CN109194491B - Password evaluation test system and password evaluation test method - Google Patents
Password evaluation test system and password evaluation test method Download PDFInfo
- Publication number
- CN109194491B CN109194491B CN201811106736.1A CN201811106736A CN109194491B CN 109194491 B CN109194491 B CN 109194491B CN 201811106736 A CN201811106736 A CN 201811106736A CN 109194491 B CN109194491 B CN 109194491B
- Authority
- CN
- China
- Prior art keywords
- key
- encryption
- data
- interface
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/36—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols with means for detecting characters not meant for transmission
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a password evaluation test system, which comprises: (1) an encryption machine; (2) the encryption set key generation and injection unit comprises a key generator and a key injector; (3) the test measurement equipment comprises a data acquisition unit, a digital oscilloscope and a logic analyzer; (4) the data analysis unit comprises a commercial computer, a switch and a server which are mutually communicated; (5) a function tester; and (6) a simulation working terminal which comprises a simulation airborne data terminal, a ground data terminal and an RVT data terminal. Also disclosed is a corresponding method comprising: 1, performing encryption: selecting an encryption algorithm; selecting a plaintext and a secret key for encryption; outputting the file to a file to form a ciphertext; 2, performing detection: selecting a detection method; determining input content; detecting according to input content; 3, performing comparison: selecting an algorithm of a detection method; uploading a user detection tool; respectively calling original and user uploading detection tools of the system to execute detection; and comparing the detection results.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a password evaluation testing system based on an advanced encryption standard and a corresponding password evaluation testing method.
Background
AES is an iterative, symmetric key block cipher, requiring 256 bits of working key length and 128 bits of information key length according to algorithm design. The operation for the AES algorithm is performed on a two-dimensional array of bytes called a state. A state consists of 4 rows, each row comprising Nb bytes, Nb being equal to the packet length divided by 32, the information key length being 128 bits, so that Nb equals 4, which reflects the number of words (number of columns) of 32 bits in the state; since the working key is 256 bits long, Nk is 8, reflecting the number of 32-bit words (column number) in the key. While the number of rounds Nr of the AES algorithm depends only on the key length Nk, the relationship between the number of rounds and the key length can be expressed as: nr is 6+ Nk. In the AES encryption and decryption process, each round needs the participation of an expansion key W [ i ] with the same length as the input packet. Since the externally input encryption key is limited in length, a key expansion procedure is used in the algorithm to expand the external key into a longer bit string to generate each round of encryption and decryption keys. Nr +1 round keys are generated by a generator, each round key consisting of Nb words, with Nb (Nr +1) words W [ i ], i being 0,1, … …, Nb (Nr +1) -1 in total. For encryption and decryption transformation in the AES encryption algorithm, a round function used by the AES algorithm is compounded by 4 different transformations taking bytes as basic units, and the process consists of four different stages: (1) s box conversion, namely replacing by bytes in a packet by using one S box; (2) line shift conversion, a simple permutation; (3) column obfuscation transform, one that exploits the substitution of arithmetic on the field GF (28); (4) round key addition transformation, one bitwise exclusive-or with the current packet and a portion of the expanded key. The AES encrypts data by a round function through Nr rounds of iteration on input plaintext and a secret key, wherein the final round is different from the previous Nr-1 round. The front Nr-1 round is sequentially subjected to S box transformation, row shift transformation, column confusion transformation and round key addition transformation; the tail wheel removes the column alias transform compared to the front Nr-1 wheel.
The basis transformation includes:
(1) s box conversion
The S-box transform is an S-box based non-linear permutation that maps each byte of the input or intermediate state to another byte by a simple table lookup operation. The mapping method comprises the following steps: the high 4 bits of the input byte are used as the row value of the S-box, the low 4 bits are used as the column value, and then the elements of the corresponding row and column in the S-box are taken out as the output. For example, the row value of the S-box corresponding to the value input as "89" (hexadecimal) is "8", the column value is "9", and the value of the corresponding position in the S-box is "a 7", which means that "89" is mapped to "87".
(2) Column obfuscating transformations
The column confusion transformation realizes the column-by-column confusion, and the method comprises the following steps:
s'(x)=c(x)·s(x)mod(x4+1)
wherein c (x) {03 }. x3+{01}·x2The number representation within + {01 }. x + {02}, { x } is a byte.
Expressed as a matrix
(3) Line shift conversion
The line shift transformation performs a line-based circular shift operation, i.e., the line shift transformation acts on the line in the intermediate state, line 0 is not moved, line 1 is left shifted circularly by 1 byte, line 2 is left shifted circularly by 2 bytes, and line 3 is left shifted circularly by 3 bytes.
(4) Round key plus transform
Round key addition transformation is used to bitwise xor each column of the input or intermediate state S with a key word W [ i ], where W [ i ] (i ═ 0,1, ·,4(Nr +1) -1) is generated from the original key by a key expansion algorithm.
Group cipher mode of operation: block ciphers are the basic building blocks to provide data security. It has a fixed packet length as the basic processing unit, but the message length to be encrypted may be much longer. In order to apply block cipher algorithms to practice, they define many modes of operation. According to the development requirements of the project, the OFB mode and the CTR mode are used.
(1) OFB mode:
the OFB mode (Output feedback mode) is a synchronous stream cipher, in which a cipher stream is first generated and then xored with plaintext, and the OFB passes the cipher stream from an initial vector (iv) through repeated encryption.
(2) CTR mode
Similar to OFB, CTR changes block cipher to stream cipher. It generates a continuous stream of ciphers by incrementing an encryption counter, where the counter can be any function that ensures that no long-time repetitive output is produced, but it is the simplest and most common practice to use a common counter. Currently, CTR has been widely used, and the CTR mode does not fill a register with the output of an encryption algorithm, but inputs a counter into the register.
Although the Encryption method is theoretically mature, in the prior art, generally, a supplier develops a special algorithm conforming to the aes (advanced Encryption standard) standard according to the user's requirement for the customization of the Encryption algorithm, and provides source code, so that the user can customize the algorithm by modifying part of parameters. After the algorithm is customized by the user, even a supplier cannot decipher under the condition that the secret key is unknown. However, the consistency, strength and randomness of the implementation of the user-defined algorithm do not provide corresponding software and hardware tools for verification.
Therefore, while providing an encryption algorithm and a source code thereof, designing a password evaluation test system and a corresponding method, so that a user can perform customization, simulation and verification of the encryption algorithm, including user-defined algorithm by modifying an initial vector; simulating and verifying the algorithm defined by the user; installing a user-defined algorithm on a hardware platform (an encryption machine for a system) and carrying out functional verification; intercepting and capturing encrypted data in a test platform, and comparing the encrypted data with initial data; carrying out strength verification on a new algorithm defined by a user; the randomness of the key generation is verified.
Disclosure of Invention
The present invention is proposed to solve the problems existing in the prior art, and an object of the present invention is to provide a password evaluation testing system, which includes:
(1) the encryption machine comprises an onboard encryption machine, a ground encryption machine and an RVT encryption machine which are used in the encryption machine, is connected with a plaintext output port and a ciphertext output port through respective link interfaces, is used for loading a cipher algorithm, and performs encryption strength test and verification on the actual loading cipher strength;
(2) an encryption set key generating and filling unit, which comprises a key generator and a key injector, wherein the key generator is composed of a key data processing card and a management host and is used for generating key data, the key injector is used for receiving a key generated by a key generating device and filling the key into the encryption machine, the password injector comprises a main control management module, an operation display control module, a key sending control module, a man-machine interface module, an RS232/RS422/TTL interface module and a key receiving and processing module, wherein the operation display control module displays the operation of a data loader through a liquid crystal display screen and performs functional operation on the loader through a panel keyboard operation key, the key sending control module is used for loading the key into the encryption machine, and the key receiving and processing module is used for receiving an allocated key from the management host, the master control management module is used for managing and coordinating the key sending control module, the key receiving and processing module and the operation display control module to complete key receiving and injection functions, the data loader is connected with the key generator through the RS232 interface and receives key data from the key generator, the key injectors mutually transmit keys through TTL interface modules, and the RS422 interface is connected with the encryptor and is used for injecting keys into the encryptor;
(3) the test and measurement equipment comprises a data collector, a digital oscilloscope and a logic analyzer, wherein the data collector is used for collecting working data of the encryption machine and providing input and output data of the encryption machine during working for a password evaluation test system of the encryption machine so as to analyze the data of the test system, the data collector is of an independent aluminum case structure, a board card is arranged in the case, the outside of the case comprises a power supply interface, a network port, a data input interface and a data output interface, the front panel is provided with an indicator lamp and a switch, the rear panel is provided with a power supply socket and a connector which meets the standard of the connector of the encryption machine, the surface is painted, the data collector is connected with a commercial computer by adopting a gigabit Ethernet port, the commercial computer controls the work of the data collector through a control panel and receives the collected data through the network port, storing data in a local classification mode, wherein an input port of the data acquisition unit is connected with a channel simulation device, and an output port of the data acquisition unit is connected with the encryption machine;
(4) the data analysis unit comprises a commercial computer, a switch and a server which are mutually communicated, wherein the commercial computer is used for installing an FPGA chip and a singlechip development module, embedding a verified algorithm into FPGA design logic for unified compiling, downloading the compiled algorithm into the FPGA chip to complete loading after the compiling is successful, and performing the functional operations of encryption, encryption destruction and control on the encryption machine after the loading is completed;
(5) the function tester is used for verifying the encryption strength of the encryption machine by a password evaluation test system and simulating the working environment of the encryption machine, and comprises a power supply unit, a display unit, a control unit, a signal source unit and an interface unit, wherein the power supply unit supplies power to other power supplies, the display unit is communicated with the control unit and transmits information, the control unit is communicated with the signal source unit and transmits information, the signal source unit is communicated with the interface unit and transmits information, the power supply unit, the control unit, the signal source unit and the interface unit are interconnected with the onboard encryption machine and transmit information, the signal source unit generates a plaintext data and data comparison function and consists of an FPGA chip, and the interface unit comprises an information input interface, an information output interface, a plaintext data test interface and a ciphertext data test interface, the encryption equipment comprises a support RS232 interface, an Ethernet interface, an LVDS interface and an LVTTL interface, wherein a plaintext data test interface and a ciphertext data test interface are used for controlling and testing the encryption equipment, so that control function simulation, communication channel simulation and observation interface expansion are realized, and the display unit is a display screen based on serial port touch; and
(6) and the simulation working terminal comprises a simulation airborne data terminal, a ground data terminal and an RVT data terminal and is used for simulating the actual working environment of the encryption machine.
Preferably, the onboard encryption device, the ground encryption device and the RVT encryption device adopt the same hardware platform, and are determined to be the onboard encryption device, the ground encryption device or the RVT encryption device by loading corresponding software.
Preferably, the key data processing card is composed of a physical noise source and a USB interface circuit, the physical noise source is used for generating random data to ensure randomness of the key data, and the USB interface circuit is used for conversion of interface levels to realize an interface with the management host.
Preferably, the management host is a ruggedized computer.
Preferably, the key generator further comprises an operation module, the operation module is composed of a key data processing card driving module, a key data generation and verification function module, a key data output function module and an operation interface function module, the key data processing card driving module is used for driving a key data processing card, the key data generation and verification function module is used for reading random data from the key data processing card and performing randomness verification on the data to generate a key, the key data output function module is used for outputting the generated key to the key injector, the operation interface function module is used for setting baud rate and data bits for a serial port of the output data, storing operation information and data generated in the whole process of generation, verification and derivation of the key, and setting an operation password, wherein the operation information and data comprise key data, Configuration information and parameters of the key, log information, and system configuration information.
Preferably, the USB interface circuit includes a USB2.0 interface and an RS232 interface, the USB2.0 interface is used for interfacing the key data processing card with the management host, the RS232 interface is used for interfacing the management host with the key injector, and the management host is connected to the key injector through the RS232 interface to export the key data to the key injector.
The invention also aims to provide a password evaluation test method, which comprises the following steps:
step 1, performing encryption, comprising:
step 1.1, selecting an encryption algorithm;
step 1.2, selecting a plaintext and a secret key for encryption according to the selected encryption algorithm;
step 1.3, outputting the encryption result to a file to form a ciphertext;
step 2, executing detection, including:
step 2.1, selecting a detection method, wherein the detection method comprises ciphertext randomness detection, S box detection, exhaustion attack detection, algorithm correctness detection, differential attack detection and interpolation attack detection, and the ciphertext randomness detection is used for testing the randomness of the cipher stream collected from the encryption machine; the S-box test is used to test various capabilities of the S-box, and the exhaustive attack test includes: searching for missing portions of the encryption key based on the known ciphertext, plaintext and partial encryption key, the encryption key being a combination of a work key and a message key, and searching for missing portions of the left plaintext and the encryption key according to the known ciphertext, partial encryption key and partial plaintext; the algorithm correctness detection comprises a process and logic for detecting the algorithm; the differential attack detection is used for testing the safety intensity of an algorithm through differential attack; the interpolation attack detection is used for testing the security strength of the algorithm through interpolation attack;
step 2.2, input content is determined according to the detection method;
step 2.3, selecting corresponding input content and detecting, wherein the detection method is based on AES variable algorithm and comprises the following steps: setting iteration and symmetric key grouping cipher AES, requiring 256 bits of working key length and 128 bits of information key length according to algorithm design, and combining 4 different transformations with bytes as basic units to form round functions used by the AES algorithm for encryption and decryption transformation, wherein the process consists of four different stages: s box conversion, namely replacing by bytes in a packet by using one S box; line shift conversion, a simple permutation; column obfuscation transform, one that exploits the substitution of arithmetic on the field GF (28); and round key addition transformation, one carries on the exclusive OR according to the bit with a part of the present grouping and expanded key, AES to the encryption process of the data is realized through iterating the plaintext and key input by round function through Nr round, the end round is different from front Nr-1 round, front Nr-1 round carries on S box transformation, line shift transformation, column confusion transformation and round key addition transformation sequentially; compared with the front Nr-1 wheel, the tail wheel eliminates column confusion transformation; then, the block cipher algorithm is used for actual detection in a variable working mode, namely, a synchronous cipher stream based on AES is output, then the cipher stream is subjected to exclusive OR with plaintext, and finally, an initial vector is repeatedly encrypted to obtain a key stream; obtaining a final detection result;
step 3, performing comparison, comprising:
3.1, selecting an algorithm corresponding to the detection method needing comparison;
step 3.2, uploading the detection tool of the user in an exe file mode;
3.3, calling the original detection tool of the system and the detection tool uploaded by the user respectively, and executing detection twice;
and 3.4, outputting the comparison results of the two detections.
Preferably, the step 1 is completed by an encryption module, the step 2 is completed by a detection module, and the step 3 is completed by a comparison module.
Preferably, the encryption algorithm of step 1.1 is stored in a fixed location in an exe manner, and is automatically loaded by the system, if a new encryption algorithm needs to be added, the new encryption algorithm is copied to the directory of the encryption algorithm in the exe manner, and the system is reloaded, and the exe of the encryption algorithm is generated by the user according to the input and output specified by the system.
Preferably, the plaintext and the key in step 1.2 are read in the form of a file.
The invention has the beneficial effects that:
the system and the method of the invention carry out security evaluation on the special algorithm which is customized according to the user Encryption algorithm and is based on AES (advanced Encryption Standard), the user can customize the algorithm by modifying partial parameters or an S box for providing source codes, and the algorithm can not be decoded even by a supplier under the condition of unknown secret key after being customized by the user.
The above and other objects, advantages and features of the present invention will become more apparent to those skilled in the art from the following detailed description of specific embodiments thereof, taken in conjunction with the accompanying drawings.
Drawings
Some specific embodiments of the invention will be described in detail hereinafter, by way of illustration and not limitation, with reference to the accompanying drawings. The same reference numbers in the drawings identify the same or similar elements or components. Those skilled in the art will appreciate that the drawings are not necessarily drawn to scale. The objects and features of the present invention will become more apparent in view of the following description taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a block diagram of a password evaluation testing system according to an embodiment of the present invention;
FIG. 2 is a front view of an encryption engine according to an embodiment of the present invention;
FIG. 3 is a key generator connection diagram according to an embodiment of the invention;
FIG. 4 is a block diagram of key injector functionality according to an embodiment of the present invention;
FIG. 5 is a perspective view of a key generator entity according to an embodiment of the present invention;
FIG. 6 is a system diagram of a data collector according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of an analog encryption platform according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a functional structure of a functional tester according to an embodiment of the present invention;
FIG. 9 is a functional block diagram of test software according to an embodiment of the present invention;
FIG. 10 is a flow diagram of FPGA software operation according to an embodiment of the present invention;
FIG. 11 is a hierarchical diagram of a password evaluation system according to an embodiment of the present invention;
FIG. 12 is a flowchart of a password evaluation testing method according to an embodiment of the present invention;
FIG. 13 is a flow chart of an encryption process performed by the password evaluation testing method according to an embodiment of the present invention;
FIG. 14 is a flowchart of a process for performing a cryptographic evaluation test method according to an embodiment of the present invention;
fig. 15 is a flowchart of a comparative execution process of a password evaluation testing method according to an embodiment of the present invention.
Detailed Description
In this embodiment, the password evaluation system and the password evaluation method are applied to an unmanned aerial vehicle of a user, referring to fig. 1, a system block diagram of the password evaluation testing system of this embodiment, and hardware devices include:
(1) the encryption machine comprises an onboard encryption machine, a ground encryption machine and an RVT encryption machine which are used in the encryption machine, is connected with a plaintext output port and a ciphertext output port through respective link interfaces, is used for loading a cipher algorithm, and performs encryption strength test and verification on the actual loading cipher strength;
(2) an encryption set key generating and filling unit, which comprises a key generator and a key injector, wherein the key generator is composed of a key data processing card and a management host and is used for generating key data, the key injector is used for receiving a key generated by a key generating device and filling the key into the encryption machine, the password injector comprises a main control management module, an operation display control module, a key sending control module, a man-machine interface module, an RS232/RS422/TTL interface module and a key receiving and processing module, wherein the operation display control module displays the operation of a data loader through a liquid crystal display screen and performs functional operation on the loader through a panel keyboard operation key, the key sending control module is used for loading the key into the encryption machine, and the key receiving and processing module is used for receiving an allocated key from the management host, the master control management module is used for managing and coordinating the key sending control module, the key receiving and processing module and the operation display control module to complete key receiving and injection functions, the data loader is connected with the key generator through the RS232 interface and receives key data from the key generator, the key injectors mutually transmit keys through TTL interface modules, and the RS422 interface is connected with the encryptor and is used for injecting keys into the encryptor;
(3) the test and measurement equipment comprises a data acquisition unit, a digital oscilloscope and a logic analyzer, the data collector is used for collecting the working data of the encryption machine and providing the input and output data of the encryption machine during working for the password evaluation test system of the encryption machine, thereby the test system can carry out data analysis, the data collector is designed for an independent case structure, the case is internally provided with a board card, the outside of the case comprises a power interface, a network port, a data input interface and a data output interface, the data collector is connected with the commercial computer by adopting a gigabit Ethernet port, the commercial computer controls the work of the data collector by a control panel, receiving collected data through the internet access, storing the data in a local classification mode, connecting an input port of the data collector with channel simulation equipment, and connecting an output port of the data collector with the encryption machine;
(4) the data analysis unit comprises a commercial computer, a switch and a server which are mutually communicated, wherein the commercial computer is used for installing an FPGA chip and a singlechip development module, embedding a verified algorithm into FPGA design logic for unified compiling, downloading the compiled algorithm into the FPGA chip to complete loading after the compiling is successful, and performing the functional operations of encryption, encryption destruction and control on the encryption machine after the loading is completed;
(5) the function tester is used for verifying the encryption strength of the encryption machine by a password evaluation test system and simulating the working environment of the encryption machine, and comprises a power supply unit, a display unit, a control unit, a signal source unit and an interface unit, wherein the power supply unit supplies power to other power supplies, the display unit is communicated with the control unit and transmits information, the control unit is communicated with the signal source unit and transmits information, the signal source unit is communicated with the interface unit and transmits information, the power supply unit, the control unit, the signal source unit and the interface unit are interconnected with the onboard encryption machine and transmit information, the signal source unit generates a plaintext data and data comparison function and consists of an FPGA chip, and the interface unit comprises an information input interface, an information output interface, a plaintext data test interface and a ciphertext data test interface, the encryption equipment comprises a support RS232 interface, an Ethernet interface, an LVDS interface and an LVTTL interface, wherein a plaintext data test interface and a ciphertext data test interface are used for controlling and testing the encryption equipment, so that control function simulation, communication channel simulation and observation interface expansion are realized, and the display unit is a display screen based on serial port touch; and
(6) and the simulation working terminal comprises a simulation airborne data terminal, a ground data terminal and an RVT data terminal and is used for simulating the actual working environment of the encryption machine.
Referring to fig. 2, the encryptor is shown in elevation, including the onboard encryptor, the ground encryptor and the RVT encryptor in use, for loading the cryptographic algorithm and performing cryptographic strength testing and verification of the actual loaded cryptographic strength. The three encryptors are determined to be airborne, ground or RVT encryptors by adopting the same hardware platform and loading corresponding software.
Referring to fig. 3, the key generator is composed of a key data processing card, a management host, and operating software for generating key data. The key data processing card is a core component of the key generator, and the management host selects a hardened computer.
1. Key data processing card
The key data processing card consists of a physical noise source and a USB interface circuit. The physical noise source is used for generating random data to ensure the randomness of the key data; the USB interface circuit is used for completing the conversion of interface level and realizing the interface with the management host.
The key data processing card has the following main technical indexes:
2. operating software
The operation software is special software developed based on the key generator and consists of key data processing card driving module, key data generating and checking module, key data output module, operation interface module, etc. The key data processing card driving module is used for driving the key data processing card; the key data generation and inspection function module is used for reading random data from the key data processing card and performing randomness inspection on the data to generate a key; the key data output function module is used for outputting the generated key to the key injector; the operation interface function module is used for setting the baud rate, data bits and the like of the serial port of the output data, storing all operation information and data (mainly comprising key data, configuration information and parameters of the key, log information, system configuration information and the like) generated in the whole process of generating, checking and exporting the key, setting an operation password and the like.
3. Interface
USB 2.0: the key data processing card interfaces with the management host,
an RS232 interface: the management host interfaces with the key injector. The management host is connected with the key injector through an RS-232 interface, and the key data is exported to the key injector.
Referring to fig. 4, the key injector function module is configured to receive the key generated by the key generating device and inject the key into the encryption engine.
(I) functional module composition
1. An operation display control module: the operation of the data loader is displayed through the liquid crystal display screen, and the functional operation is carried out on the loader through the panel keyboard operation key. A key sending control module: for key loading of the encryptor.
2. The key receiving and processing module: for receiving the assigned key from the managing host.
3. A main control management module: and managing and coordinating the modules to complete the functions of receiving and injecting the key.
The actual key injector is shown in figure 5 below.
(II) main technical indexes of function module
The key injection device has the following main technical indicators:
the key injector has three functional interfaces:
1) the RS-232C interface has a high level of-3V to-15V and a low level of +3V to + 15V; the data loader is connected with the key generator through an RS-232C interface, receives the key data from the key generator, and the interface rate is as follows: 19200 bps.
2) TTL interface: the high level is 5V +/-0.5V, and the low level is less than 0.5V. Interface rate: 600 bps. Key injector mutual transmission key through TTL
3) RS422 interface: and the encryption equipment is connected with the encryption equipment and is used for injecting keys into the encryption equipment. Interface rate: 19200 bps.
Referring to fig. 6, a data acquisition unit is a structural diagram of a ketone absorption structure, and the data acquisition unit is mainly used for acquiring working data of an encryption machine, providing input and output data of the encryption machine during working for an encryption machine code evaluation laboratory, and facilitating data analysis in the laboratory. The data acquisition unit adopts the structural design of an independent case and is matched with the upper software of the PC to finish the corresponding data acquisition of the encryption machine.
(I) technical index requirement
1. Functional requirements
1) The multi-channel data acquisition function is supported;
2) receiving commercial computer control;
3) self-adapting the work rate;
4) and data classified storage (plaintext and ciphertext) is supported.
2. Performance requirements
1) The power supply of a direct current 5V power supply is supported, and the power consumption is less than 10W;
2) the data acquisition capacity is greater than 8 Mbps;
3) and simultaneous acquisition of open-ended input data, closed-ended output data and closed-ended input data and open-ended output data is supported.
(II) scheme
1. Overall structure
The data collector consists of a case and PC software. The case is internally composed of a board card, and externally composed of a power interface, a network port, a data input interface and a data output interface. The signal collector is connected with the commercial computer through a gigabit Ethernet port. The commercial computer software controls the signal collector to work through the software panel, receives the collected data through the network port, and stores the data in local in a classified manner. When the signal acquisition device works, the network port of the signal acquisition device is connected with a commercial computer, the input port is connected with the channel simulation equipment, and the output port is connected with the encryption machine. Structural design
The data acquisition unit adopts an independent case structure, the front panel is provided with an indicator light and a switch, and the rear panel is provided with a power socket and a connector meeting the connector interface standard of the encryption machine. And (4) adopting an aluminum case and performing surface painting treatment.
2. Hardware circuit structure
The data acquisition unit is designed by a single board and mainly comprises an FPGA module, a network port module, an interface module and a power supply module.
The FPGA module adopts a xilinxXC6SLX45T chip. The Spartan6 series are low-cost high-capacity FPGAs, and adopt 45nm low-power-consumption copper-clad technology, so that the power consumption, the performance and the cost can be well balanced; the Spartan6 series employs dual registers, 6-input LUT inside, and a series of built-in system level modules, which have 18Kb Block Ram, second generation DSP48A21Slice, SDRAM memory interface (DDR interface), robust hybrid clock management module, Select IO technology, optimized high speed serial Transceiver GTP Transceiver, PCIE interface, advanced system level power management mode, auto-detectable configuration, enhanced IP with AES and Device DNA protection. Spartan6 is particularly suitable for high-volume logic designs, user-oriented DSP designs.
The network port module adopts an RTL8211EG chip which supports 10/100/1000M rate and has the advantages of low power consumption, simple configuration and the like.
The interface module adopts a standard LVDS interface level conversion chip to convert input signals of the encryption machine and the channel simulator into interface levels which can be identified by the signal collector.
The power module mainly adopts a low-power consumption power chip to convert an input 5V power into 3.3V and 1.2V power for each functional module to use.
3. Software functions
The software function of the signal collector mainly comprises FPGA software and PC software functions.
The FPGA software is mainly divided into an acquisition module, a storage module, an IP protocol generation module and a control module. The acquisition module is responsible for signal acquisition and needs to acquire 4 paths of data simultaneously. The storage module is used for caching the acquired data and waiting for the calling of the ip protocol generation module. The control module is used for receiving a control command sent by the PC and controlling the signal collector to work.
The PC software is compiled by C + +, and the operating environment is win 7. The system comprises a main control module, a protocol processing module and a data storage module. The control module is responsible for responding to commands such as start and save. The protocol processing module is mainly used for decomposing the ip protocol, recombining the contents in the ip data packet and classifying each data. The data storage module is responsible for classifying the classified data according to a fixed format and storing the classified data in a local computer.
The password evaluation testing system simulates a working platform equipment connection diagram of an encryption machine through a function tester as shown in fig. 7, and referring to fig. 7, the function tester simulates a composition schematic diagram of an encryption platform, the function tester is used for verifying the encryption strength of the encryption machine in a password evaluation laboratory, simulates the working environment of the encryption machine, is provided with an information input interface and an information output interface of the encryption machine, and controls and checks the testing verification of the working state, the encryption strength and the like of the encryption machine through a human-computer interaction interface. The function tester can provide test interfaces of plaintext data and ciphertext data, and is used for controlling and testing the encryption machine. The encryption machine can be an airborne encryption machine, a ground encryption machine or an RVT encryption machine, and the function tester is used for simulating the working environment of the encryption machine and realizing control function simulation, communication channel simulation and observation interface expansion.
1. Main technical index requirements
1) The actual working environment of the encryption and decryption machine can be simulated;
2) the simulation function of a control channel is provided;
3) the LVDS and LVTTL communication simulation function is realized;
4) the tester has a friendly man-machine interaction interface, and can be controlled through a web interface at a computer end;
5) an independent case structure is adopted;
6) the working temperature is-45 ℃ to +75 ℃;
7) inputting a working power supply: 5V of direct current;
8) power consumption: the maximum power consumption does not exceed 15W.
2. Hardware
The function tester may be divided into a power supply unit, a control unit, a source unit, an interface unit, and a display unit by function, as shown in fig. 8.
1) Power supply unit
The power supply unit provides power supplies with various voltage values for normal work of the whole board, and the power supplies required by the normal work of the tester comprise 5V, 3.3V, 2.5V, 1.2V and 1.0V power supplies. The 5V power supply is provided for the onboard double-channel encryption and decryption machine and the display after being filtered by an external +5V direct-current power supply. The 3.3V power supply is the main voltage on the tester and is provided for each electronic component. The 2.5V power supply is provided for the LVDS interface unit, the 1.2V power supply is the core voltage of the FPGA, and the 1.0V power supply is the core voltage of the CPU. The power supply unit mainly selects a high-efficiency DC-DC power supply chip, and selects a BM1430 chip of Shanghai Baili micro company to convert 5V input into 3.3V output, wherein the output current of the chip can reach 3A, and the efficiency is as high as 90%. The 3.3V input is converted into 2.5V, 1.2V and 1.0V output, and 3 MAXIM MAX8256 power switching chips are selected.
2) Control unit
The control unit is a management control center of the tester and is used for managing and controlling the encryption and decryption machine and the tester and coordinating the cooperative work among all unit modules of the tester.
The main workings of the control unit are:
a) the encryption and decryption machine is controlled by simulating a host machine control command so as to test whether a control command channel of the encryption and decryption machine can work normally.
b) And controlling all functional modules of the tester to work cooperatively.
c) Providing human-machine interface and management control functions.
The control analog unit is composed of an AT91SAM9G20 chip of ATMEL company and peripheral circuits thereof.
The AT91SAM9G20 is based on an ARM926EJ-S processor, clocked AT 400 MHz. Including 32KB instructions and a 32KB data cache, two 16KB SRAM memory blocks and 64KB ROM, can achieve single cycle access at the highest processor or bus speeds and has an external bus interface including many controllers that control SDRAM and static memory including NAND Flash and CompactFlash. Its broad set of peripherals includes USB full-speed host and device interfaces, an 10/100Base T ethernet MAC, image sensor interface, Multimedia Card Interface (MCI), Synchronous Serial Controller (SSC), USART, master/slave Serial Peripheral Interface (SPI), two three-channel 16-bit Timing Counters (TC), a two-wire interface (TWI), and a four-channel 10-bit analog-to-digital converter. The three 32-bit parallel input/output controllers allow multiplexing of pins with these peripherals, thereby reducing the number of device pins and the peripheral DMA channels, and increasing the data throughput between the interface and the on-chip and off-chip memories to the highest level. The AT91SAM9G20 has a full-function system controller that can implement efficient system management, including a reset controller, shutdown controller, clock management, Advanced Interrupt Controller (AIC), debug unit (DBGU), periodic interval timer, watchdog timer, and real-time timer.
In this embodiment, the running memory of the CPU is 64MB, and the FLASH capacity is 128 MB.
3) Source unit
The information source unit is used for generating plaintext data and a data comparison function, and can realize automatic test of the encryption and decryption machine. The unit supports the testing of two onboard encryption and decryption machines, realizes the sub-loop testing of a single encryption and decryption machine and the connection testing of two encryption and decryption machines, and switches the plaintext input and output signals of the encryption and decryption machines to a testing base so that a user can observe the signal waveform by using a logic analyzer and an oscilloscope. The information source unit hardware mainly comprises an FPGA chip, and the chip is an XC6SLX45T chip in spark 6 series of XILINX company. The Spartan6 series are low-cost high-capacity FPGAs, and adopt 45nm low-power-consumption copper-clad technology, so that the power consumption, the performance and the cost can be well balanced; the Spartan6 series employs dual registers, 6-input LUT inside, and a series of built-in system level modules, which have 18Kb Block Ram, second generation DSP48A21Slice, SDRAM memory interface (DDR interface), robust hybrid clock management module, Select IO technology, optimized high speed serial Transceiver GTP Transceiver, PCIE interface, advanced system level power management mode, auto-detectable configuration, enhanced IP with AES and Device DNA protection. Spartan6 is particularly suitable for high-volume logic design, user-oriented DSP design, low-cost design. XC6SLX45T has 43,661 logic units, BRAM of 2,088Kb, 296 available IO ports.
4) Interface unit
The interface unit realizes the interface conversion function of the tester, and the supported interfaces comprise an RS232 interface, an Ethernet interface, an LVDS interface and an LVTTL interface.
The RS232 interface is used for debugging of the tester and information interaction with the display unit, and the level conversion of the LVTTL and the RS232 interface is realized by the RS232 interface through a MAX3232 chip.
The Ethernet interface is mainly used for debugging and controlling the CPU, and adopts a DM9161 interface chip and a HX1188 Ethernet transformer.
The LVDS and LVTTL interfaces respectively realize LVDS interface communication and LVTTL interface communication between the tester and the encryption machine, and the LVDS interface adopts MAX9123 and MAX9122 LVDS interface level conversion chips.
5) Display unit
The display unit is used for realizing the man-machine interaction of the tester, and monitoring and controlling the tester through a WEB interface after connecting the tester network port to the computer.
The function tester adopts a WEB server design based on BOA, provides a monitoring and control interface by inputting a tester access control address on an IE browser of a computer, and an operator can complete the operation of the tester according to interface options.
Besides providing monitoring design based on a WEB server, the tester also expands a human-computer interaction interface based on a serial port touch display screen, and realizes control information input of the tester. The touch display module can support Diving science and technology, and the communication interface is the RS232 interface.
3. Software implementation
The test software mainly comprises two parts of FPGA software and CPU software, wherein the FPGA software runs in an XC6SLX45T chip, and the CPU software runs in an AT91SAM9G20 chip.
1) CPU software
The CPU software realizes the functions of mode selection of the tester, software simulation of a control channel, human-computer interface control and the like, and provides a human-computer control interface. The software adopts a linux operating system, the application program is developed by adopting a standard C language, and the man-machine interaction interface adopts a WEB server design mode based on BOA. The functional block diagram of the test software is shown in fig. 9.
2) FPGA software
FPGA software is developed by adopting a standard VHDL language, a software development platform is ISE13.3, and the functions of information source sending, information receiving, information comparison and framing disassembly of a data communication channel of an encryption and decryption machine are mainly realized. And generating a signal source at the transmitting end, and transmitting the signal source to the encryption and decryption machine for carrying out communication test on the encryption and decryption machine. And (4) carrying out synchronization judgment at the receiving end, and carrying out error code and out-of-step detection after synchronization. The FPGA software workflow diagram is shown in figure 10.
The entire test system also included a test measurement device consisting of a logic analyzer Agilent 16854A and an oscilloscope Agilent DSOX 3032A. The initial data before encryption and the encrypted data can be collected and tested through the input interface, the output interface, the logic analyzer and the digital oscilloscope, and the comparison can be carried out. The encrypted ciphertext should be irregular data, completely different from the original data before encryption. And testing and measuring the acquired data through the testing and measuring equipment, and verifying and judging the authenticity of the realization of the cryptographic algorithm.
The encryption equipment simulation system further comprises a simulation working terminal, wherein the encryption equipment simulation working terminal is composed of a simulation airborne data terminal, a ground data terminal and an RVT data terminal, and the actual working environment of the encryption equipment is simulated.
And the system also comprises two commercial computers which are prepared according to the listed models of the hardware equipment list. The model which has stopped producing is replaced by the latest product of the same manufacturer on the market, and the performance of the model is higher than that of the listed equipment with the corresponding model. The commercial computer is used for installing FPGA (Field-Programmable Gate Array) and singlechip (Central Process Unit) development software tools. The algorithm of FPGA realizes software package XILINX ISE 13.1, and single chip microcomputer (Central Process Unit) develops software Keil uVision 4. A development software environment is built through a commercial computer, a verified algorithm (VHDL realization) is embedded into FPGA design logic, unified compiling is carried out, the algorithm is downloaded to an FPGA chip after the compiling is successful, and the loading of the algorithm is completed. After loading is finished, the functions of encryption, encryption damage, control and the like of the encryption machine are tested normally.
The technical scheme of the password evaluation test method in the embodiment adopts a changeable algorithm based on AES.
1)AES
AES is an iterative, symmetric key block cipher, requiring 256 bits of working key length and 128 bits of information key length according to algorithm design. For encryption and decryption transformations, the round function used by the AES algorithm is compounded by 4 different transformations in bytes as the basic unit, which consists of four different stages:
s box conversion, namely replacing by bytes in a packet by using one S box;
line shift conversion, a simple permutation;
column obfuscation transform, one that exploits the substitution of arithmetic on the field GF (28);
round key addition transformation, one bitwise exclusive-or with the current packet and a portion of the expanded key.
The AES encrypts data by a round function through Nr rounds of iteration on input plaintext and a secret key, wherein the final round is different from the previous Nr-1 round. The front Nr-1 round is sequentially subjected to S box transformation, row shift transformation, column confusion transformation and round key addition transformation; the tail wheel removes the column alias transform compared to the front Nr-1 wheel.
Block ciphers are the basic building blocks to provide data security. It has a fixed packet length as the basic processing unit, but the message length to be encrypted may be much longer. In order to apply block cipher algorithms to practice, they define a changeable mode of operation.
2) Outputting a synchronous cipher stream based on AES, then carrying out XOR on the cipher stream and plaintext, and finally obtaining a key stream by repeatedly encrypting an initial vector.
After the evaluation test method is applied to a corresponding system, the system is divided into three parts: user and management interface, evaluation logic layer, communication layer. Referring to fig. 11, a system hierarchy is shown. Wherein:
1) the user and the management interface perform evaluation personnel management and evaluation task management;
2) the evaluation logic layer implements and completes the evaluation task;
3) the communication and physical layer manages the evaluation physical object, the software object and the data object.
After logging in the system successfully, the user can select three execution modes, namely 'encryption execution', 'detection execution' and 'comparison execution'. And after the three execution modes are executed and corresponding results are output, returning to the main menu to wait for the next execution command. The process is shown in fig. 12:
1) performing encryption
After the 'encryption execution' is selected, the encryption module is entered. Firstly, an encryption algorithm is selected, and the system provides two encryption algorithms with key lengths. And selecting a plaintext and a secret key for encryption according to a cryptographic algorithm, and reading the plaintext and the secret key in a file manner. And outputting the encryption result to a file. The process is shown in fig. 13:
2) performing detection
After the 'execution detection' is selected, the detection module is entered. Before the detection is performed, the contents of the input are determined according to the detection method, and then the corresponding input is selected and detected. And outputting the detection result to a result file. The process is shown in fig. 14:
the system comprises the following detection methods: ciphertext randomness detection, S box detection, exhaustive attack detection, algorithm correctness detection, differential attack detection and interpolation attack detection.
3) Performing a comparison
After selecting 'execute comparison', entering a comparison module. Firstly, selecting a detection method needing comparison, and then uploading a detection tool of a user. And after the uploading of the user detection tool is finished, calling a detection module, and executing detection by using the system detection tool and the user detection tool respectively. And finally, outputting the comparison results of the two detections. The process is shown in figure 15.
The system of the present embodiment performs functions including:
1) carrying out user-defined on the algorithm by modifying the initial vector;
2) simulating and verifying the algorithm defined by the user;
3) installing a user-defined algorithm on a hardware platform (a laboratory encryption machine) and carrying out functional verification;
4) intercepting and capturing encrypted data in a test platform, and comparing the encrypted data with initial data;
5) carrying out strength verification on a new algorithm defined by a user;
6) the randomness of the key generation is verified.
The system has more specific and strict power supply requirements, environmental temperature and humidity requirements and electromagnetic interference resistance requirements, and comprises the following components:
1) configuring a voltage stabilizer and overvoltage protection equipment on a power supply line of a machine room;
2) the short-term standby power supply is provided, and the normal operation requirement of the main equipment under the condition of power failure is met;
3) setting redundant or parallel circuit cable lines to supply power to the computer system;
4) the power supply should satisfy: frequency: 50 +/-1 HZ; voltage: 220V; amplitude of fluctuation (%): -15 to + 10; phase number: three-phase five-wire system or three-phase four-wire system or single-phase three-wire system; waveform distortion ratio (%): less than or equal to +/-10;
5) setting automatic temperature and humidity adjusting facilities to enable the temperature and humidity of the machine room to be within the allowable range of equipment operation;
6) the relative humidity RH of the air in the machine room is selected to be between 40% and 60%;
7) the grounding mode is adopted to prevent external electromagnetic interference and equipment parasitic coupling interference;
8) the power line and the communication cable are laid in an isolated way, so that mutual interference is avoided;
9) electromagnetic shielding is applied to critical equipment and magnetic media.
In order to clearly understand the implementation of the embodiment, the following list of software involved in the hardware device of the password evaluation testing system and the password evaluation testing method is provided:
the list of software or software packages required by the password evaluation test method is as follows:
the password evaluation system and the password evaluation method are used for the unmanned aerial vehicle of the user, and the safety and confidentiality of data transmission between the aerial vehicle and the RVT (portable video transmission terminal) and the uplink and the downlink of a line of sight (LOS) link of the unmanned aerial vehicle system are effectively guaranteed.
While the present invention has been described with reference to the particular illustrative embodiments, it is not to be restricted by the embodiments but only by the appended claims. It will be understood by those skilled in the art that variations and modifications of the embodiments of the present invention can be made without departing from the scope and spirit of the invention.
Claims (10)
1. A password evaluation testing system is characterized by comprising:
(1) the encryption machine comprises an onboard encryption machine, a ground encryption machine and an RVT encryption machine which are used in the encryption machine, is connected with a plaintext output port and a ciphertext output port through respective link interfaces and is used for loading a cryptographic algorithm;
(2) an encryption key generating and filling unit, which comprises a key generator and a key injector, wherein the key generator is composed of a key data processing card and a management host and is used for generating key data, the key injector is used for receiving a key generated by a key generating device and filling the key into the encryption machine, the password injector comprises a main control management module, an operation display control module, a key sending control module, a man-machine interface module, an RS232/RS422/TTL interface module and a key receiving and processing module, wherein the operation display control module displays the operation of a data loader through a liquid crystal display screen and performs functional operation on the loader through a panel keyboard operation key, the key sending control module is used for loading the key into the encryption machine, and the key receiving and processing module is used for receiving an allocated key from the management host, the main control management module is used for managing and coordinating the key sending control module, the key receiving and processing module and the operation display control module to complete the key receiving and injecting functions, the data loader is connected with the key injector through the RS232 interface and receives key data from the key injector, the key injector mutually transmits keys through a TTL interface module, and is connected with the encryption machine through the RS422 interface and used for injecting keys into the encryption machine;
(3) the test and measurement equipment comprises a data collector, a digital oscilloscope and a logic analyzer, wherein the data collector is used for collecting working data of the encryption machine and providing input and output data of the encryption machine during working for a password evaluation test system of the encryption machine, the data collector is of an independent aluminum case structure, a board card is arranged in the case, the outside of the case comprises a power supply interface, a network port, a data input interface and a data output interface, the front panel is provided with an indicator lamp and a switch, the rear panel is provided with a power supply socket and a connector conforming to the standard of the connector interface of the encryption machine, the surface painting treatment is carried out, the data collector is connected with a commercial computer by adopting a gigabit Ethernet port, the commercial computer controls the work of the data collector through a control panel, receives the collected data through the network port and classifies the data to be stored locally, the input port of the data acquisition unit is connected with the channel simulation equipment, and the output port of the data acquisition unit is connected with the encryption machine;
(4) the data analysis unit comprises a commercial computer, a switch and a server which are mutually communicated, wherein the commercial computer is used for installing an FPGA chip and a singlechip development module, embedding a verified algorithm into FPGA design logic for unified compiling, downloading the compiled algorithm into the FPGA chip to complete loading after the compiling is successful, and performing the functional operations of encryption, encryption destruction and control on the encryption machine after the loading is completed;
(5) the function tester is used for testing and verifying the encryption strength of the actual loaded password strength of the encryption machine by the password evaluation test system, and comprises a power supply unit, a display unit, a control unit, a signal source unit and an interface unit, wherein the power supply unit supplies power to other power supplies, the display unit is communicated with the control unit and transmits information, the control unit is communicated with the signal source unit and transmits information, the signal source unit is communicated with the interface unit and transmits information, the power supply unit, the control unit, the signal source unit and the interface unit are interconnected with the onboard encryption machine and transmit information, the signal source unit generates a plaintext data and data comparison function and consists of an FPGA chip, and the interface unit comprises an information input interface, an information output interface, a plaintext data test interface and a ciphertext data test interface, the encryption equipment comprises a support RS232 interface, an Ethernet interface, an LVDS interface and an LVTTL interface, wherein a plaintext data test interface and a ciphertext data test interface are used for controlling and testing the encryption equipment, so that control function simulation, communication channel simulation and observation interface expansion are realized, and the display unit is a display screen based on serial port touch; and
(6) the simulation working terminal comprises a simulation airborne data terminal, a ground data terminal and an RVT data terminal and is used for simulating the actual working environment of the encryption machine;
the encryption machine encryption device comprises an encryption machine key generation and injection unit, a test and measurement unit and a function tester, wherein the encryption machine key generation and injection unit selects a plaintext and a secret key to encrypt according to a selected encryption algorithm, and outputs an encryption result to a file to form a ciphertext, the encryptor reads the ciphertext and executes ciphertext output, the test and measurement unit provides input and output data of the encryption machine during working for a password evaluation test system, the data analysis unit performs encryption injection, decryption and control on the ciphertext on the encryption machine, after the ciphertext is injected, the simulation working terminal simulates the actual working environment of the encryption machine, the function tester detects and verifies the encryption strength of the encryption machine, and the adopted detection and verification methods comprise ciphertext randomness detection, S box detection, exhaustive attack detection, algorithm correctness detection, differential attack detection and interpolation attack detection.
2. The password evaluation testing system according to claim 1, wherein: the airborne encryption machine, the ground encryption machine and the RVT encryption machine adopt the same hardware platform, and are determined to be the airborne encryption machine, the ground encryption machine or the RVT encryption machine by loading corresponding software.
3. The password evaluation testing system according to claim 1, wherein: the key data processing card is composed of a physical noise source and a USB interface circuit, wherein the physical noise source is used for generating random data to ensure the randomness of the key data, and the USB interface circuit is used for converting interface level to realize an interface with a management host.
4. The password evaluation testing system according to claim 3, wherein: the management host is a ruggedized computer.
5. The password evaluation testing system according to claim 1, wherein: the key generator also comprises an operation module, the operation module is composed of a key data processing card driving module, a key data generating and checking function module, a key data output function module and an operation interface function module, the key data processing card driving module is used for driving the key data processing card, the key data generating and checking function module is used for reading random data from the key data processing card and performing random checking on the data to generate a key, the key data output function module is used for outputting the generated key to the key injector, the operation interface function module is used for setting baud rate and data bits of a serial port of the output data, storing operation information and data generated in the whole process of generating, checking and deriving the key and setting an operation password, wherein the operation information and the data comprise key data, Configuration information and parameters of the key, log information, and system configuration information.
6. The password evaluation testing system according to claim 3, wherein: the USB interface circuit comprises a USB2.0 interface and an RS232 interface, the USB2.0 interface is used for connecting the key data processing card with the interface of the management host, the RS232 interface is used for connecting the management host with the key injector interface, and the management host is connected with the key injector through the RS232 interface and guides the key data out to the key injector.
7. A password evaluation testing method using a password evaluation testing system according to any one of claims 1 to 6, comprising the steps of:
step 1, performing encryption, comprising:
step 1.1, selecting an encryption algorithm;
step 1.2, selecting a plaintext and a secret key for encryption according to the selected encryption algorithm;
step 1.3, outputting the encryption result to a file to form a ciphertext;
step 2, executing detection, including:
step 2.1, selecting a detection method, wherein the detection method comprises ciphertext randomness detection, S box detection, exhaustion attack detection, algorithm correctness detection, differential attack detection and interpolation attack detection, and the ciphertext randomness detection is used for testing the randomness of the cipher stream collected from the encryption machine; the S-box test is used to test various capabilities of the S-box, and the exhaustive attack test includes: searching for missing portions of the encryption key based on the known ciphertext, plaintext and partial encryption key, the encryption key being a combination of a work key and a message key, and searching for missing portions of the left plaintext and the encryption key according to the known ciphertext, partial encryption key and partial plaintext; the algorithm correctness detection comprises a process and logic for detecting the algorithm; the differential attack detection is used for testing the safety intensity of an algorithm through differential attack; the interpolation attack detection is used for testing the security strength of the algorithm through interpolation attack;
step 2.2, input content is determined according to the detection method;
step 2.3, selecting corresponding input content and detecting, wherein the detection method is based on AES variable algorithm and comprises the following steps: setting iteration and symmetric key grouping cipher AES, requiring 256 bits of working key length and 128 bits of information key length according to algorithm design, and combining 4 different transformations with bytes as basic units to form round functions used by the AES algorithm for encryption and decryption transformation, wherein the process consists of four different stages: s box conversion, namely replacing by bytes in a packet by using one S box; line shift conversion, a simple permutation; column obfuscation transform, one that exploits the substitution of arithmetic on the field GF (28); and round key addition transformation, one carries on the exclusive OR according to the bit with a part of the present grouping and expanded key, AES to the encryption process of the data is realized through iterating the plaintext and key input by round function through Nr round, the end round is different from front Nr-1 round, front Nr-1 round carries on S box transformation, line shift transformation, column confusion transformation and round key addition transformation sequentially; compared with the front Nr-1 wheel, the tail wheel eliminates column confusion transformation; then, the block cipher algorithm is used for actual detection in a variable working mode, namely, a synchronous cipher stream based on AES is output, then the cipher stream is subjected to exclusive OR with plaintext, and finally, an initial vector is repeatedly encrypted to obtain a key stream; and obtaining a final detection result.
8. The password evaluation test method according to claim 7, wherein: also comprises
Step 3, performing comparison, comprising:
3.1, selecting an algorithm corresponding to the detection method needing comparison;
step 3.2, uploading the detection tool of the user in an exe file mode;
3.3, calling the original detection tool of the system and the detection tool uploaded by the user respectively, and executing detection twice;
and 3.4, outputting the comparison results of the two detections.
9. The password evaluation test method according to claim 7, wherein: the encryption algorithm of step 1.1 is stored in a fixed position in an exe mode, the system automatically loads the encryption algorithm, if a new encryption algorithm needs to be added, the new encryption algorithm is copied to the directory of the encryption algorithm in the exe mode, and the system is reloaded, wherein the exe of the encryption algorithm is generated by the user according to the input and output of the system.
10. The password evaluation test method according to claim 7, wherein: the plaintext and the key are read in step 1.2 in the form of a file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811106736.1A CN109194491B (en) | 2018-09-21 | 2018-09-21 | Password evaluation test system and password evaluation test method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811106736.1A CN109194491B (en) | 2018-09-21 | 2018-09-21 | Password evaluation test system and password evaluation test method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109194491A CN109194491A (en) | 2019-01-11 |
| CN109194491B true CN109194491B (en) | 2021-05-25 |
Family
ID=64909280
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811106736.1A Active CN109194491B (en) | 2018-09-21 | 2018-09-21 | Password evaluation test system and password evaluation test method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109194491B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110572639A (en) * | 2019-09-30 | 2019-12-13 | 公安部第一研究所 | video encryption and decryption evaluation tool and method based on GB35114 standard |
| CN110572640A (en) * | 2019-09-30 | 2019-12-13 | 公安部第一研究所 | GB35114 standard-based video signature verification evaluation tool and method |
| CN111211895B (en) * | 2019-12-18 | 2022-05-24 | 北京邮电大学 | Key analysis processing method and device and key distribution randomness detection system |
| CN111464291B (en) * | 2020-02-26 | 2021-06-29 | 北京邮电大学 | Quantum key randomness detection device |
| CN111464564B (en) * | 2020-05-08 | 2022-12-23 | 郑州信大捷安信息技术股份有限公司 | Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm |
| CN113361571A (en) * | 2021-05-25 | 2021-09-07 | 华能曲阜热电有限公司 | Automatic data acquisition method for fuel front-end chemical examination equipment |
| CN113709137A (en) * | 2021-08-25 | 2021-11-26 | 广东财经大学 | Password evaluation test system and password evaluation test method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104079562A (en) * | 2014-06-09 | 2014-10-01 | 中国建设银行股份有限公司 | Safety authentication method based on payment terminal and related device |
| CN105308558A (en) * | 2012-12-10 | 2016-02-03 | 维迪特克公司 | Rules based data processing system and method |
| CN106327723A (en) * | 2016-08-29 | 2017-01-11 | 福建新大陆支付技术有限公司 | mPOS transaction system based on intelligent platform |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7797746B2 (en) * | 2006-12-12 | 2010-09-14 | Fortinet, Inc. | Detection of undesired computer files in archives |
| US10607007B2 (en) * | 2012-07-03 | 2020-03-31 | Hewlett-Packard Development Company, L.P. | Micro-virtual machine forensics and detection |
-
2018
- 2018-09-21 CN CN201811106736.1A patent/CN109194491B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105308558A (en) * | 2012-12-10 | 2016-02-03 | 维迪特克公司 | Rules based data processing system and method |
| CN104079562A (en) * | 2014-06-09 | 2014-10-01 | 中国建设银行股份有限公司 | Safety authentication method based on payment terminal and related device |
| CN106327723A (en) * | 2016-08-29 | 2017-01-11 | 福建新大陆支付技术有限公司 | mPOS transaction system based on intelligent platform |
Non-Patent Citations (1)
| Title |
|---|
| 《密码模块安全测评的思路和方法》;石竑松;《中国信息安全》;20180915;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109194491A (en) | 2019-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194491B (en) | Password evaluation test system and password evaluation test method | |
| JP2021083110A (en) | In-vehicle electronic control unit upgrade method, device, apparatus, and vehicle system | |
| CN111259416A (en) | Multi-algorithm security encryption authentication system and method based on FPGA | |
| CN108243009A (en) | A kind of TPCM boards based on FPGA and crypto chip | |
| Hoffman et al. | A High‐Speed Dynamic Partial Reconfiguration Controller Using Direct Memory Access Through a Multiport Memory Controller and Overclocking with Active Feedback | |
| Homsirikamol et al. | Gmu hardware api for authenticated ciphers | |
| Fischer et al. | An open-source multi-FPGA modular system for fair benchmarking of true random number generators | |
| KR20080016081A (en) | Emulation system | |
| CN101772915A (en) | Cryptographic random number generator using finite field operations | |
| CN104346584A (en) | Encryption and parameter configuration method for FPGA (Field Programmable Gate Array) system | |
| CN101719827B (en) | Method for executing hardware realization of Petri network-based block cipher algorithm | |
| CN103701591A (en) | Sequence password realization method and key stream generating method and device | |
| CN106503592B (en) | Encryption method and system based on programmable logic device | |
| CN116306474A (en) | Method, device, equipment and storage medium for verifying access of network on chip | |
| Huang et al. | UML-based hardware/software co-design platform for dynamically partially reconfigurable network security systems | |
| CN112363975B (en) | Interaction method and interaction system for configuration software and FPGA | |
| CN206313784U (en) | A kind of encryption equipment test system | |
| Lee et al. | Collecting big data from automotive ECUs beyond the CAN bandwidth for fault visualization | |
| KR101888548B1 (en) | Random number generation method, random number generation device and communication apparatus comprising the device | |
| Hasamnis et al. | Custom hardware interface using NIOS II processor through GPIO | |
| Vorobets et al. | Self-reconfigurable cryptographical coprocessor for data streaming encryption in tasks of telemetry and the Internet of Things | |
| CN111464291B (en) | Quantum key randomness detection device | |
| CN112994707B (en) | SAS scrambling code circuit | |
| CN2676290Y (en) | USB based anode proof scheme for reconfigurable cipher coprocessor | |
| KR20110018988A (en) | Apparatus for measuring power consumption and generating a trigger for side channel analysis and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |