CN110704359A - High-safety low-power-consumption communication method of dual-core chip - Google Patents

High-safety low-power-consumption communication method of dual-core chip Download PDF

Info

Publication number
CN110704359A
CN110704359A CN201910748054.9A CN201910748054A CN110704359A CN 110704359 A CN110704359 A CN 110704359A CN 201910748054 A CN201910748054 A CN 201910748054A CN 110704359 A CN110704359 A CN 110704359A
Authority
CN
China
Prior art keywords
core
cpu core
data
dual
performance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910748054.9A
Other languages
Chinese (zh)
Inventor
解宁浦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing CEC Huada Electronic Design Co Ltd
Original Assignee
Beijing CEC Huada Electronic Design Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing CEC Huada Electronic Design Co Ltd filed Critical Beijing CEC Huada Electronic Design Co Ltd
Priority to CN201910748054.9A priority Critical patent/CN110704359A/en
Publication of CN110704359A publication Critical patent/CN110704359A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • G06F15/163Interprocessor communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The invention discloses a communication method with high safety and low power consumption of a dual-core chip, for example, two CPU cores, one is a safe CPU core and the other is a non-safe high-performance CPU core are arranged in the same chip or the same system, in order to ensure the safety of the whole system or improve the safety level of the system and consider the requirements of performance and low power consumption, the safe CPU core completes the function processing of key safety; the safety of the whole system is ensured through the resource access control of the safe CPU to the non-safe CPU and the safety mechanism of data communication between the safe CPU and the non-safe CPU; and the balance fusion of low cost, high security level, low power consumption and high performance is achieved by combining the shared RAM of the chip system and the security algorithm module.

Description

High-safety low-power-consumption communication method of dual-core chip
Technical Field
The invention relates to the technical field of Internet of things and smart cards, in particular to a safety solution for dual-core communication.
Background
With the rapid development of the internet of things, edge computing and high-end smart cards, the security problem of the terminal is increasingly highlighted; in order to avoid the potential safety hazard in the network and in the complex application scenarios, the demands for solutions involving low power consumption, high security, high performance, and low cost in different application scenarios are stronger.
At present, the safety understanding of people is continuously improved, the dual-core chip system is continuously popularized, and the invention provides a flexible and variable safety method capable of meeting the safety and performance requirements of different levels by combining the differentiation of safety requirement levels of various industries.
The dual-core communication system combines the safety mechanisms such as identity authentication, data encryption and decryption, data integrity and the like with the dual-core communication items, can meet the requirements of different industries on safety and performance through different algorithms and safety mechanism selection, and can effectively reduce the hardware cost; the dual-core structure is also beneficial to protecting respective intellectual property rights of safe application and non-safe application, and the development process can be synchronously carried out, thereby reducing the development period.
Disclosure of Invention
The hardware system of the method mainly comprises a safe CPU core 1, a high-performance CPU core 2, a safe algorithm module and a data access control system, and is characterized in that:
the safety CPU core 1 has lower dominant frequency, low power consumption and higher safety level; the method is mainly used for application processing of the security data;
the high-performance CPU core 2 has higher main frequency and larger power consumption and is mainly used for application processing of the user end to the non-secure data;
the security algorithm module can quickly carry out the operation of symmetric and asymmetric algorithms and can effectively defend illegal attacks;
the data access control system can configure the resource range which can be accessed by the high-performance CPU core 2, and effectively control the diffusion range of the non-secure data of the high-performance core.
In the following description, the secure CPU core 1 is simply referred to as core 1, and the high-performance CPU core 2 is simply referred to as core 2.
In view of the differentiation of the current safety requirements, the invention mainly provides a flexible method which can meet the safety requirements of multiple industries; certain requirements are met in the aspects of low power consumption, safety level, performance requirements and the like, and the subsequent safety level expansion is facilitated, wherein the main process is as follows:
1) security mechanism of the boot process: before a CPU core (any core of a safe CPU core 1 or a high-performance CPU core 2) works, the integrity and identity authentication of a code of the working core are firstly carried out, and the code is ensured not to be tampered and the legality of the code identity; the access range of the high-performance core is strictly limited, and the safety information is prevented from being leaked; monitoring in the running of the code is increased.
After the chip is powered on, the core 1 is started firstly, the boot in the ROM of the core 1 finishes the verification and verification of the code of the core 1, after the verification is passed, the core 1 is started and the code of the core 2 is verified and confirmed, after the verification is successful, the accessible resource of the core 2 is configured, and the code of the core 2 is started; after the core 2 code is started, the core 1 may choose to authenticate the core 2.
2) Communication process security mechanism: the dual-core communication process is added with an identity authentication process, and data information is encrypted and data abstract processing is carried out, so that the authenticity, confidentiality and integrity of data are ensured.
The core 1 controls related resources of the security peripheral, and when the core 2 is required to perform high-speed operation or the core 2 is required to process, or when the core 2 processes non-security information and the authorization of the core 1 is required to process, instruction data can be transmitted to the other side in a shared memory (RAM) mode; in the transmission process, according to different safety and performance requirements, the command data can be signed, encrypted, subjected to data summarization, added with a transmission sequence number (random number factor) and the like, the data can be protected and subjected to identity anti-counterfeiting, and a symmetric algorithm and an asymmetric algorithm can be selected as related algorithms.
In the communication process, the related key can be a process session key or a fixed key, which depends on the application scene, and the root keys are stored in respective protection areas; the core 1 and the core 2 can choose to perform identity authentication irregularly and perform one-time updating on the session key of the used process; the core 1 monitors the running process of the core 2 and verifies the code integrity of the core 2.
When each core sends data, splicing transmitted instruction data, adding a transmission serial number (random number factor), performing data summarization on whole frame data, encrypting the data, and performing data summarization and data signature processing on a ciphertext; after data is acquired, firstly verifying signature data, then verifying the integrity of the data, decrypting the data, then verifying the integrity of the decrypted data, and checking a transmission sequence number (random number factor); by the mechanisms, the integrity and confidentiality of data can be ensured; and safety risks such as identity anti-counterfeiting, data playback and the like are avoided.
The return of the instruction data execution result is consistent with the safety mechanism of the instruction data processing process.
3) And (4) judging a safety result: and (3) combining a security mechanism, adding an auxiliary result verification value (mask value) to the data processing return result, and improving the anti-attack capability of the code.
Although the core 1 executes partial data processing through the core 2, the final judgment result and the key data operation are given by the core 1, and sensitive information leakage is avoided; when the core 2 needs authorization, the core 1 gives a result through the most authorization processing; the result of the key instruction processing generates a return mask value according to the transmitted data, and the execution result is jointly judged according to the return result and the mask value, so that the difficulty of being attacked is increased;
and (3) algorithm selection: the invention is not limited to which algorithm is used for completing the corresponding function, and can select a proper algorithm according to the application requirement.
4) And (3) low-power consumption processing: and a flexible low-power consumption processing mode is set by combining the dual-core time-sharing processing condition in some scenes.
The smart card and the Internet of things node have certain requirements on low power consumption in some application scenes, and the power consumption can be effectively configured in a time-sharing processing mode through the dual cores; when the core 1 is in the processing process, the core 2 is in a deep low power consumption mode; when core 2 is in process, core 1 is in low power mode; the whole power consumption can be balanced under certain conditions, and the performance can also be considered; the dual-core main frequency and the power consumption processing method such as the enabling of the peripheral interface can be adjusted according to different application scenes.
Drawings
FIG. 1 is a system configuration diagram of the present invention
FIG. 2 is a security mechanism of the boot process in the present invention
FIG. 3 illustrates a communication process security mechanism in the present invention
FIG. 4 is a process of the safety determination result in the present invention
FIG. 5 is a power consumption processing flow of the core 1 processing data by the core 2 in the present invention
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a chip system structure diagram of the present invention, which includes two CPU cores, a resource access controller, a security algorithm module, a shared memory area, and the like.
Fig. 2 is a security mechanism of the boot process proposed based on the chip system of fig. 1 in the present invention:
in step 201, when the chip is powered on, the boot code in the ROM of the core 1 is executed first.
Step 202, verifying the application code of the core 1 for the code in the boot, determining the integrity and correctness of the code, and avoiding illegal tampering; and if the code is checked correctly, after the application code of the core 1 is operated, the step 203 is entered, otherwise, the step 206 is entered for exception processing, and the subsequent flow is not continuously operated.
Step 203, verifying the application code of the core 2 for the application code of the core 1, determining the integrity and the correctness of the code, and avoiding illegal tampering; if the code is checked correctly, the step 204 is entered, otherwise, the step 206 is entered for exception handling, and the subsequent flow is not continued to be executed.
Step 204 describes that the core 1 checks that the code of the core 2 is correct, configures a resource range that the core 2 can access, and starts the application code of the core 2.
Step 205 is that the core 1 verifies the identity of the core 2, if the identity authentication is passed, step 207 is entered, otherwise step 206 is entered for exception handling, and the subsequent flow is not continued to be run.
Step 206 is described as exception handling during boot up due to data tampering or attack.
Step 207 shows that the system boot is complete and starts normally.
Fig. 3 is a security mechanism description of the communication process in the present invention:
in step 301, the communication initiator organizes fields such as execution action, data content, transmission sequence number (random number factor) in the instruction data, and the random factor can be implemented by negotiation between the two parties and is used for preventing replay attack.
Step 302, performing summary calculation on the data organized in step 301 once, wherein a specific algorithm is flexibly selected according to an application scene; adding the abstract calculation result into a corresponding field of the instruction data; for ensuring the integrity of the plaintext.
Step 303 is to encrypt the data generated in step 302 and place the encrypted data into the data field of the instruction data.
Step 304 is to perform digest calculation on the ciphertext data, and put the digest calculation into a field corresponding to the instruction data to ensure the integrity of the ciphertext.
Step 305, signature processing is performed on the whole instruction data, and a specific algorithm is flexibly selected according to an application scene; the method is used for effectively preventing the instruction data from being forged.
Step 306 is to notify the other party that an instruction arrives through a chip signal or a shared RAM.
Step 307 begins processing the instruction data after the notification is obtained for the other party.
Step 308 shows that the signature validity of the instruction data is verified, after the identity is determined, step 309 is performed to process, otherwise, the data is discarded if the exception is processed.
Step 309 is to check the integrity of the ciphertext to ensure that the ciphertext has not been tampered or lost; after the integrity is passed, step 310 is entered, otherwise the exception is handled and the data is discarded.
In step 310, the ciphertext data is decrypted to obtain plaintext data.
Step 311 is to check the integrity of the plaintext data to ensure that the plaintext is not tampered or lost; after the integrity is passed, step 312 is entered, otherwise the exception is handled and the data is discarded.
Step 312 illustrates the action processing of the instruction after the instruction data is verified.
The example is a one-way transmission process, and after the instruction action is processed, the same processing mode is adopted to return the instruction execution result to the instruction sender; the algorithms in the process can be flexibly selected; this process describes a security mechanism process, not limited to the case described in this example, but also should include security mechanisms related to integrity, confidentiality, and identification.
FIG. 4 is an implementation and decision mechanism for returning results in the present invention:
step 401 illustrates that the instruction data is received and the result data is executed.
Step 402, judging whether the instruction data execution is correct, and if so, entering step 403; otherwise, go to step 404, where the execution fails.
After the instruction result is correct in step 403, checking whether the mask value is matched with the correct result, if so, entering step 405, and determining that the final result is correct; otherwise, go to step 406 for exception handling.
Step 404 illustrates the processing after an execution failure.
Step 405 illustrates the processing after the execution is successful.
Step 406 is described as a case where the data is abnormal, and a case where an attack may occur should be considered.
Fig. 5 is an example of a method for dual-core power consumption control according to the present invention, where the core 1 processes a data power consumption processing flow by means of the core 2, and the similar processing flow for processing data power consumption by means of the core 1 of the core 2 is the same, except that the communication roles of the following cores 1 and 2 are reversed:
step 501 shows that both core 1 and core 2 are in a low power consumption mode during the process of no event processing, and the low power consumption mode may enter different low power consumption modes according to specific scenes, and also includes a power-down mode.
Step 502, the core 1 receives the processing data due to the wakeup of the peripheral signal; if the data requires core 2 assistance, then step 503 is entered;
step 503, in order to transmit the execution data to the core 2, the core 1 configures a lowest power consumption mode that meets the functional requirements in order to reduce unnecessary power consumption loss;
step 504 is described as wake core 2;
step 505, after the core 1 transmits the data to the core 2, the low power consumption mode is entered, and the processing of the core 2 is waited to be completed;
step 506, after the core 2 is awakened, configuring a proper power consumption mode and processing instruction data;
step 507, processing the instruction data for the core 2, transmitting the instruction execution result to the core 1, and waking up the core 1;
step 508, the core 2 enters a low power consumption mode and waits for the next event;
in step 509, after the core 1 is awakened and the core 2 data notification is received, the data is finally processed;
step 510 completes the event data processing for core 1.

Claims (7)

1. A communication method of high security and low power consumption of a dual-core chip is based on a dual-core system of a security CPU core 1 and a high-performance CPU core 2, and is characterized in that the method mainly comprises the following steps:
1) before any one of the safe CPU core 1 or the high-performance CPU core 2 works, the integrity and the identity authentication are firstly carried out on the code of the core; the secure CPU core 1 configures the access range of the high-performance CPU core 2; increasing monitoring in the running of the code;
2) the safety mechanism of dual-core communication is as follows: an identity authentication process is added, and data information is encrypted and subjected to data summarization;
3) combining with 2) a safety mechanism of dual-core communication, adding an auxiliary result verification value (mask value) to a data processing return result;
4) based on the condition of dual-core time-sharing processing, a flexible low-power consumption processing mode is set.
2. The communication method according to claim 1, wherein 1) before any one of the secure CPU core 1 or the high-performance CPU core 2 operates, integrity and identity authentication is performed on the code of the core: the safe CPU core 1 is started firstly, boot in the ROM of the safe CPU core 1 completes verification and verification of the code of the safe CPU core 1, after the verification is passed, the safe CPU core 1 is started and verifies and confirms the code of the high-performance CPU core 2, and after the verification is successful, the subsequent process is executed.
3. The communication method according to claims 1 and 2, wherein the secure CPU core 1 communicates with a secure peripheral through a chip interface and guarantees the integrity and security of data; the high-performance CPU core 2 completes data processing and operation and communication with a non-secure peripheral; after the secure CPU core 1 is started, the access range of the high-performance CPU core 2 is configured, and the security of the whole system is improved by limiting the access range of the high-performance CPU core 2; in the running process of the high-performance CPU core 2, the safe CPU core 1 can regularly or randomly verify the code and the identity of the high-performance CPU core 2, monitor the running environment of the high-performance CPU core 2 and ensure the safety in running.
4. The communication method according to claim 1, wherein the 2) security mechanism of dual core communication transmits instruction data to the other side by means of a shared memory area (RAM) when the secure CPU core 1 needs to operate at high speed by means of the high performance CPU core 2, or when the high performance CPU core 2 processes non-secure information and requires an authorization process by the secure CPU core 1; the dual-core communication security mechanism can increase signature authentication, data encryption and data summary information to ensure the authenticity, confidentiality and integrity of data according to different security requirements.
5. The communication method according to claims 1 and 4, characterized in that, in the dual-core communication security mechanism, the secure CPU core 1 completes identity authentication to the high-performance CPU core 2 at first access or at power-on, randomly and irregularly, determines validity of both sides' identity, and the identity authentication algorithm may use a symmetric algorithm or an asymmetric algorithm; when data transmission is carried out by sharing RAM (storage), according to different safety requirements, executing data signature, data encryption and data summarization of execution action, data content, transmission serial number (random number factor) and the like of instruction data, and the two parties firstly confirm the validity of the data and then use the data, wherein the signature algorithm can use a symmetric algorithm or an asymmetric algorithm, a key can be regularly negotiated and replaced by a new key, and the generated key is stored in a protection area of each kernel.
6. The communication method according to claim 1, wherein 2) in combination with the security mechanism of dual core communication in 3), the secure CPU core 1 gives a final data processing or authentication processing result according to the operation result of the high performance CPU core 2 or the authentication request of the high performance CPU core 2; and when the returned result and the mask value are both correct, judging that the execution result is correct.
7. The communication method according to claim 1, wherein 4) a flexible low power consumption processing mode is set based on the dual core time-sharing processing, and the high performance CPU core 2 is set to a low power consumption mode while the secure CPU core 1 is in the process; when the high-performance CPU core 2 is in the processing process, the safe CPU core 1 is set to be in a low power consumption mode; adjusting the dominant frequency of the dual cores, the enabling of the peripheral interfaces and the like according to different application scenes to realize the regulation and control of power consumption and performance; the whole power consumption can be balanced under certain conditions, and the performance can also be considered.
CN201910748054.9A 2019-08-14 2019-08-14 High-safety low-power-consumption communication method of dual-core chip Pending CN110704359A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910748054.9A CN110704359A (en) 2019-08-14 2019-08-14 High-safety low-power-consumption communication method of dual-core chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910748054.9A CN110704359A (en) 2019-08-14 2019-08-14 High-safety low-power-consumption communication method of dual-core chip

Publications (1)

Publication Number Publication Date
CN110704359A true CN110704359A (en) 2020-01-17

Family

ID=69193820

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910748054.9A Pending CN110704359A (en) 2019-08-14 2019-08-14 High-safety low-power-consumption communication method of dual-core chip

Country Status (1)

Country Link
CN (1) CN110704359A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111949989A (en) * 2020-07-27 2020-11-17 首都师范大学 Safety control device and method of multi-core processor
CN112702327A (en) * 2020-12-21 2021-04-23 北京中电华大电子设计有限责任公司 Security service design method of main control chip

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1076534A (en) * 1992-02-26 1993-09-22 国际商业机器公司 Personal computer system and its implementation with security protection feature
US6883121B1 (en) * 2000-09-11 2005-04-19 Rockwell Collins Method and system for monitoring microprocessor integrity
CN101308536A (en) * 2007-05-16 2008-11-19 许丰 Control method and apparatus for binuclear safety
WO2013082144A1 (en) * 2011-11-29 2013-06-06 Rutgers, The State University Of New Jersey Ensuring system integrity using limited local memory
US20140257604A1 (en) * 2011-07-04 2014-09-11 Knorr-Bremse Rail Systems (Uk) Limited Braking system
WO2016131553A1 (en) * 2015-02-16 2016-08-25 IAD Gesellschaft für Informatik, Automatisierung und Datenverarbeitung mbH Autonomously booting system with a security module
CN107766724A (en) * 2017-10-17 2018-03-06 华北电力大学 A kind of construction method of trusted computer platform software stack function structure
CN108460282A (en) * 2017-02-22 2018-08-28 北京大学 A kind of computer safety start method based on multi-core chip

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1076534A (en) * 1992-02-26 1993-09-22 国际商业机器公司 Personal computer system and its implementation with security protection feature
US6883121B1 (en) * 2000-09-11 2005-04-19 Rockwell Collins Method and system for monitoring microprocessor integrity
CN101308536A (en) * 2007-05-16 2008-11-19 许丰 Control method and apparatus for binuclear safety
US20140257604A1 (en) * 2011-07-04 2014-09-11 Knorr-Bremse Rail Systems (Uk) Limited Braking system
WO2013082144A1 (en) * 2011-11-29 2013-06-06 Rutgers, The State University Of New Jersey Ensuring system integrity using limited local memory
WO2016131553A1 (en) * 2015-02-16 2016-08-25 IAD Gesellschaft für Informatik, Automatisierung und Datenverarbeitung mbH Autonomously booting system with a security module
CN108460282A (en) * 2017-02-22 2018-08-28 北京大学 A kind of computer safety start method based on multi-core chip
CN107766724A (en) * 2017-10-17 2018-03-06 华北电力大学 A kind of construction method of trusted computer platform software stack function structure

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111949989A (en) * 2020-07-27 2020-11-17 首都师范大学 Safety control device and method of multi-core processor
CN112702327A (en) * 2020-12-21 2021-04-23 北京中电华大电子设计有限责任公司 Security service design method of main control chip
CN112702327B (en) * 2020-12-21 2023-03-14 北京中电华大电子设计有限责任公司 Security service design method of main control chip

Similar Documents

Publication Publication Date Title
CN100447763C (en) Safety chip and information safety processor and processing method
US8375220B2 (en) Methods and systems for secure remote wake, boot, and login to a computer from a mobile device
US6092202A (en) Method and system for secure transactions in a computer system
US20190384934A1 (en) Method and system for protecting personal information infringement using division of authentication process and biometric authentication
CN104811455B (en) A kind of cloud computing identity identifying method
US8700908B2 (en) System and method for managing secure information within a hybrid portable computing device
US20070223685A1 (en) Secure system and method of providing same
KR20210145243A (en) Method, terminal device, medium for authenticating the identity of a digital key
CN113014539B (en) Internet of things equipment safety protection system and method
US5974550A (en) Method for strongly authenticating another process in a different address space
CN102184357B (en) Portable trustworthy private information processing system
US20160191504A1 (en) Mobile terminal for providing one time password and operating method thereof
CN116362747A (en) Block chain digital signature system
CN106663163A (en) Securing audio communications
CN101072100A (en) Authenticating system and method utilizing reliable platform module
CN102184358B (en) USB (Universal Serial Bus) embedded trustworthiness private information processing device and system
CN110704359A (en) High-safety low-power-consumption communication method of dual-core chip
US9323911B1 (en) Verifying requests to remove applications from a device
CN110941809A (en) File encryption and decryption method and device, fingerprint password device and readable storage medium
KR102543267B1 (en) Method and apparatus for white box cryptography
CN112948086B (en) Trusted PLC control system
CN108734826A (en) A kind of bluetooth automatic unlocking verification method of mixed mode
CN109076337B (en) Method for secure interaction of a user with a mobile terminal and another entity
CN115378654A (en) Network threat data desensitization sharing system
US20090150670A1 (en) Communication node authentication system and method, and communication node authentication program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination