CN110321737B - Method for preventing injection type attack of data encryption standard coprocessor - Google Patents

Method for preventing injection type attack of data encryption standard coprocessor Download PDF

Info

Publication number
CN110321737B
CN110321737B CN201910584012.6A CN201910584012A CN110321737B CN 110321737 B CN110321737 B CN 110321737B CN 201910584012 A CN201910584012 A CN 201910584012A CN 110321737 B CN110321737 B CN 110321737B
Authority
CN
China
Prior art keywords
injection
key
coprocessor
plaintext
check
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910584012.6A
Other languages
Chinese (zh)
Other versions
CN110321737A (en
Inventor
李立
范振伟
焦英华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhaoxun Hengda Technology Co Ltd
Original Assignee
Zhaoxun Hengda Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhaoxun Hengda Technology Co Ltd filed Critical Zhaoxun Hengda Technology Co Ltd
Priority to CN201910584012.6A priority Critical patent/CN110321737B/en
Publication of CN110321737A publication Critical patent/CN110321737A/en
Application granted granted Critical
Publication of CN110321737B publication Critical patent/CN110321737B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention relates to a method for preventing an injection type attack of a data encryption standard coprocessor, which is characterized by comprising the following steps: acquiring and storing a first plain text and a first key; backing up the first key to generate a second key; performing first injection-proof verification on the first plain text and the first secret key; performing encryption operation according to the first plaintext and the first secret key to generate a second ciphertext; carrying out decryption operation according to the second ciphertext to generate a third plaintext; performing second injection prevention verification on the third plaintext; performing third prevention injection verification according to the first key and the second key; performing fourth injection-prevention verification according to the encrypted path state word; and after the fourth anti-injection verification is successful, outputting the second ciphertext serving as a calculation result. The method can check whether the data used in the calculation process is attacked by injection through four times of injection-proof check, thereby improving the prevention capability of the data encryption standard coprocessor on the injection attack.

Description

Method for preventing injection type attack of data encryption standard coprocessor
Technical Field
The invention relates to the technical field of single-chip microcomputers, in particular to a method for preventing an injection type attack by a data encryption standard coprocessor.
Background
Data Encryption Standard (Data Encryption Standard, short for DES) coprocessor is widely used in safety computing single chip microcomputer, and is mainly used for improving Data Encryption capability of single chip microcomputer. The purpose of carrying out injection type attack on the coprocessor is to destroy the data encryption energy result of the singlechip to which the coprocessor belongs, so that the upper-layer application of the singlechip is wrongly executed. The existing injection type attack method has the following aspects: the purpose of disturbing the encryption result of the data to be encrypted is achieved by destroying the data to be encrypted; the injection type attack to the encryption key achieves the purpose of disturbing the encryption result by destroying the encryption key.
Disclosure of Invention
The invention aims to provide a method for preventing a data encryption standard coprocessor from injection attack, which protects the normal operation of a DES coprocessor and prevents the DES coprocessor from entering a wrong operation state when suffering from the injection attack.
The invention provides a method for preventing an injection type attack of a data encryption standard coprocessor, which comprises the following steps:
the coprocessor acquires a first plaintext and a first secret key sent by an upper computer and stores the first plaintext and the first secret key;
the coprocessor initializes an encryption path state word;
the coprocessor carries out encryption backup processing on the first secret key, generates a second secret key and carries out storage processing;
the coprocessor carries out first injection-proof check processing on the first plaintext and the first secret key;
after the first injection-prevention verification is successful, the coprocessor encrypts the first plaintext according to the first plaintext and the first key to generate a second ciphertext;
the coprocessor carries out decryption operation processing on the second ciphertext according to the second ciphertext and the first key to generate a third plaintext;
the coprocessor carries out second injection-proof verification processing on the third plaintext and the first plaintext;
after the second injection-proof verification is successful, the coprocessor carries out third injection-proof verification processing on the first key and the second key;
after the third injection check is successful, the coprocessor carries out fourth injection check processing on the encryption path state word;
and when the fourth anti-injection verification is successful, the coprocessor outputs the second ciphertext serving as a calculation result.
Further, the initializing an encryption path state word by the coprocessor specifically includes:
the coprocessor sets the value of a first check bit in the encryption path state word to 0;
the coprocessor sets the value of a second parity bit in the encryption path state word to 0;
the coprocessor sets the value of the third check bit in the encryption path state word to 0.
Further, the method further comprises:
when the first injection-proof check is successful, the coprocessor sets the value of the first check bit in the encryption path state word to 1;
when the second injection-prevention check is successful, the coprocessor sets the value of the second check bit in the encryption path state word to 1;
and after the third prevention injection check is successful, the coprocessor sets the value of the third check bit in the encryption path state word to 1.
Further, the coprocessor performs encryption backup processing on the first key to generate a second key and performs storage processing, and the method specifically includes:
the coprocessor extracts all bytes of the first key according to the first key to generate a first temporary plaintext;
the coprocessor carries out encryption processing on the first temporary plaintext according to the first secret key to generate a second secret key;
and the coprocessor stores the second key.
Further, the performing, by the coprocessor, a first injection-proof check process on the first plaintext and the first secret key specifically includes:
when the data length of the first plaintext is not 0, the plaintext length is verified successfully;
when the data length of the first key is not 0, the key length is successfully verified;
and when the plaintext length check and the key length check are both successful, the first injection-proof check is successful.
Further, the performing, by the coprocessor, a second injection-prevention verification process on the third plaintext and the first plaintext specifically includes:
and when the value of the third plaintext is equal to the value of the first plaintext, the second injection-prevention verification is successful.
Further, the coprocessor performs a third prevention injection verification process on the first key and the second key, specifically including:
the coprocessor extracts all bytes of the second key according to the second key to generate a first temporary ciphertext;
the coprocessor decrypts the first temporary ciphertext according to the first key to generate a second temporary plaintext;
and when the value of the second temporary plaintext is equal to the value of the first key, the third prevention injection verification is successful.
Further, the coprocessor performs a fourth injection-prevention check process on the encrypted path state word, specifically including:
and when the values of the first check bit, the second check bit and the third check bit of the encryption path state word are all 1, the fourth injection-prevention check is successful.
Further, the method further comprises:
when the first injection-proof check fails, returning a first injection-proof check error, which indicates that the calculation is attacked by the 0 data length injection type;
when the second injection-proof verification fails, returning a second injection-proof verification error, and indicating that the original text data required by calculation is attacked by an injection type;
when the third-prevention injection verification fails, returning a third-prevention injection verification error, and indicating that the calculation key required by calculation is attacked by an injection type;
and when the fourth injection-proof verification fails, returning a fourth injection-proof verification error, which indicates that the injection-proof attack verification process is attacked by the injection.
The invention provides a method for preventing an injection attack of a data encryption standard coprocessor, which is used for preventing the injection attack of input data in a calculation initialization stage by performing first injection-prevention verification on the input data; through the second injection-proof check on the encryption result, the injection type attack on the encryption data block in the calculation process is prevented; performing third prevention injection verification on the key after encryption is finished so as to prevent injection type attack on the encryption key in the calculation process; and setting an encryption path state word and carrying out fourth injection-proof verification on the encryption path state word so as to ensure that the verification process for preventing the attack is not attacked by injection. After the 4 injection-proof checks pass successfully, it can be determined that the original text and the key data are completely kept and are not damaged by injection in the calculation process, so that the calculation result is correct, and the coprocessor can output the result as the final output result normally.
Drawings
Fig. 1 is a working diagram of a method for preventing an injection attack by a data encryption standard coprocessor according to an embodiment of the present invention.
Fig. 2 is a working diagram of a method for preventing an injection attack by a data encryption standard coprocessor according to a second embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The DES algorithm is a symmetric algorithm, i.e. the encryption and decryption keys are the same key. After a group of plaintext is encrypted by using the DES coprocessor, the encryption result is decrypted by using the same key (the inverse operation of encryption), and the obtained plaintext is consistent with the original plaintext. The DES algorithm is a block encryption algorithm, and for the encryption of a super large text, the principle is to divide the super large text into a plurality of data blocks with fixed length, encrypt the data blocks respectively, and then assemble the data blocks sequentially.
Therefore, there are three main ways for the existing injection attack of the DES coprocessor: 1. 0 length input data injection type attack, wherein the length 0 can be considered as the length of a full byte (for example, 0x 00: 0 can be expressed or 256) when software and hardware process data receiving, an attacker adopts the 0 length data attack to improve the attack frequency on one hand and detect whether the attacked DES coprocessor has an analysis contradiction of the length 0 on the other hand, if the analysis contradiction error exists, the attack can cause the DES coprocessor to enter a data blind receiving state and finally overtime; 2. computing object injection attack-in the computing process, the computing data stored in the DES coprocessor is subjected to injection attack, so that the computing object is wrong, and the result is wrong; 3. in the process of calculating the key injection attack, the key of the DES coprocessor does not need to be input again, and if the attacker completes the injection attack on the key after a certain block calculation to cause the change of the key, the encryption of a subsequent block generates errors.
Aiming at the attack means, the invention provides a method for preventing the injection type attack of the data encryption standard coprocessor, which effectively prevents the injection type attack of 0 length by the length check (first injection-proof check) of input and output data; through inverse operation verification (second injection-proof verification), injection type attack on a calculation object is effectively prevented; by the aid of key readback verification (third prevention injection verification), injection type attack on the calculated key is effectively prevented; by performing path verification (fourth injection-proof verification) on the encrypted path state word, the attack of an attacker on the injection-proof flow per se of the invention is effectively prevented.
In an embodiment of the present invention, as shown in fig. 1, which is a working schematic diagram of a method for preventing an injection attack by a data encryption standard coprocessor according to an embodiment of the present invention, the method includes the following steps:
step 11, the coprocessor acquires and stores a first plaintext and a first secret key sent by an upper computer; the coprocessor initializes the encryption path state word,
the method specifically comprises the following steps: step 111, setting the value of the first check bit of the encrypted path state word to 0;
step 112, setting the value of the second check bit of the encrypted path status word to 0;
step 113, setting the value of the third check bit of the encrypted path status word to 0.
The first check bit is used for identifying a result of first injection-proof check (input/output data length check), and when the value of the first check bit is 0, the check is not started or fails, and when the value of the first check bit is 1, the check is successful; the second check bit is used for identifying the result of the second injection-proof check (inverse operation verification), and when the value of the second check bit is 0, the check is not started or fails, and when the value of the second check bit is 1, the check is successful; the third check bit is used for identifying the result of the third injection check (key read-back check), and when the value of the third check bit is 0, the third check bit indicates that the check is not started or fails, and when the value of the third check bit is 1, the third check bit indicates that the check is successful.
Step 12, the coprocessor carries out encryption backup processing on the first key, generates a second key and carries out storage processing,
the method specifically comprises the following steps: step 121, extracting all bytes of the first key according to the first key to generate a first temporary plaintext;
step 122, according to the first key, performing DES encryption processing on the first temporary plaintext to generate a second key, where the calculation formula is specifically: second cipher key DESEncryption(first key );
step 123, save processing is performed on the second key.
The second key is substantially backup data stored after the data of the second key is encrypted by using the first key. The storage after encryption is adopted, so as to prevent an attacker from tampering the storage of the backup key data. The second key is extracted during the third prevention injection verification and is compared with the key used in the calculation process, so that an attacker can be prevented from carrying out injection attack on the calculation key.
Step 13, the coprocessor carries out first anti-injection verification processing on the first plain text and the first secret key,
the method specifically comprises the following steps: step 131, when the lengths of the first plaintext and the first key data are not both 0, the first injection-proof check is successful, which indicates that the DES coprocessor is not attacked by the injection of the input data with the length of 0;
step 132 sets the value of the first parity bit of the encrypted path status word to 1.
And step 14, after the first injection prevention check is successful, the coprocessor encrypts the first plaintext according to the first plaintext and the first key to generate a second ciphertext.
Here, after the first injection-prevention check is successful, it indicates that the input data is valid data, the DES coprocessor starts normal calculation, that is, performs encryption processing on the first plaintext to generate a second ciphertext, and the calculation formula specifically is as follows: second cipher text DESEncryption(first plain text, first key).
And step 15, the coprocessor carries out decryption operation according to the second ciphertext and the first secret key to generate a third plaintext.
Here, the second ciphertext is used as decryption data, the first key is used as a key, and decryption calculation is performed, where the calculation formula specifically is: third plaintext DESDecryption(second ciphertext, first key). The third plaintext is the inverse operation result of the second ciphertext, and the purpose is to quote the third plaintext in the second anti-injection verification and compare the third plaintext with the original data for generating the second ciphertext, namely the first plaintext; the principle of the alignment is as follows: if the calculation object is not attacked by injection during the calculation process of the DES coprocessor, the third plaintext should be consistent with the first plaintext.
Step 16, the coprocessor carries out second injection-proof check processing on the third plain text and the first plain text,
the method specifically comprises the following steps: step 161, when the third plaintext is consistent with the first plaintext, the second injection-proof check is successful, which indicates that the DES coprocessor does not receive the injection attack on the calculation object in the block calculation process;
step 162 sets the value of the second parity bit of the encrypted path status word to 1.
Step 17, after the second anti-injection verification is successful, the coprocessor carries out third anti-injection verification processing on the first key and the second key,
the method specifically comprises the following steps: step 171, according to the second key, extracting all bytes of the second key to generate a first temporary ciphertext;
step 172, according to the first key, performing DES decryption processing on the first temporary ciphertext to generate a second temporary plaintext, where the calculation formula specifically is: second temporary plaintext DESDecryption(second key, first key);
step 173, when the value of the second temporary plaintext is equal to the value of the first key, the third prevention injection check is successful, which indicates that the calculated key is not subject to the injection attack in the current block calculation process of the DES coprocessor
Step 174 sets the value of the third parity bit of the encrypted path status word to 1.
Step 18, after the third proof injection is successfully checked, the coprocessor carries out fourth check processing on the encryption path state word,
the method specifically comprises the following steps: when the values of the first check bit, the second check bit and the third check bit of the encryption path state word are all 1, the fourth check is successful, and the processing process adopting the method is not attacked by injection.
And step 19, when the fourth anti-injection verification is successful, the coprocessor outputs the second ciphertext serving as an encryption result.
In the second embodiment of the present invention, as shown in fig. 2, which is a working schematic diagram of a method for preventing an injection attack by a data encryption standard coprocessor provided in the second embodiment of the present invention, the method includes the following steps:
step 211, the coprocessor obtains and stores the first plain text and the first key; the encrypted path state word is initialized and,
the method specifically comprises the following steps: step 2111, setting the value of the first check bit of the encrypted path status word to 0;
step 2112, setting the value of the second parity bit of the encrypted path status word to 0;
step 2113, the value of the third parity bit of the encrypted path status word is set to 0.
The first check bit is used for identifying a result of first injection-proof check (input/output data length check), and when the value of the first check bit is 0, the check is not started or fails, and when the value of the first check bit is 1, the check is successful; the second check bit is used for identifying the result of the second injection-proof check (inverse operation verification), and when the value of the second check bit is 0, the check is not started or fails, and when the value of the second check bit is 1, the check is successful; the third check bit is used for identifying the result of the third injection check (key read-back check), and when the value of the third check bit is 0, the third check bit indicates that the check is not started or fails, and when the value of the third check bit is 1, the third check bit indicates that the check is successful.
Step 212, the coprocessor performs encryption backup processing on the first key, generates a second key and performs storage processing,
the method specifically comprises the following steps: step 2121, extracting all bytes of the first key according to the first key to generate a first temporary plaintext;
step 2122, according to the first key, performing DES encryption processing on the first temporary plaintext to generate a second key, where the calculation formula specifically is: second cipher key DESEncryption(first key );
and step 2123, storing the second key.
The second key is substantially backup data stored after the data of the second key is encrypted by using the first key. The storage after encryption is adopted, so as to prevent an attacker from tampering the storage of the backup key data. The second key is extracted during the third prevention injection verification and is compared with the key used in the calculation process, so that an attacker can be prevented from carrying out injection attack on the calculation key.
Step 213, determining whether the length of the first plaintext data is 0, if the length of the first plaintext data is 0, the plaintext of the input data of the DES coprocessor is attacked by the injection type attack with the length of 0, and if the length of the plaintext fails to be verified, the process goes to step 260; if the length of the first plaintext data is not 0, the plaintext data input by the DES coprocessor is not attacked by the injection attack with length 0, and the plaintext length is successfully verified, then go to step 214.
Step 214, determining whether the first key data length is 0, if the first key data length is 0, the key of the input data of the DES coprocessor is attacked by the 0-length injection type attack, and the key length check fails, and going to step 260; if the data length of the first key is not 0, the key of the input data of the DES coprocessor is not attacked by the injection type attack of 0 length, the key length is successfully checked, and the process goes to step 215.
In step 215, the coprocessor will encrypt the first check position 1 of the path status word, indicating that the first anti-injection check is successful.
And step 216, the coprocessor encrypts the first plaintext according to the first plaintext and the first key to generate a second ciphertext.
Here, after the first check is successful, it is stated that the input data is valid data, and then the DES coprocessor starts normal computation to generate a second ciphertext, where the computation formula is specifically: second cipher text DESEncryption(first plain text, first key).
And step 217, the coprocessor performs decryption operation according to the second ciphertext and the first key to generate a third plaintext.
Here, the second ciphertext is used as decryption data, the first key is used as a key, and decryption calculation is performed to generate a third plaintext, and the calculation formula specifically is as follows: third plaintext DESDecryption(second ciphertext, first key). The third plaintext is the inverse operation result of the second ciphertext, and the purpose is to quote the third plaintext in the second anti-injection verification and compare the third plaintext with the original data for generating the second ciphertext, namely the first plaintext; the comparison principle is as follows: if the calculation object is not attacked by injection during the calculation process of the DES coprocessor, the third plaintext should be consistent with the first plaintext.
Step 218, judging whether the data of the third plaintext is consistent with the data of the first plaintext, if so, the DES coprocessor calculates that the object is not subjected to injection type attack in the calculation process, and if the second plaintext is successful in injection verification prevention, turning to step 219; if the third plaintext is not consistent with the first plaintext, the DES coprocessor suffers from injection attack on the calculation object in the calculation process, and the second injection-proof check fails, and the process goes to step 270.
In step 219, the coprocessor sets the value of the second check bit of the encryption path status word to 1, which indicates that the second anti-injection check is successful.
Step 220, the coprocessor uses the value of the second key as the first temporary ciphertext and uses the first key as the second temporary key to perform decryption calculation to generate a second temporary plaintext,
the method specifically comprises the following steps: step 2201, the coprocessor extracts all bytes of the second key according to the second key to generate a first temporary ciphertext;
step 2202, according to the first key, decrypting the first temporary ciphertext to generate a second temporary plaintext, where the calculation formula is specifically: second temporary plaintext DESDecryption(second key, first key).
Step 221, judging whether the second temporary plaintext is consistent with the first key data, if so, judging that the calculated key is not attacked by injection by the DES coprocessor in the calculation process, and if the third prevention injection verification is successful, turning to step 222; if the second temporary plaintext is not consistent with the first key data, the DES coprocessor suffers from injection attack to the calculated key in the calculation process, and the third prevention of injection verification fails, and the process goes to step 280.
In step 222, the coprocessor sets the value of the third check bit of the encryption path state word to 1, which indicates that the third check injection is successful.
Step 223, judging whether the values of the first check bit, the second check bit and the third check bit of the encrypted path state word are all 1, if the values of the first check bit, the second check bit and the third check bit of the encrypted path state word are all 1, the injection-proof method flow in the current calculation process of the DES coprocessor is not attacked by injection, if the fourth check bit of the encrypted path state word is successful, turning to step 224; if the first, second and third check bits of the encryption path status word are not all 1, the injection-proof method flow itself in the current calculation process of the DES coprocessor suffers from injection type attack, and the fourth injection-proof check fails, and the process goes to step 290.
And step 224, the encryption process is normally completed, and the coprocessor outputs and processes the second ciphertext serving as a calculation result.
Step 260, making encryption error, exiting the encryption process, and returning error information: the first injection-proof checks for errors.
There may be two reasons for the system to return the first anti-injection verification error: the plaintext length of the input data of the DES coprocessor is 0; alternatively, the key length of the input data of the DES coprocessor is 0.
Step 270, making encryption error, exiting the encryption process, and returning error information: second injection-proof check errors.
The reason for the system to return a second anti-injection verification error is: the data object calculated by the DES coprocessor in the calculation process may suffer from injection type attack, so that the calculation result is wrong.
Step 280, encrypting makes an error, exiting the encryption process, and returning error information: and the third prevention is injection check error.
The reason for the system to return the third proof injection check error is: the key used for calculation in the process of calculation by the DES coprocessor can be subjected to injection attack, so that the subsequent calculation result is necessarily wrong.
Step 290, making encryption error, exiting the encryption process, and returning error information: and fourthly, preventing injection of check errors.
The reason for the system to return the fourth anti-injection verification error may be: the DES coprocessor suffers from injection type attack in the calculation process; or the first, second and third injection checking processes caused by the task scheduling vulnerability of the multi-task processing system are not effectively executed.
Performing first injection-proof verification on input data to prevent injection type attack on the input data in a calculation initialization stage; through the second injection-proof check on the encryption result, the injection type attack on the encryption data block in the calculation process is prevented; performing third prevention injection verification on the key after encryption is finished so as to prevent injection type attack on the encryption key in the calculation process; and setting an encryption path state word and carrying out fourth injection-proof verification on the encryption path state word so as to ensure that the verification process for preventing the attack is not attacked by injection. By using the method, the calculation error caused by injection attack of input data length, calculated data, calculated key and the like can be avoided, so that the safe working capacity of the DES coprocessor is improved, and the use safety of an upper computer is guaranteed.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, a software module executed by a processor, or a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (6)

1. A method for a data encryption standard coprocessor to prevent injection attacks, the method comprising:
the coprocessor acquires a first plaintext and a first secret key sent by an upper computer and stores the first plaintext and the first secret key;
the coprocessor initializes an encryption path state word;
the coprocessor carries out encryption backup processing on the first secret key, generates a second secret key and carries out storage processing;
the coprocessor carries out first injection-proof check processing on the first plaintext and the first secret key; when the data length of the first plaintext is not 0, the plaintext length is verified successfully; when the data length of the first key is not 0, the key length is successfully verified; when the plaintext length verification and the key length verification are both successful, the first injection-proof verification is successful;
after the first injection-prevention verification is successful, the coprocessor encrypts the first plaintext according to the first plaintext and the first key to generate a second ciphertext;
the coprocessor carries out decryption operation processing on the second ciphertext according to the second ciphertext and the first key to generate a third plaintext;
the coprocessor carries out second injection-proof verification processing on the third plaintext and the first plaintext; when the value of the third plaintext is equal to the value of the first plaintext, the second injection-prevention verification is successful;
after the second injection-proof verification is successful, the coprocessor carries out third injection-proof verification processing on the first key and the second key; the coprocessor extracts all bytes of the second key according to the second key to generate a first temporary ciphertext; the coprocessor decrypts the first temporary ciphertext according to the first key to generate a second temporary plaintext; when the value of the second temporary plaintext is equal to the value of the first key, the third prevention injection verification is successful;
after the third injection check is successful, the coprocessor carries out fourth injection check processing on the encryption path state word;
and when the fourth anti-injection verification is successful, the coprocessor outputs the second ciphertext serving as a calculation result.
2. The method of claim 1, wherein the coprocessor initializes an encryption path state word, specifically comprising:
the coprocessor sets the value of a first check bit in the encryption path state word to 0;
the coprocessor sets the value of a second parity bit in the encryption path state word to 0;
the coprocessor sets the value of the third check bit in the encryption path state word to 0.
3. The method of claim 2, further comprising:
when the first injection-proof check is successful, the coprocessor sets the value of the first check bit in the encryption path state word to 1;
when the second injection-prevention check is successful, the coprocessor sets the value of the second check bit in the encryption path state word to 1;
and after the third prevention injection check is successful, the coprocessor sets the value of the third check bit in the encryption path state word to 1.
4. The method according to claim 1, wherein the coprocessor performs encryption backup processing on the first key to generate a second key and performs storage processing, specifically comprising:
the coprocessor extracts all bytes of the first key according to the first key to generate a first temporary plaintext;
the coprocessor carries out encryption processing on the first temporary plaintext according to the first secret key to generate a second secret key;
and the coprocessor stores the second key.
5. The method according to claim 1, wherein the coprocessor performs a fourth injection-prevention check process on the encrypted path state word, specifically including:
and when the values of the first check bit, the second check bit and the third check bit of the encryption path state word are all 1, the fourth injection-prevention check is successful.
6. The method of claim 1, further comprising:
when the first injection-proof check fails, returning a first injection-proof check error, which indicates that the calculation is attacked by the 0 data length injection type;
when the second injection-proof verification fails, returning a second injection-proof verification error, and indicating that the original text data required by calculation is attacked by an injection type;
when the third-prevention injection verification fails, returning a third-prevention injection verification error, and indicating that the calculation key required by calculation is attacked by an injection type;
and when the fourth injection-proof verification fails, returning a fourth injection-proof verification error, which indicates that the injection-proof attack verification process is attacked by the injection.
CN201910584012.6A 2019-06-28 2019-06-28 Method for preventing injection type attack of data encryption standard coprocessor Active CN110321737B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910584012.6A CN110321737B (en) 2019-06-28 2019-06-28 Method for preventing injection type attack of data encryption standard coprocessor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910584012.6A CN110321737B (en) 2019-06-28 2019-06-28 Method for preventing injection type attack of data encryption standard coprocessor

Publications (2)

Publication Number Publication Date
CN110321737A CN110321737A (en) 2019-10-11
CN110321737B true CN110321737B (en) 2020-12-11

Family

ID=68121509

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910584012.6A Active CN110321737B (en) 2019-06-28 2019-06-28 Method for preventing injection type attack of data encryption standard coprocessor

Country Status (1)

Country Link
CN (1) CN110321737B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008278416A (en) * 2007-05-07 2008-11-13 Matsushita Electric Ind Co Ltd Apparatuses, methods, and programs for data encryption processing and data decryption processing, and integrated circuit
CN102725737A (en) * 2009-12-04 2012-10-10 密码研究公司 V erifiable, leak-resistant encryption and decryption
CN103501220A (en) * 2013-09-29 2014-01-08 程碧波 Encryption method and device
CN107980212A (en) * 2017-09-06 2018-05-01 福建联迪商用设备有限公司 The encryption method and computer-readable recording medium of anti-DPA attacks

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2935059B1 (en) * 2008-08-12 2012-05-11 Groupe Des Ecoles De Telecommunications Get Ecole Nationale Superieure Des Telecommunications Enst METHOD FOR DETECTING ANOMALIES IN A DIFFERENTIAL LOGIC-PROTECTED CRYPTOGRAPHIC CIRCUIT AND CIRCUIT USING SUCH A METHOD
CN105227295A (en) * 2015-10-10 2016-01-06 成都芯安尤里卡信息科技有限公司 A kind of Differential fault injection attacks for SMS4 cryptographic algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008278416A (en) * 2007-05-07 2008-11-13 Matsushita Electric Ind Co Ltd Apparatuses, methods, and programs for data encryption processing and data decryption processing, and integrated circuit
CN102725737A (en) * 2009-12-04 2012-10-10 密码研究公司 V erifiable, leak-resistant encryption and decryption
CN103501220A (en) * 2013-09-29 2014-01-08 程碧波 Encryption method and device
CN107980212A (en) * 2017-09-06 2018-05-01 福建联迪商用设备有限公司 The encryption method and computer-readable recording medium of anti-DPA attacks

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Cross Processor Cache Attacks;Gorka Irazoqui等;《ASIA CCS "16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications 》;20160531;全文 *
防御差分功耗分析攻击技术研究;汪鹏君等;《电子与信息学报》;20121128(第11期);全文 *

Also Published As

Publication number Publication date
CN110321737A (en) 2019-10-11

Similar Documents

Publication Publication Date Title
US11151290B2 (en) Tamper-resistant component networks
US9569623B2 (en) Secure boot with resistance to differential power analysis and other external monitoring attacks
Schneier Cryptographic design vulnerabilities
EP2329622B1 (en) Message authentication code pre-computation with applications to secure memory
US9571289B2 (en) Methods and systems for glitch-resistant cryptographic signing
US7499552B2 (en) Cipher method and system for verifying a decryption of an encrypted user data key
US8577024B2 (en) Concealing plain text in scrambled blocks
US9847879B2 (en) Protection against passive sniffing
CN110046489B (en) Trusted access verification system based on domestic Loongson processor, computer and readable storage medium
US11171780B2 (en) Systems and methods for operating secure elliptic curve cryptosystems
TWI631462B (en) Computing system and computing device-implemented method to secure on-board bus transactions and non-transitory computer readable storage medium
CN111639325A (en) Merchant authentication method, device, equipment and storage medium based on open platform
CN113688399A (en) Firmware digital signature protection method and device, computer equipment and storage medium
CN107566360A (en) A kind of generation method of data authentication code
Jueneman A high speed manipulation detection code
CN110321737B (en) Method for preventing injection type attack of data encryption standard coprocessor
CN110311773B (en) Method for preventing injection type attack of advanced encryption standard coprocessor
WO2006046484A1 (en) Authentication method
US20030103625A1 (en) Method for Calculating Cryptographic Key Check Data
CN110289960B (en) Method for preventing injection type attack of public key cryptographic algorithm coprocessor
CN116781265A (en) Data encryption method and device
CN110502360B (en) Self-checking method for advanced encryption standard coprocessor
CN110502379B (en) Self-checking method for coprocessor of elliptic encryption algorithm
CN110784868B (en) Encryption and decryption method for wireless communication, data transmission method and wireless communication system
WO2016019670A1 (en) Anti-attack encryption and decryption method and device of block cipher

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100080, Beijing, Suzhou Street, Haidian District No. 20, building 2, on the north side of the four floor

Applicant after: Zhaoxun Hengda Technology Co., Ltd

Address before: 100080, Beijing, Suzhou Street, Haidian District No. 20, building 2, on the north side of the four floor

Applicant before: MEGAHUNT MICROELECTRONIC TECH. (BEIJING) Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant