CN112784301B - Method, device and medium for improving RPMB partition data security - Google Patents
Method, device and medium for improving RPMB partition data security Download PDFInfo
- Publication number
- CN112784301B CN112784301B CN202110090420.3A CN202110090420A CN112784301B CN 112784301 B CN112784301 B CN 112784301B CN 202110090420 A CN202110090420 A CN 202110090420A CN 112784301 B CN112784301 B CN 112784301B
- Authority
- CN
- China
- Prior art keywords
- data
- field
- mac
- storage device
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Abstract
The invention relates to a method, a device and a medium for improving the safety of RPMB partition data, which comprises the following steps: when a data reading request is sent to the storage device to the host, adding an MAC field in a data packet; the storage device receives the data packet and verifies whether the host is authorized. The invention has the beneficial effects that: based on a read access flow specified by the existing eMMC RPMB, an authentication mechanism is added to avoid an unauthorized user from accessing the partition data; based on the configuration space and the configuration method of the existing eMMC, a read authentication mechanism control switch is added. The eMMC is compatible with a standard protocol, and meanwhile, a read authentication mechanism can be opened when the eMMC is required; the operation of the read authentication mechanism control switch is authenticated, so that the read authentication mechanism can be prevented from being closed maliciously by unauthorized Host.
Description
Technical Field
The invention relates to the field of computer storage equipment, in particular to a method, a device and a medium for improving RPMB partition data security.
Background
The data information security has three elements: confidentiality: ensuring that information is not leaked to unauthorized users; integrity: the information is ensured to be complete when being transmitted and stored, and is not illegally modified, replayed and the like; availability: and timely and reliable access to information by authorized users is ensured.
The RPMB partition is an independent storage area in the eMMC, which has certain access control attributes, and is generally used to store secret data information that needs access authorization, such as fingerprints and passwords.
The RPMB partition consists of three parts: key (Key): 32Byte, which can be written once and cannot be read. This key is used to calculate the Message Authentication Code (MAC) required to generate the access authentication. In practical application, the key needs to be written in a secure environment, so that the secure distribution of the key is ensured; write Counter (Counter): 4Byte, read only, can be incremented from 0 to 0xFFFFFFFF. After the data is successfully written into the RPMB data area once, the data is increased by 1, and after the maximum value is reached, the data can not be written into the RPMB partition, so that the replay attack of the data write operation is prevented; data storage area (Data) has a space size of 128kb × n for storing Data, and most RPMB partitions of eMMC can store 2MB or 4MB of Data.
Use of RPMB partition:
1. before accessing the RPMB partition, the Key must be written first, and the Key can only be written once and cannot be read.
2. When Data is written, firstly, a write Counter (without Key) is obtained from the eMMC, the { Counter + Data } uses the HMAC SHA-256 algorithm + Key to produce MAC, and then the { Counter + Data + MAC } is sent to the eMMC. The eMMC internally checks the Counter and MAC for correctness. If the Data is correct, writing the Data into the RPMB Data area, and increasing the Counter by 1; otherwise an error is returned.
3. When Data is read out, the { Data + MAC } can be directly acquired from the eMMC RPMB partition, and a user calculates the MAC by using Key to judge the integrity of the Data.
From the above usage process, the eMMC RPMB partition only provides a protection mechanism for data writing, but has no access limit to read data, and there is a leakage risk in storing data.
Disclosure of Invention
The invention aims to solve at least one technical problem in the prior art, provides a method, a device and a medium for improving the safety of RPMB partition data, and improves the confidentiality of the data.
The technical scheme of the invention comprises a method for improving the safety of RPMB partition data, which is characterized by comprising the following steps: when a data reading request is sent to the storage device to the host, adding an MAC field in a data packet; the storage device receives the data packet and verifies whether the host is authorized.
According to the method for improving the safety of the RPMB partition data, the storage device is provided with an authentication process, wherein the authentication process carries out authentication through an enable control bit by adding a read operation authentication mechanism in the storage device, and the enable control bit can self-define a switch
According to the method for improving the data security of the RPMB partition, a data packet comprises a data packet field and an MAC field, and the MAC field is obtained by calculating the data packet field and a secret key.
According to the method for improving the data security of the RPMB partition, when a read data request is sent to the storage device by the host, the MAC field is added into the data packet through a CMD23 command and a CMD25 command.
According to the method for improving the data security of the RPMB partition, the storage device receives the data packet, and the verifying whether the host is authorized comprises: analyzing the received read request data packet, calculating an MAC value, executing the next step if the MAC value is correct, and directly returning an error state through a Result field if the MAC value is incorrect to refuse data access; judging whether the address in the read request is out of range, if so, returning an error state directly through a Result field; if the read request does not cross the boundary, taking out the data from the partition according to the address and the length of the read request, filling other necessary information, and constructing other read data packet fields except the MAC field; calculating and generating a message authentication code MAC according to the data packet field and the internal key; the MAC field is appended to the last packet field and all packets are transmitted to the host.
According to the method for improving the safety of the RPMB partition data, the storage device is configured as a storage device based on an eMMC5.1 protocol.
The technical solution of the present invention also includes an apparatus for improving the security of RPMB partition data, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements any of the method steps when executing the computer program.
The invention also relates to a computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out any of the method steps.
The invention has the beneficial effects that: based on the read access flow specified by the existing eMMC RPMB, an authentication mechanism is added to avoid an unauthorized user from accessing the partition data; based on the configuration space and the configuration method of the existing eMMC, a read authentication mechanism control switch is added. The eMMC is compatible with a standard protocol, and meanwhile, a read authentication mechanism can be opened when the eMMC is required; the operation of the read authentication mechanism control switch is authenticated, so that the read authentication mechanism can be prevented from being maliciously closed by an unauthorized Host.
Drawings
The invention is further described below with reference to the accompanying drawings and examples;
FIG. 1 illustrates an overall flow diagram according to an embodiment of the invention;
FIG. 2 illustrates a data packet format according to an embodiment of the present invention;
FIG. 3 is a flow diagram illustrating a read operation using authentication according to an embodiment of the present invention;
fig. 4 shows a diagram of an apparatus according to an embodiment of the invention.
Detailed Description
Reference will now be made in detail to the present preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to like elements throughout.
In the description of the present invention, the meaning of a plurality of means is one or more, the meaning of a plurality of means is two or more, and larger, smaller, larger, etc. are understood as excluding the number, and larger, smaller, inner, etc. are understood as including the number.
In the description of the present invention, the method steps are labeled consecutively for convenience of examination and understanding, and the implementation order of the steps is adjusted without affecting the technical effect achieved by the technical solution of the present invention by combining the whole technical solution of the present invention and the logical relationship between the steps.
In the description of the present invention, unless otherwise explicitly defined, terms such as set, etc. should be broadly construed, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the detailed contents of the technical solutions.
Fig. 1 shows a general flow diagram according to an embodiment of the invention, the flow comprising: when a data reading request is sent to the storage device to the host, adding an MAC field in a data packet; the storage device receives the data packet and verifies whether the host is authorized.
For Host sending read data request to Device (by adding MAC), by operating command: CMD23+ CMD25 implementation.
Fig. 2 shows a Data packet format according to an embodiment of the invention, and referring to fig. 2, data fields are random Data; the Key/(MAC) field is not fixed to 0, but is a MAC computed from the packet field and Key, as shown in the gray box of fig. 2.
FIG. 3 is a flow diagram illustrating a read operation using authentication according to an embodiment of the present invention, which is summarized as follows:
and combining the added Data and MAC fields in the figure 2 to perform MAC calculation and check, and determining whether the read request is issued by an authorized Host.
Analyzing the received read request data packet, calculating the MAC value, if the MAC value is correct, continuing the step 2, if the MAC value is incorrect, directly returning an error state through a Result field, and refusing data access.
It is determined whether the address in the read request is out of bounds. If the boundary is crossed, an error status is returned directly through the Result field.
If the boundary is not crossed, the data is taken out from the partition according to the address and the length of the read request, other necessary information is filled, and other read data packet fields except the MAC field are constructed.
And calculating and producing the message authentication code MAC according to the data packet field and the internal Key.
And attaching the MAC field to the Key/(MAC) field of the last data packet, and transmitting all the data packets to the Host.
And after the Host receives the Data packet, taking out the Data content of the Data field and recalculating the MAC by using the Key of the Host, wherein if the calculated value of the MAC is the same as the received value, the Data is correct, and otherwise, the Data is wrong.
For the storage device, the standard eMMC does not support read operation authentication by default, a reserved register in the eMMC can be used, an enabling control bit of a read operation authentication mechanism is added, and meanwhile, the operation safety of the enabling controller bit is considered.
Specifically, the emmc5.1 protocol specifies a Device Configuration Area, which is defined as a 256Byte space and currently uses only two bytes, so that an enable control bit of the read authentication mechanism can be added in the Area. The modification of the configuration area is the same as the write operation of the RPMB partition, and an authentication mechanism is provided, so that the malicious closing of the read operation authentication mechanism by an unauthorized Host can be avoided, and the data in the partition can be accessed randomly.
Fig. 4 shows a diagram of an apparatus according to an embodiment of the invention. The apparatus comprises a memory 100 and a processor 200, wherein the processor 200 stores a computer program for performing: when a data reading request is sent to the storage device to the host, adding an MAC field in a data packet; the storage device receives the data packet and verifies whether the host is authorized. Wherein the memory 100 is used for storing data.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.
Claims (6)
1. A method for improving RPMB partition data security, the method comprising:
when a data reading request is sent to the storage device to the host, adding an MAC field in a data packet;
the storage device receives the data packet and verifies whether the host is authorized;
the storage device is provided with authentication processing, wherein the authentication processing is used for authenticating through an enable control bit added with a read operation authentication mechanism in the storage device and the enable control bit, and the enable control bit can self-define a switch;
the storage device receiving the data packet, and verifying whether the host is authorized comprises:
analyzing the received read request data packet, calculating an MAC value, executing the next step if the MAC value is correct, and directly returning an error state through a Result field if the MAC value is incorrect to refuse data access;
judging whether the address in the read request is out of range, if so, directly returning to an error state through a Result field; if the read request does not cross the boundary, taking out data from the partition according to the address and the length of the read request, filling other necessary information, and constructing other read data packet fields except the MAC field;
calculating and generating a message authentication code MAC according to the data packet field and the internal key;
the MAC field is appended to the last packet field and all packets are transmitted to the host.
2. The method of claim 1, wherein said packet includes a packet field and a MAC field, and said MAC field is calculated from the packet field and a secret key.
3. The method of claim 1, wherein the MAC field is added to the data packet by a CMD23 command and a CMD25 command when sending a read data request to the host to the storage device.
4. The method of improving RPMB partition data security of claim 1, wherein the storage device is configured as an emmc5.1 protocol based storage device.
5. An apparatus for improving the security of RPMB partition data, the apparatus comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the method steps of any of claims 1-4.
6. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110090420.3A CN112784301B (en) | 2021-01-22 | 2021-01-22 | Method, device and medium for improving RPMB partition data security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110090420.3A CN112784301B (en) | 2021-01-22 | 2021-01-22 | Method, device and medium for improving RPMB partition data security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112784301A CN112784301A (en) | 2021-05-11 |
| CN112784301B true CN112784301B (en) | 2022-12-20 |
Family
ID=75758681
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110090420.3A Active CN112784301B (en) | 2021-01-22 | 2021-01-22 | Method, device and medium for improving RPMB partition data security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112784301B (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11030122B2 (en) * | 2014-04-08 | 2021-06-08 | Micron Technology, Inc. | Apparatuses and methods for securing an access protection scheme |
| KR102501776B1 (en) * | 2018-01-31 | 2023-02-21 | 에스케이하이닉스 주식회사 | Storage device and operating method thereof |
| KR20190099693A (en) * | 2018-02-19 | 2019-08-28 | 에스케이하이닉스 주식회사 | Memory system and operating method thereof |
| CN111444553A (en) * | 2020-04-01 | 2020-07-24 | 中国人民解放军国防科技大学 | Secure storage implementation method and system supporting TEE extension |
-
2021
- 2021-01-22 CN CN202110090420.3A patent/CN112784301B/en active Active
Non-Patent Citations (1)
| Title |
|---|
| 一种增强自主访问控制安全性的方案;陈兴蜀等;《四川大学学报(工程科学版)》;20030728(第04期);第82-85页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112784301A (en) | 2021-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220006617A1 (en) | Method and apparatus for data storage and verification | |
| US7426747B2 (en) | Methods and systems for promoting security in a computer system employing attached storage devices | |
| US8843767B2 (en) | Secure memory transaction unit | |
| US9418027B2 (en) | Secure boot information with validation control data specifying a validation technique | |
| CN105718807B (en) | Android system and its authentic authentication system based on soft TCM and credible software stack and method | |
| CN102982264A (en) | Method for protecting embedded type device software | |
| TW200832438A (en) | Secure co-processing memory controller integrated into an embedded memory subsystem | |
| JP2009518742A (en) | Method and apparatus for secure handling of data in a microcontroller | |
| WO2012034250A1 (en) | Secure data in removable storage devices via encryption token(s) | |
| EP2990953B1 (en) | Periodic memory refresh in a secure computing system | |
| JP2002281019A (en) | Portable information storage medium and method for authenticating the same | |
| EP3899774A1 (en) | Integrity tree for memory integrity checking | |
| WO2021137769A1 (en) | Method and apparatus for sending and verifying request, and device thereof | |
| CN116070241A (en) | Mobile hard disk encryption control method | |
| CN112784301B (en) | Method, device and medium for improving RPMB partition data security | |
| CN110807186B (en) | Method, device, equipment and storage medium for safe storage of storage equipment | |
| US20170262640A1 (en) | Database operation method and device | |
| CN107861892B (en) | Method and terminal for realizing data processing | |
| CN110210259B (en) | Data protection method and system for solid state disk | |
| CN108197483A (en) | Data guard method, solid state disk | |
| KR100747793B1 (en) | Recording medium storing program performing password converting certification, Method for password converting certification and System using by the same | |
| CN110659522B (en) | Storage medium security authentication method and device, computer equipment and storage medium | |
| CN110443070A (en) | More host shared memory systems and data completeness protection method | |
| CN110134339A (en) | A kind of data guard method and system based on file virtual disk | |
| CN114065218B (en) | SoC system chip safe starting method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |