, it is characterised in that safe storage service program returns to trusted application journey
The plaintext secure data object that sequence needs, and trusted application program is necessary to ensure that the plaintext secure data object content will not
Being exposed to untrusted appoints the untrusted in performing environment to appoint operating system or untrusted to appoint application program.
22. a kind of secure data storage system, it is characterised in that the system operation is supporting ARM trust regions TrustZone
On the processor of technology, and the embedded multi-media card eMMC of replay protection memory block RPMB subregions is used to be situated between as storage
Matter, the system includes trusted application program, and encryption/decryption module, safe storage service program, communication module, untrusted appoints behaviour
Make system and eMMC RPMB drivers;
The trusted application program is operated in trusted execution environments, by the user program of security context certification, is accessed
Secured data objects;
The encryption/decryption module is operated in trusted execution environments, is realized using driving hardware engine or software algorithm plus solution
Close function;
The safe storage service program is operated in trusted execution environments, and secure data pair is provided to trusted application program
The establishment of elephant, reading, modification, the function of deleting or store;
The eMMC RPMB drivers operate in untrusted and appointed in performing environment, complete the read-write to eMMC RPMB subregions.
23. system according to claim 22, it is characterised in that the communication module, completes trusted execution environments and arrives
Untrusted appoints the switching of performing environment, context to preserve and recover, and handles the mapping of the shared drive page, and interrupt it is non-can
Trust the forwarding between performing environment and trusted execution environments.
24. system according to claim 22, it is characterised in that the safe storage service program maintenance trusted is performed
There is provided the quick-searching function to secured data objects for environment local security data object list caching.
25. system according to claim 22, it is characterised in that the safe storage service program is responsible for calling encryption and decryption
Module, completes the function to the encrypted data objects decryption in shared drive, and be saved in local in trusted execution environments
Secured data objects list.
26. system according to claim 22, it is characterised in that the safe storage service program is responsible for calling encryption and decryption
Module, completes the function to the clear data object encryption of trusted execution environments memory pages, and insert in shared drive.
27. system according to claim 22, it is characterised in that the untrusted appoints operating system to appoint in untrusted
There is provided the basic running environment that untrusted appoints application program in performing environment, the interruption that safe storage service program is produced is responded
Processing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410619453.2A CN104392188B (en) | 2014-11-06 | 2014-11-06 | A kind of secure data store method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410619453.2A CN104392188B (en) | 2014-11-06 | 2014-11-06 | A kind of secure data store method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104392188A CN104392188A (en) | 2015-03-04 |
CN104392188B true CN104392188B (en) | 2017-10-27 |
Family
ID=52610090
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410619453.2A Active CN104392188B (en) | 2014-11-06 | 2014-11-06 | A kind of secure data store method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104392188B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110442462A (en) * | 2019-07-16 | 2019-11-12 | 阿里巴巴集团控股有限公司 | Multi-thread data transmission method and device in TEE system |
Families Citing this family (56)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106156229A (en) * | 2015-04-27 | 2016-11-23 | 宇龙计算机通信科技(深圳)有限公司 | The processing method of file, device and terminal in a kind of multiple operating system terminal |
CN104980338A (en) * | 2015-05-12 | 2015-10-14 | 上海斐讯数据通信技术有限公司 | Enterprise instant messaging security application system based on mobile intelligent terminal |
KR102130744B1 (en) * | 2015-07-21 | 2020-07-06 | 삼성전자주식회사 | Display device and Method for controlling the display device thereof |
CN106411814B (en) * | 2015-07-27 | 2019-12-06 | 深圳市中兴微电子技术有限公司 | policy management method and system |
CN105138930A (en) * | 2015-08-12 | 2015-12-09 | 山东超越数控电子有限公司 | Encryption system and encryption method based on TrustZone |
CN105068891B (en) * | 2015-08-14 | 2020-09-29 | Tcl移动通信科技(宁波)有限公司 | Method and terminal for repairing eMMC file |
CN105138904B (en) * | 2015-08-25 | 2018-06-15 | 华为技术有限公司 | A kind of access control method and device |
CN110457959B (en) * | 2015-09-10 | 2023-06-20 | 创新先进技术有限公司 | Information transmission method and device based on Trust application |
CN105260663B (en) * | 2015-09-15 | 2017-12-01 | 中国科学院信息工程研究所 | A kind of safe storage service system and method based on TrustZone technologies |
CN105447406B (en) * | 2015-11-10 | 2018-10-19 | 华为技术有限公司 | A kind of method and apparatus for accessing memory space |
CN105468980B (en) * | 2015-11-16 | 2018-07-03 | 华为技术有限公司 | The method, apparatus and system of a kind of security management and control |
CN105528554B (en) | 2015-11-30 | 2019-04-05 | 华为技术有限公司 | User interface switching method and terminal |
CN106845174B (en) * | 2015-12-03 | 2020-07-10 | 福州瑞芯微电子股份有限公司 | Application authority management method and system under security system |
CN106897584A (en) * | 2015-12-21 | 2017-06-27 | 上海交通大学 | Onboard system digital copyright management method and system based on architectural feature |
CN106936774B (en) * | 2015-12-29 | 2020-02-18 | 中国电信股份有限公司 | Authentication method and system in trusted execution environment |
CN105681882B (en) * | 2016-01-04 | 2019-04-19 | 华为技术有限公司 | Control method and device thereof, the control circuit of video output |
US11424931B2 (en) * | 2016-01-27 | 2022-08-23 | Blackberry Limited | Trusted execution environment |
CN107305607B (en) * | 2016-04-18 | 2019-12-03 | 大唐半导体设计有限公司 | One kind preventing the independently operated method and apparatus of backstage rogue program |
CN106056380A (en) * | 2016-05-27 | 2016-10-26 | 深圳市雪球科技有限公司 | Mobile payment risk control system and mobile payment risk control method |
CN106354687B (en) * | 2016-08-29 | 2020-01-03 | 珠海市魅族科技有限公司 | Data transmission method and system |
CN107808687B (en) * | 2016-09-08 | 2021-01-29 | 京东方科技集团股份有限公司 | Medical data acquisition method, processing method, cluster processing system and method |
CN106384042B (en) * | 2016-09-13 | 2019-06-04 | 北京豆荚科技有限公司 | A kind of electronic equipment and security system |
EP3534583B1 (en) | 2016-11-15 | 2021-01-06 | Huawei Technologies Co., Ltd. | Secure processor chip and terminal device |
CN106453398B (en) * | 2016-11-22 | 2019-07-09 | 北京安云世纪科技有限公司 | A kind of data encryption system and method |
CN107066331B (en) * | 2016-12-20 | 2021-05-18 | 华为技术有限公司 | TrustZone-based resource allocation method and equipment |
CN108268303A (en) * | 2017-01-03 | 2018-07-10 | 北京润信恒达科技有限公司 | A kind of operation requests method, apparatus and system |
CN108429719B (en) * | 2017-02-14 | 2020-12-01 | 华为技术有限公司 | Key protection method and device |
CN107103257B (en) * | 2017-05-16 | 2020-06-16 | 陕西国博政通信息科技有限公司 | Computer intrusion prevention method |
CN107426192A (en) * | 2017-06-29 | 2017-12-01 | 环球智达科技(北京)有限公司 | Method of data synchronization for multi-process |
CN109426742B (en) * | 2017-08-23 | 2022-04-22 | 深圳市中兴微电子技术有限公司 | Trusted execution environment-based dynamic management system and method for secure memory |
CN107545185A (en) * | 2017-08-24 | 2018-01-05 | 上海与德科技有限公司 | Android mobile terminal administration authority detection method, device, terminal and storage medium |
CN109783245B (en) * | 2017-11-13 | 2023-07-18 | 厦门雅迅网络股份有限公司 | Data interaction method and system based on dual-system shared memory |
CN108154032B (en) * | 2017-11-16 | 2021-07-30 | 中国科学院软件研究所 | Computer system trust root construction method with memory integrity guarantee function |
CN109905233B (en) * | 2017-12-08 | 2022-07-29 | 阿里巴巴集团控股有限公司 | Equipment data processing method and system |
CN108255644B (en) * | 2017-12-29 | 2021-12-31 | 北京元心科技有限公司 | File system recovery method and device |
KR102501776B1 (en) * | 2018-01-31 | 2023-02-21 | 에스케이하이닉스 주식회사 | Storage device and operating method thereof |
CN108270574B (en) * | 2018-02-11 | 2021-02-09 | 浙江中控技术股份有限公司 | Safe loading method and device for white list library file |
KR20190099693A (en) * | 2018-02-19 | 2019-08-28 | 에스케이하이닉스 주식회사 | Memory system and operating method thereof |
EP3788518A1 (en) * | 2018-04-30 | 2021-03-10 | Google LLC | Managing enclave creation through a uniform enclave interface |
EP3787219A4 (en) * | 2018-06-14 | 2021-04-28 | Huawei Technologies Co., Ltd. | Key processing method and device |
WO2020000491A1 (en) * | 2018-06-30 | 2020-01-02 | 华为技术有限公司 | File storage method and apparatus, and storage medium |
CN109063516B (en) * | 2018-07-27 | 2020-12-04 | 杭州中天微系统有限公司 | Data processor |
CN111105777B (en) * | 2018-10-25 | 2023-10-31 | 阿里巴巴集团控股有限公司 | Voice data acquisition and playing method and device, key package updating method and device and storage medium |
CN109558743A (en) * | 2018-11-27 | 2019-04-02 | 广州供电局有限公司 | Data guard method, device, computer equipment and the storage medium of mobile terminal |
WO2020186457A1 (en) * | 2019-03-19 | 2020-09-24 | 华为技术有限公司 | Authentication method and apparatus for ip camera |
CN110266651B (en) * | 2019-05-28 | 2021-07-13 | 创新先进技术有限公司 | Internet of things equipment and method for same |
CN110399235B (en) | 2019-07-16 | 2020-07-28 | 阿里巴巴集团控股有限公司 | Multithreading data transmission method and device in TEE system |
CN110427274B (en) * | 2019-07-16 | 2020-07-17 | 阿里巴巴集团控股有限公司 | Data transmission method and device in TEE system |
US11003785B2 (en) | 2019-07-16 | 2021-05-11 | Advanced New Technologies Co., Ltd. | Data transmission method and apparatus in tee systems |
US10699015B1 (en) | 2020-01-10 | 2020-06-30 | Alibaba Group Holding Limited | Method and apparatus for data transmission in a tee system |
CN110443078B (en) * | 2019-07-19 | 2021-05-28 | 南京芯驰半导体科技有限公司 | Security storage system based on privilege hierarchy |
CN110704839A (en) * | 2019-08-05 | 2020-01-17 | 慧镕电子系统工程股份有限公司 | Data encryption protection method based on national cryptographic algorithm |
CN110598384B (en) * | 2019-09-16 | 2022-02-22 | Oppo(重庆)智能科技有限公司 | Information protection method, information protection device and mobile terminal |
CN111143857B (en) * | 2019-12-27 | 2022-04-22 | 达闼机器人有限公司 | Data sharing method, robot controller and storage medium |
CN113239347B (en) * | 2021-06-18 | 2022-06-28 | 上海交通大学 | Starting method and device suitable for TEE security application example |
CN113810382B (en) * | 2021-08-24 | 2023-07-11 | 东北大学秦皇岛分校 | Ciphertext loading method for resisting SGX side channel attack |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101477612A (en) * | 2008-01-02 | 2009-07-08 | Arm有限公司 | Protecting the security of secure data sent from a central processor for processing by a further processing device |
CN104091135A (en) * | 2014-02-24 | 2014-10-08 | 电子科技大学 | Intelligent terminal safety system and safety storage method |
-
2014
- 2014-11-06 CN CN201410619453.2A patent/CN104392188B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101477612A (en) * | 2008-01-02 | 2009-07-08 | Arm有限公司 | Protecting the security of secure data sent from a central processor for processing by a further processing device |
CN104091135A (en) * | 2014-02-24 | 2014-10-08 | 电子科技大学 | Intelligent terminal safety system and safety storage method |
Non-Patent Citations (1)
Title |
---|
ARM TrustZone安全隔离技术研究与应用;王熙友;《中国优秀硕士学位论文全文数据库 信息科技辑》;20140115;I136-387 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110442462A (en) * | 2019-07-16 | 2019-11-12 | 阿里巴巴集团控股有限公司 | Multi-thread data transmission method and device in TEE system |
Also Published As
Publication number | Publication date |
---|---|
CN104392188A (en) | 2015-03-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104392188B (en) | A kind of secure data store method and system | |
EP3314808B1 (en) | Binding a trusted input session to a trusted output session | |
US11218299B2 (en) | Software encryption | |
CA2481569C (en) | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function | |
US7136488B2 (en) | Microprocessor using asynchronous public key decryption processing | |
EP2696305B1 (en) | Method and device for file protection | |
WO2022028289A1 (en) | Data encryption method and apparatus, data decryption method and apparatus, terminal, and storage medium | |
US20090019290A1 (en) | Method and central processing unit for processing encrypted software | |
CN104335548A (en) | Secure data processing | |
WO2017105704A1 (en) | Bidirectional cryptographic io for data streams | |
JP4282472B2 (en) | Microprocessor | |
CN103532712B (en) | digital media file protection method, system and client | |
CN109697366A (en) | A kind of Android file transparent encipher-decipher method based on hook | |
US9122504B2 (en) | Apparatus and method for encryption in virtualized environment using auxiliary medium | |
US20220206961A1 (en) | Architecture, system and methods thereof for secure computing using hardware security classifications | |
CN111542050B (en) | TEE-based method for guaranteeing remote initialization safety of virtual SIM card | |
EP3009952A1 (en) | System and method for protecting a device against attacks on procedure calls by encrypting arguments | |
CN107122678A (en) | Protect the method and device of product parameters | |
Szefer | Memory protections | |
CN117150521A (en) | Transparent encryption and decryption method and device for universal encryption card | |
CA2638955C (en) | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |