CN108563964A - The encryption device and method of ephemeral data in a kind of external RAM of FPGA - Google Patents

The encryption device and method of ephemeral data in a kind of external RAM of FPGA Download PDF

Info

Publication number
CN108563964A
CN108563964A CN201810439600.6A CN201810439600A CN108563964A CN 108563964 A CN108563964 A CN 108563964A CN 201810439600 A CN201810439600 A CN 201810439600A CN 108563964 A CN108563964 A CN 108563964A
Authority
CN
China
Prior art keywords
data
fpga
ram
external ram
security module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810439600.6A
Other languages
Chinese (zh)
Inventor
朱阳烨
何薇
李济洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN201810439600.6A priority Critical patent/CN108563964A/en
Publication of CN108563964A publication Critical patent/CN108563964A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Abstract

The invention discloses the encryption device and method of ephemeral data in a kind of external RAM of FPGA, it is provided with one piece of safety zone in external RAM, in FPGA operational process, important ephemeral data to be protected is needed to be stored in the region.Storage data in this region be all by encipherment protection, even if outside world person by informal means have accessed that the region obtains if only some pass through encrypted data, the cleartext information of these data cannot be obtained;FPGA is internally provided with security module, and for accessing above-mentioned safety zone, and the only security module could read and write above-mentioned secure storage section.The present invention makes outside world person that can not steal important ephemeral data in FPGA operational process by directly accessing the methods of data in external RAM;Additional hardware need not be added, expansibility is good.

Description

The encryption device and method of ephemeral data in a kind of external RAM of FPGA
Technical field
The invention belongs to information security field, it is related to a kind of data encryption device and method, and in particular to outside a kind of FPGA Set the encryption device and method of ephemeral data in RAM.
Background technology
Being becoming increasingly rampant for extensive use with embedded device and the attack for them, ensures that these set Information security when received shipment row is increasingly taken seriously.How to ensure that the important of user faces during built-in equipment operation When data do not stolen by other rogue programs or long-range attack person, start become problem of people's attention.
In embedded systems, it since fpga chip is integrated with more and more hardware resources, provides stronger and stronger Computing capability, therefore FPGA is often brought and does some data processings, and data to be treated are sent into FPGA, first quilt from outside It stores in dual port RAM, then is sent to FPGA from another port of dual port RAM and carries out operation, the result of operation can be returned directly Back to upper layer caller, or it is stored to wait in another RAM as ephemeral data and does other processing.Due to the number of FPGA processing According to more and more, ephemeral data is also more and more, and FPGA built-in RAMs can not handle so many ephemeral data, so more It is stored in the external RAM of FPGA come more ephemeral datas.
Since the external world can directly access the data being stored in the external RAM of FPGA, so when ephemeral data is stored in When in the external RAM of FPGA, these ephemeral datas can be stolen by outside.These ephemeral datas are embedded system fortune mostly What row generated in the process, it may be possible to which (having the authorization data of key can use this close to the authorization data of some key Key), in some instances it may even be possible to it is exactly an encryption and decryption key, and they are mostly with plaintext version load in external RAM, rogue program or attack The person of hitting just is possible to directly read RAM to steal these data.
It is that these data are encrypted to protect the common method of data, thereby produces a series of cryptographic technique and adds Close algorithm, such as common DES, AES, RSA.These algorithms are managed based on algorithm complexity by mathematician and computer scientist By what is set up, and pass through open selection and simulated strike, ensure that the enough safeties of algorithm itself.It therefore can profit The safety that important ephemeral data during operation for embedded system is solved with encryption technology, in this way, even if these significant datas It is stolen by rogue program or long-range attack person, can not also obtain its content, ensure the safety of these data.
Invention content
For the problem that in FPGA operational process, important ephemeral data is stored in the external RAM of FPGA and may be stolen, This patent proposes the encryption device and method of ephemeral data in a kind of external RAM of FPGA.Even if attacker has read external RAM In data, obtain also be these important ephemeral datas cipher-text information, to ensure that in FPGA operational process, these The safety of ephemeral data.
Technical solution used by the device of the invention is:The encryption device of ephemeral data in a kind of external RAM of FPGA, It is characterized in that:It is provided with one piece of safety zone in the external RAM, in FPGA operational process, needs to be protected important interim Data are stored in the region.Storage data in this region be all by encipherment protection, even if outside world person pass through it is non- Regular means have accessed the region, and what is obtained is also that some pass through encrypted data, cannot obtain the plaintext of these data Information;
The FPGA is internally provided with security module, for accessing above-mentioned safety zone, and the only security module Above-mentioned secure storage section can be read and write.
Technical solution is used by the method for the present invention:The encryption method of ephemeral data in a kind of external RAM of FPGA, It is characterized in that, includes the following steps:
Step 1:According to the address for writing data, judge the address of data to be written whether in the safety zone of external RAM; If the address of data to be written in safety zone, goes to step 2, then data are not being write direct;
Step 2:Security module reads the PUF values of FPGA internal SRAMs, and a key is generated according to the PUF values;
Step 3:The data that security module is written into the external safety zones RAM are encrypted with above-mentioned key, and will be after encryption Ciphertext be written in external safety zones RAM.
The present invention has following major advantage:
1st:Outside world person can not be stolen by directly accessing the methods of data in external RAM in FPGA operational process Important ephemeral data;
2nd:Additional hardware need not be added, expansibility is good.
Description of the drawings
Fig. 1:The device frame figure of the embodiment of the present invention;
Fig. 2:Flow chart is written in data in the method for the embodiment of the present invention.
Specific implementation mode
Understand for the ease of those of ordinary skill in the art and implement the present invention, with reference to the accompanying drawings and embodiments to this hair It is bright to be described in further detail, it should be understood that implementation example described herein is merely to illustrate and explain the present invention, not For limiting the present invention.
Referring to Fig.1, in the external RAM of a kind of FPGA provided by the invention ephemeral data encryption device, be arranged in external RAM There is one piece of safety zone, in FPGA operational process, important ephemeral data to be protected is needed to be stored in the region.It is stored in the area Data in domain, even if outside world person has accessed the region by informal means, are obtained by encipherment protection Also only some pass through encrypted data, cannot obtain the cleartext information of these data;The RAM in the regional extent is not Insecure area, for storing some not important ephemeral datas.
FPGA is internally provided with security module, and for accessing above-mentioned safety zone, and the only security module could be read It writes and states secure storage section.The security module can read the PUF values of FPGA internal SRAMs, and be generated using the PUF values One key for being used for encryption and decryption.When upper layer module reads and writes data in the external safety zones RAM every time, it is required for calling above-mentioned peace Full module could be read and write.
See Fig. 2, the encryption method of ephemeral data, includes the following steps in a kind of external RAM of FPGA provided by the invention:
Step 1:According to the address for writing data, judge the address of data to be written whether in the safety zone of external RAM; If the address of data to be written in safety zone, goes to step 2, then data are not being write direct;
Step 2:Security module reads the PUF values of FPGA internal SRAMs, and generating a SM4 key according to the PUF values (also may be used Select other Key Tpes);
Step 3:The data that security module is written into the external safety zones RAM are encrypted with above-mentioned SM4 keys, and will encryption The external safety zones RAM are written in ciphertext afterwards.
Step 4:Destroy the SM4 keys generated in step 2.Because of the key all phases generated every time using FPGA internal SRAMs Together, it is not necessary to worry after destroying the key, can not be decrypted using the encrypted data of the key.
It is roughly the same with the process for writing data that upper layer module reads the process of data in external RAM, and difference is the 3rd step, Upper layer module will be returned to after the SM4 secret key decryptions in the ciphertext step 2 of reading by reading external RAM data.
It should be understood that the part that this specification does not elaborate belongs to the prior art.
It should be understood that the above-mentioned description for preferred embodiment is more detailed, can not therefore be considered to this The limitation of invention patent protection range, those skilled in the art under the inspiration of the present invention, are not departing from power of the present invention Profit requires under protected ambit, can also make replacement or deformation, each fall within protection scope of the present invention, this hair It is bright range is claimed to be determined by the appended claims.

Claims (2)

1. the encryption device of ephemeral data in a kind of external RAM of FPGA, it is characterised in that:It is provided with one piece in the external RAM Safety zone needs important ephemeral data to be protected to be stored in the region in FPGA operational process.It stores in this region Data be all by encipherment protection, even if outside world person by informal means have accessed that the region obtains if be Some pass through encrypted data, cannot obtain the cleartext information of these data;
The FPGA is internally provided with security module, and for accessing above-mentioned safety zone, and the only security module could be read It writes and states secure storage section.
2. the encryption method of ephemeral data in a kind of external RAM of FPGA, which is characterized in that include the following steps:
Step 1:According to the address for writing data, judge the address of data to be written whether in the safety zone of external RAM;If waiting for The address of data is written in safety zone, then goes to step 2, is not then writing direct data;
Step 2:Security module reads the PUF values of FPGA internal SRAMs, and a key is generated according to the PUF values;
Step 3:The data that security module is written into the external safety zones RAM are encrypted with above-mentioned key, and will be encrypted close Text is written in the external safety zones RAM.
CN201810439600.6A 2018-05-09 2018-05-09 The encryption device and method of ephemeral data in a kind of external RAM of FPGA Pending CN108563964A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810439600.6A CN108563964A (en) 2018-05-09 2018-05-09 The encryption device and method of ephemeral data in a kind of external RAM of FPGA

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810439600.6A CN108563964A (en) 2018-05-09 2018-05-09 The encryption device and method of ephemeral data in a kind of external RAM of FPGA

Publications (1)

Publication Number Publication Date
CN108563964A true CN108563964A (en) 2018-09-21

Family

ID=63538177

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810439600.6A Pending CN108563964A (en) 2018-05-09 2018-05-09 The encryption device and method of ephemeral data in a kind of external RAM of FPGA

Country Status (1)

Country Link
CN (1) CN108563964A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031058A1 (en) * 2007-10-12 2010-02-04 Daisuke Kito Computer System, Storage System and Management Computer for Backing Up and Restore Encryption Key for Storage System Incorporating Therein a Stored Data Encryption Function
CN102436423A (en) * 2011-10-13 2012-05-02 浙江大学 Controller and method for protecting NorFlash core data outside universal sheet
CN103258172A (en) * 2012-06-13 2013-08-21 福建睿矽微电子科技有限公司 Off-chip Nor Flash bus interface hardware encryption device
CN107590402A (en) * 2017-09-26 2018-01-16 杭州中天微系统有限公司 A kind of data storage ciphering and deciphering device and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031058A1 (en) * 2007-10-12 2010-02-04 Daisuke Kito Computer System, Storage System and Management Computer for Backing Up and Restore Encryption Key for Storage System Incorporating Therein a Stored Data Encryption Function
CN102436423A (en) * 2011-10-13 2012-05-02 浙江大学 Controller and method for protecting NorFlash core data outside universal sheet
CN103258172A (en) * 2012-06-13 2013-08-21 福建睿矽微电子科技有限公司 Off-chip Nor Flash bus interface hardware encryption device
CN107590402A (en) * 2017-09-26 2018-01-16 杭州中天微系统有限公司 A kind of data storage ciphering and deciphering device and method

Similar Documents

Publication Publication Date Title
CN104951409B (en) A kind of hardware based full disk encryption system and encryption method
US7155745B1 (en) Data storage device provided with function for user's access right
US20080072066A1 (en) Method and apparatus for authenticating applications to secure services
CN109558340B (en) Secure solid-state disk encryption system and method based on trusted authentication
US9372987B1 (en) Apparatus and method for masking a real user controlling synthetic identities
US11042652B2 (en) Techniques for multi-domain memory encryption
CN105653986B (en) A kind of data guard method and device based on microSD card
US8953805B2 (en) Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method
CN103378971B (en) A kind of data encryption system and method
CN108111524A (en) Terminal data protection method and system based on private key dynamic generation mechanism
US10154015B1 (en) Executable coded cipher keys
CN102750497A (en) Method and device for deciphering private information
US20100095132A1 (en) Protecting secrets in an untrusted recipient
US20090013183A1 (en) Confidential Information Processing Method, Confidential Information Processor, and Content Data Playback System
CN106100851B (en) Password management system, intelligent wristwatch and its cipher management method
CN108959943B (en) Method, device, apparatus, storage medium and corresponding vehicle for managing an encryption key
CN111177773B (en) Full disk encryption and decryption method and system based on network card ROM
CN107092836A (en) A kind of data guard method and device based on system encryption
CN106408069B (en) User data write-in and read method and the system of EPC card
CN111159726B (en) UEFI (unified extensible firmware interface) environment variable-based full-disk encryption and decryption method and system
Susukailo et al. Access control system based on encryption in QR-Code technology
US8413906B2 (en) Countermeasures to secure smart cards
CN105354500B (en) File encrypting method and device
US20230327855A1 (en) System and method for protecting secret data items using multiple tiers of encryption and secure element
CN108563964A (en) The encryption device and method of ephemeral data in a kind of external RAM of FPGA

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180921

RJ01 Rejection of invention patent application after publication