Multilevel security storage chip framework
Technical Field
The invention belongs to the field of chips and information security, particularly relates to the field of embedded memory chips, and relates to a multilevel security memory chip framework.
Background
Embedded devices are widely used in industrial manufacturing as they are excellent in adaptability, reliability and specificity. Embedded based electronic devices are a wide variety. With the development of science and technology, the current industrial production is more and more developed towards intellectualization and large-scale production. The embedded device has more and more abundant functions, and people have increased requirements on the embedded device. This in turn has led to a concomitant increase in the amount of code and data required for embedded devices. Therefore, additional off-chip memory chips are required in many embedded devices to store programs and data.
For the storage chip, besides the storage of the program and data of the normal operation of the device, the security of the stored data is also ensured. In the development of embedded systems, a great deal of manpower and material resources are required, and the products are easy to copy and pirate. Programs and data are stolen, causing great loss to developers. The design research of the security chip is particularly important. At present, many kinds of secure memory chips are designed, and the applied method and technology are different. They are often designed for a single fixed security encryption method. For some embedded devices, not all data information may need to be strictly encrypted or different data may have different requirements on confidentiality. Therefore, there are important social and market demands to design a secure memory chip with multiple security levels according to different security requirements.
Disclosure of Invention
The invention aims to provide a multilevel security memory chip framework. Aiming at the different confidentiality requirements on the stored program and the data in the embedded system, the storage chip framework of the invention provides different safe storage modes, thereby improving the working efficiency of the embedded system with different confidentiality requirements on the stored data.
The memory chip architecture of the present invention includes a micro control unit and a memory module.
The micro control unit is an MCU chip and comprises an access authentication module and a data encryption/decryption unit.
The storage module comprises two off-chip Flash storage chips, wherein one of the two off-chip Flash storage chips is used as a common storage area, and the other one of the two off-chip Flash storage chips is used as a safe storage area; the normal storage area is divided into a common area and an authentication area according to addresses.
The micro control unit is connected with the storage module through an SPI bus, and peripheral equipment cannot directly communicate with the storage module through the peripheral equipment when the peripheral equipment processes a request for reading and writing data into the storage module through the micro control unit through the GPIO bus, so that the safety of data in the storage chip is ensured.
And packaging the MCU chip, the off-chip Flash memory chip and the corresponding passive components of the circuit in a package by adopting an SIP (Session initiation protocol) stacking packaging method to form a secure memory system with a multi-mode memory function, wherein the secure memory system is used as an embedded secure memory chip. The packaging design ensures that the development period of the chip is short, the production cost is low, and the chip has larger integration scale compared with a PCB circuit, thereby effectively reducing the volume of the system. Each safe storage chip is burned with different equipment codes, each section of equipment code is provided with a corresponding public and private key, the public and private keys are stored in a register of the micro control unit, and the equipment codes are generated into a message abstract with a fixed length through Hash function operation and stored in the register of the micro control unit. Hash function algorithms used for generating message digests include MD5 and SHA algorithms.
The read-write mode of the safe storage chip is divided into three modes from low to high according to the safety level: a normal mode, an authentication mode, and a ciphertext mode. The three modes have corresponding command request formats, and a user selects a proper mode to read and write data according to specific needs. Before the read-write operation is carried out, the peripheral equipment and the safe storage chip are in communication connection, so that the safe storage chip enters a working state.
A normal mode: the method is suitable for reading and writing data without confidentiality requirement, and the format of the command request of reading and writing comprises a read/write command, a mode byte and a data address byte. The peripheral equipment sends a command request to the secure storage chip, and the secure storage chip performs corresponding operation according to the read/write instruction in the command request.
When writing operation is carried out, the peripheral equipment sends data needing to be written to the micro control unit, and the micro control unit transmits the data needing to be written to a public area of an off-chip Flash memory chip serving as a common memory area according to data address bytes; when reading operation is carried out, the micro control unit extracts data to be read from a public area of an off-chip Flash memory chip which is used as a common memory area according to data address bytes, and then transmits the data to peripheral equipment. Data is not encrypted in the information interaction process. Nor is authentication performed again after the device has made a connection.
An authentication mode: the method is suitable for reading and writing data with low confidentiality requirement, the data is stored in a verification area of an off-chip Flash memory chip serving as a common memory area in a ciphertext mode, and the format of a read and write command request comprises a read/write command, a mode byte, an authentication byte and a data address byte.
The peripheral equipment sends a command request to the secure storage chip, and the secure storage chip firstly compares the message digest with the authentication bytes through an access authentication module in the micro control unit: if the comparison result is consistent, entering a read/write operation; when writing operation is carried out, the peripheral equipment sends data needing to be written to the micro control unit, an encryption/decryption unit in the micro control unit encrypts the data by adopting a symmetric encryption mode algorithm, and then the micro control unit transmits the encrypted data to a verification area of an off-chip Flash memory chip serving as a common memory area according to data address bytes; when reading operation is carried out, the micro control unit extracts data to be read from a verification area of an off-chip Flash memory chip which is used as a common memory area according to data address bytes, carries out decryption operation on the extracted data through the encryption/decryption unit, and then transmits the decrypted data to peripheral equipment; and if the comparison result is inconsistent, refusing the read/write operation.
The authentication byte uses a Hash function algorithm value of the equipment code, and the equipment code of the chip cannot be obtained even if the opposite party is leaked. The security of the authentication mode is guaranteed.
Ciphertext mode: the method is suitable for reading and writing data with high confidentiality requirement, the data information is stored in an off-chip Flash memory chip as a safe memory area in a ciphertext mode, and a read and write command request is in a command format of a ciphertext mode, and the method comprises the following steps: read/write instructions, mode bytes, authentication bytes, data address bytes.
The peripheral equipment sends a command request to the secure storage chip, firstly, the message digest is compared with the authentication bytes through an access authentication module in the micro control unit: if the comparison result is consistent, entering a read/write operation; when writing operation is carried out, the peripheral equipment sends data needing to be written to the micro control unit, an encryption/decryption unit in the micro control unit encrypts the data by using the public key, and then the micro control unit transmits the encrypted data to an off-chip Flash memory chip serving as a safe memory area according to data address bytes; when reading operation is carried out, the micro control unit extracts data to be read from an off-chip Flash memory chip serving as a safe memory area according to data address bytes and transmits the data to peripheral equipment, the peripheral equipment obtains a private key through authorization, and then the read data is decrypted by using the private key.
For the unordered data which is obtained by the illegal peripheral equipment and is only encrypted, the real plaintext data cannot be obtained due to the fact that a private key does not exist.
The invention has the beneficial effects that: the invention integrates a plurality of encryption modes in the same chip, and a user can send different format instructions to carry out read-write operation according to different confidentiality requirements of stored data. The method avoids that some public data which do not need to be encrypted also need to be subjected to an encryption process or an authentication process in a single secure storage chip, and enhances the data reading/writing efficiency.
Drawings
FIG. 1 is a schematic diagram of a secure memory chip architecture according to the present invention;
FIG. 2 is a flow chart of the secure memory chip architecture of the present invention.
Detailed Description
The invention is further illustrated with reference to the following figures and examples, without however being limited to the scope of the invention as described below.
As shown in FIG. 1, the memory chip architecture of the present invention includes a micro control unit and a memory module.
The micro control unit 1 is an MCU chip and comprises an access authentication module 1-1 and a data encryption/decryption unit 1-2.
The storage module comprises two off-chip Flash storage chips, wherein one of the two off-chip Flash storage chips is used as a common storage area 2, and the other one of the two off-chip Flash storage chips is used as a safe storage area 3; the normal storage area is divided into a common area 2-1 and an authentication area 2-2 by address.
The micro control unit 1 is connected with the storage module by adopting an SPI bus, the peripheral device 4 is processed by the micro control unit 1 through a GPIO bus to read and write data requests into the storage module, the peripheral device cannot be in direct communication with the storage module, and the data safety in the storage chip is ensured.
And packaging the MCU chip, the off-chip Flash memory chip and the corresponding passive components of the circuit in a package by adopting an SIP (Session initiation protocol) stacking packaging method to form a secure memory system with a multi-mode memory function, wherein the secure memory system is used as an embedded secure memory chip. The packaging design ensures that the development period of the chip is short, the production cost is low, and the chip has larger integration scale compared with a PCB circuit, thereby effectively reducing the volume of the system. Each safe storage chip is burned with different equipment codes, each section of equipment code is provided with a corresponding public and private key, the public and private keys are stored in a register of the micro control unit 1, and the equipment codes are generated into a message digest with a fixed length through Hash function operation and stored in the register of the micro control unit 1. Hash function algorithms used for generating message digests include MD5 and SHA algorithms.
As shown in fig. 2, the read-write mode of the secure memory chip is divided into three modes from low to high according to the security level: a normal mode, an authentication mode, and a ciphertext mode. The three modes have corresponding command request formats, and a user selects a proper mode to read and write data according to specific needs. Before the read-write operation, the peripheral device 4 establishes communication connection with the secure memory chip, so that the secure memory chip enters a working state.
A normal mode: the method is suitable for reading and writing data without confidentiality requirement, and the format of the command request of reading and writing comprises a read/write command, a mode byte and a data address byte. The peripheral device 4 sends a command request to the secure memory chip, and the secure memory chip performs corresponding operations according to the read/write instruction in the command request.
When writing operation is carried out, the peripheral equipment 4 sends data needing to be written to the micro control unit 1, and the micro control unit 1 transmits the data needing to be written to a public area 2-1 of an off-chip Flash memory chip serving as the common memory area 2 according to data address bytes; when reading, the micro control unit 1 extracts data to be read from the common area 2-1 of the off-chip Flash memory chip as the common memory area 2 according to the data address bytes, and then transmits the data to the peripheral device 4. Data cannot be encrypted in the information interaction process, and authentication cannot be performed again after the equipment is connected.
An authentication mode: the method is suitable for reading and writing data with low confidentiality requirement, the data is stored in a verification area 2-2 of an off-chip Flash memory chip serving as a common memory area 2 in a ciphertext mode, and the format of a read and write command request comprises a read/write command, a mode byte, an authentication byte and a data address byte.
The peripheral device 4 sends a command request to the secure memory chip, and the secure memory chip firstly compares the message digest with the authentication bytes through the access authentication module 1-1 in the micro control unit 1: if the comparison result is consistent, entering a read/write operation; when writing operation is carried out, the peripheral equipment 4 sends data needing to be written to the micro control unit 1, the encryption/decryption unit 1-2 in the micro control unit 1 encrypts the data by adopting a symmetric encryption mode algorithm, and then the micro control unit 1 transmits the encrypted data to the verification area 2-2 of the off-chip Flash memory chip serving as the common memory area 2 according to data address bytes; when reading operation is carried out, the micro control unit 1 extracts data to be read from a verification area 2-2 of an off-chip Flash memory chip serving as a common memory area 2 according to data address bytes, carries out decryption operation on the extracted data through the encryption/decryption unit 1-2, and then transmits the decrypted data to the peripheral equipment 4; and if the comparison result is inconsistent, refusing the read/write operation.
The authentication byte uses a Hash function algorithm value of the equipment code, and the equipment code of the chip cannot be obtained even if the opposite party is leaked. The security of the authentication mode is guaranteed.
Ciphertext mode: the method is suitable for reading and writing data with high confidentiality requirement, the data information is stored in an off-chip Flash memory chip serving as a safe memory area 3 in a ciphertext mode, and a read and write command request is in a command format of a ciphertext mode, and the method comprises the following steps: read/write instructions, mode bytes, authentication bytes, data address bytes.
The peripheral device 4 sends a command request to the secure memory chip, and compares the message digest with the authentication bytes through an access authentication module 1-2 in the micro control unit 1: if the comparison result is consistent, entering a read/write operation; when writing operation is carried out, the peripheral equipment 4 sends data needing to be written to the micro control unit 1, the encryption/decryption unit 1-2 in the micro control unit 1 encrypts the data by using a public key, and then the micro control unit 1 transmits the encrypted data to an off-chip Flash memory chip serving as the safe memory area 3 according to data address bytes; when reading operation is performed, the micro control unit 1 extracts data to be read from an off-chip Flash memory chip serving as the secure memory area 3 according to the data address bytes and transmits the data to the peripheral device 4, the peripheral device 4 obtains a private key through license authorization, and then the read data is decrypted by using the private key.
For the unordered data which is obtained by the illegal peripheral equipment and is only encrypted, the real plaintext data cannot be obtained due to the fact that a private key does not exist.