CN107808099B - Embedded software encryption/decryption system and method - Google Patents
Embedded software encryption/decryption system and method Download PDFInfo
- Publication number
- CN107808099B CN107808099B CN201610809357.3A CN201610809357A CN107808099B CN 107808099 B CN107808099 B CN 107808099B CN 201610809357 A CN201610809357 A CN 201610809357A CN 107808099 B CN107808099 B CN 107808099B
- Authority
- CN
- China
- Prior art keywords
- unit
- encryption
- signal
- embedded software
- debugging
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000008569 process Effects 0.000 claims abstract description 14
- 230000005540 biological transmission Effects 0.000 claims abstract description 8
- 238000004088 simulation Methods 0.000 claims description 17
- 238000011161 development Methods 0.000 claims description 11
- 230000008023 solidification Effects 0.000 claims description 8
- 238000007711 solidification Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 claims description 5
- 238000013475 authorization Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000006243 chemical reaction Methods 0.000 abstract description 2
- 238000005336 cracking Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000008054 signal transmission Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Prevention of errors by analysis, debugging or testing of software
- G06F11/362—Debugging of software
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
Abstract
本发明属于计算机安全技术,具体公开了一种嵌入式软件加密/解密系统及方法,系统包括处理器单元、逻辑加密单元、外部存储器单元和调试单元,通过仿真调试信号、仿真调试加密信号、处理器单元总线信号和总线加密信号在模块之间的传递实现软件加密/解密过程,方法采用上述系统将嵌入式软件明文写入之后,通过上述信号的转换,实现加密解密之后处理器单元运行嵌入式软件。软件的加密和解密均在逻辑加密单元完成,实现在线加密和在线解密的集中控制管理,无独立加密过程,简化了中间流程,增加了破解难度。
The invention belongs to computer security technology, and specifically discloses an embedded software encryption/decryption system and method. The system includes a processor unit, a logic encryption unit, an external memory unit and a debugging unit. The software encryption/decryption process is realized by the transmission of the bus signal and the bus encrypted signal of the processor unit between the modules. The method adopts the above system to write the embedded software plaintext, and through the conversion of the above signal, the processor unit runs the embedded software after encryption and decryption. software. The encryption and decryption of the software are completed in the logical encryption unit, which realizes the centralized control and management of online encryption and online decryption. There is no independent encryption process, which simplifies the intermediate process and increases the difficulty of cracking.
Description
Technical Field
The invention belongs to the computer security technology, and particularly relates to an embedded software encryption/decryption system and method.
Background
With the continuous development and improvement of weapon systems in China, more and more products are exported abroad, and embedded software filled in the products is extremely easy to acquire and crack without encryption, so that the core design and key technology are stolen, and the national defense benefits and safety of China are threatened, so that the encryption of the embedded software is particularly important.
At present, under the traditional embedded computer system architecture, the method for encrypting the software is limited, and the software encrypting link and the software decrypting link are executed separately. The software encryption is executed outside the computer system, and the off-line encryption is carried out by a PC or other equipment to form a software ciphertext which is solidified into a computer memory; the software decryption is performed by a computer system before the software runs, and the software plaintext is stored and loaded for use by a computer processor; the method adopts two links of off-line encryption and on-line decryption to realize the encryption/decryption process of the software, the software is cracked due to the fact that any link leaks the secret, the independent processes of software decryption and plaintext storage are needed, and the software loading instantaneity is not high.
Disclosure of Invention
The invention aims to provide an embedded software encryption/decryption system and method, which can strengthen the real-time performance of software encryption and decryption processes and improve the difficulty of software decryption, thereby improving the security of core software.
The technical scheme of the invention is as follows:
the embedded software encryption/decryption system comprises a processor unit, a logic encryption unit, an external memory unit and a debugging unit, wherein the processor unit is connected with the data transmission end of the logic encryption unit and mutually transmits a processor unit simulation debugging signal a and a processor unit bus signal c; meanwhile, the logic encryption unit is connected with the data transmission end of the external memory unit and mutually transmits a bus encryption signal d; the logic encryption unit is connected with the data transmission end of the debugging unit and mutually transmits an emulation debugging encryption signal b; and the processor unit receives the reset signal transmitted by the logic encryption unit.
In the above embedded software encryption/decryption system: the processor unit is realized by a BGA encapsulated digital signal processor and runs embedded software; the logic encryption unit is realized by utilizing BGA encapsulation and a programmable logic device with a password protection function, completes encryption and decryption of the simulation debugging interface and completes real-time encryption and decryption of the embedded software; the external memory unit is realized by packaging a FLASH memory by using a BGA (ball grid array) and is used for storing an embedded software ciphertext; the debugging unit is connected with the external integrated development environment of the system and is used for online debugging and simulation of software.
An encryption/decryption method for embedded software, comprising the following steps:
and 7: the processor unit runs Boot Loader codes and starts to load embedded software, the logic encryption unit reads an embedded software ciphertext of the external memory unit through a signal d, decrypts the embedded software ciphertext into a plaintext in real time and transmits the plaintext to the processor unit through a signal c;
and 8, running the embedded software by the processor unit.
In the above method for encrypting/decrypting embedded software, step 9 is performed after step 8, and after the computer system normally operates, the generated data to be stored can be transmitted to the logic encryption unit for encryption in real time through signal c, and then is solidified in the external memory unit through signal d.
In the above method for encrypting/decrypting embedded software, the interface use authorization of the debugging unit is obtained before step 1.
In the above method for encrypting/decrypting embedded software, before step 1, the embedded software is developed and compiled in an integrated development environment, and is connected with a computer system through a debugging unit to perform online debugging.
The invention has the following remarkable effects:
1. the encryption and decryption of the software are completed in the logic encryption unit, so that the centralized control management of the online encryption and the online decryption is realized, an independent encryption process is avoided, the intermediate flow is simplified, and the decryption difficulty is increased.
2. The bus signals and the simulation debugging signals execute an encryption algorithm in the logic encryption unit, the encryption algorithm and the decryption algorithm are realized by adopting a programmable logic device, the configuration of the encryption algorithm and the decryption algorithm is flexible, the execution efficiency is high, the cracking difficulty is high, and no additional hardware resource is needed.
3. The encryption/decryption process is physically realized, no processor or software participates, the speed is high, and the synchronous decryption and synchronous operation of the software are realized.
Drawings
FIG. 1 is a schematic diagram of an embedded software encryption/decryption system;
FIG. 2 is a schematic diagram of an embedded software encryption/decryption system;
in the figure: a. simulating a debugging signal by the processor unit; b. simulating and debugging the encrypted signal; c. a processor unit bus signal; d. a bus encryption signal; e. a reset signal; f. an interface signal; 1. a processor unit; 2. a logical encryption unit; 3. an external memory unit; 4. a debugging unit; 5. an integrated development environment; 6. and (4) an upper computer.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1 and 2, the embedded software encryption/decryption system includes a processor unit 1, a logic encryption unit 2, an external memory unit 3, and a debugging unit 4. The processor unit 1 and the logic encryption unit 2 mutually transmit a processor unit simulation debugging signal a and a processor unit bus signal c, the logic encryption unit 2 and the external memory unit 3 mutually transmit a bus encryption signal d, and the logic encryption unit 2 and the debugging unit 4 mutually transmit a simulation debugging encryption signal b. At the same time, the processor unit 1 accepts the reset signal transmitted by the logic encryption unit 2.
The processor unit 1 is implemented by a BGA package digital signal processor, running embedded software.
The processor unit 1 transmits a processor unit simulation debugging signal a to the logic encryption unit 2; the processor unit 1 transmits a processor unit bus signal c connection into the logical encryption unit 2.
The logic encryption unit 2 is realized by utilizing BGA encapsulation and a programmable logic device with a password protection function, completes encryption and decryption of the simulation debugging interface and completes real-time encryption and decryption of the embedded software.
The logic encryption unit 2 converts the received multi-bit signal lines of the unit simulation debugging signals a into simulation debugging encryption signals b after reordering, and transmits the simulation debugging encryption signals b to the debugging unit 4, so that a data channel between the processor unit 1 and the debugging unit 4 is encrypted, the processor unit simulation debugging signals a are encrypted, and online program file acquisition and software solidification state tampering are prevented.
The logic encryption unit 2 converts the received simulation debugging encryption signal b (transmitted to the logic encryption unit 2 by the debugging unit 4) into a signal a, and realizes the embedded software decryption process of online debugging.
The logic encryption unit 2 converts the received multi-bit signal line of the processor unit bus signal c into a bus encryption signal d after reordering, and connects the bus encryption signal d into the external memory unit 3, so that the data channel between the processor unit 1 and the external memory unit 3 is encrypted to realize the encryption of the embedded software.
The logic encryption unit 2 converts the received bus encryption signal d (transmitted from the external memory unit 3 to the logic encryption unit 2) into a processor unit bus signal c, so as to realize decryption conversion from the embedded software stored in the external memory unit 3 to the processor unit 1.
The output of the logic encryption unit 2 transmits a processor reset signal e to the processor unit 1 as a start signal for software loading.
In order to prevent on-line signal monitoring and reading program plaintext, the signal transmission channels among all the modules are wired in the inner layer of the printed board.
The external memory unit 3 is implemented by utilizing BGA package FLASH memory and is used for storing the embedded software cryptograph.
The debugging unit 4 is connected with an external integrated development environment 5 of the system and is used for online debugging and simulation of software.
The embedded software encryption/decryption method designed based on the system comprises the following steps:
step 1: acquiring the interface use authorization of the debugging unit 4;
the software plaintext of the running memory is prevented from being obtained through the interface of the debugging unit 4 under the condition of unauthorized or the program file is prevented from being randomly changed.
Step 2: embedded software development and compilation are carried out in the integrated development environment 5, and online debugging is carried out by connecting the embedded software with a computer system through a debugging unit 4.
The writing-in of the integrated development environment instruction is completed by converting a signal b into a signal a through the logic encryption unit 2, and the transmission of a response signal of the processor is completed by converting the signal a into the signal b through the logic encryption unit 2, so that the communication connection between the computer system and the development environment is established; the online running of the embedded software in the processor unit 1 is realized by converting the signal b into the signal a, and the debugging and the development of the embedded software are completed.
And step 3: after the online debugging is finished, encrypting and solidifying the software plaintext; and the upper computer 6 writes the Boot Loader code into the computer system through a signal f, and the code is used for loading the embedded software.
And 4, step 4: and the computer system logic encryption unit encrypts the Boot Loader code transmitted by the signal f into a ciphertext, and writes the ciphertext into an external memory unit through a signal d for solidification storage.
And 5: after the embedded software is debugged, a final executable file, namely an embedded software plaintext, is formed; and the upper computer writes the plain text of the embedded software into the computer system through the signal f.
Step 6: the logic encryption unit 2 of the computer system encrypts an embedded software plaintext transmitted by an interface signal f transmitted by the upper computer 6 into a ciphertext, and writes the ciphertext into the external memory unit 3 through a signal d for solidification and storage, so that the encryption and solidification of the software plaintext are completed.
And 7: after a computer system is powered on, the logic encryption unit 2 transmits a reset signal e to the processor unit 1, software ciphertext decryption and loading processes including Boot Loader codes and embedded software are started, and the software decryption process and the loading process are carried out synchronously.
And 8: the logic encryption unit reads the Boot Loader code ciphertext of the external memory unit 3 through a signal d, decrypts the code ciphertext into a plaintext in real time, and transmits the plaintext to the processor unit through a signal c to complete the first-stage loading of the system.
And step 9: the processor unit 1 runs Boot Loader codes, completes corresponding function initialization, and starts to load embedded software. The logic encryption unit 2 reads the embedded software ciphertext of the external memory unit 3 through the signal d, decrypts the embedded software ciphertext into a plaintext in real time, and transmits the plaintext to the processor unit 1 through the signal c to complete the secondary loading of the system. At this point, the decryption and loading of the software ciphertext is completed.
Step 10: the processor unit 1 runs embedded software to realize the functions of a computer system.
Step 11: after the computer system normally operates, the generated data to be stored can be transmitted to the logic encryption unit 2 for encryption in real time through the signal c, and then is solidified in the external memory unit 3 through the signal d.
Claims (5)
1. The embedded software encryption/decryption system comprises a processor unit (1), a logic encryption unit (2), an external memory unit (3) and a debugging unit (4), and is characterized in that the data transmission ends of the processor unit (1) and the logic encryption unit (2) are connected, and a processor unit simulation debugging signal a and a processor unit bus signal c are mutually transmitted; meanwhile, the logic encryption unit (2) is connected with the data transmission end of the external memory unit (3) and mutually transmits a bus encryption signal d; the data transmission ends of the logic encryption unit (2) and the debugging unit (4) are connected, and the logic encryption unit and the debugging unit mutually transmit an emulation debugging encryption signal b; the processor unit (1) receives a reset signal transmitted by the logic encryption unit (2);
the processor unit (1) is realized by a BGA packaged digital signal processor, and runs embedded software; the logic encryption unit (2) is realized by utilizing a BGA (ball grid array) packaged programmable logic device with a password protection function, completes the encryption and decryption of the simulation debugging interface and completes the real-time encryption and decryption of the embedded software; the external memory unit (3) is realized by utilizing a BGA (ball grid array) packaged FLASH memory and is used for storing an embedded software ciphertext; the debugging unit (4) is connected with an external integrated development environment (5) of the system and is used for online debugging and simulation of software.
2. The encryption/decryption method for the embedded software is characterized by comprising the following steps:
step 1, encrypting and solidifying a software plaintext; the upper computer (6) writes the Boot Loader code into a computer system through a signal f, and the code is used for loading embedded software;
step 2, encrypting a Boot Loader code transmitted by the interface signal f into a ciphertext by the logic encryption unit (2), and writing the ciphertext into an external memory unit through a signal d for solidification storage;
step 3, the upper computer (6) writes the plain text of the embedded software into the computer system through an interface signal f;
step 4, the logic encryption unit (2) encrypts an embedded software plaintext transmitted by an interface signal f transmitted by the upper computer (6) into a ciphertext, and writes the ciphertext into the external memory unit (3) through a signal d for solidification storage;
step 5, the logic encryption unit (2) transmits a reset signal e to the processor unit (1) and starts a software ciphertext decryption and loading process;
step 6, the logic encryption unit reads the Boot Loader code ciphertext of the external memory unit (3) through a signal d, decrypts the code ciphertext into a plaintext in real time, and transmits the plaintext to the processor unit through a signal c;
and 7: the method comprises the following steps that a processor unit (1) runs Boot Loader codes, embedded software loading is started, a logic encryption unit (2) reads an embedded software ciphertext of an external memory unit (3) through a signal d, the ciphertext is decrypted into a plaintext in real time, and the plaintext is transmitted to the processor unit (1) through a signal c;
and 8, running the embedded software by the processor unit (1).
3. The embedded software encryption/decryption method of claim 2, wherein step 8 is followed by step 9;
and 9, after the computer system normally operates, the generated data needing to be stored can be transmitted to the logic encryption unit (2) for encryption in real time through the signal c, and then is solidified in the external memory unit (3) through the signal d.
4. The embedded software encryption/decryption method of claim 2, wherein: and acquiring interface use authorization of the debugging unit (4) before the step 1.
5. The embedded software encryption/decryption method of claim 2, wherein: before the step 1, embedded software development and compilation are carried out in an integrated development environment (5), and online debugging is carried out by connecting a debugging unit (4) with a computer system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610809357.3A CN107808099B (en) | 2016-09-08 | 2016-09-08 | Embedded software encryption/decryption system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610809357.3A CN107808099B (en) | 2016-09-08 | 2016-09-08 | Embedded software encryption/decryption system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107808099A CN107808099A (en) | 2018-03-16 |
| CN107808099B true CN107808099B (en) | 2021-03-16 |
Family
ID=61576044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610809357.3A Active CN107808099B (en) | 2016-09-08 | 2016-09-08 | Embedded software encryption/decryption system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107808099B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113111614B (en) * | 2021-06-15 | 2021-09-28 | 北京芯愿景软件技术股份有限公司 | Method, device, equipment and medium for determining class bus grouping |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1647443A (en) * | 2002-04-18 | 2005-07-27 | 国际商业机器公司 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
| CN101782956A (en) * | 2010-02-09 | 2010-07-21 | 杭州晟元芯片技术有限公司 | Method and device for protecting data on basis of AES real-time encryption |
| CN103258172A (en) * | 2012-06-13 | 2013-08-21 | 福建睿矽微电子科技有限公司 | Off-chip Nor Flash bus interface hardware encryption device |
| CN103488916A (en) * | 2013-08-12 | 2014-01-01 | 中国航天科工集团第三研究院第八三五七研究所 | On-missile software encipherment protection method |
| CN103839012A (en) * | 2012-11-23 | 2014-06-04 | 景幂机械(上海)有限公司 | Flash encrypted storage device |
| US9116841B2 (en) * | 2012-11-28 | 2015-08-25 | Infineon Technologies Ag | Methods and systems for securely transferring embedded code and/or data designed for a device to a customer |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050138381A1 (en) * | 2003-08-01 | 2005-06-23 | Stickle Thomas C. | Dynamic content security processor system for XML documents |
-
2016
- 2016-09-08 CN CN201610809357.3A patent/CN107808099B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1647443A (en) * | 2002-04-18 | 2005-07-27 | 国际商业机器公司 | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
| CN101782956A (en) * | 2010-02-09 | 2010-07-21 | 杭州晟元芯片技术有限公司 | Method and device for protecting data on basis of AES real-time encryption |
| CN103258172A (en) * | 2012-06-13 | 2013-08-21 | 福建睿矽微电子科技有限公司 | Off-chip Nor Flash bus interface hardware encryption device |
| CN103839012A (en) * | 2012-11-23 | 2014-06-04 | 景幂机械(上海)有限公司 | Flash encrypted storage device |
| US9116841B2 (en) * | 2012-11-28 | 2015-08-25 | Infineon Technologies Ag | Methods and systems for securely transferring embedded code and/or data designed for a device to a customer |
| CN103488916A (en) * | 2013-08-12 | 2014-01-01 | 中国航天科工集团第三研究院第八三五七研究所 | On-missile software encipherment protection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107808099A (en) | 2018-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194491B (en) | Password evaluation test system and password evaluation test method | |
| CN101854243B (en) | Circuit system design encryption circuit and encryption method thereof | |
| CN101430747B (en) | Movable equipment based on credible embedded platform and its security storage method | |
| CN106650325B (en) | A kind of software platform management method based on softdog | |
| CN103761456B (en) | A kind of anti-method cracking of monolithic microcomputer kernel code | |
| CN105612527A (en) | Method for providing security for common intermediate language-based program | |
| JP2013236376A5 (en) | ||
| US11722467B2 (en) | Secured communication from within non-volatile memory device | |
| CN102324006B (en) | Processor program safety protection device and method | |
| CN101882189B (en) | Embedded-type system for ensuring completeness of program and realization method thereof | |
| CN110619224B (en) | Data processing method and related device | |
| CN104834873A (en) | U disk for cloud data information encryption and decryption, and realization method | |
| CN104156677A (en) | FPGA-based hard disk encryption and decryption system | |
| CN104902138A (en) | ENCRYPTION/DECRYPTION SYSTEM and its control method | |
| CN106534109A (en) | Security WiFi chip integrated with security encryption function | |
| CN107808099B (en) | Embedded software encryption/decryption system and method | |
| CN104270347A (en) | Safety control method, device and system | |
| CN104346584A (en) | Encryption and parameter configuration method for FPGA (Field Programmable Gate Array) system | |
| CN105303093A (en) | Token verification method for cryptographic smart token | |
| CN101124768A (en) | System and method of using a protected non-volatile memory | |
| CN204669402U (en) | A kind of cloud data message encrypting and decrypting system based on USB flash disk | |
| CN104081712A (en) | Repeatable application-specific encryption key derivation using a hidden root key | |
| CN103077362B (en) | There is the GPIO IP kernel of security mechanism | |
| CN108021817A (en) | A kind of encryption and decryption memory access interface realizes system and method | |
| CN110717198B (en) | Apparatus and method for operating a processing unit built by software for a device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |