CN105007285B - A kind of cryptographic key protection method and safety chip based on physics unclonable function - Google Patents
A kind of cryptographic key protection method and safety chip based on physics unclonable function Download PDFInfo
- Publication number
- CN105007285B CN105007285B CN201510510396.9A CN201510510396A CN105007285B CN 105007285 B CN105007285 B CN 105007285B CN 201510510396 A CN201510510396 A CN 201510510396A CN 105007285 B CN105007285 B CN 105007285B
- Authority
- CN
- China
- Prior art keywords
- key
- seed
- equipment
- sig
- tied
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of cryptographic key protection method based on physics unclonable function, step includes key registration phase, cipher key reconstruction stage.Key registration phase is typically in the device fabrication stage, for device keys to be tied to equipment using the physics unclonable function in equipment.The cipher key reconstruction stage is in equipment service stage, the key being tied in equipment for calculating registration phase.The present invention may also include the key updating stage, and the key updating stage is for updating device keys.The present invention can be the multiple keys of binding of equipment safety, and ensure that the leakage of a key does not interfere with the safety of other keys, in addition, the present invention provides key updating mechanism, permission updates device keys in the case where being changed without device hardware.
Description
Technical field
The present invention relates to the cryptographic key protection method in information security field, more particularly to using physics in chip or equipment
Unclonable function (Physical Unclonable Function, PUF) enhance key safety cryptographic key protection method with
And the safety chip based on physics unclonable function.
Background technology
In contemporary cryptology, key is the core of the cryptographic functions such as digital signature, authentication, encryption and decryption, secure communication
The heart, once key is obtained by attacker, the safety of above-mentioned cryptographic functions will be unable to be guaranteed.It can be seen that key
In the importance of information safety system.And with the rise of the business closely related with safety such as e-commerce, banking,
Cryptographic key protection becomes more and more important in advanced information society.At present the basic ideas of protection key be using special circuit or
Person's hardware store key, is then provided out cryptographic functions interface.The main purpose of this thinking is by the operation ring of key
Border is isolated with the running environment of normal codes so that attacker can not directly obtain key.Product form relatively common at present
For secure hardware, for example, credible platform module (Trusted Platform Module, TPM), USB Key, security token plus
Close card etc..In the scene relatively high to volume requirement such as smart mobile phone, key is integrated in the system on chip (System of mobile phone
On Chip, SoC) it is internal, corresponding cryptographic functions circuit is also integrated on mobile phone SoC simultaneously and is called for mobile phone.
Because the usage scenario of key requires key to remain able to be continuing with after equipment is restarted, generally will at present
Key is solidificated in secure hardware or circuit, is stored in the power down non-volatile memories such as ROM or EEPROM Jie under normal conditions
In matter.This storage mode, which is equivalent to, is solidificated in key on circuit, and when use directly invokes.But as attacker's physics is attacked
The enhancing of ability is hit, has occurred the method for various direct attack safety chips now, including half intrusive mood is attacked and invaded
Enter formula attack etc..These attacks are invaded by superfine probe inside chip or circuit, and chip interior storage is then directly read
Data.Many attackers disclose attack case, such as the TPM safety for just having U.S. hacker to break through Infineon for 2010
Chip obtains the key of chip interior.In order to resist physical attacks, safety chip producer is in confidential data storage region portion
The sensor of administration's detection physical environment variation (such as pressure, physical damage, temperature etc.), once find that physical environment changes
(i.e. the behavior of physical attacks person) destroys the confidential data in storage region at once.This mode significantly increases chip
Manufacturing cost and design difficulty, and with the upgrading of attack means, the strong attacker of ability still can break through safety chip.
The main reason for above-mentioned cryptographic key protection mode is easy to be broken is to need permanent storage key, be attacked to give
The more attack opportunity of the person of hitting.In order to overcome drawbacks described above, Information Security Industry circle and academia to propose new cryptographic key protection
Method:Physics unclonable function (PUF).PUF is a kind of physical assemblies, this class component can generate after by external excitation
One response with fingerprint characteristic:Different components is formed by response independently of each other, but same components are repeatedly identical
The lower response generated of excitation is almost the same.The algorithm of key is protected to be known as Fuzzy extractor algorithm using PUF, including two ranks
Section:Registration phase and reconstruction stage.
1, in registration phase, equipment production firm generates the key that be tied in this equipment, this key is used
The encryption algorithm of error correcting code generates a code word, and the fingerprint of this code word and PUF in equipment, which is then carried out xor operation, obtains
Auxiliary data is finally stored in equipment by auxiliary data.Note that this auxiliary data does not need secure storage.
2, the PUF in reconstruction stage, user's excitation set obtains device-fingerprint, with the auxiliary data being stored in equipment
It carries out exclusive or and obtains a code word with " noise ", this code word is subjected to error correction by the decoding algorithm of error correcting code, obtains factory
Quotient is tied to the key of this equipment in registration phase.User can delete key after using careful key, reduce being leaked
Risk.
By can be seen that the fingerprint of PUF is equivalent to a mask of key to the description of Fuzzy extractor algorithm above,
As long as being unable to get finger print information, auxiliary data is equivalent to random number for attacker, and attacker can not just obtain any
Information in relation to key.Although the above method improves the safety of traditional secrete key storage mode, still have as follows not
Foot:
1, the key of protection is directly used the encoding operation operation of error correcting code by the existing cryptographic key protection method based on PUF
Code word is obtained, then uses the fingerprint of PUF to carry out mask to code word and operates to protect key.In this guard method, one
Some shielded key plain of denier is obtained by attacker, then attacker can first encode key, is then used
Auxiliary data is operated to obtain the fingerprint of PUF with the code word after key coding.And attacker once obtains the fingerprint of PUF, just
All keys of this PUF protections can be calculated:Using fingerprint key is obtained with by the auxiliary data progress exclusive or of protection key
Code word, key is then calculated by the decoding algorithm of error correcting code.That is, the leakage of a key can influence other
The safety of key.And in actual scene, attacker is possible to break through key, than if any usage scenario in, PUF
It calculates and key is directly passed into unsafe computing environment or key after key is attacked in use by energy
The side-channel attacks such as analysis are hit, in these cases, attacker is likely to directly obtain the plaintext of key.
2, lack key updating mechanism.Key updating mechanism is the current main means for resisting side-channel attack, Er Qiemi
Key update mechanism allows the security intensity of oneself key of the promotion of user flexibility, improves the safety of whole system, and existing
Fuzzy extractor algorithm can not even provide this function.
Invention content
To solve safety problem existing for existing cryptographic key protection method, the present invention provides a kind of based on the unclonable letter of physics
The cryptographic key protection method of number PUF so that do not influence the safety of other keys after single Key Exposure, the present invention does not protect directly
Key is protected, but protects the seed of an export key, seed is deleted immediately after exporting key.
The present invention provides a kind of cryptographic key protection method based on physics unclonable function, including key registration phase, close
Key reconstruction stage, key registration phase are in the device fabrication stage, and equipment vendors or user can not using physics at this stage
Clone's function is one key of apparatus bound, and the cipher key reconstruction stage is in user and uses the equipment stage, is recalculated for equipment close
Key registration phase is tied to the key of the equipment.
S1, key registration phase:
S11:A key seed Seed is selected for equipment, and preserves the two of device numbering ID and key seed Seed compositions
Tuple<ID,Seed>;
S12:Key seed Seed is encoded using the encryption algorithm of error correction code algorithms to obtain corresponding code word C;
S13:Fingerprint R and code word C are carried out xor operation by the fingerprint R for reading the physics unclonable function PUF in equipment
Auxiliary data H is obtained, and auxiliary data H is stored in non-volatile memories;It should be noted that the present invention does not limit this
Step calculates the way of realization of auxiliary data H, for example the function that can will calculate and store H is integrated in equipment, is directly invoked and is connect
Mouth can be completed;
S14:(1) if it is unsymmetrical key to be tied in equipment, and safety certificate is issued for the unsymmetrical key,
Then key seed Seed is operated using encryption key generating algorithms KG, obtains being tied to the unsymmetrical key pair in equipment<Pk,
Sk>, wherein Pk is public key, and Sk is private key, and safety certificate is stored in non-volatile memories, wherein encryption key generating algorithms
KG is that unsymmetrical key generates algorithm, and key seed Seed is the random number seed of the algorithm;
It is worth noting that, generate unsymmetrical key and symmetric key algorithm, all with cryptography one-way, i.e., from
Key seed Seed calculates unsymmetrical key or symmetric key is easier, but from cipher key calculation key seed Seed multinomial
It is impossible in the formula time;
(2) if it is symmetric key to be tied in equipment, encryption key generating algorithms KG is key derivation functions KDF, close
Seeds of the key seed Seed as key derivation functions KDF, symmetric key K=KG (Seed);
S2, cipher key reconstruction stage:
S21:Read the fingerprint R ' in physics unclonable function PUF, then be stored in it is auxiliary in non-volatile memories
It helps data H to carry out xor operation, obtains a code word C ' with noise;
S22:C ' is decoded using the decoding algorithm of error correction code algorithms, the noise of C ' is eliminated in decoding process, most
Output key registration phase is tied to the key seed Seed of this equipment afterwards;
S23:Key seed Seed is operated using encryption key generating algorithms KG to obtain key, then deletes key
Seed。
To solve the defect that the prior art lacks key updating mechanism, the invention also includes the key updating stages, in the rank
Section is equipment Binding key again, is included the following steps:
S31:A random challenge number N is sent to equipment;If what equipment preserved is unsymmetrical key, private key Sk is used
Signature Sig=SIG (Sk, N | | ID) is carried out to random challenge number N and device numbering ID;If what equipment preserved is symmetric key,
Symmetric key K is then used to carry out HMAC operations Sig=HMAC (K, N | | ID) to random challenge number N and device numbering ID;It exports again
Sig and device numbering ID;Wherein, symbol | | indicate the series connection of N and ID;
S32:Corresponding key seed Seed is obtained according to device numbering ID, then key seed Seed is used to export key,
It is whether legal with key authentication Sig;If Sig is legal, S33 is entered step, otherwise stops key updating operation;
S33:Into key registration phase, step S11-S14 is executed, wherein in the process of implementation, delete key updating rank
It is stored before section<ID,Seed>Two tuples.
Preferably, the step S32 is specially:
If it is symmetric key to be tied in equipment, symmetric key K is exported with key seed Seed, calculates HMAC
(K, N | | ID), it is whether legal using HMAC (K, N | | ID) verification Sig;
If it is unsymmetrical key to be tied in equipment, with key seed Seed export unsymmetrical key to (Pk,
Sk), then use public key Pk verifications Sig whether legal, alternatively, directly acquiring the public key Pk or safety certificate of equipment, utilize the public affairs
Whether the public key verifications Sig in key Pk or safety certificate is legal.
Preferably, it is the multiple keys of apparatus bound by repeating the step S11-S14 of key registration phase.
The present invention also provides a kind of safety chips based on physics unclonable function, it is characterised in that:Draw including HMAC
It holds up, symmetric cryptography engine, public key cryptography engine, randomizer, enforcement engine, non-volatile memories, cipher key calculation engine;
For calculating message authentication code, used key is generated the HMAC engines by cipher key calculation engine;
The symmetric cryptography engine is for executing the encrypt and decrypt operation based on symmetric cryptographic technique, used key
It is generated by cipher key calculation engine;
The public key cryptography engine is used to execute encryption, decryption and digital signing operations based on public key cryptography technology,
Used key is generated by cipher key calculation engine;
The randomizer is for generating the random number needed in safety chip calculating process;
The enforcement engine is the operation execution unit of safety chip;
The non-volatile memories include the supplementary number of help cipher key calculation engine generation key for storing permanent data
According to;
The cipher key calculation engine calculates safety chip using the auxiliary data of non-volatile memories and the fingerprint of PUF and needs
Key, which includes that physics unclonable function PUF, the decoding algorithm of error correction code algorithms and key generate
Algorithm.
The volatile storage is used to preserve ephemeral data when safety chip operation.
Safety chip provided by the invention based on physics unclonable function passes through key registration phase, key reconsul respectively
The structure stage carries out key bindings, cipher key calculation;
The key registration phase includes:
S11:A key seed Seed is selected for safety chip, and preserves safety chip number ID and key seed Seed
Two tuples of composition<ID,Seed>;
S12:Key seed Seed is encoded using the encryption algorithm of error correction code algorithms to obtain corresponding code word C;
S13:The fingerprint R that the physics unclonable function PUF on safety chip is read by cipher key calculation engine, by fingerprint R
Xor operation is carried out with code word C and obtains auxiliary data H, and auxiliary data H is stored in non-volatile memories;
S14:(1) if it is unsymmetrical key to be tied on safety chip, and safety is issued for the unsymmetrical key
Certificate then operates key seed Seed using encryption key generating algorithms KG, obtains being tied to asymmetric on safety chip
Key pair<Pk,Sk>, wherein Pk is public key, and Sk is private key, and safety certificate is stored in non-volatile memories, wherein close
It is that unsymmetrical key generates algorithm that key, which generates algorithm KG, and key seed Seed is the random number seed of the algorithm;
(2) if it is symmetric key to be tied on safety chip, encryption key generating algorithms KG is key derivation functions
The seed of KDF, key seed Seed as key derivation functions KDF, by symmetric key K=KG (Seed);
S2, cipher key reconstruction stage:
S21:The fingerprint R ' and non-volatile memories in physics unclonable function PUF are read by cipher key calculation engine
On auxiliary data H, fingerprint R ' and auxiliary data H is then subjected to xor operation, obtains a code word C ' with noise;
S22:The decoding algorithm of the error correction code algorithms of cipher key calculation engine internal is decoded C ', disappears in decoding process
Except the noise of C ', the key seed Seed that key registration phase is tied to this safety chip is finally exported;
S23:Key seed Seed is operated using encryption key generating algorithms KG to obtain key, then deletes key
Seed。
To solve the problems, such as key updating, which is also subject to the key updating stage, to the key in safety chip into
Capable to update, the key updating stage includes:
S31:A random challenge number N is sent to safety chip;If what safety chip preserved is unsymmetrical key,
HMAC engines carry out signature Sig=SIG (Sk, N | | ID) using private key Sk to random challenge number N and safety chip number ID;Such as
What fruit safety chip preserved is symmetric key, then HMAC engines number random challenge number N and safety chip using symmetric key K
ID progress HMAC operations Sig=HMAC (K, N | | ID);Sig and safety chip number ID are exported again;Wherein, symbol | | indicate N and
The series connection of ID;
S32:Corresponding key seed Seed is obtained according to safety chip number ID, then uses key seed Seed export close
Key, it is whether legal with key authentication Sig;If Sig is legal, S33 is entered step, otherwise stops key updating operation;
S33:Into key registration phase, step S11-S14 is executed, wherein in the process of implementation, delete key updating rank
It is stored before section<ID,Seed>Two tuples.
Preferably, the step S32 is specially:
If it is symmetric key to be tied on safety chip, symmetric key K is exported with key seed Seed, is calculated
HMAC (K, N | | ID), it is whether legal using HMAC (K, N | | ID) verification Sig;
If it is unsymmetrical key to be tied on safety chip, unsymmetrical key pair is exported with key seed Seed
Whether (Pk, Sk) then uses public key Pk verifications Sig legal, alternatively, the public key Pk or safety certificate of safety chip are directly acquired,
It is whether legal using the public key verifications Sig in public key Pk or safety certificate.
Preferably, the safety chip can repeat step S11-S14 and bind multiple keys.
Advantageous effect:The fingerprint of physics unclonable function PUF is not in cryptographic key protection method provided by the present invention
Key is directly protected, but protects the key seed of an export key, key seed is deleted immediately after exporting key, therefore
Even if key is broken through by attacker in use, due to the one-way of key schedule KG, attacker can not be led
Go out the key seed of key, to which the fingerprint R of PUF can not be calculated using auxiliary data, therefore protects the peace of other keys
Quan Xing.On the other hand, the present invention also provides a kind of key updating mechanism, need not more equipment can be replaced by exchange device in user
Key has saved cost, and equipment manufacturers or user can be based on this mechanism and dispose key updating strategy, prevent side channel from attacking
Hit or promoted the security intensity of key.
Description of the drawings
Fig. 1 is cryptographic key protection method configuration diagram of the present invention;
Fig. 2 is safety chip Organization Chart of the present invention;
Fig. 3 is to be put down using the trust computing that cryptographic key protection method of the present invention is realized on ARM TrustZone platforms
Rack composition.
Specific implementation mode
Embodiment one
In conjunction with Fig. 1, safety chip as shown in Figure 2, including volatile storage, HMAC engines, symmetric cryptography engine, public key
Cipher engine, randomizer, enforcement engine, non-volatile memories (Non-volatile Memory, NVM), cipher key calculation
The components such as engine.Safety chip can undergo key registration phase and cipher key reconstruction stage in its whole life cycle, it is also possible to
Undergo the key updating stage.
Ephemeral data when volatile storage is for preserving safety chip operation.
For calculating message authentication code, used key is generated HMAC engines by cipher key calculation engine.
Symmetric cryptography engine is for executing the encrypt and decrypt operation based on symmetric cryptographic technique, and used key is by close
Key computing engines generate.
Public key cryptography engine is made for executing encryption, decryption and digital signing operations based on public key cryptography technology
Key is generated by cipher key calculation engine.
Randomizer is for generating the random number needed in chip calculating process.
Enforcement engine is the operation execution unit of safety chip.
Non-volatile memories include the auxiliary data of help cipher key calculation engine generation key for storing permanent data.
Cipher key calculation engine is calculated using the auxiliary data of non-volatile memories and the fingerprint of physics unclonable function PUF
Safety chip need key, cipher key calculation engine include physics unclonable function PUF, error correction code algorithms decoding algorithm with
And key schedule.Wherein key schedule may include a variety of key schedules, such as AES key generating algorithm,
RSA key generating algorithm.
The key registration phase of safety chip experience is in the chip manufacturing stage, and chip manufacturer will be close by following steps
Key is tied on chip:
S11:Chip manufacturer is that safety chip randomly chooses a key seed Seed, preserves the number ID of safety chip
With two tuples of Seed compositions<ID,Seed>;
S12:Chip manufacturer encodes key seed Seed using the encryption algorithm of error correction code algorithms and is corresponded to
Code word C;
S13:Code word C is passed to safety chip by chip manufacturer by interface, circuit (the key meter inside safety chip
Calculate engine) the fingerprint R that reads physics unclonable function PUF, R and C is then subjected to xor operation and obtains auxiliary data H, and
H is stored in non-volatile memories;
S14:If chip manufacturer is unsymmetrical key to chip bonding, and thinks that chip issues a safety thus
Certificate is bound then chip manufacturer operates Seed using encryption key generating algorithms KG (Key Generation)
To the unsymmetrical key pair of chip<Pk,Sk>, wherein wherein Pk is public key, Sk is private key, and KG is that unsymmetrical key generates algorithm,
Then safety certificate is calculated with the signature key of oneself, and safety certificate is saved in the non-volatile memories of chip;If
It is symmetric key to be tied on safety chip, then encryption key generating algorithms KG is key derivation functions KDF (Key Derivation
Function), seeds of the key seed Seed as key derivation functions KDF, symmetric key K=KG (Seed);
S15:Chip manufacturer can repeat above-mentioned S11 to S14 steps, and multiple keys are bound for safety chip.
Can also be safety chip Binding key by user's operating procedure S11-S14.
The cipher key reconstruction stage of safety chip experience is in user's service stage, and user is in use if necessary to close
Key, then just cipher key calculation engine is called to calculate key in accordance with the following steps:
S21:Cipher key calculation engine reads the fingerprint R ' of physics unclonable function PUF and the auxiliary of non-volatile memories
R ' and H is carried out exclusive or and obtains a code word C ' with noise by data H;
S22:The decoding algorithm of the error correction code algorithms of cipher key calculation engine internal is decoded C ' to obtain key registration rank
Section is tied to the key seed Seed on chip;The noise of C ' is eliminated in decoding process;
S23:Key produces algorithm KG and generates the key that user needs using key seed Seed, then deletes key seed
Seed.If be tied to chip is unsymmetrical key, the key that algorithm production user needs is generated using unsymmetrical key;
If be tied to chip is symmetric key, the key that user needs is generated using key derivation functions KDF.
The key updating stage of safety chip experience, steps are as follows for being updated to the key of equipment:
S31:Chip manufacturer sends a challenge random number N to chip;
S32:If chip bonding is symmetric key, challenge random number N and safety chip are numbered using symmetric key K
ID is HMAC operation Sig=HMAC (K, N | | ID);If chip bonding is unsymmetrical key, using private key Sk to challenge with
Machine number N and safety chip number ID carries out signature Sig=Sig (Sk, N | | ID).Then safety chip is by itself number ID and Sig
It is sent to chip manufacturer;Wherein, symbol | | indicate the series connection of N and ID;
S33:Chip manufacturer chip number ID safe to use is tied to the key on safety chip from inquiry in database
Whether then seed Seed uses the key of key seed Seed export chip, legal with key authentication Sig, if legal after
It is continuous, otherwise stop key updating operation;
Specific verification method is as follows:If it is symmetric key to be tied on safety chip, led with key seed Seed
Go out symmetric key K, calculates HMAC (K, N | | ID), whether the Sig that verification safety chip is sent is legal;If being tied to safe core
On piece is unsymmetrical key, then uses key seed Seed to export unsymmetrical key to (Pk, Sk), be then with Pk verifications Sig
It is no legal, or the Pk of itself or safety certificate are directly sent to by manufacturer by safety chip in step s 32, manufacturer directly makes
With the public key verifications Sig in Pk or safety certificate, so that manufacturer need not recalculate (Pk, Sk).
S34:Chip manufacturer run S11 to S14 steps, if bind be symmetric key, calculate new key with
And new auxiliary data H ', and auxiliary data H ' is sent to safety chip;If binding is unsymmetrical key, calculate new
Key, new safety certificate and new auxiliary data H ', new safety certificate and auxiliary data H ' are then sent to core
Piece;Wherein, in S11 steps before deletion key updating<ID,Seed>Two tuples;
S35:H ', safety certificate (if binding is unsymmetrical key) are stored in non-volatile memories by safety chip
On.
Embodiment two
Embodiment one describes how cryptographic key protection method provided by the present invention is applied on hardware, embodiment two
Describe how cryptographic key protection method provided by the present invention is deployed in the performing environment of isolation in the form of software.
In conjunction with Fig. 1, it is illustrated in figure 2 credible calculating platform, running environment is by ARM TrustZone technology insulations Cheng Pu
The logical world and safer world, safer world bottom run the secure operating system of a lightweight, are transported on secure operating system
The security service, such as authentication, banking and data encryption etc. of some security sensitives of row;Common world bottom is run
Common operating system, such as Android, Linux, Windows8 etc., run various application programs thereon.For the sake of security, general
The security service that the application program in the logical world gives the operation (certification, digital signature etc.) of those security sensitives safer world comes
It executes, such external attacker can not obtain the data of security sensitive controlling common world.Common generation for convenience
The calling interface of security service can be packaged into TrustZone easy to use by the application call security service on boundary
ClientAPI (such as TEE Client API specifications of GlobalPlatform releases), these API Calls operating systems
TrustZone drives to complete the calling to security service.The security service of TrustZone safer worlds needs in the process of running
The support of cryptographic functions is wanted, and cryptographic functions be unable to do without key, are described below and how to be protected using key provided by the invention
Maintaining method provides key storage and key updating function for the TrustZone security services being isolated.Wherein key storage function packet
Containing two stages of key hierarchy and cipher key reconstruction.
Key registration phase operates in the device fabrication stage, and steps are as follows:
S11:Manufacturer is that equipment randomly chooses a key seed Seed, preserves the number ID and key Seed groups of equipment
At two tuples<ID,Seed>;
S12:Manufacturer encodes key seed Seed using the encryption algorithm of error correction code algorithms to obtain corresponding code
Word C;
S13:Manufacturer reads the fingerprint R of physics unclonable function PUF in equipment, and R and C is then carried out xor operation
Auxiliary data H is obtained, and H is stored in the non-volatile memories (Non-volatile Memory, NVM) of equipment, such as
Flash or SD card;
S14:If manufacturer's binding is unsymmetrical key, and thinks that equipment issues a safety certificate thus, then
Manufacturer operates key seed Seed using encryption key generating algorithms KG (Key Generation), obtains being tied to equipment
Unsymmetrical key pair<Pk,Sk>, wherein wherein Pk is public key, Sk is private key, and KG is that unsymmetrical key generates algorithm, is then used
The signature key of oneself calculates certificate, and certificate is saved in the non-volatile memories of equipment;If being tied to safety chip
On be symmetric key, then encryption key generating algorithms KG be key derivation functions KDF, key seed Seed is as key derivation functions
The seed of KDF (Key Derivation Function), symmetric key K=KG (Seed);
S15:Manufacturer's S11 to S14 steps that can rerun bind multiple keys.
Cipher key reconstruction stage running generates for the security service of safer world close in accordance with the following steps in equipment service stage
Key:
S21:Secure operating system reads the fingerprint R ' and non-volatile memories of physics unclonable function PUF in equipment
Auxiliary data H, R ' and H are subjected to the exclusive or code word C ' with noise that obtains one;
S22:The error correcting code decoding algorithm of secure operating system is decoded to obtain the key bindings stage to C ' and is tied to and sets
Standby upper key seed Seed eliminates the noise of code word C ' in decoding process;
S23:KG algorithms generate the key of user's needs using key seed Seed and give cryptographic functions library, then delete
Except key seed Seed.If be tied to equipment is unsymmetrical key, generates algorithm using unsymmetrical key and produce user
The key needed;If be tied to equipment is symmetric key, the close of user's needs is generated using key derivation functions KDF
Key.
Key updating is for being updated the key of equipment, and steps are as follows:
S31:Manufacturer sends a challenge random number N to equipment;
S32:If apparatus bound is symmetric key, HMAC operations are done to N and device numbering ID using symmetric key K
Sig=HMAC (K, N | | ID);If apparatus bound is unsymmetrical key, N and device numbering ID are signed using private key Sk
Name Sig=Sig (Sk, N | | ID).Then itself number ID and Sig are sent to manufacturer by equipment;Wherein, symbol | | indicate N and
The series connection of ID;
S33:Manufacturer inquires the key seed Seed being tied on chip using device numbering in the database, then uses
The key of key seed Seed export chips, it is whether legal with key authentication Sig, continue if legal, otherwise stops key
Update operation;
Specific verification method is as follows:If it is symmetric key to be tied in equipment, with key seed Seed export pair
Title key K, calculating HMAC (K, N | | ID), whether the Sig that verification equipment is sent is legal;If it is non-right to be tied in equipment
Claim key, then uses key seed Seed export unsymmetrical key to (Pk, Sk), then whether legal with Pk verifications Sig, Huo Zhe
The Pk of itself or safety certificate are directly sent to by manufacturer by equipment in step S32, manufacturer directly uses in Pk or safety certificate
Public key verifications Sig so that manufacturer need not recalculate (Pk, Sk).
S34:Manufacturer run S11 to S14 steps, if binding be symmetric key, calculate new key and newly
Auxiliary data H ', and auxiliary data H ' is sent to equipment;If binding be unsymmetrical key, calculate new key,
New safety certificate and new auxiliary data H ', are then sent to equipment by new safety certificate and auxiliary data H ';Wherein,
In S11 steps before deletion key updating<ID,Seed>Two tuples;
S35:H ', safety certificate (if binding is unsymmetrical key) are stored in non-volatile memories by equipment.
Claims (4)
1. a kind of cryptographic key protection method based on physics unclonable function, which is characterized in that include the following steps:
S1, key registration phase:
S11:A key seed Seed is selected for equipment, and preserves two tuples of device numbering ID and key seed Seed compositions
<ID,Seed>;
S12:Key seed Seed is encoded using the encryption algorithm of error correction code algorithms to obtain corresponding code word C;
S13:Fingerprint R and code word C is carried out xor operation and obtained by the fingerprint R for reading the physics unclonable function PUF in equipment
Auxiliary data H, and auxiliary data H is stored in non-volatile memories;
S14:(1) if it is unsymmetrical key to be tied in equipment, and safety certificate is issued for the unsymmetrical key, then made
Key seed Seed is operated with encryption key generating algorithms KG, obtains being tied to the unsymmetrical key pair in equipment<Pk,Sk>,
Wherein Pk is public key, and Sk is private key, and safety certificate is stored in non-volatile memories, wherein encryption key generating algorithms KG is
Unsymmetrical key generates algorithm, and key seed Seed is the random number seed of the algorithm;
(2) if it is symmetric key to be tied in equipment, encryption key generating algorithms KG is key derivation functions KDF, key kind
Seeds of the sub- Seed as key derivation functions KDF, symmetric key K=KG (Seed);
S2, cipher key reconstruction stage:
S21:Read the fingerprint R ' in physics unclonable function PUF, then with the supplementary number that is stored in non-volatile memories
Xor operation is carried out according to H, obtains a code word C ' with noise;
S22:C ' is decoded using the decoding algorithm of error correction code algorithms, the noise of C ' is eliminated in decoding process, it is last defeated
Go out the key seed Seed that key registration phase is tied to this equipment;
S23:Key seed Seed is operated using encryption key generating algorithms KG to obtain key, then deletes key seed
Seed。
2. the cryptographic key protection method as described in claim 1 based on physics unclonable function, which is characterized in that further include step
Rapid S3, key updating stage:
S31:A random challenge number N is sent to equipment;If equipment preserve be unsymmetrical key, using private key Sk to
Machine challenge number N and device numbering ID carries out signature Sig=SIG (Sk, N | | ID);If what equipment preserved is symmetric key, make
HMAC operation Sig=HMAC (K, N | | ID) are carried out to random challenge number N and device numbering ID with symmetric key K;Sig is exported again
With device numbering ID;Wherein, symbol | | indicate the series connection of N and ID;
S32:Corresponding key seed Seed is obtained according to device numbering ID, then key seed Seed is used to export key, use is close
Whether key verifies Sig legal;If Sig is legal, S33 is entered step, otherwise stops key updating operation;
S33:Into key registration phase, execute step S11-S14, wherein in the process of implementation, delete the key updating stage it
Preceding storage<ID,Seed>Two tuples.
3. the cryptographic key protection method as claimed in claim 2 based on physics unclonable function, which is characterized in that the step
S32 is specially:
If it is symmetric key to be tied in equipment, symmetric key K is exported with key seed Seed, calculate HMAC (K, N | |
ID), whether legal using HMAC (K, N | | ID) verifications Sig;
If it is unsymmetrical key to be tied in equipment, unsymmetrical key is exported to (Pk, Sk), so with key seed Seed
Use public key Pk verification Sig whether legal afterwards, alternatively, directly acquire the public key Pk or safety certificate of equipment, using public key Pk or
Whether the public key verifications Sig in person's safety certificate is legal.
4. the cryptographic key protection method as claimed in claim 1,2 or 3 based on physics unclonable function, it is characterised in that:It is logical
The step S11-S14 for repeating key registration phase is crossed, is the multiple keys of apparatus bound.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510510396.9A CN105007285B (en) | 2015-08-19 | 2015-08-19 | A kind of cryptographic key protection method and safety chip based on physics unclonable function |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510510396.9A CN105007285B (en) | 2015-08-19 | 2015-08-19 | A kind of cryptographic key protection method and safety chip based on physics unclonable function |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105007285A CN105007285A (en) | 2015-10-28 |
CN105007285B true CN105007285B (en) | 2018-07-24 |
Family
ID=54379806
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510510396.9A Active CN105007285B (en) | 2015-08-19 | 2015-08-19 | A kind of cryptographic key protection method and safety chip based on physics unclonable function |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105007285B (en) |
Families Citing this family (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105488433B (en) | 2016-01-08 | 2017-07-21 | 腾讯科技(深圳)有限公司 | Terminal key generation method and device |
CN105703901B (en) * | 2016-03-25 | 2019-05-03 | Oppo广东移动通信有限公司 | Encryption data input method and encryption data input unit |
US10911229B2 (en) | 2016-08-04 | 2021-02-02 | Macronix International Co., Ltd. | Unchangeable physical unclonable function in non-volatile memory |
US11258599B2 (en) | 2016-08-04 | 2022-02-22 | Macronix International Co., Ltd. | Stable physically unclonable function |
CN106385316B (en) * | 2016-08-31 | 2019-03-05 | 电子科技大学 | PUF is fuzzy to extract circuit and method |
US10587421B2 (en) * | 2017-01-12 | 2020-03-10 | Honeywell International Inc. | Techniques for genuine device assurance by establishing identity and trust using certificates |
JP6588048B2 (en) * | 2017-03-17 | 2019-10-09 | 株式会社東芝 | Information processing device |
CN108667608B (en) * | 2017-03-28 | 2021-07-27 | 阿里巴巴集团控股有限公司 | Method, device and system for protecting data key |
EP3407335B1 (en) * | 2017-05-22 | 2023-07-26 | Macronix International Co., Ltd. | Non-volatile memory based physically unclonable function with random number generator |
EP3407336B1 (en) * | 2017-05-22 | 2022-08-17 | Macronix International Co., Ltd. | Unchangeable phyisical unclonable function in non-volatile memory |
CN109428712B (en) * | 2017-08-24 | 2022-01-07 | 上海复旦微电子集团股份有限公司 | Data encryption and decryption method and data encryption and decryption system |
US10649735B2 (en) * | 2017-09-12 | 2020-05-12 | Ememory Technology Inc. | Security system with entropy bits |
DE102018123103A1 (en) * | 2017-10-13 | 2019-04-18 | Samsung Electronics Co., Ltd. | A semiconductor device generating security keys, methods for generating a security key and method for registering the security key |
US10521616B2 (en) * | 2017-11-08 | 2019-12-31 | Analog Devices, Inc. | Remote re-enrollment of physical unclonable functions |
CN108449322B (en) * | 2018-02-13 | 2020-09-04 | 环球鑫彩(北京)彩票投资管理有限公司 | Identity registration and authentication method, system and related equipment |
US10742406B2 (en) * | 2018-05-03 | 2020-08-11 | Micron Technology, Inc. | Key generation and secure storage in a noisy environment |
CN110519210A (en) * | 2018-05-22 | 2019-11-29 | 中国科学院苏州纳米技术与纳米仿生研究所 | Cryptographic key distribution method and terminal device |
CN109035590A (en) * | 2018-06-21 | 2018-12-18 | 广东工业大学 | A kind of intelligent electric meter and electricity charge charging system |
CN108920984B (en) * | 2018-07-06 | 2021-11-16 | 北京计算机技术及应用研究所 | Prevent cloning and falsify safe SSD main control chip |
CN109040853A (en) * | 2018-09-04 | 2018-12-18 | 国微集团(深圳)有限公司 | A kind of digital stream media fingerprints watermark protection method and device |
CN109698746B (en) * | 2019-01-21 | 2021-03-23 | 北京邮电大学 | Method and system for generating sub-keys of binding equipment based on master key negotiation |
CN109976670B (en) * | 2019-03-18 | 2022-11-04 | 上海富芮坤微电子有限公司 | Design method of serial nonvolatile memory controller supporting data protection function |
CN109995507A (en) * | 2019-04-19 | 2019-07-09 | 武汉大学 | A kind of key generation method and device based on PUF, private key storage method |
CN113139162A (en) * | 2019-06-11 | 2021-07-20 | 第四范式(北京)技术有限公司 | Software verification method, software and hardware binding method and programmable device thereof |
CN111355588B (en) * | 2020-02-19 | 2021-01-15 | 武汉大学 | Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics |
CN111444553A (en) * | 2020-04-01 | 2020-07-24 | 中国人民解放军国防科技大学 | Secure storage implementation method and system supporting TEE extension |
US11380379B2 (en) | 2020-11-02 | 2022-07-05 | Macronix International Co., Ltd. | PUF applications in memories |
CN114465711A (en) * | 2022-01-29 | 2022-05-10 | 支付宝(杭州)信息技术有限公司 | Hardware key reconstruction method and device of memory |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102393890A (en) * | 2011-10-09 | 2012-03-28 | 广州大学 | Crypto chip system for resisting physical invasion and side-channel attack and implementation method thereof |
CN103188075A (en) * | 2013-02-01 | 2013-07-03 | 广州大学 | Secret key and true random number generator and method for generating secret key and true random number |
CN103345690A (en) * | 2013-07-19 | 2013-10-09 | 中山大学 | Anti-fake method based on RFID and physical unclonable function |
-
2015
- 2015-08-19 CN CN201510510396.9A patent/CN105007285B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102393890A (en) * | 2011-10-09 | 2012-03-28 | 广州大学 | Crypto chip system for resisting physical invasion and side-channel attack and implementation method thereof |
CN103188075A (en) * | 2013-02-01 | 2013-07-03 | 广州大学 | Secret key and true random number generator and method for generating secret key and true random number |
CN103345690A (en) * | 2013-07-19 | 2013-10-09 | 中山大学 | Anti-fake method based on RFID and physical unclonable function |
Also Published As
Publication number | Publication date |
---|---|
CN105007285A (en) | 2015-10-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105007285B (en) | A kind of cryptographic key protection method and safety chip based on physics unclonable function | |
ES2917183T3 (en) | Mobile device that has a secure execution environment | |
CN105144626B (en) | The method and apparatus of safety is provided | |
EP2965254B1 (en) | Systems and methods for maintaining integrity and secrecy in untrusted computing platforms | |
CN108449178B (en) | Method for generating root key in secure trusted execution environment | |
CN106529308B (en) | data encryption method and device and mobile terminal | |
CN103780379B (en) | Cipher encrypting method and system and cryptographic check method and system | |
KR101216995B1 (en) | A code encryption and decryption device against reverse engineering based on indexed table and the method thereof | |
US9906363B2 (en) | Encrypted data verification system, method and recording medium | |
CN104657630A (en) | Integrated circuit provisioning using physical unclonable function | |
US20140223192A1 (en) | Method for protecting the integrity of a fixed-length data structure | |
CN106533663B (en) | Data ciphering method, encryption method, apparatus and data decryption method, decryption method, apparatus | |
JP2014509808A (en) | Mobile terminal encryption method, hardware encryption device, and mobile terminal | |
WO2014169610A1 (en) | Data encryption and decryption method and device, and protection system of mobile terminal | |
CN111066077A (en) | Encryption device, encryption method, decryption device, and decryption method | |
Kumar et al. | Itus: A secure risc-v system-on-chip | |
US9594918B1 (en) | Computer data protection using tunable key derivation function | |
CN109510702A (en) | A method of it key storage based on computer characteristic code and uses | |
CN108959962A (en) | A kind of API secure calling method of dynamic base | |
Kirkpatrick et al. | Enforcing physically restricted access control for remote data | |
KR20190076859A (en) | Method for determining an integrity sum, associated computer program and electronic entity | |
US11604857B2 (en) | Anti cloning for white box protected data | |
Román et al. | Sealed storage for low-cost IoT devices: An approach using SRAM PUFs and post-quantum cryptography | |
JP7476131B2 (en) | Efficient Data Item Authentication | |
US12003614B2 (en) | Infective countermeasures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 210046 South of the 16th Floor of Building C, Xingzhi Road Xingzhi Science and Technology Park, Nanjing Economic and Technological Development Zone, Qixia District, Nanjing City, Jiangsu Province Patentee after: Nanjing Pu he data Co., Ltd. Address before: 210046 C 806, Xingzhi science and Technology Park, Xingzhi Road, Qixia District, Nanjing, Jiangsu. Patentee before: NANJING WANDAO ELECTRONIC TECHNOLOGY CO., LTD. |