CN113127901B

CN113127901B - Processing method, device and chip for data encryption transmission

Info

Publication number: CN113127901B
Application number: CN202110431379.1A
Authority: CN
Inventors: 李伟; 王凯; 陈韬; 南龙梅; 刘燕江; 杜怡然; 金羽; 吕广秋
Original assignee: Information Engineering University of PLA Strategic Support Force
Current assignee: Information Engineering University of PLA Strategic Support Force
Priority date: 2021-04-21
Filing date: 2021-04-21
Publication date: 2023-05-16
Anticipated expiration: 2041-04-21
Also published as: CN113127901A

Abstract

The application discloses a processing method, a device and a chip for data encryption transmission, wherein the method comprises the following steps: under the condition that first data transmitted by a first module corresponding to a chip are received, carrying out encryption processing on the first data to obtain encrypted first data, and inputting the encrypted first data into a bus in the chip; under the condition that second data are output from the bus, decrypting the second data to obtain decrypted second data, and transmitting the decrypted second data to a second module corresponding to the chip; the first module and the second module are modules for realizing corresponding functions respectively.

Description

Processing method, device and chip for data encryption transmission

Technical Field

The present disclosure relates to the field of data processing technologies, and in particular, to a method and an apparatus for processing encrypted data transmission, and an electronic device.

Background

The probe attack is an attack method for directly acquiring System sensitive information by detecting buses, interfaces or modules in a System on Chip (SoC), and is also the most direct and effective physical attack method. The key targets of probe attack mainly have four parts: on-chip data transmission, on-chip data storage, external interface communication and off-chip data storage.

Because of the different data transmission protocols and circuit structures of the different functional modules in the SoC, in order to implement data encryption protection for each module, each module must design an independent data encryption scheme.

However, the data encryption scheme has the defect of relatively high complexity, so that the complexity of data encryption transmission among all modules of the SoC is relatively high, and the data encryption transmission performance is relatively poor.

Disclosure of Invention

In view of this, the present application provides a processing method, apparatus and chip for data encryption transmission, which are used to solve the defect of poor data encryption transmission performance in the chip.

One aspect of the present application proposes a method for processing encrypted data transmission, the method comprising:

under the condition that first data transmitted by a first module corresponding to a chip are received, carrying out encryption processing on the first data to obtain encrypted first data, and inputting the encrypted first data into a bus in the chip;

under the condition that second data are output from the bus, decrypting the second data to obtain decrypted second data, and transmitting the decrypted second data to a second module corresponding to the chip;

The first module and the second module are modules for realizing corresponding functions respectively.

In the above method, preferably, encrypting the first data to obtain encrypted first data includes:

performing exclusive-or processing on the first data by using a target value corresponding to the first data to obtain encrypted first data;

wherein, decrypt the second data to obtain decrypted second data, including:

and performing exclusive-or processing on the second data by using the target value corresponding to the second data to obtain decrypted second data.

In the above method, preferably, before receiving the first data transmitted by the first module in the chip, the method further includes:

obtaining a predicted destination address corresponding to the first data;

and obtaining a target value corresponding to the first data according to the predicted destination address.

In the above method, preferably, after receiving the first data transmitted by the first module corresponding to the chip, before performing an exclusive-or processing on the first data by using the target value corresponding to the first data to obtain encrypted first data, the method further includes:

Judging whether the predicted destination address corresponding to the first data is consistent with the actual destination address corresponding to the first data;

if so, executing the steps: performing exclusive-or processing on the first data by using a target value corresponding to the first data to obtain encrypted first data;

if not, the target value corresponding to the first data is obtained again according to the actual destination address corresponding to the first data, and the steps are executed: and performing exclusive-or processing on the first data by utilizing the target value corresponding to the first data to obtain encrypted first data.

In the above method, preferably, obtaining the predicted destination address corresponding to the first data includes:

obtaining a historical destination address of historical data transmitted by the bus last time;

processing the historical destination address according to a first prediction mode to obtain a predicted destination address corresponding to the first data;

the first prediction mode is determined at least based on a corresponding relation between a historical destination address of the historical data and a predicted destination address of the historical data, a second prediction mode and a type of interrupt request in the chip, and the second prediction mode is a prediction mode between the first prediction mode and the second prediction mode.

In the above method, preferably, the second prediction mode is: a steady state increment prediction mode, a transient increment prediction mode, a steady state jump prediction mode, a transient jump prediction mode, a steady state hold prediction mode or a transient hold prediction mode;

the method comprises the steps of obtaining a predicted address on the basis of a historical destination address in an address increment mode in the steady state increment prediction mode, the transient increment prediction mode, the steady state jump prediction mode and the transient jump prediction mode respectively, and obtaining the predicted address on the basis of the historical destination address in a mode of maintaining the address in the steady state maintaining prediction mode and the transient maintaining prediction mode.

The above method, preferably:

if the second prediction mode is the steady state incremental prediction mode, if the historical destination address of the historical data is consistent with the predicted destination address of the historical data, the first prediction mode is consistent with the second prediction mode; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient increment prediction mode;

If the second prediction mode is the transient increment prediction mode, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the interrupt request is of a first interrupt type, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient skip prediction mode; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the interrupt request is of a second interrupt type, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient hold prediction mode; if the historical destination address of the historical data is consistent with the predicted destination address of the historical data, the second prediction mode is switched to the first prediction mode and the first prediction mode is the steady state incremental prediction mode;

if the second prediction mode is the transient skip prediction mode, if the predicted destination address of the history data is consistent with the predicted destination address of the data transmitted on the bus before the history data, the second prediction mode is switched to the first prediction mode and the first prediction mode is the steady state skip prediction mode; if the predicted destination address of the historical data and the predicted destination address of the data transmitted on the bus before the historical data are in an address increment relation, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient increment prediction mode; if the predicted destination address of the history data and the predicted destination address of the data transmitted on the bus before the history data are in an address-preserving relationship, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient-preserving prediction mode;

If the second prediction mode is the steady state skip prediction mode, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient skip prediction mode;

if the second prediction mode is the transient hold prediction mode, if a predicted destination address of the history data and a predicted destination address of data transmitted on the bus before the history data are in an address hold relationship, the second prediction mode is switched to the first prediction mode and the first prediction mode is the steady state hold prediction mode; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and no new interrupt request exists, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient increment prediction mode; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and a new interrupt request exists, the second prediction mode is switched to the first prediction mode, and the first prediction mode is the transient jump prediction mode;

If the second prediction mode is the steady state hold prediction mode, if the historical destination address of the historical data does not match the predicted destination address of the historical data, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient hold prediction mode.

In the above method, preferably, before performing encryption processing on the first data to obtain encrypted first data, the method further includes:

reading a preset first configuration parameter;

in case the first configuration parameter characterizes that data encryption is required, performing the steps of: encrypting the first data to obtain encrypted first data;

inputting the first data into the bus under the condition that the first configuration parameter characterizes that data encryption is not needed;

wherein, before decrypting the second data to obtain decrypted second data, the method further comprises:

reading a preset second configuration parameter;

in case the second configuration parameter characterizes the need of data decryption, performing the steps of: decrypting the second data to obtain decrypted second data;

And transmitting the second data to a second module corresponding to the chip under the condition that the second configuration parameter characterizes that the data decryption is not needed.

Another aspect of the present application further provides a processing device for encrypted data transmission, at least including:

the encryption unit is used for carrying out encryption processing on the first data under the condition that the first data transmitted by the first module corresponding to the chip is received so as to obtain encrypted first data, and inputting the encrypted first data into a bus in the chip;

the decryption unit is used for decrypting the second data under the condition that the second data are output from the bus so as to obtain decrypted second data, and transmitting the decrypted second data to a second module corresponding to the chip;

Another aspect of the present application also provides a chip, including:

a bus;

a processing module for: under the condition that first data transmitted by a first module corresponding to the chip are received, carrying out encryption processing on the first data to obtain encrypted first data, and inputting the encrypted first data into the bus;

The processing module is further configured to: under the condition that second data are output from the bus, decrypting the second data to obtain decrypted second data, and transmitting the decrypted second data to a second module corresponding to the chip;

According to the technical scheme, in the processing method, the device and the chip for data encryption transmission, when first data transmitted by the first module in the chip is received, encryption processing is carried out on the first data, the encrypted first data is transmitted to the bus in the chip, when second data is output from the bus, decryption processing is carried out on the second data, and then the decrypted second data is transmitted to the second module in the chip. Therefore, since data transmission and storage between all modules in the chip can be completed by relying on the bus, in the method, data obtained when an attacker detects the data in the chip through the probe is encrypted data and cannot acquire any sensitive data, so that the protection of the data transmitted and stored by each module in the chip is realized, and meanwhile, an independent encryption scheme is not required to be designed for different modules, so that the complexity of data encryption transmission is reduced, and the performance of data encryption transmission is improved while the data encryption transmission in the chip is realized.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a flowchart of a processing method for encrypted data transmission according to an embodiment of the present application;

FIG. 2 is a schematic diagram of a SoC chip;

FIG. 3 is an exemplary diagram of the present application for data encryption transmission on a SoC chip;

FIGS. 4-6 are respectively a flowchart illustrating a processing method for encrypting and transmitting data according to an embodiment of the present application;

FIG. 7 is a partial flow chart of a processing method for encrypting and transmitting data according to an embodiment of the present application;

FIG. 8 is a schematic diagram illustrating address prediction in the embodiment of the present application;

FIG. 9 is another flowchart of a processing method for encrypting data for transmission according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a processing device for encrypted data transmission according to a second embodiment of the present application;

Fig. 11 to fig. 13 are schematic diagrams of another structure of a processing device for encrypted data transmission according to a second embodiment of the present application;

fig. 14 is a schematic structural diagram of a chip according to a third embodiment of the present application;

fig. 15 is a schematic diagram of a data encryption pipeline when the present application is applicable to SoC chips for implementing data encryption transmission;

FIG. 16 is a schematic diagram illustrating state transitions of a branch predictor applicable to SoC chips for data encryption transmission;

fig. 17 is a schematic diagram of a bus architecture of the present application when the SoC chip is adapted to implement data encryption transmission;

fig. 18 is a schematic flow chart of an algorithm of bus write transmission when the SoC chip is suitable for realizing data encryption transmission.

Detailed Description

The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.

Referring to fig. 1, a flowchart of a processing method for data encryption transmission according to an embodiment of the present application is provided, and the method may be applied to a chip that needs to be protected from probe attack, such as an SoC chip, to protect data on the chip.

Specifically, the method in this embodiment may include the following steps:

step 101: and receiving the first data transmitted by the first module corresponding to the chip.

In one possible case, the first module may be a module in a chip for implementing a corresponding function, such as a central processor CPU (central processing unit) module, a direct Memory Access DMA (Direct Memory Access) module, a Static Random-Access Memory (SRAM) module, or a Eflash (embedded Flash) module in an SoC chip, as shown in fig. 2;

in another possible case, the first module may be a module connected to a chip, and may be capable of implementing a corresponding function, such as an external device connected to a SoC chip or an off-chip memory, as shown in fig. 2.

The first data may be data to be transmitted by the first module, and may be represented by ψ, for example, data to be written into the SRAM module in the CPU module, for example, data to be transmitted to an external device in the SRAM module, for example, data to be transmitted to the CPU module in the off-chip storage, and so on.

In a specific implementation, in step 101, when the first module needs to transmit the first data, the first data transmitted from the first module is received.

Step 102: and encrypting the first data to obtain encrypted first data.

Specifically, in this embodiment, the configured encryption algorithm may be used to encrypt the first data, so as to obtain encrypted first data.

The encryption algorithm here may be a sequence cipher algorithm, a block cipher algorithm, a public key cipher algorithm, or the like. Based on this, encrypted first data can be obtained, which can be denoted by D.

Step 103: the encrypted first data is input to a bus in the chip such that the first data is transmitted in the bus.

In this embodiment, the encrypted first data is input at an input end of the bus, where the input end may be an end of the bus connected to the first module, as shown in fig. 3.

Step 104: and in the case that the second data is output from the bus, performing decryption processing on the second data to obtain decrypted second data.

The second data output from the bus may be the encrypted first data itself, or the second data output from the bus may be data transmitted on the bus before or after the encrypted first data.

In one case, the second data output from the bus may be encrypted data that is transmitted to the bus, and based on this, in this embodiment, the second data is decrypted when the second data is output from the bus, specifically, the second data may be decrypted by using a decryption algorithm corresponding to an encryption algorithm when the second data is encrypted, so as to obtain decrypted second data, which may be denoted as Γ.

Step 105: and transmitting the decrypted second data to a second module corresponding to the chip.

The second module may, in one possible case, be a module in the chip for realizing the respective function. Such as a CPU module, a DMA module, an SRAM module, an Eflash module, etc. in the SoC chip;

in another possible case, the second module may be a module connected to the chip, and may implement a corresponding function, such as an external device connected to the SoC chip or an off-chip memory.

The second data is data that the second module needs to receive, such as data that the SRAM module needs to receive and transmitted by the CPU module, data that the external device needs to receive and transmitted by the SRAM module, and data that the CPU module needs to receive and transmitted by off-chip storage, and so on.

In addition, in this embodiment, the second data is received at an output end of the bus, where the output end may be one end of the bus connected to the second module, as shown in fig. 3, so that the second data received and output from the bus may be directly transmitted to the second module after being decrypted, and it is seen that the data transmitted on the bus is encrypted data and is not easy to be attacked.

As can be seen from the above technical solution, in the processing method for encrypted data transmission provided in the first embodiment of the present application, when first data transmitted by a first module in a chip is received, the first data is encrypted, then the encrypted first data is transmitted to a bus in the chip, and when second data is output from the bus, the second data is decrypted, and then the decrypted second data is transmitted to a second module in the chip. Therefore, since data transmission and storage between all modules in the chip can be completed by relying on the bus, in the embodiment, data obtained when an attacker detects the data in the chip through the probe is encrypted data and cannot acquire any sensitive data, so that the protection of the data transmitted and stored by each module in the chip is realized, and meanwhile, an independent encryption scheme is not required to be designed for different modules, so that the complexity of data encryption transmission is reduced, and the performance of data encryption transmission is improved while the data encryption transmission in the chip is realized.

It should be noted that, in this embodiment, a plurality of data to be transmitted on the bus may be sequentially processed according to different time slots in the above encryption and decryption processing manner, so that the processing efficiency of data encryption transmission is further improved through the data encryption pipeline.

Based on the above implementation scheme, in order to further accelerate the processing efficiency of data encryption transmission, the implementation is realized by improving the encryption and decryption algorithm in the embodiment. Specifically, in step 102, when the first data is encrypted, the following steps may be specifically implemented, as shown in fig. 4:

step 121: and performing exclusive or processing on the first data by utilizing the target value corresponding to the first data to obtain encrypted first data.

The target value corresponding to the first data may be a target value obtained by processing the first data based on the destination address corresponding to the first data, and based on this, the target value of the first data may be obtained by processing the first data, and thus, without storing in a chip, decryption processing when the encrypted first data is output from the bus may be achieved. Meanwhile, the complexity of the first data encryption processing is obviously low by performing exclusive OR processing on the first data by using the target value, and the data encryption processing efficiency can be accelerated.

On this basis, in the decryption processing of the second data in step 104, the following steps may be implemented:

step 141: and performing exclusive or processing on the second data by using the target value corresponding to the second data to obtain decrypted second data.

The target value corresponding to the second data may be a target value obtained by processing the second data based on the destination address corresponding to the second data, and based on this, the target value of the second data may be obtained by processing the second data before the second data is received or after the second data is received, without storing the target value corresponding to the second data in the chip in advance, which may also enable decryption of the second data. Meanwhile, the processing complexity of decrypting the second data is obviously low by performing exclusive OR processing on the second data by using the target value, and the processing efficiency of data decryption can be accelerated.

Based on the implementation scheme, the target value corresponding to the first data can be obtained before the first data is received, so that the time consumed by the data encryption processing is further saved, and the processing efficiency is improved. Specifically, before step 101, the method in this embodiment may further include the following steps, as illustrated in fig. 5:

Step 106: and obtaining a predicted destination address corresponding to the first data.

The predicted destination address corresponding to the first data refers to a destination address of the first data predicted to be upcoming before the first data is received, for example, the destination address of the first data transmitted to the SRAM module by the CPU module is predicted, so as to obtain the predicted destination address corresponding to the first data, which may be represented by R.

Step 107: and obtaining a target value corresponding to the first data according to the predicted destination address.

Specifically, in this embodiment, a preset key input, such as a key K, may be used to encrypt the predicted destination address, so as to obtain a target value corresponding to the first data, which may be E _K (R) represents a compound.

Based on this, after the first data is received in step 101, the first data may be directly subjected to exclusive or processing by using the target value corresponding to the first data, so as to obtain encrypted first data, without waiting for the first data to be received, and then obtaining the target value corresponding to the first data according to the destination address corresponding to the first data, thereby saving encryption processing time and improving processing efficiency.

Similarly, when the second data is xored in step 141 to obtain the decrypted second data, the target value corresponding to the second data may be obtained before the second data is transmitted from the bus, which specifically includes the following steps:

Step 108: and obtaining a predicted destination address corresponding to the second data, and obtaining a target value corresponding to the second data according to the predicted destination address corresponding to the second data.

Based on the method, after the second data is output from the bus, the target value corresponding to the second data can be directly used for carrying out exclusive OR processing on the second data, so that decrypted second data is obtained, the second data does not need to wait for the second data to be output from the bus and then obtain the target value corresponding to the second data, decryption processing time is saved, and processing efficiency is improved.

Based on this, in order to improve the accuracy of data encryption transmission, in this embodiment, it is necessary to determine whether the predicted destination address corresponding to the first data is accurate before encrypting the first data, and also determine whether the predicted destination address corresponding to the second data is accurate before decrypting the second data. Based on this, the following steps may also be performed after step 101 and before step 121 in the present embodiment, as shown in fig. 6:

step 109: it is determined whether the predicted destination address corresponding to the first data is consistent with the actual destination address corresponding to the first data, if so, step 121 is performed, and if not, step 110 is performed.

The actual destination address corresponding to the first data is an accurate destination address, specifically, after the first data is received, the actual destination address corresponding to the first data may be read in the first data, and may be denoted by a.

Based on this, before step 121 is executed, the predicted destination address corresponding to the first data is compared with the actual destination address corresponding to the first data to determine whether the predicted destination address corresponding to the first data is consistent, if so, it is indicated that the predicted destination address corresponding to the first data is accurate, step 121 is directly executed, and the first data is directly exclusive-ored by using the target value corresponding to the first data, so as to obtain encrypted first data, and is encrypted accurate first data, if not, it is indicated that the predicted destination address corresponding to the first data is inaccurate, and step 110 is executed at this time.

Step 110: and according to the actual destination address corresponding to the first data, the target value corresponding to the first data is obtained again, and then step 121 is executed.

That is to say that the first and second,in the case that the predicted destination address corresponding to the first data is inaccurate, it is necessary to retrieve an accurate target value using an accurate actual destination address. Specifically, in this embodiment, a preset key input, such as a key K, may be used to encrypt the actual destination address, so as to obtain a target value corresponding to the first data, which may be E _K (A) And (3) representing. Thereafter, step 121 is performed, whereby the first data is exclusive-ored using the retrieved accurate target value, thereby obtaining encrypted first data, which is the encrypted accurate first data.

Similarly, before exclusive-or processing the second data to obtain decrypted second data in step 141, the following steps may be further performed:

step 111: and judging whether the predicted destination address corresponding to the second data is consistent with the actual destination address corresponding to the second data, if so, executing step 141, and if not, executing step 112.

The actual destination address corresponding to the second data is an accurate destination address, and specifically, after the second data is output from the bus, the actual destination address corresponding to the second data may be read from the second data.

Based on this, before step 141 is executed, the predicted destination address corresponding to the second data is compared with the actual destination address corresponding to the second data to determine whether the predicted destination address corresponding to the second data is consistent, if so, it is indicated that the predicted destination address corresponding to the second data is accurate, at this time, step 141 is directly executed, and the second data is directly exclusive-ored by using the target value corresponding to the second data, so as to obtain decrypted second data, and is the decrypted second data, if not, it is indicated that the predicted destination address corresponding to the second data is inaccurate, at this time, step 112 is executed.

Step 112: and (3) according to the actual destination address corresponding to the second data, obtaining the target value corresponding to the second data again, and executing step 141.

That is, in the case where the predicted destination address corresponding to the second data is inaccurate, it is necessary to retrieve an accurate target value using an accurate actual destination address. Specifically, in this embodiment, a preset key input, such as a key K, may be used to encrypt the actual destination address, so as to obtain the target value corresponding to the second data. Thereafter, step 141 is performed, whereby the second data is exclusive-ored using the retrieved accurate target value, thereby obtaining decrypted second data, which is the decrypted accurate second data.

In particular implementations, the predicted destination address may be predicted based on historical destination addresses. The prediction scheme of the predicted destination address corresponding to the first data is similar to that of the predicted destination address corresponding to the second data, and here, taking the predicted destination address corresponding to the first data as an example, the detailed description will be given of the acquisition scheme of the predicted destination address:

specifically, step 106 may be implemented when obtaining the predicted destination address corresponding to the first data, as shown in fig. 7, specifically by:

Step 161: a historical destination address of historical data transmitted by the bus last time is obtained.

The historical destination address is an actual destination address of the historical data, and can be specifically read from the historical data.

Step 162: and processing the historical destination address according to the first prediction mode to obtain a predicted destination address corresponding to the first data.

The first prediction mode is determined at least based on the corresponding relation between the historical destination address of the historical data and the predicted destination address of the historical data, a second prediction mode and the type of the interrupt request in the chip, wherein the second prediction mode is the prediction mode before the first prediction mode is switched.

The predicted destination address of the history data is a destination address predicted by using the second prediction method. That is, in this embodiment, the prediction mode is switched based on the correspondence between the historical destination address of the historical data and the predicted destination address of the historical data and the type of the interrupt request, and then the historical destination address is processed according to the switched prediction mode, that is, the first prediction mode, so that the predicted destination address corresponding to the first data can be predicted.

It should be noted that, the modes of processing the historical destination address in different prediction modes are also different, and the corresponding relationship between the predicted destination address corresponding to the obtained first data and the historical destination address corresponding to the historical data is also different, which may include various different corresponding relationships such as increment, jump, hold, etc.

Based on the above, the second prediction mode may be a steady state incremental prediction mode, a transient incremental prediction mode, a steady state skip prediction mode, a transient skip prediction mode, a steady state hold prediction mode, or a transient hold prediction mode; after the second prediction mode is switched to the first prediction mode, the first prediction mode may be the same as or different from the second prediction mode, and thus, the first prediction mode may be a steady state incremental prediction mode, a transient incremental prediction mode, a steady state skip prediction mode, a transient skip prediction mode, a steady state hold prediction mode, or a transient hold prediction mode.

It should be noted that, the various prediction modes described in the above embodiment may also be understood as prediction states for predicting the destination address, and in different prediction states, the historical destination address is predicted in a corresponding prediction mode.

The method comprises the steps of obtaining a predicted address based on a historical destination address in an address increment mode in a steady state increment prediction mode, a transient increment prediction mode, a steady state jump prediction mode and a transient jump prediction mode, namely, obtaining the predicted destination address corresponding to first data by carrying out unit address increment processing on the historical destination address of the historical data in the four prediction modes of the steady state increment prediction mode, the transient increment prediction mode, the steady state jump prediction mode and the transient jump prediction mode.

And the static state maintaining prediction mode and the transient state maintaining prediction mode obtain the predicted address based on the historical destination address in an address maintaining mode. That is, in both the steady state hold prediction mode and the transient hold prediction mode, the predicted destination address corresponding to the first data can be obtained by performing the process of holding the historical destination address of the historical data unchanged.

Several cases in which the second prediction mode is switched to the first prediction mode are illustrated below, as shown in fig. 8:

if the second prediction mode is a steady state incremental prediction mode, if the historical destination address of the historical data is consistent with the predicted destination address of the historical data, indicating that the prediction is correct, and at the moment, keeping the first prediction mode consistent with the second prediction mode; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, indicating that the prediction is wrong, switching the second prediction mode into a first prediction mode and switching the first prediction mode into a transient incremental prediction mode;

In the transient increment prediction mode, the target address is still predicted in an address increment processing mode;

if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the interrupt request is of the first interrupt type, the fact that the interrupt request of the first interrupt type causes a prediction error is indicated, and at the moment, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient jump prediction mode; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the interrupt request is of a second interrupt type, the fact that the interrupt request of the second interrupt type causes prediction errors is indicated, and at the moment, the second prediction mode is switched to the first prediction mode and the first prediction mode is a transient maintenance prediction mode; if the historical destination address of the historical data is consistent with the predicted destination address of the historical data, the prediction is correct, at the moment, the second prediction mode is switched to the first prediction mode, and the first prediction mode is a steady state incremental prediction mode;

in the transient jump prediction mode, the destination address is predicted by an address increment processing mode, and in the transient hold prediction mode, the destination address is predicted by an address hold processing mode.

If the second prediction mode is a transient skip prediction mode, if the predicted destination address of the historical data is consistent with the predicted destination address of the data transmitted on the bus before the historical data, the prediction is correct, and at this time, the second prediction mode is switched to a first prediction mode and the first prediction mode is a steady state skip prediction mode; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the predicted destination address of the historical data is in an address increment relation with the predicted destination address of the data transmitted on the bus before the historical data, a state that the prediction is wrong and the address is incremental is described, and at the moment, the second prediction mode is switched to the first prediction mode and the first prediction mode is a transient increment prediction mode; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the relationship between the historical destination address of the historical data and the historical destination address of the previous historical data is address holding, a state that the prediction is wrong and the address is holding is indicated, at the moment, the second prediction mode is switched to the first prediction mode and the first prediction mode is a transient state holding prediction mode;

In the steady state jump prediction mode, the destination address is predicted by an address increment processing mode.

If the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data under the condition that the second prediction mode is the steady state jump prediction mode, indicating that the interrupt request processing of the first interrupt type is completed, at the moment, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient jump prediction mode;

if the second mode is a transient hold prediction mode, if the relationship between the predicted destination address of the history data and the predicted destination address of the data transmitted on the bus before the history data is address hold, indicating that the prediction is correct, the second prediction mode is switched to the first prediction mode and the first prediction mode is a steady state hold prediction mode; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and no new interrupt request exists, the second prediction mode is switched to the first prediction mode, and the first prediction mode is a transient incremental prediction mode; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and a new interrupt request exists, executing new interrupt processing at the moment, and switching the second prediction mode into the first prediction mode and switching the first prediction mode into a transient jump prediction mode at the moment;

In the steady state hold prediction method, the destination address is predicted by an address hold processing method.

If the second prediction mode is a steady state hold prediction mode, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, indicating that the interrupt request processing of the second interrupt type is completed, at this time, the second prediction mode is switched to the first prediction mode and the first prediction mode is a transient hold prediction mode.

Therefore, the prediction mode adopted in the embodiment is switched according to the switching principle of the prediction mode, and all data transmission conditions in the chip are covered through three-level dynamic branch prediction, so that the accuracy of destination address prediction is improved.

Based on the above implementation scheme, in order to implement configurable data encryption transmission processing, in this embodiment, configuration parameters may be preset by a user through setting a configuration interface and a configuration interface, so as to determine whether data encryption transmission is required. For example, a configuration control is provided for a user in a configuration interface, the configuration control is selected by the user, if the user selects the control needing encryption transmission, a first configuration parameter representing that data encryption needs to be performed and a second configuration parameter representing that data decryption needs to be performed are generated, and if the user selects the control needing no encryption transmission, a first configuration parameter representing that data encryption does not need to be performed and a second configuration parameter representing that data decryption does not need to be performed are generated.

Based on this, the following steps are performed before step 102 in this embodiment, as shown in fig. 9:

step 113: and reading a preset first configuration parameter.

The first configuration parameter may be read at a location in the chip where the configuration parameter is stored.

Step 114: judging whether the first configuration parameters represent that data encryption is needed or not, executing step 102 and executing step 103 under the condition that the first configuration parameters represent that the data encryption is needed; in the case that the first configuration parameter characterization does not require data encryption, step 102 is no longer performed, but step 103 is performed directly, i.e. the first data to be transmitted in the first module is transmitted directly into the bus.

Similarly, in this embodiment, before the decryption processing is performed on the second data in step 104, the following steps are performed:

step 115: and reading a preset second configuration parameter.

The second configuration parameter may be read at a location in the chip where the configuration parameter is stored.

Step 116: judging whether the second configuration parameters represent the need of data decryption or not, executing step 104 to decrypt the second data to obtain decrypted second data under the condition that the second configuration parameters represent the need of data decryption, and executing step 105; in the case where the second configuration parameter indicates that the encryption of the data is not required, the decryption of the second data in step 104 is no longer performed, but step 105 is performed directly, i.e. the second data transmitted from the bus is transmitted directly to the second module.

Therefore, the data encryption transmission configurability is realized by providing the configuration interface and the configuration interface, and convenience is provided for users.

Referring to fig. 10, a schematic structural diagram of a processing device for encrypted data transmission according to a second embodiment of the present application may be configured in a chip that needs to be protected from probe attack, such as an SoC chip, to protect data on the chip.

Specifically, the apparatus in this embodiment may include the following units:

an encryption unit 1001, configured to, when receiving first data transmitted by a first module corresponding to a chip, encrypt the first data to obtain encrypted first data, and input the encrypted first data to a bus in the chip;

a decryption unit 1002, configured to decrypt the second data to obtain decrypted second data when the second data is output from the bus, and transmit the decrypted second data to a second module corresponding to the chip;

As can be seen from the above technical solution, in the processing device for encrypting and transmitting data provided in the second embodiment of the present application, when first data transmitted by a first module in a chip is received, the first data is encrypted, then the encrypted first data is transmitted to a bus in the chip, and when second data is output from the bus, the second data is decrypted, and then the decrypted second data is transmitted to a second module in the chip. Therefore, since data transmission and storage between all modules in the chip can be completed by relying on the bus, in the embodiment, data obtained when an attacker detects the data in the chip through the probe is encrypted data and cannot acquire any sensitive data, so that the protection of the data transmitted and stored by each module in the chip is realized, and meanwhile, an independent encryption scheme is not required to be designed for different modules, so that the complexity of data encryption transmission is reduced, and the performance of data encryption transmission is improved while the data encryption transmission in the chip is realized.

In one implementation, the encryption unit 1001 is specifically configured to: performing exclusive-or processing on the first data by using a target value corresponding to the first data to obtain encrypted first data;

the decryption unit 1002 is specifically configured to: and performing exclusive-or processing on the second data by using the target value corresponding to the second data to obtain decrypted second data.

Based on this, the apparatus in the present embodiment may further include the following units, as shown in fig. 11:

an address processing unit 1003, configured to obtain a predicted destination address corresponding to first data before the encryption unit 1001 receives the first data transmitted by a first module in a chip; and obtaining a target value corresponding to the first data according to the predicted destination address.

Further, the apparatus in this embodiment may further include the following units, as shown in fig. 12:

an address arbitration unit 1004, configured to determine, after the encryption unit 1001 receives first data transmitted by a first module corresponding to a chip, whether a predicted destination address corresponding to the first data is consistent with an actual destination address corresponding to the first data before the encryption unit 1001 performs an exclusive-or process on the first data by using a target value corresponding to the first data to obtain encrypted first data; if the first data is consistent, triggering an encryption unit 1001 to perform exclusive-or processing on the first data by using a target value corresponding to the first data so as to obtain encrypted first data; if the first data is inconsistent, the trigger address processing unit 1003 retrieves a target value corresponding to the first data according to an actual destination address corresponding to the first data, and then triggers the encryption unit 1001 to perform exclusive-or processing on the first data by using the target value corresponding to the first data, so as to obtain encrypted first data.

Specifically, when the address processing unit 1003 obtains the predicted destination address corresponding to the first data, the address processing unit is specifically configured to: obtaining a historical destination address of historical data transmitted by the bus last time; processing the historical destination address according to a first prediction mode to obtain a predicted destination address corresponding to the first data;

In a specific implementation, the second prediction mode is: a steady state increment prediction mode, a transient increment prediction mode, a steady state jump prediction mode, a transient jump prediction mode, a steady state hold prediction mode or a transient hold prediction mode;

Based on this, if the second prediction mode is the steady state incremental prediction mode, if the history destination address of the history data coincides with the predicted destination address of the history data, the first prediction mode and the second prediction mode remain coincident; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient increment prediction mode;

In one implementation, the apparatus in this embodiment may further include the following units, as shown in fig. 13:

an encryption judging unit 1005, configured to read a preset first configuration parameter before the encrypting unit 1001 performs encryption processing on the first data to obtain encrypted first data; triggering an encryption unit 1001 to encrypt the first data to obtain encrypted first data when the first configuration parameter characterizes that the data encryption is required; triggering an encryption unit 1001 to input the first data into the bus in the case that the first configuration parameter characterizes that data encryption is not required;

a decryption determining unit 1006, configured to read a preset second configuration parameter before the decryption unit 1002 performs decryption processing on the second data to obtain decrypted second data; triggering a decryption unit 1002 to decrypt the second data to obtain decrypted second data when the second configuration parameter characterizes that the data decryption is required; and triggering a decryption unit 1002 to transmit the second data to a second module corresponding to the chip under the condition that the second configuration parameter characterizes that the data does not need to be decrypted.

It should be noted that, the specific implementation of each unit in this embodiment may refer to the corresponding content in the foregoing, which is not described in detail herein.

Referring to fig. 14, a schematic structural diagram of a chip according to a third embodiment of the present application may be a chip that needs to be protected from probe attack, such as an SoC chip, so as to protect data on the chip.

Specifically, the chip in this embodiment may include the following modules:

bus 1401 for implementing data transmission between respective modules corresponding to the chip, where the modules may be functional modules included in the chip, such as a CPU module or a DMA module; alternatively, the module may be an external module connected to the chip, such as an external device or an off-chip storage.

A processing module 1402 for: in the case of receiving the first data transmitted from the first module 1403 corresponding to the chip, performing encryption processing on the first data to obtain encrypted first data, and inputting the encrypted first data into the bus 1401;

the processing module 1402 is further configured to: in the case that second data is output from the bus 1401, performing decryption processing on the second data to obtain decrypted second data, and transmitting the decrypted second data to a second module 1404 corresponding to the chip;

Wherein the first module 1403 and the second module 1404 are modules for implementing respective functions, respectively.

As can be seen from the above technical solution, in the chip provided in the third embodiment of the present application, when first data transmitted from a first module in the chip is received, encryption processing is performed on the first data, then the encrypted first data is transmitted to a bus in the chip, and when second data is output from the bus, decryption processing is performed on the second data, and then the decrypted second data is transmitted to a second module in the chip. Therefore, since data transmission and storage between all modules in the chip can be completed by relying on the bus, in the embodiment, data obtained when an attacker detects the data in the chip through the probe is encrypted data and cannot acquire any sensitive data, so that the protection of the data transmitted and stored by each module in the chip is realized, and meanwhile, an independent encryption scheme is not required to be designed for different modules, so that the complexity of data encryption transmission is reduced, and the performance of data encryption transmission is improved while the data encryption transmission in the chip is realized.

In a specific implementation, the processing module 1402 may implement corresponding functions by configuring functional units such as an encryption unit, a decryption unit, an address arbitration unit, and the like.

It should be noted that, the specific implementation of the processing module 1402 in this embodiment may refer to the corresponding content in the foregoing, which is not described in detail herein.

Taking a chip as an SoC chip as an example, in order to realize probe attack protection of the SoC chip, in this embodiment, a processing scheme of performing data encryption transmission in the SoC chip is improved, and an improvement process and an improved technical scheme are described in detail below:

the inventors of the present application found during the study of probe attack that: the key targets of probe attack mainly have four parts: on-chip data transmission, on-chip data storage, external interface communication and off-chip data storage. Because of the different data transmission protocols and circuit structures of the different functional modules, if the data of each object is separately encrypted and protected, each module must be designed with an independent data encryption module. The data protection mode has complex implementation process on one hand and also inevitably causes great hardware area cost on the other hand.

In view of this, the inventors of the present application have further studied and proposed a technical solution for encrypting data via a bus. The system bus is used as a bridge for connecting and communicating all functional modules in the SoC chip, and data transmission and storage between all the functional modules can be completed by relying on the system bus. Therefore, by encrypting the data transmitted on the system bus, the encryption protection of the data transmitted and stored by each module can be realized, and an attacker detects the four key targets through the probe, and the obtained random numbers are encrypted, so that any effective information can not be obtained. Therefore, the bus data encryption proposed by the application can protect the security of data transmission and storage between the functional modules.

Meanwhile, as the bus data encryption inevitably causes certain bus data transmission performance loss, the inventor of the application further researches how to reduce the bus data transmission performance loss as much as possible while ensuring the data encryption safety, thereby ensuring the whole operation performance of the whole SoC chip.

In view of this, the inventors of the present application proposed using a block cipher algorithm to realize encrypted transmission of bus data against the current situation that bus data transmission is affected by an actual user application with a large uncertainty. The block cipher algorithm can realize the balance of encryption security, hardware overhead and encryption performance, has no key stream synchronization problem, and can be suitable for bus data encryption. While the block cipher algorithm performs data encryption in a variety of modes, including a counter mode. In the counter mode, the count value of the counter is encrypted by an encryption algorithm in advance to obtain a group of random numbers, and the random numbers and the current data are subjected to exclusive OR operation to obtain ciphertext. For the counter mode, most encryption operations can be completed in advance, and the operation related to the current data is exclusive-or operation, which is the mode with the highest encryption speed in all encryption modes. The processing mode of counter encryption in the block cipher algorithm can improve the efficiency of data encryption.

However, in the SoC chip, when the bus data is encrypted using the counter encryption processing method, the counter value needs to be stored in advance, and when decryption is performed, decryption is performed using the current encrypted counter value. If the sensitive data of the SoC chip is more, when the encryption task amount is larger, the space of the counter value to be stored is huge, and a huge burden is brought to the SoC chip.

In view of this, the inventors of the present application have further studied to propose using a data address instead of a count value in the process of bus data encryption transmission, so that there is no need to store a large number of values, thereby saving space occupation and reducing the burden of SoC chips. Specifically, in the bus data transmission process, data and addresses are in one-to-one correspondence, and the addresses of the data are used for replacing the count value of the counter, so that the requirement on-chip storage resources is reduced. Therefore, the data encryption is carried out by utilizing the counter encryption processing mode, the bus address is encrypted in advance to obtain a group of random numbers, the data and the random numbers are subjected to exclusive OR operation to obtain ciphertext and transmitted, the transmitted ciphertext can effectively ensure the safety of the data, and meanwhile, the key stream synchronization problem can be effectively solved by adopting the counter value substitution scheme based on the data address, so that the burden of a chip is reduced.

In summary, the present application proposes a configurable efficient bus data encryption method for resisting probe attack, whose core mainly includes the following three aspects: a bus data encryption pipeline, a three-stage dynamic branch predictor, and a security system bus architecture. The three are mutually matched, so that the problem of key stream synchronization can be effectively solved on the premise of carrying out encryption protection on sensitive data transmitted on a bus, and the bus data transmission performance loss caused by data encryption is reduced to the greatest extent. The method comprises the following steps:

1. bus data encryption pipeline

The application provides a data encryption pipeline, which reduces time consumption by adding a pre-encryption process and achieves the aim of improving efficiency.

The whole data Encryption pipeline is mainly composed of four stages of Address prefetching AF (Address Fetching), address Pre-Encryption (APE), predictive Address arbitration PAA (Predicted Address Arbitration) and data Encryption DE (Data Encryption), as shown in fig. 15. Based on this, each data packet is subjected to the above four stages of processing, and adjacent data packets are sequentially processed on adjacent time slots, realizing a data encryption pipeline, as shown in fig. 15, time slots T1 to T7 process one data packet each, and each time slot processes one stage. Taking a data packet processing as an example, the following is specific:

The AF acquires a predicted address R of the sensitive data, where the sensitive data may be understood as the first data mentioned above, i.e. the data to be transmitted, where the predicted address R is the predicted destination address corresponding to the first data mentioned above, and the APE encrypts R using the key K. The ciphertext P resulting from encrypting R by the key K can be represented by formula (1).

And the PAA verifies whether the predicted address R is equal to the actual address A, wherein the actual address is the actual destination address corresponding to the first data in the previous description, as shown in the formula (2), if R is equal to A, the DE performs exclusive OR operation between the ciphertext P and the ψ to obtain encrypted sensitive data D. If R is not equal to A, the APE encrypts the actual address A, and then the cipher text obtained by the encryption of the psi and A is used for performing exclusive OR operation.

Wherein the operations of the AF and APE are independently completed with the data transmission, and thus should be performed before the data transmission to improve the data encryption efficiency.

2. Three-stage dynamic branch predictor

In the SoC chip, bus data transmission is classified into three types according to address characteristics: address invariance, address increment, and address hopping. In this embodiment, in order to cover the data transmission situation in the SoC chip, a three-stage dynamic branch predictor is proposed, and a state transition diagram thereof is shown in fig. 16. Wherein 100 and 101 respectively represent a prediction mode of a steady state prediction increment address and a prediction mode of a transient state prediction increment address, namely, a steady state increment prediction mode and a transient state increment prediction mode in the foregoing; 010 and 011 respectively represent a prediction mode of a steady state predicted jump address and a prediction mode of a transient predicted jump address, namely a steady state jump prediction mode and a transient jump prediction mode in the previous text; 000 and 001 represent the prediction mode of the steady state predicted current address and the prediction mode of the transient predicted current address, i.e., the steady state hold prediction mode and the transient hold prediction mode in the foregoing, respectively.

Taking the example that the CPU continuously writes data into the SRAM space, the state transition process of the three-stage dynamic branch predictor, namely the switching process of the prediction mode, is introduced.

Firstly, when the branch predictor is in a state of predicting an increment address in a steady state, namely the current state is 100, and when an interrupt request is generated by factors such as an interface, a timer or program abnormality, the CPU pauses writing data operation into the SRAM, jumps to an interrupt processing program and executes interrupt operation, the bus data transmission address changes, the branch predictor detects that the bus actual transmission address is inconsistent with the predicted address, the state of the branch predictor jumps to 101, the state of the transient prediction increment address is entered, the increment prediction operation is executed once, and when the predicted address is consistent with the actual transmission address, the prediction is correct, and the state of the branch predictor jumps to 100.

When the branch predictor is in a state of transient prediction increment address, if a higher-authority interrupt request exists, the CPU executes the higher-level interrupt request, if the predicted addresses are inconsistent with the actual transmission addresses, the prediction is wrong, the state of the branch predictor jumps to 011, the state of the transient prediction jump address is entered, and one increment prediction operation is executed. The next predicted address is consistent with the current address, the state jumps to 010, the state of the steady state predicted jump address is entered, the predicted address increment operation is executed until the execution of the high-level interrupt is completed, the predicted address of the predictor is wrong, and the state of the branch predictor jumps to 011.

When the branch predictor is in the state of transient prediction jump address, if the next predicted address is inconsistent with the current address and the next predicted address is unchanged with the last actual address, the state of the branch predictor jumps to 001 to enter the state of transient prediction current address, and if the next predicted address is inconsistent with the current address and the next predicted address is in an incremental relation with the last actual address, the state of the branch predictor jumps to 101 to enter the state of transient prediction incremental address.

When the branch predictor is in a state of transient prediction increment address, if the low-level interrupt needs to perform read-write operation on the interface, the state of the branch predictor is jumped from 101 to 001, the state of transient prediction current address is entered, and the current prediction operation is executed once. When the next address predicted address matches the current address, the state of the branch predictor jumps to 000, entering a state of continuously predicting the current address. After the data read-write operation is completed, the processor executes the operation before interruption, namely the SRAM write operation, the predicted address of the branch predictor is inconsistent with the actual address, the state of the branch predictor jumps to 001, the state of the transient state prediction current address is entered, and the current prediction operation is executed once. The predicted address of the branch predictor is inconsistent with the pre-interrupt execution address, if there is no interrupt request, the branch predictor state jumps to 101, otherwise, jumps to 011.

3. Security system bus architecture

Based on the configurable bus data encryption scheme set forth above, a set of secure system bus architecture is proposed in this application, configured in a SoC chip, as shown in fig. 17. The whole configurable security system bus architecture mainly comprises a configurable encryption management module CEMM (Configurable Encryption Management Module), an Address encryption engine AEE (Address Encryption Engine), a branch predictor BP (Branch Predictor), a data encryption controller DEC (Data Encryption Controller), an Address Arbiter AA (Address Arbiter), a data encryption unit DEE (Data Encryption Engine) and a data decryption unit DDE (Data Decryption Engine).

Taking the data writing process as an example. The user will encrypt/decrypt the parameter gamma= { gamma _WS ，γ _WM ，γ _RS ，γ _RM CEMM is written to control the data encryption/decryption flow. Wherein, gamma _WS And gamma _WM Configuration parameters gamma when sensitive data are transmitted from Master to Slave through bus when Master writes to Slave _RS And gamma _RM Configuration parameters when sensitive data are transmitted from the Slave to the Master through a bus when the Master performs read operation on the Slave. Wherein, gamma _WS And gamma _RM When 1, the characterization needs to decrypt the data, and gamma is calculated _WM And gamma _RS For 1, the characterization requires data encryption.

In the data writing process, the BP predicts the next address of data transmission and sends the next address to the AEE, and the AEE encrypts the BP predicted address R. The DEC selects whether the DEE performs encryption operations and whether the DDE performs decryption operations based on the configuration parameters given by the CEMM. The encryption operation and the decryption operation are exclusive-or operation on the random number P obtained by encrypting the predicted address R and the sensitive data ψ.

Specifically, AA determines whether the predicted address R coincides with the real address a. If R is consistent with A, after DEE is performed, encrypted write data D is obtained, after which the encrypted write data D is transferred to the bus; otherwise, it may be determined that the R prediction was wrong, at this time, the AEE encrypts the real address a with K to obtain P, and then the DEE uses P to perform an exclusive-or operation on the sensitive data ψ to obtain encrypted write data D, and then the encrypted write data D is transferred to the bus.

When the bus transmits D to the Slave, firstly judging whether the predicted address R is consistent with the actual address A through the AA, if so, performing exclusive OR operation on the D by using the P by the DDE to obtain decrypted data Γ, and if not, encrypting the actual address A by using the K by using the AEE to obtain the P, and then performing exclusive OR operation on the D by using the P by using the DDE to obtain the decrypted data Γ.

For a process similar to that in the data reading process, the BP predicts the next address of the data transfer and sends to the AEE, which encrypts the BP predicted address R'. The DEC selects whether the DEE performs encryption operations and whether the DDE performs decryption operations based on the configuration parameters given by the CEMM. The encryption operation and the decryption operation are exclusive-or operation on the random number P ' obtained by encrypting the predicted address R ' and the sensitive data ψ '.

Specifically, AA determines whether the predicted address R 'matches the actual address a'. If R 'is consistent with A', after DEE is performed, encrypted read data D 'is obtained, after which the encrypted read data D' is transferred to the bus; otherwise, it can be determined that R ' is mispredicted, at this time, the AEE encrypts the actual address A ' with K to obtain P ', and the DEE uses P ' to exclusive-or the sensitive data ψ ' to obtain encrypted read data D ', and then the encrypted read data D ' is transmitted to the bus.

When the bus transmits D 'to the Master, firstly judging whether the predicted address R' is consistent with the actual address A 'through the AA, if so, performing exclusive OR operation on the D' by using P 'by using the DDE to obtain decrypted data Γ', if not, encrypting the actual address A 'by using K by using the AEE to obtain P', and performing exclusive OR operation on the D 'by using the P' by using the DDE to obtain the decrypted data Γ.

Based on the above secure system bus architecture, a system bus write transfer algorithm as shown in algorithm 1 in fig. 18 is proposed in the present application:

wherein, the configuration parameter gamma= { gamma _WS ，γ _WM ，γ _RS ，γ _RM Written by the user, a parameter value of 1 indicates data encryption/decryption, and a parameter of 0 indicates no data encryption/decryption.

When the host computer needs to transmit write data, firstly judging gamma _WM Whether it is "1". If gamma is _WM 1 indicates that the data ψ from the host needs to be encrypted and written into the system bus. At this time, if the predicted address R and the real address a are equal, it indicates that the prediction is correct, and the real content D transmitted on the system bus is the nonce E encrypted by the predicted address _K (R) exclusive or result with plaintext data ψ;

otherwise, the prediction error is described, and the actual address A needs to be encrypted to obtain the random number E _K (A) Then the random number E _K (A) And carrying out exclusive OR on the data with the plaintext data psi to obtain the transmission content D of the system bus. If gamma is _WM Not equal to 1, the content D transmitted on the bus is directly the plaintext data ψ sent by the host without encryption.

When the slave receives data, it first judges gamma _WS Whether it is "1". If gamma is _WS If 1, it means that the slave needs to decrypt the data first and then receive the data. At this time, if the predicted address R and the real address a are equal (the address of the slave side is the bus address, that is, the address of the host), it means that the prediction is correct, and the real content Γ received by the slave is the nonce E after encryption of the predicted address _K (R) exclusive or result with bus data D;

otherwise, the prediction error is described, and the actual address A needs to be encrypted to obtain the random number E _K (A) Then the random number E _K (A) Exclusive or is performed with the bus data D to obtain the slave reception content Γ. If gamma is _WS If not 1, the content Γ received by the slave is directly the bus data D without decryption.

Similarly, the read-transfer process of data is similar to the above-described write process, and will not be described again here.

In summary, the application provides a configurable bus data encryption/decryption method aiming at the problem of sensitive information leakage caused by probe attack, adaptively encrypts or decrypts data according to configuration information, reduces the workload and waiting delay of bus data encryption, designs a bus data encryption pipelining and three-stage dynamic branch predictor to prefetch data transmission addresses, improves the encryption/decryption execution efficiency of bus transmission data, ensures the data transmission efficiency and the overall operation performance of an SoC chip, finally forms a configurable efficient bus data encryption model, realizes the encryption protection of data transmission/storage in the SoC chip, and effectively improves the probe attack resistance of the SoC chip.

In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A method for processing encrypted data transmissions, the method comprising:

the encrypting the first data to obtain encrypted first data includes:

before the first data transmitted by the first module in the chip is received, the method further comprises:

obtaining a predicted destination address corresponding to the first data;

obtaining a target value corresponding to the first data according to the predicted destination address;

the obtaining the predicted destination address corresponding to the first data includes:

the first prediction mode is determined at least based on a corresponding relation between a historical destination address of the historical data and a predicted destination address of the historical data, a second prediction mode and a type of interrupt request in the chip, wherein the second prediction mode is a prediction mode before the first prediction mode is switched, and the second prediction mode is: a steady state increment prediction mode, a transient increment prediction mode, a steady state jump prediction mode, a transient jump prediction mode, a steady state hold prediction mode or a transient hold prediction mode;

the method comprises the steps of obtaining a predicted address on the basis of a historical destination address in an address increment mode in a steady state increment prediction mode, obtaining a predicted address on the basis of the historical destination address in a transient increment prediction mode, obtaining a predicted address on the basis of the historical destination address in a state hold prediction mode and obtaining a predicted address on the basis of the historical destination address in a hold address mode in a transient hold prediction mode;

if the second prediction mode is the steady state hold prediction mode, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient hold prediction mode;

2. The method of claim 1, wherein decrypting the second data to obtain decrypted second data comprises:

3. The method of claim 1, wherein after receiving the first data transmitted from the first module corresponding to the chip, before performing exclusive-or processing on the first data with the target value corresponding to the first data to obtain encrypted first data, the method further comprises:

4. The method according to claim 1 or 2, wherein before encrypting the first data to obtain encrypted first data, the method further comprises:

reading a preset first configuration parameter;

reading a preset second configuration parameter;

5. A processing device for encrypted transmission of data, comprising at least:

the encryption unit is specifically configured to perform exclusive-or processing on the first data by using a target value corresponding to the first data, so as to obtain encrypted first data;

the processing device further includes:

the device comprises an address processing unit, a first module and a second module, wherein the address processing unit is used for obtaining a predicted destination address corresponding to first data before the encryption unit receives the first data transmitted by the first module in a chip; obtaining a target value corresponding to the first data according to the predicted destination address;

the address processing unit is specifically configured to, when obtaining the predicted destination address corresponding to the first data: obtaining a historical destination address of historical data transmitted by the bus last time; processing the historical destination address according to a first prediction mode to obtain a predicted destination address corresponding to the first data;

6. A chip, comprising:

a bus;

the processing module is specifically configured to, when performing encryption processing on the first data: performing exclusive-or processing on the first data by using a target value corresponding to the first data to obtain encrypted first data;

The processing module is further configured to: before an encryption unit receives first data transmitted by a first module in a chip, a predicted destination address corresponding to the first data is obtained; obtaining a target value corresponding to the first data according to the predicted destination address;

the processing module is specifically configured to, when obtaining the predicted destination address corresponding to the first data: obtaining a historical destination address of historical data transmitted by the bus last time; processing the historical destination address according to a first prediction mode to obtain a predicted destination address corresponding to the first data;