CN111444553A - Secure storage implementation method and system supporting TEE extension - Google Patents

Secure storage implementation method and system supporting TEE extension Download PDF

Info

Publication number
CN111444553A
CN111444553A CN202010251384.XA CN202010251384A CN111444553A CN 111444553 A CN111444553 A CN 111444553A CN 202010251384 A CN202010251384 A CN 202010251384A CN 111444553 A CN111444553 A CN 111444553A
Authority
CN
China
Prior art keywords
key
tee
rpmb
implementation method
storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010251384.XA
Other languages
Chinese (zh)
Inventor
董攀
朱浩
高珑
李小玲
丁滟
秦莹
马俊
黄辰林
谭郁松
廖湘科
吴庆波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN202010251384.XA priority Critical patent/CN111444553A/en
Publication of CN111444553A publication Critical patent/CN111444553A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]

Abstract

The invention discloses a secure storage implementation method and system supporting TEE extension, and the method comprises the steps of obtaining an authentication master Key Key of RPMB partitionRPMB(ii) a Key based on authentication master KeyRPMBRealize the encrypted storage of the hierarchical Key system, and the authentication master Key KeyRPMBA PUF-based protection approach is used. The invention can be carried in the systemThe digitized information is persistently stored during line and power-off periods, and illegal access and tampering from inside and outside the TEE can be effectively prevented, wherein the threats comprise online software attack, static physical pin snooping and the like. File storage in the TEE can resist threats or attacks from multiple aspects, and even if an attacker takes the key of the RPMB partition, the RPMB file system cannot be decrypted; even if an unsafe application exists in the TEE system, the application can read and write the RPMB partition, but cannot obtain other applications and related file information in the TEE.

Description

Secure storage implementation method and system supporting TEE extension
Technical Field
The invention relates to a secure storage technology, in particular to a secure storage implementation method and system supporting TEE expansion.
Background
The tee (trusted Execution environment) is also called a trusted Execution environment, is a secure area isolated from the host system, and runs in parallel with the host operating system as an independent environment. The TEE technology protects data and codes by using hardware and software, thereby ensuring that confidentiality and integrity of codes and data loaded in a security area are protected, and obtaining stronger security guarantee than that of a traditional ree (rich Execution environment) environment. Trusted applications running in the TEE can access all functions of the main processor and memory on the platform, while hardware isolation protects these components from user-installed applications running in the main operating system. Currently, common TEE technologies include TrustZone, SGX and the like.
ARM corporation has proposed TrustZone extension technology to create TEE, and software resources and hardware resources are divided into trusted areas and untrusted areas, which are respectively used as TEE and REE, so as to protect sensitive data and applications. The TrustZone can ensure that the security state software is started firstly when being powered on, and the subsequent loaded starting image is verified step by step. After TrustZone is enabled, the physical processor can switch between two security modes, defined as normal (running the host OS) and secure (running the TEE OS), respectively. An extra control signal bit, called as a Non-Secure (NS) bit, is added by the TrustZone to read and write each channel on the system bus, and resources such as a memory can be divided into a Secure state and a Non-Secure state through the NS bit. On a processor architecture, each physical processor core is virtualized into a Secure core (Secure) and a Non-Secure core (Non-Secure), the Non-Secure core can only access Non-Secure system resources, and the Secure core can access all resources. Switching between TEE and REE is done using Monitor mode.
SGX, also known as Intel Software Guard Extensions, is an extension to the Intel Architecture (IA) for enhancing Software security, and SGX constructs TEE by creating enclave (enclave), i.e. encapsulates the security operation of legitimate Software in an enclave, protecting it from malware, and making it impossible for privileged or non-privileged Software to access the enclave. That is, once the software and data are located in the enclave, even the operating system or vmm (hypervisor) cannot affect the code and data inside the enclave. The secure boundary of the enclave contains only the CPU and itself. The SGX TEE is obviously different from the TrustZone TEE, the TrustZone TEE is divided into two isolated environments (a safe world and a normal world) through a CPU, and the two environments are communicated through an SMC instruction; and one CPU in the SGX can run a plurality of secure enclaves and can execute the secure enclaves simultaneously. The protection of SGX is to the address space of the application. SGX uses processor-provided instructions to partition an area of memory (EPC) and map enclaves in the application address space to this area of memory. The part of the memory area is encrypted, and encryption and address conversion are carried out through a memory control unit in the CPU.
TEE technology recommends that secure resources be packaged inside the SoC chip to prevent physical snooping with pins. However, due to technical and cost limitations, large-capacity persistent storage is not generally packaged in the SoC, and the SGX is not even designed with a dedicated hardware persistent storage unit. In this case, there are three types of persistent storage schemes available within the TEE:
firstly, the method is realized by using a communication mechanism and an encryption technology of the REE and utilizing an encryption file system of the REE, and the method has the biggest defect that attacks such as malicious deletion cannot be prevented.
The second is realized by an IO device externally connected with a security mechanism, for example, an OPTEE project oriented to TrustZone recommends using an RPMB (Replay Protected Memory Block) partition of an eMMC Memory to realize secure read-write and storage of a large amount of data. Rpmb (replay Protected Memory block) Partition is a Partition in eMMC that has security features. When data is written into the RPMB, the eMMC can check the legality of the data, only a specified Host can write the data, and meanwhile, when the data is read, a signature mechanism is provided, so that the data read by the Host is the data inside the RPMB instead of the data forged by an attacker. The RPMB can authenticate the write operation, but the read operation does not require authentication, and anyone can perform the read operation, so the data stored in the RPMB is usually encrypted and then stored.
And thirdly, by adding a virtual isolation technology into IO hardware, isolation storage capacity can be provided for the TEE, but the method does not consider the protection of directly attacking and reading physical storage, so that a larger security hole exists.
Through comparative analysis, when the secure storage is established outside the SoC, two technologies are essential, namely a tamper-proof/deletion mechanism and an encryption mechanism. When the storage mechanism meets these requirements, the TEE level protection capability can be obtained, namely: the method can not only protect software online attack, but also protect physical attack to the pin level of the equipment.
The existing security device for encrypted storage still has many security problems, and taking the RPMB partition of the eMMC memory as an example, the security of the RPMB partition key becomes a new problem. First, because each RPMB hardware has only a unique, unalterable key, once the key is exposed, the security of the entire partition will be unprotected; secondly, the eMMC memory card and the CPU are generally from different manufacturers and can be determined only when products are integrated, so that the CPU manufacturer cannot perform 'sealing' processing on the secret key of the RPMB partition; third, the eMMC memory may need to be repaired and replaced after the product leaves the factory, and updating the RPMB key may cause problems.
The RPMB partition key is only a data write key and does not provide encryption support for the written data, so that an encryption and decryption mechanism needs to be established. Although the TEE operating system can guarantee the security of a ciphertext by using a high-strength encryption algorithm and a sufficiently long key if a uniform encryption and decryption key is used, a plurality of different applications (namely TAs) may exist in the TEE, the TAs all have the authority to read and change the RPMB partitions and can freely access each other data, and a security risk is also brought.
There is a consensus in the field of digital security that it is not difficult to select a sufficiently secure encryption algorithm, but rather key management. For the secure storage in the TEE, the security of the key under various scenes must be ensured, namely, the online security during the normal operation of the system, the security during the offline (even detected by hardware) of the system, and the security during the updating or maintenance (including factory initialization) of the system. A general key management scheme requires that keys be stored and retrieved at the time of use, with the risk of exposure in many of the above-mentioned situations.
PUFs (physical unclonable functions) are one-way functions in hardware, which are physically defined "digital fingerprints" that serve as unique identifiers for semiconductor devices, such as microprocessors. They are generated based on unique physical changes that occur naturally during semiconductor manufacturing and can be used to implement security functions, such as device authentication, cryptographic protocol keysGenerate, generate seeds for a random number generator, etc. There are many practical PUFs, such as those based on device delay, those based on memory access randomness, etc. By utilizing the PUF characteristic of the power-on initial value of the SRAM in the CPU chip, not only can the initial key during power-on be obtained, but also the subsequent reading of the key can be prevented through the writing operation of the SRAM after the key is read, and the effect of burning after reading is achieved. Based on the one-way function characteristics of the PUF, an algorithm related to key management such as key generation and updating can be constructed, and the principle is as follows: a fuzzy extractor is employed in PUF-based key generation applications to extract a key from a PUF response. The fuzzy extractor is composed of a security sketch extractor and a random extractor, and error correction of PUF response and compression generation of a secret key are respectively realized. Secure Sketch (Secure Sketch) provides a way to reconstruct reliable results from noisy PUF responses and to guarantee that the results have a high residual entropy. And the fuzzy extractor accumulates the entropy in the corrected stable PUF response into the generated key. The fuzzy extractor comprises two phases of registration (Enrolment) and Reconstruction (Reconstruction). During the registration phase, the key is programmed into the device, similar to the key programming phase in conventional non-volatile memory based key storage. First, reading PUF response R as reference response R for generating keyrefInput to a blur extractor. On the one hand, helper data h for response error correction is generated using a secure rough registration process and saved to the non-volatile memory of the system. On the other hand, the random extractor compresses the reference response to generate a key with sufficient entropy. In the reconstruction phase, the PUF response R' is read again, which will differ to some extent (be erroneous) from the reference response due to the influence of noise. If the error rate of the response is within the designed error correction capability, a secure and rough recovery procedure can correct the errors in the PUF response R' with the help of the helper data h, recovering the response RrefThe same response. The random extractor then generates the same key with the recovered response.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: aiming at the problems in the prior art, the invention provides a secure storage implementation method and system supporting TEE expansion, which can persistently store digital information during system operation and power-off, and can effectively prevent illegal access and tampering from inside and outside the TEE, including threats such as online software attack, static physical pin snooping and the like. With the help of multi-layer key management, file storage in the TEE can resist threats or attacks from multiple aspects, and even if an attacker takes the key of the RPMB partition, the RPMB file system cannot be decrypted; even if an unsafe application exists in the TEE system, the application can read and write the RPMB partition, but cannot obtain other applications and related file information in the TEE.
In order to solve the technical problems, the invention adopts the technical scheme that:
a secure storage implementation method supporting TEE extension comprises the following implementation steps:
1) obtaining authentication master Key of RPMB partitionRPMB
2) Key based on authentication master KeyRPMBAnd (3) realizing encrypted storage of a hierarchical key system: in the kernel layer of a trusted execution environment TEE, a specified secret Key generation algorithm is utilized to generate a Key based on an authentication master KeyRPMBGenerating a root KeyRFor encryption and decryption at the kernel layer, and in the life cycle of the trusted execution environment TEE, the root KeyRAlways exist in the secure memory and kernel mode address space; at the application layer of the trusted execution environment TEE, aiming at each trusted application TA, the universal unique identifier UUID and the root Key Key of the trusted application TA are basedRGenerating a unique storage Key Key of the trusted application TAAEncrypting and decrypting with a file store for belonging to the trusted application TA; at the file layer of the trusted execution environment TEE, aiming at each file, based on the storage Key Key of the trusted application TAAGenerating independent KeyFFor write encryption and read decryption of the file.
Optionally, the detailed steps of step 1) include:
1.1) obtaining a read value of a PUF function circuit of a CPU;
1.2) Circuit with PUF functionReading values, auxiliary Data stored in a conventional memoryKACarrying out exclusive or operation;
1.3) carrying out appointed decoding operation on the result of the XOR operation to obtain a seed KeyS
1.4) seed KeySObtaining an authentication master Key Key through specified encryption processingRPMB
Optionally, the decoding operation specified in step 1.3) is BCH decoding.
Optionally, the encryption processing specified in step 1.4) specifically refers to encryption processing by using a key derivation function KDF defined in the security specification.
Optionally, before the step 1), generating an authentication master Key at factoryRPMBThe steps of (1):
s1) randomly selecting a seed Key KeyS
S2) generating seed Key KeySObtaining an authentication master Key Key through specified encryption processingRPMB(ii) a And writing the one-time password key register of the RPMB partition of the memory;
s3) generating seed Key KeySPerforming a specified encoding operation, wherein the specified encoding operation is the inverse of the decoding operation specified in the step 1.3); obtaining the read value of PUF function circuit of CPU, and performing XOR operation on the encoding operation result and the read value of PUF function circuit to obtain auxiliary DataKAFinally destroy the seed Key KeySAnd transmits the auxiliary DataKASaved to the regular memory of the device for persistent storage.
Optionally, the method also comprises the steps of S1) -S3) after replacing the conventional memory so as to update the authentication master Key KeyRPMBThe step (2).
In addition, the invention also provides a safe storage implementation system supporting the TEE extension, and the safe storage implementation system is programmed or configured to execute the steps of the safe storage implementation method supporting the TEE extension.
In addition, the invention also provides a security storage implementation system supporting the TEE extension, which comprises a computer device, wherein the computer device is programmed or configured to execute the steps of the security storage implementation method supporting the TEE extension, or a computer program which is programmed or configured to execute the security storage implementation method supporting the TEE extension is stored on a memory of the computer device.
Furthermore, the present invention also provides a computer-readable storage medium having stored thereon a computer program programmed or configured to execute the secure storage implementation method supporting TEE extensions.
Compared with the prior art, the invention has the following advantages: in order to ensure that the stored data is not illegally snooped, different keys are respectively used for encryption in a kernel layer, an application layer and a file layer of the TEE, and the keys form a tree relationship, so that different applications and files in the TEE can be isolated, and the data of one application is prevented from being accessed by other applications. Based on such a design, file storage in the TEE may be resistant to threats or attacks from multiple aspects. Even if an attacker takes the secret key of the RPMB partition, the RPMB file system cannot be decrypted; even if an unsafe application exists in the TEE system, the application can read and write the RPMB partition, but cannot obtain other applications and related file information in the TEE.
Drawings
FIG. 1 is a schematic diagram of a basic flow of a method according to an embodiment of the present invention.
FIG. 2 is the Key for obtaining the authentication master Key in the embodiment of the present inventionRPMBSchematic diagram of the principle of (1).
FIG. 3 is a diagram of generating (updating) an authentication master Key Key according to an embodiment of the present inventionRPMBSchematic diagram of the principle of (1).
Fig. 4 is a schematic diagram of a tree structure of a hierarchical key system according to an embodiment of the present invention.
Detailed Description
The following describes an example of the technical solution of the present embodiment. In the embodiment, this embodiment selects the TEE environment of TrustZone, and assumes that an RPMB partition of the eMMC memory exists in the hardware system, and sets the write Key of the RPMB partition as the authentication master KeyRPMB. Key for authentication master Key in practical applicationRPMBThe use has the following requirements.The secret key is separated from the TEEOS image, the eMMC external storage is used, the eMMC card can be replaced correspondingly when replaced, and secret key information cannot be obtained from information stored outside. Therefore, the RPMB key should be protected against not only malicious code attacks from the REE environment, but also probing and attacks on the external port of the SoC chip through the laboratory device.
In the embodiment, it is assumed that a conventional memory similar to an eMMC memory exists in the system, and data write control by cryptographic authentication is supported. The embodiment does not limit the read operation of the data. In this embodiment, the authentication Key used for writing data is called a master Key and is denoted as an authentication master KeyRPMB
As shown in fig. 1, the implementation steps of the secure storage implementation method supporting TEE extension in this embodiment include:
1) obtaining authentication master Key of RPMB partitionRPMB
2) Key based on authentication master KeyRPMBAnd (3) realizing encrypted storage of a hierarchical key system: in the kernel layer of a trusted execution environment TEE, a specified secret Key generation algorithm is utilized to generate a Key based on an authentication master KeyRPMBGenerating a root KeyRFor encryption and decryption at the kernel layer, and in the life cycle of the trusted execution environment TEE, the root KeyRAlways exist in the secure memory and kernel mode address space; at the application layer of the trusted execution environment TEE, aiming at each trusted application TA, the universal unique identifier UUID and the root Key Key of the trusted application TA are basedRGenerating a unique storage Key Key of the trusted application TAAEncrypting and decrypting with a file store for belonging to the trusted application TA; at the file layer of the trusted execution environment TEE, aiming at each file, based on the storage Key Key of the trusted application TAAGenerating independent KeyFFor write encryption and read decryption of the file.
Step 1) of this embodiment further implements PUF-based key protection, so as to protect a write authentication master key of a secure storage device, prevent key leakage and physical static snooping at runtime, and support key update. As shown in fig. 2, the detailed steps of step 1) include:
1.1) obtaining a read value (denoted as PUF in FIG. 2) of a PUF function circuit of the CPU;
1.2) reading the PUF function circuit, auxiliary Data stored in a conventional memoryKACarrying out exclusive or operation;
1.3) carrying out appointed decoding operation on the result of the XOR operation to obtain a seed KeyS
1.4) seed KeySObtaining an authentication master Key Key through specified encryption processingRPMB
This embodiment is for storing the authentication master Key KeyRPMBThe basic idea of protection of (2) is: only saving Key for synthesizing authentication master Key in SoC external persistent storage equipmentRPMBAssistance Data ofKAAuthentication master Key Key through PUF technologyRPMBGeneration and recovery of; use of authentication master Key in SoC on-chip secure memory in kernel service modeRPMBOnly encrypted or signed interfaces are reserved for TEE applications. It is noted that the ancillary Data need not be presentKASpecial safety protection is performed. On the one hand, the auxiliary Data are exposedKADoes not cause the authentication of the master KeyRPMBExposure of (a); on the other hand, when an attacker deletes or tampers with the auxiliary DataKAAnd then can be detected by the system in time, thereby terminating the subsequent operation. Authentication master KeyRPMBThe method is only useful at power-on start-up, and the risk of denial of service attack caused by tampering does not exist at the running time.
In this embodiment, the decoding operation specified in step 1.3) is BCH decoding.
In this embodiment, the encryption processing specified in step 1.4) specifically refers to encryption processing performed by using a key derivation function KDF defined in the security specification.
In this embodiment, before the step 1), generating an authentication master Key before shipping as shown in fig. 3RPMBThe steps of (1):
s1) randomly selecting a seed Key KeyS
S2) generating seed Key KeySObtaining an authentication master Key Key through specified encryption processingRPMB(ii) a And writing the one-time password key register of the RPMB partition of the memory;
s3) generating seed Key KeySPerforming a specified encoding operation, wherein the specified encoding operation is the inverse of the decoding operation specified in the step 1.3); obtaining the read value of PUF function circuit of CPU, and performing XOR operation on the encoding operation result and the read value of PUF function circuit to obtain auxiliary DataKAFinally destroy the seed Key KeySAnd transmits the auxiliary DataKASaved to the regular memory of the device for persistent storage.
In this embodiment, the steps S1) -S3) are executed after replacing the conventional memory so as to update the authentication master KeyRPMBThe step (2).
As can be seen from the foregoing description, the PUF-based Key protection in this embodiment is used for authenticating the master KeyRPMBThree parts are involved, generation, recovery and update. The generation process is carried out at the factory, namely, the steps S1) to S3) are executed; restoring and recovering the device for each time before restarting the device and needing to read and write the RPMB partition, namely executing the steps 1.1) -1.4); updating the conventional memory for equipment needing to be replaced due to maintenance or other reasons, wherein the basic process is consistent with the generation process, namely, the steps S1) to S3) are executed.
In summary, the PUF-based key protection in this embodiment has the following advantages: firstly, utilizing the characteristics of PUF to protect the authentication master Key KeyRPMBUseful information exposure time is minimized. This is the read opportunity for PUF values (such as RAM-based PUFs) only at the beginning of system power-up. Static reading through a chip external interface, REE malicious codes after power-on or malicious codes in TEE application cannot be read into the authentication master Key KeyRPMBThereby enhancing the Key of the authentication master KeyRPMBProtection of (3). Secondly, flexible requirements such as secret Key replacement and revocation can be met, and the PUF value is not used as the authentication master Key Key in the embodimentRPMBInstead, the PUF and an intermediate helper value are used to generate the authentication master Key KeyRPMBBy means of replacement assistanceValue-updatable authentication master KeyRPMBOr revoke the original authentication master KeyRPMB. The intermediate auxiliary value has no secrecy requirement, so that the scheme has good applicability and flexibility.
In this embodiment, the encryption storage method of the hierarchical key system implemented in step 2) can implement the distribution and management of private keys for different software entities in the TEE, and prevent the TEE from being illegally snooped by other applications. Based on authentication master Key Key in step 2)RPMBWhen the encryption storage of the hierarchical key system is realized:
2.1, at the kernel level of the trusted execution environment TEE (TEE kernel, as shown in fig. 4, at the bottom): authentication-based master Key Key utilizing Key generation algorithmRPMBGenerating a new ROOT Key (ROOT Key) ROOT KeyRAnd the encryption and decryption are used for the kernel layer. It should be noted that the seed Key KeySThe ID code ID can be randomly generated or can be coded by the ID of the same SoC chipSoCSo as to use the root Key KeyRThe generation mechanism can also be associated with the ID code of the SoC chip to realize the binding with the platform. In this embodiment, the key generation algorithm adopts KDF, and ID of SoC chip is encoded into IDSoCKey as seed KeySThus generating a root Key KeyRIs expressed as: key (R)R:= KDF(KeyRPMB,IDSoC) As shown in fig. 4. In the life cycle of the TEE, the root Key KeyRAlways exist in the secure memory and cannot leak to the non-secure area.
2.2, at the application layer of the trusted execution environment TEE (in the middle layer, as shown in fig. 4): universal unique identifier UUID and root Key Key based on trusted application TA for each trusted application TARGenerating a unique storage Key Key of the trusted application TAAEncrypting and decrypting with a file store for belonging to the trusted application TA; generation of a separate storage Key by the Kernel for each trusted application TA (trusted application) applicationAStoring the Key KeyABy root Key KeyRAnd a Universally Unique Identifier (UUID) of the TA application of the trusted application, the key generation algorithm in this embodiment adopts KDF,thus can be expressed as KeyA:= KDF(KeyR,UUIDTA)。KeyAThe purpose of (1) is to encrypt and decrypt file stores belonging to a trusted application TA. Since each TA uses an independent KeyATherefore, the application in the TEE can not acquire the storage information of other TAs, and the independence of the application resources in the TEE is further ensured. As shown in FIG. 4, the trusted application TA1Storage Key KeyA1Is expressed as: key (R)A1:= KDF(KeyR,UUIDTA1) Trusted application TA2Storage Key KeyA2Is expressed as: key (R)A2:=KDF(KeyR,UUIDTA2) … trusted application TAnStorage Key KeyAnIs expressed as: key (R)An:= KDF(KeyR,UUIDTAn)。
2.3, at the file level of the trusted execution environment TEE (at the uppermost level, as shown in fig. 4), for each file, based on the storage Key of the trusted application TA to which it belongsAGenerating independent KeyFFor write encryption and read decryption of the file. Independent Key can be used for each fileFAnd is used for encrypting the file data. Key (R)FKey through TAAStoring the encrypted data into a corresponding file system, and using a corresponding Key during accessAIt is decrypted, which further ensures the independence of the data. In this embodiment, the Key generation algorithm adopts KDF, and the Key is stored based on the trusted application TAAGenerating independent KeyFThe expression of (a) is: key (R)F:= KDF(KeyA, UUIDF) Therein KeyAStoring keys, UUIDs, for affiliated trusted applications TAFIs a unique identification code for the file (generated by using a hash algorithm or the like). The uppermost layer shown in fig. 4 is only the trusted application TA2Of m files, wherein the uppermost layer belongs to the trusted application TA2FI L E1~FILEmRepresenting m files, their corresponding independent Key keysFAre respectively KeyF1~KeyFmM files FI L E1~FILEmIn, file FI L E1Key ofF1Is expressed as: key (R)F1:= KDF(KeyA2,UUIDF1) File FI L E2Key ofF2Is expressed as: key (R)F2:= KDF(KeyA2,UUIDF2) …, file FI L EmKey ofFmIs expressed as: key (R)Fm:= KDF(KeyA2,UUIDFm)。
In order to ensure that the storage data of the embodiment is not snooped illegally, different keys are respectively used by different software security layers in the TEE to encrypt the storage data, and the keys are in a tree-like relationship. Therefore, the stored information of the applications and the software modules of different levels in the TEE can be isolated, and the data of one application is prevented from being illegally accessed by other software modules. Specifically, a root key for encryption may be generated by using a storage master key, and derivative keys are added for different hierarchies when a software hierarchy grows from a bottom layer to an upper layer-or from a low privilege to a high privilege, respectively, and a key at a higher layer is generated by a parent node key thereof. That is, software modules at the same level use different keys, but the encrypted data they store can be decrypted indirectly using the key of their immediate parent. Therefore, the encryption storage method of the hierarchical key system implemented in step 2) in this embodiment can implement the allocation and management of private keys for different software entities in the TEE, and prevent the TEE from being illegally snooped by other applications.
In addition, the present embodiment also provides a secure storage implementation system supporting TEE extension, which is programmed or configured to execute the steps of the foregoing secure storage implementation method supporting TEE extension.
In addition, the embodiment also provides a security storage implementation system supporting TEE extension, which includes a computer device programmed or configured to execute the steps of the foregoing security storage implementation method supporting TEE extension, or a computer program programmed or configured to execute the foregoing security storage implementation method supporting TEE extension is stored in a memory of the computer device.
Furthermore, the present embodiment also provides a computer-readable storage medium, on which a computer program programmed or configured to execute the foregoing safe storage implementation method supporting TEE extension is stored.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The present application is directed to methods, apparatus (systems), and computer program products according to embodiments of the application wherein instructions, which execute via a flowchart and/or a processor of the computer program product, create means for implementing functions specified in the flowchart and/or block diagram block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.

Claims (9)

1. A secure storage implementation method supporting TEE extension is characterized by comprising the following implementation steps:
1) obtaining authentication master Key of RPMB partitionRPMB
2) Key based on authentication master KeyRPMBAnd (3) realizing encrypted storage of a hierarchical key system: in the kernel layer of a trusted execution environment TEE, a specified secret Key generation algorithm is utilized to generate a Key based on an authentication master KeyRPMBGenerating a root KeyRFor encryption and decryption at the kernel layer, and in the life cycle of the trusted execution environment TEE, the root KeyRAlways exist in the secure memory and kernel mode address space; at the application layer of the trusted execution environment TEE, aiming at each trusted application TA, the universal unique identifier UUID and the root Key Key of the trusted application TA are basedRGenerating a unique storage Key Key of the trusted application TAAEncrypting and decrypting with a file store for belonging to the trusted application TA; at the file layer of the trusted execution environment TEE, aiming at each file, based on the storage Key Key of the trusted application TAAGenerating independent KeyFFor write encryption and read decryption of the file.
2. The TEE extension-supported secure storage implementation method of claim 1, wherein the detailed steps of step 1) comprise:
1.1) obtaining a read value of a PUF function circuit of a CPU;
1.2) reading the PUF function circuit, auxiliary Data stored in a conventional memoryKACarrying out exclusive or operation;
1.3) carrying out appointed decoding operation on the result of the XOR operation to obtain a seed KeyS
1.4) seed KeySObtaining an authentication master Key Key through specified encryption processingRPMB
3. The TEE extension enabled secure storage implementation method of claim 2, wherein the decoding operation specified in step 1.3) is BCH decoding.
4. The method for implementing secure storage supporting TEE extension according to claim 2, wherein the encryption processing specified in step 1.4) is specifically encryption processing by using a key derivation function KDF defined in the security specification.
5. The TEE extension-supported secure storage implementation method of claim 2, wherein step 1) is preceded by generating an authentication master Key Key at factoryRPMBThe steps of (1):
s1) randomly selecting a seed Key KeyS
S2) generating seed Key KeySObtaining an authentication master Key Key through specified encryption processingRPMB(ii) a And writing the one-time key register of the RPMB partition of the memory;
s3) generating seed Key KeySPerforming a specified encoding operation, wherein the specified encoding operation is the inverse of the decoding operation specified in the step 1.3); obtaining the read value of PUF function circuit of CPU, and performing XOR operation on the encoding operation result and the read value of PUF function circuit to obtain auxiliary DataKAFinally destroy the seed Key KeySAnd transmits the auxiliary DataKASaved to the regular memory of the device for persistent storage.
6. The TEE expansion-supported secure storage implementation method of claim 5, further comprising replacing the regular memory and then performing the steps S1) -S3) to update the authentication master Key KeyRPMBThe step (2).
7. A TEE expansion supporting secure storage implementation system, which is programmed or configured to execute the steps of the TEE expansion supporting secure storage implementation method of any one of claims 1-6.
8. A safe storage implementation system supporting TEE extension, comprising a computer device, wherein the computer device is programmed or configured to execute the steps of the safe storage implementation method supporting TEE extension of any one of claims 1 to 6, or the computer device has a computer program stored on a memory thereof, the computer program being programmed or configured to execute the safe storage implementation method supporting TEE extension of any one of claims 1 to 6.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program programmed or configured to execute the TEE extension enabled secure storage implementation method of any one of claims 1 to 6.
CN202010251384.XA 2020-04-01 2020-04-01 Secure storage implementation method and system supporting TEE extension Pending CN111444553A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010251384.XA CN111444553A (en) 2020-04-01 2020-04-01 Secure storage implementation method and system supporting TEE extension

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010251384.XA CN111444553A (en) 2020-04-01 2020-04-01 Secure storage implementation method and system supporting TEE extension

Publications (1)

Publication Number Publication Date
CN111444553A true CN111444553A (en) 2020-07-24

Family

ID=71652715

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010251384.XA Pending CN111444553A (en) 2020-04-01 2020-04-01 Secure storage implementation method and system supporting TEE extension

Country Status (1)

Country Link
CN (1) CN111444553A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112422279A (en) * 2020-11-11 2021-02-26 深圳市中易通安全芯科技有限公司 Intelligent terminal key management method and hierarchical management system
CN112738083A (en) * 2020-12-28 2021-04-30 福建正孚软件有限公司 Cross-network cross-border data transmission based secure access key management system and method
CN112784301A (en) * 2021-01-22 2021-05-11 珠海妙存科技有限公司 Method, device and medium for improving RPMB partition data security
CN114257877A (en) * 2021-12-02 2022-03-29 展讯通信(上海)有限公司 Key deployment and use method and device for broadband digital video protection (HDCP)
CN116126753A (en) * 2022-12-28 2023-05-16 江苏都万电子科技有限公司 Protective memory and storage method
US11824984B2 (en) 2022-01-11 2023-11-21 International Business Machines Corporation Storage encryption for a trusted execution environment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103530578A (en) * 2013-10-18 2014-01-22 武汉大学 Method for constructing STPM of android system
CN105007285A (en) * 2015-08-19 2015-10-28 南京万道电子技术有限公司 Key protection method and safety chip based on physical no-cloning function
US20160070932A1 (en) * 2014-09-10 2016-03-10 Vincent J. Zimmer Providing A Trusted Execution Environment Using A Processor
US20190163913A1 (en) * 2017-11-29 2019-05-30 Mstar Semiconductor, Inc. Root key processing method and associated device
CN109960903A (en) * 2017-12-26 2019-07-02 中移(杭州)信息技术有限公司 A kind of method, apparatus, electronic equipment and storage medium that application is reinforced
US20190340393A1 (en) * 2018-05-04 2019-11-07 Huawei Technologies Co., Ltd. Device and method for data security with a trusted execution environment
CN110677418A (en) * 2019-09-29 2020-01-10 四川虹微技术有限公司 Trusted voiceprint authentication method and device, electronic equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103530578A (en) * 2013-10-18 2014-01-22 武汉大学 Method for constructing STPM of android system
US20160070932A1 (en) * 2014-09-10 2016-03-10 Vincent J. Zimmer Providing A Trusted Execution Environment Using A Processor
CN105007285A (en) * 2015-08-19 2015-10-28 南京万道电子技术有限公司 Key protection method and safety chip based on physical no-cloning function
US20190163913A1 (en) * 2017-11-29 2019-05-30 Mstar Semiconductor, Inc. Root key processing method and associated device
CN109960903A (en) * 2017-12-26 2019-07-02 中移(杭州)信息技术有限公司 A kind of method, apparatus, electronic equipment and storage medium that application is reinforced
US20190340393A1 (en) * 2018-05-04 2019-11-07 Huawei Technologies Co., Ltd. Device and method for data security with a trusted execution environment
CN110677418A (en) * 2019-09-29 2020-01-10 四川虹微技术有限公司 Trusted voiceprint authentication method and device, electronic equipment and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SHIJUN ZHAO ET AL.: "Providing Root of Trust for ARM TrustZone using On-Chip SRAM" *
吴缙 等: "基于PUF的可信根及可信计算平台架构设计" *
范冠男: "基于TrustZone的虚拟化TPM研究" *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112422279A (en) * 2020-11-11 2021-02-26 深圳市中易通安全芯科技有限公司 Intelligent terminal key management method and hierarchical management system
CN112422279B (en) * 2020-11-11 2023-02-03 深圳市中易通安全芯科技有限公司 Intelligent terminal key management method and hierarchical management system
CN112738083A (en) * 2020-12-28 2021-04-30 福建正孚软件有限公司 Cross-network cross-border data transmission based secure access key management system and method
CN112738083B (en) * 2020-12-28 2023-05-19 福建正孚软件有限公司 System and method for managing secure access key based on cross-network and cross-border data transmission
CN112784301A (en) * 2021-01-22 2021-05-11 珠海妙存科技有限公司 Method, device and medium for improving RPMB partition data security
CN114257877A (en) * 2021-12-02 2022-03-29 展讯通信(上海)有限公司 Key deployment and use method and device for broadband digital video protection (HDCP)
US11824984B2 (en) 2022-01-11 2023-11-21 International Business Machines Corporation Storage encryption for a trusted execution environment
CN116126753A (en) * 2022-12-28 2023-05-16 江苏都万电子科技有限公司 Protective memory and storage method
CN116126753B (en) * 2022-12-28 2024-02-02 江苏都万电子科技有限公司 Protective memory and storage method

Similar Documents

Publication Publication Date Title
US10887086B1 (en) Protecting data in a storage system
CN109858265B (en) Encryption method, device and related equipment
JP5537742B2 (en) Method and apparatus including architecture for protecting multi-user sensitive code and data
CN111444553A (en) Secure storage implementation method and system supporting TEE extension
CN110447032B (en) Memory page translation monitoring between hypervisor and virtual machine
US9602282B2 (en) Secure software and hardware association technique
KR101577886B1 (en) Method and apparatus for memory encryption with integrity check and protection against replay attacks
RU2295834C2 (en) Initialization, maintenance, renewal and restoration of protected mode of operation of integrated system, using device for controlling access to data
JP4392241B2 (en) Method and system for promoting safety protection in a computer system employing an attached storage device
JP5260081B2 (en) Information processing apparatus and control method thereof
JP4982825B2 (en) Computer and shared password management methods
CN104252881B (en) Semiconductor integrated circuit and system
TWI514187B (en) Systems and methods for providing anti-malware protection on storage devices
KR20190063264A (en) Method and Apparatus for Device Security Verification Utilizing a Virtual Trusted Computing Base
KR20160138450A (en) Rapid data protection for storage devices
JP2005527019A (en) Multi-token seal and seal release
JP2005227995A (en) Information processor, information processing method and computer program
Meijer et al. Self-encrypting deception: weaknesses in the encryption of solid state drives
CN110659506A (en) Replay protection of memory based on key refresh
Meijer et al. Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)
US10452565B2 (en) Secure electronic device
CN107563226B (en) Memory controller, processor module and key updating method
US20210211281A1 (en) Apparatus and method for securely managing keys
CN112241523A (en) Embedded computer starting-up identity authentication method
Gross et al. Enhancing the Security of FPGA-SoCs via the Usage of ARM TrustZone and a Hybrid-TPM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination