CN107808099B - Embedded software encryption/decryption system and method - Google Patents

Embedded software encryption/decryption system and method Download PDF

Info

Publication number
CN107808099B
CN107808099B CN201610809357.3A CN201610809357A CN107808099B CN 107808099 B CN107808099 B CN 107808099B CN 201610809357 A CN201610809357 A CN 201610809357A CN 107808099 B CN107808099 B CN 107808099B
Authority
CN
China
Prior art keywords
unit
encryption
signal
embedded software
debugging
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610809357.3A
Other languages
Chinese (zh)
Other versions
CN107808099A (en
Inventor
张伟彬
袁寰
郑华银
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Automation Control Equipment Institute BACEI
Original Assignee
Beijing Automation Control Equipment Institute BACEI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Automation Control Equipment Institute BACEI filed Critical Beijing Automation Control Equipment Institute BACEI
Priority to CN201610809357.3A priority Critical patent/CN107808099B/en
Publication of CN107808099A publication Critical patent/CN107808099A/en
Application granted granted Critical
Publication of CN107808099B publication Critical patent/CN107808099B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Debugging And Monitoring (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the computer security technology, and particularly discloses an embedded software encryption/decryption system and a method, wherein the system comprises a processor unit, a logic encryption unit, an external memory unit and a debugging unit, the software encryption/decryption process is realized by the transmission of simulation debugging signals, simulation debugging encryption signals, processor unit bus signals and bus encryption signals among modules, and after the embedded software plaintext is written into the system, the processor unit runs the embedded software after encryption and decryption by the conversion of the signals. The encryption and decryption of the software are completed in the logic encryption unit, so that the centralized control management of the online encryption and the online decryption is realized, an independent encryption process is avoided, the intermediate flow is simplified, and the decryption difficulty is increased.

Description

Embedded software encryption/decryption system and method
Technical Field
The invention belongs to the computer security technology, and particularly relates to an embedded software encryption/decryption system and method.
Background
With the continuous development and improvement of weapon systems in China, more and more products are exported abroad, and embedded software filled in the products is extremely easy to acquire and crack without encryption, so that the core design and key technology are stolen, and the national defense benefits and safety of China are threatened, so that the encryption of the embedded software is particularly important.
At present, under the traditional embedded computer system architecture, the method for encrypting the software is limited, and the software encrypting link and the software decrypting link are executed separately. The software encryption is executed outside the computer system, and the off-line encryption is carried out by a PC or other equipment to form a software ciphertext which is solidified into a computer memory; the software decryption is performed by a computer system before the software runs, and the software plaintext is stored and loaded for use by a computer processor; the method adopts two links of off-line encryption and on-line decryption to realize the encryption/decryption process of the software, the software is cracked due to the fact that any link leaks the secret, the independent processes of software decryption and plaintext storage are needed, and the software loading instantaneity is not high.
Disclosure of Invention
The invention aims to provide an embedded software encryption/decryption system and method, which can strengthen the real-time performance of software encryption and decryption processes and improve the difficulty of software decryption, thereby improving the security of core software.
The technical scheme of the invention is as follows:
the embedded software encryption/decryption system comprises a processor unit, a logic encryption unit, an external memory unit and a debugging unit, wherein the processor unit is connected with the data transmission end of the logic encryption unit and mutually transmits a processor unit simulation debugging signal a and a processor unit bus signal c; meanwhile, the logic encryption unit is connected with the data transmission end of the external memory unit and mutually transmits a bus encryption signal d; the logic encryption unit is connected with the data transmission end of the debugging unit and mutually transmits an emulation debugging encryption signal b; and the processor unit receives the reset signal transmitted by the logic encryption unit.
In the above embedded software encryption/decryption system: the processor unit is realized by a BGA encapsulated digital signal processor and runs embedded software; the logic encryption unit is realized by utilizing BGA encapsulation and a programmable logic device with a password protection function, completes encryption and decryption of the simulation debugging interface and completes real-time encryption and decryption of the embedded software; the external memory unit is realized by packaging a FLASH memory by using a BGA (ball grid array) and is used for storing an embedded software ciphertext; the debugging unit is connected with the external integrated development environment of the system and is used for online debugging and simulation of software.
An encryption/decryption method for embedded software, comprising the following steps:
step 1, encrypting and solidifying a software plaintext; the upper computer writes a Boot Loader code into a computer system through a signal f, and the code is used for loading embedded software;
step 2, encrypting a Boot Loader code transmitted by the interface signal f into a ciphertext by the logic encryption unit, and writing the ciphertext into an external memory unit through a signal d for solidification storage;
step 3, the upper computer writes the plain text of the embedded software into the computer system through an interface signal f;
step 4, encrypting an embedded software plaintext transmitted by an interface signal f transmitted by an upper computer into a ciphertext by the logic encryption unit, and writing the ciphertext into an external memory unit through a signal d for solidification storage;
step 5, the logic encryption unit transmits a reset signal e to the processor unit, and software ciphertext decryption and loading processes are started;
step 6, the logic encryption unit reads a Boot Loader code ciphertext of the external memory unit through a signal d, decrypts the Boot Loader code ciphertext into a plaintext in real time, and transmits the plaintext to the processor unit through a signal c;
and 7: the processor unit runs Boot Loader codes and starts to load embedded software, the logic encryption unit reads an embedded software ciphertext of the external memory unit through a signal d, decrypts the embedded software ciphertext into a plaintext in real time and transmits the plaintext to the processor unit through a signal c;
and 8, running the embedded software by the processor unit.
In the above method for encrypting/decrypting embedded software, step 9 is performed after step 8, and after the computer system normally operates, the generated data to be stored can be transmitted to the logic encryption unit for encryption in real time through signal c, and then is solidified in the external memory unit through signal d.
In the above method for encrypting/decrypting embedded software, the interface use authorization of the debugging unit is obtained before step 1.
In the above method for encrypting/decrypting embedded software, before step 1, the embedded software is developed and compiled in an integrated development environment, and is connected with a computer system through a debugging unit to perform online debugging.
The invention has the following remarkable effects:
1. the encryption and decryption of the software are completed in the logic encryption unit, so that the centralized control management of the online encryption and the online decryption is realized, an independent encryption process is avoided, the intermediate flow is simplified, and the decryption difficulty is increased.
2. The bus signals and the simulation debugging signals execute an encryption algorithm in the logic encryption unit, the encryption algorithm and the decryption algorithm are realized by adopting a programmable logic device, the configuration of the encryption algorithm and the decryption algorithm is flexible, the execution efficiency is high, the cracking difficulty is high, and no additional hardware resource is needed.
3. The encryption/decryption process is physically realized, no processor or software participates, the speed is high, and the synchronous decryption and synchronous operation of the software are realized.
Drawings
FIG. 1 is a schematic diagram of an embedded software encryption/decryption system;
FIG. 2 is a schematic diagram of an embedded software encryption/decryption system;
in the figure: a. simulating a debugging signal by the processor unit; b. simulating and debugging the encrypted signal; c. a processor unit bus signal; d. a bus encryption signal; e. a reset signal; f. an interface signal; 1. a processor unit; 2. a logical encryption unit; 3. an external memory unit; 4. a debugging unit; 5. an integrated development environment; 6. and (4) an upper computer.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1 and 2, the embedded software encryption/decryption system includes a processor unit 1, a logic encryption unit 2, an external memory unit 3, and a debugging unit 4. The processor unit 1 and the logic encryption unit 2 mutually transmit a processor unit simulation debugging signal a and a processor unit bus signal c, the logic encryption unit 2 and the external memory unit 3 mutually transmit a bus encryption signal d, and the logic encryption unit 2 and the debugging unit 4 mutually transmit a simulation debugging encryption signal b. At the same time, the processor unit 1 accepts the reset signal transmitted by the logic encryption unit 2.
The processor unit 1 is implemented by a BGA package digital signal processor, running embedded software.
The processor unit 1 transmits a processor unit simulation debugging signal a to the logic encryption unit 2; the processor unit 1 transmits a processor unit bus signal c connection into the logical encryption unit 2.
The logic encryption unit 2 is realized by utilizing BGA encapsulation and a programmable logic device with a password protection function, completes encryption and decryption of the simulation debugging interface and completes real-time encryption and decryption of the embedded software.
The logic encryption unit 2 converts the received multi-bit signal lines of the unit simulation debugging signals a into simulation debugging encryption signals b after reordering, and transmits the simulation debugging encryption signals b to the debugging unit 4, so that a data channel between the processor unit 1 and the debugging unit 4 is encrypted, the processor unit simulation debugging signals a are encrypted, and online program file acquisition and software solidification state tampering are prevented.
The logic encryption unit 2 converts the received simulation debugging encryption signal b (transmitted to the logic encryption unit 2 by the debugging unit 4) into a signal a, and realizes the embedded software decryption process of online debugging.
The logic encryption unit 2 converts the received multi-bit signal line of the processor unit bus signal c into a bus encryption signal d after reordering, and connects the bus encryption signal d into the external memory unit 3, so that the data channel between the processor unit 1 and the external memory unit 3 is encrypted to realize the encryption of the embedded software.
The logic encryption unit 2 converts the received bus encryption signal d (transmitted from the external memory unit 3 to the logic encryption unit 2) into a processor unit bus signal c, so as to realize decryption conversion from the embedded software stored in the external memory unit 3 to the processor unit 1.
The output of the logic encryption unit 2 transmits a processor reset signal e to the processor unit 1 as a start signal for software loading.
In order to prevent on-line signal monitoring and reading program plaintext, the signal transmission channels among all the modules are wired in the inner layer of the printed board.
The external memory unit 3 is implemented by utilizing BGA package FLASH memory and is used for storing the embedded software cryptograph.
The debugging unit 4 is connected with an external integrated development environment 5 of the system and is used for online debugging and simulation of software.
The embedded software encryption/decryption method designed based on the system comprises the following steps:
step 1: acquiring the interface use authorization of the debugging unit 4;
the software plaintext of the running memory is prevented from being obtained through the interface of the debugging unit 4 under the condition of unauthorized or the program file is prevented from being randomly changed.
Step 2: embedded software development and compilation are carried out in the integrated development environment 5, and online debugging is carried out by connecting the embedded software with a computer system through a debugging unit 4.
The writing-in of the integrated development environment instruction is completed by converting a signal b into a signal a through the logic encryption unit 2, and the transmission of a response signal of the processor is completed by converting the signal a into the signal b through the logic encryption unit 2, so that the communication connection between the computer system and the development environment is established; the online running of the embedded software in the processor unit 1 is realized by converting the signal b into the signal a, and the debugging and the development of the embedded software are completed.
And step 3: after the online debugging is finished, encrypting and solidifying the software plaintext; and the upper computer 6 writes the Boot Loader code into the computer system through a signal f, and the code is used for loading the embedded software.
And 4, step 4: and the computer system logic encryption unit encrypts the Boot Loader code transmitted by the signal f into a ciphertext, and writes the ciphertext into an external memory unit through a signal d for solidification storage.
And 5: after the embedded software is debugged, a final executable file, namely an embedded software plaintext, is formed; and the upper computer writes the plain text of the embedded software into the computer system through the signal f.
Step 6: the logic encryption unit 2 of the computer system encrypts an embedded software plaintext transmitted by an interface signal f transmitted by the upper computer 6 into a ciphertext, and writes the ciphertext into the external memory unit 3 through a signal d for solidification and storage, so that the encryption and solidification of the software plaintext are completed.
And 7: after a computer system is powered on, the logic encryption unit 2 transmits a reset signal e to the processor unit 1, software ciphertext decryption and loading processes including Boot Loader codes and embedded software are started, and the software decryption process and the loading process are carried out synchronously.
And 8: the logic encryption unit reads the Boot Loader code ciphertext of the external memory unit 3 through a signal d, decrypts the code ciphertext into a plaintext in real time, and transmits the plaintext to the processor unit through a signal c to complete the first-stage loading of the system.
And step 9: the processor unit 1 runs Boot Loader codes, completes corresponding function initialization, and starts to load embedded software. The logic encryption unit 2 reads the embedded software ciphertext of the external memory unit 3 through the signal d, decrypts the embedded software ciphertext into a plaintext in real time, and transmits the plaintext to the processor unit 1 through the signal c to complete the secondary loading of the system. At this point, the decryption and loading of the software ciphertext is completed.
Step 10: the processor unit 1 runs embedded software to realize the functions of a computer system.
Step 11: after the computer system normally operates, the generated data to be stored can be transmitted to the logic encryption unit 2 for encryption in real time through the signal c, and then is solidified in the external memory unit 3 through the signal d.

Claims (5)

1. The embedded software encryption/decryption system comprises a processor unit (1), a logic encryption unit (2), an external memory unit (3) and a debugging unit (4), and is characterized in that the data transmission ends of the processor unit (1) and the logic encryption unit (2) are connected, and a processor unit simulation debugging signal a and a processor unit bus signal c are mutually transmitted; meanwhile, the logic encryption unit (2) is connected with the data transmission end of the external memory unit (3) and mutually transmits a bus encryption signal d; the data transmission ends of the logic encryption unit (2) and the debugging unit (4) are connected, and the logic encryption unit and the debugging unit mutually transmit an emulation debugging encryption signal b; the processor unit (1) receives a reset signal transmitted by the logic encryption unit (2);
the processor unit (1) is realized by a BGA packaged digital signal processor, and runs embedded software; the logic encryption unit (2) is realized by utilizing a BGA (ball grid array) packaged programmable logic device with a password protection function, completes the encryption and decryption of the simulation debugging interface and completes the real-time encryption and decryption of the embedded software; the external memory unit (3) is realized by utilizing a BGA (ball grid array) packaged FLASH memory and is used for storing an embedded software ciphertext; the debugging unit (4) is connected with an external integrated development environment (5) of the system and is used for online debugging and simulation of software.
2. The encryption/decryption method for the embedded software is characterized by comprising the following steps:
step 1, encrypting and solidifying a software plaintext; the upper computer (6) writes the Boot Loader code into a computer system through a signal f, and the code is used for loading embedded software;
step 2, encrypting a Boot Loader code transmitted by the interface signal f into a ciphertext by the logic encryption unit (2), and writing the ciphertext into an external memory unit through a signal d for solidification storage;
step 3, the upper computer (6) writes the plain text of the embedded software into the computer system through an interface signal f;
step 4, the logic encryption unit (2) encrypts an embedded software plaintext transmitted by an interface signal f transmitted by the upper computer (6) into a ciphertext, and writes the ciphertext into the external memory unit (3) through a signal d for solidification storage;
step 5, the logic encryption unit (2) transmits a reset signal e to the processor unit (1) and starts a software ciphertext decryption and loading process;
step 6, the logic encryption unit reads the Boot Loader code ciphertext of the external memory unit (3) through a signal d, decrypts the code ciphertext into a plaintext in real time, and transmits the plaintext to the processor unit through a signal c;
and 7: the method comprises the following steps that a processor unit (1) runs Boot Loader codes, embedded software loading is started, a logic encryption unit (2) reads an embedded software ciphertext of an external memory unit (3) through a signal d, the ciphertext is decrypted into a plaintext in real time, and the plaintext is transmitted to the processor unit (1) through a signal c;
and 8, running the embedded software by the processor unit (1).
3. The embedded software encryption/decryption method of claim 2, wherein step 8 is followed by step 9;
and 9, after the computer system normally operates, the generated data needing to be stored can be transmitted to the logic encryption unit (2) for encryption in real time through the signal c, and then is solidified in the external memory unit (3) through the signal d.
4. The embedded software encryption/decryption method of claim 2, wherein: and acquiring interface use authorization of the debugging unit (4) before the step 1.
5. The embedded software encryption/decryption method of claim 2, wherein: before the step 1, embedded software development and compilation are carried out in an integrated development environment (5), and online debugging is carried out by connecting a debugging unit (4) with a computer system.
CN201610809357.3A 2016-09-08 2016-09-08 Embedded software encryption/decryption system and method Active CN107808099B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610809357.3A CN107808099B (en) 2016-09-08 2016-09-08 Embedded software encryption/decryption system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610809357.3A CN107808099B (en) 2016-09-08 2016-09-08 Embedded software encryption/decryption system and method

Publications (2)

Publication Number Publication Date
CN107808099A CN107808099A (en) 2018-03-16
CN107808099B true CN107808099B (en) 2021-03-16

Family

ID=61576044

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610809357.3A Active CN107808099B (en) 2016-09-08 2016-09-08 Embedded software encryption/decryption system and method

Country Status (1)

Country Link
CN (1) CN107808099B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113111614B (en) * 2021-06-15 2021-09-28 北京芯愿景软件技术股份有限公司 Method, device, equipment and medium for determining class bus grouping

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1647443A (en) * 2002-04-18 2005-07-27 国际商业机器公司 Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function
CN101782956A (en) * 2010-02-09 2010-07-21 杭州晟元芯片技术有限公司 Method and device for protecting data on basis of AES real-time encryption
CN103258172A (en) * 2012-06-13 2013-08-21 福建睿矽微电子科技有限公司 Off-chip Nor Flash bus interface hardware encryption device
CN103488916A (en) * 2013-08-12 2014-01-01 中国航天科工集团第三研究院第八三五七研究所 On-missile software encipherment protection method
CN103839012A (en) * 2012-11-23 2014-06-04 景幂机械(上海)有限公司 Flash encrypted storage device
US9116841B2 (en) * 2012-11-28 2015-08-25 Infineon Technologies Ag Methods and systems for securely transferring embedded code and/or data designed for a device to a customer

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050138381A1 (en) * 2003-08-01 2005-06-23 Stickle Thomas C. Dynamic content security processor system for XML documents

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1647443A (en) * 2002-04-18 2005-07-27 国际商业机器公司 Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function
CN101782956A (en) * 2010-02-09 2010-07-21 杭州晟元芯片技术有限公司 Method and device for protecting data on basis of AES real-time encryption
CN103258172A (en) * 2012-06-13 2013-08-21 福建睿矽微电子科技有限公司 Off-chip Nor Flash bus interface hardware encryption device
CN103839012A (en) * 2012-11-23 2014-06-04 景幂机械(上海)有限公司 Flash encrypted storage device
US9116841B2 (en) * 2012-11-28 2015-08-25 Infineon Technologies Ag Methods and systems for securely transferring embedded code and/or data designed for a device to a customer
CN103488916A (en) * 2013-08-12 2014-01-01 中国航天科工集团第三研究院第八三五七研究所 On-missile software encipherment protection method

Also Published As

Publication number Publication date
CN107808099A (en) 2018-03-16

Similar Documents

Publication Publication Date Title
CN108073353B (en) Data processing method and device
CN109194491B (en) Password evaluation test system and password evaluation test method
CN105612527A (en) Method for providing security for common intermediate language-based program
CN101908112B (en) Test method and system of security chip
CN102467634B (en) Software authorization system and method
CN109104724B (en) A kind of data ciphering method and device for device upgrade
CN106650325B (en) A kind of software platform management method based on softdog
CN102324006B (en) Processor program safety protection device and method
CN109977702B (en) FPGA equipment encryption authentication system based on DS2432 chip
CN106056017B (en) Smart card COS encryption downloading system
CN110619224B (en) Data processing method and related device
CN104834873A (en) U disk for cloud data information encryption and decryption, and realization method
CN101882189A (en) Embedded-type system for ensuring completeness of program and realization method thereof
CN106534109A (en) Security WiFi chip integrated with security encryption function
CN114266055A (en) Multi-core firmware secure storage method and system
CN107808099B (en) Embedded software encryption/decryption system and method
CN105681023A (en) Dynamic encrypted communication method of upper computer and single chip computer
CN108021817A (en) A kind of encryption and decryption memory access interface realizes system and method
CN104392153A (en) Software protection method and system
CN108243186A (en) The system and method for remote operation programmable logic controller (PLC)
CN107980135A (en) The method and system that a kind of terminal random number occurs
CN103701589A (en) Information transmission method and device based on virtual desktop system and relevant equipment
JP2013045277A (en) Program obfuscation method and remote debug system
CN204967864U (en) Encryption type network system based on field programmable gate array
CN105721139A (en) AES decryption and decryption method and circuit for FPGA with limited IO resource

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant