CN113329025A - Software authorization-based embedded symmetric encryption recorded data protection method and system - Google Patents
Software authorization-based embedded symmetric encryption recorded data protection method and system Download PDFInfo
- Publication number
- CN113329025A CN113329025A CN202110630882.XA CN202110630882A CN113329025A CN 113329025 A CN113329025 A CN 113329025A CN 202110630882 A CN202110630882 A CN 202110630882A CN 113329025 A CN113329025 A CN 113329025A
- Authority
- CN
- China
- Prior art keywords
- decryption
- software
- powerpc
- authorization
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention provides a software authorization-based embedded symmetric encryption recorded data protection method and system, which greatly increase the encryption and decryption complexity of an electronic warfare system through key embedding and limited decryption times, so that the data security in a PowerPC file system is ensured. The key is invisible and the number of decryption times is limited; the invisible key means that the key using the encryption algorithm is hidden in the PowerPC memory when the file system record data is written into the PowerPC file system. The limited number of decryptions means that the authorization of the decryption software is time dependent and total. The decryption software stops running after the use time and the use times of the decryption software exceed, and when the decryption software is restarted, the decryption software needs to be authorized again by an authorization center. Meanwhile, the invention does not need to increase the hardware overhead, and the function can be realized only by purchasing decryption software and upgrading the file recording part of the embedded program in the PowerPC for multi-machine-loaded items.
Description
Technical Field
The invention relates to the field of embedded software of an electronic warfare system, in particular to a method and a system for protecting recorded data of embedded symmetric encryption based on software authorization.
Background
With the rapid development of radar technology and the increasingly complex spatial electromagnetic environment, electronic warfare faces an increasingly complex combat environment. The electronic warfare software needs to record internal data frequently according to the current flight mission in actual work. These records often relate to the internal operating state of the software to determine the operational state of the software and diagnose software faults. The existing electronic warfare software runs on a PowerPC computer module, and a TTFS file system carried by the PowerPC computer module records software running state parameters. The existing electronic warfare system uses a plaintext form, and recorded data stored in a file system is easy to leak when a PowerPC module is acquired by a person. Therefore, a method for protecting record data of the PowerPC file system needs to be designed.
Disclosure of Invention
The invention aims to provide a software authorization-based embedded symmetric encryption recorded data protection method and system, and aims to solve the problem that the current PowerPC file system recorded data protection and decryption software can be decrypted, tried and reversed and cracked for many times.
The invention provides a recording data protection method based on embedded symmetric encryption of software authorization, which comprises the following steps:
(1) the PowerPC generates a secret key through an embedded program; the plaintext of the key does not appear in the process of generating the key by the embedded program;
(2) the PowerPC generates a key and displays the key through a debugging line, and after a key manager obtains the key generated by the PowerPC, the debugging line display of the PowerPC needs to be closed;
(3) the PowerPC encrypts data to be recorded on a file system by using an encryption algorithm and a key generated by the PowerPC to obtain encrypted data;
(4) the PowerPC writes the encrypted data into a PowerPC file system uniformly after the encrypted data reaches a certain quantity;
(5) after the electronic warfare system finishes working, reading encrypted data recorded in a PowerPC file system by using an FTP file system in decryption software;
(6) the decryption software applies authorization to an authorization center for decryption;
(7) the authorization center generates an authorization code according to the time information and sends the authorization code to the decryption software;
(8) after the decryption software obtains the authorization code, the key management personnel uses the key obtained in the step (2) and a decryption algorithm to decrypt the encrypted data;
(9) when the decryption software is started, the decryption time is timed, and when the timing exceeds the threshold of the decryption time, the decryption software stops running;
(10) and when the count exceeds the threshold of the decryption times, the decryption software stops running.
Preferably, the embedded program of PowerPC in step (1) generates the key using a method of random number, row transformation, column conversion rank, and digit substitution.
Preferably, the encryption algorithm used by the PowerPC in the step (3) is an AES encryption algorithm; and (4) the decryption algorithm used by the key management personnel in the step (8) is an AES decryption algorithm.
Preferably, the debugging line in the step (2) is RS232 or RS 422.
Preferably, when the decryption software stops running and restarts in step (9) and step (10), the decryption software needs to be authorized by the authorization center again to run.
The invention also provides an embedded symmetric encryption recorded data protection system based on software authorization, which comprises a PowerPC, decryption software and an authorization center; the PowerPC, the decryption software and the authorization center are used for executing the above-mentioned record data protection method based on the embedded symmetric encryption of the software authorization.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. the invention greatly increases the complexity of encryption and decryption of the electronic warfare system through key embedding and limited decryption times, so that the safety of data in the PowerPC file system is ensured.
2. The invention does not need to increase the hardware expense, and can realize the function only by purchasing decryption software and upgrading the file recording part of the embedded program in the PowerPC for multi-machine loading items.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention, and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flowchart of a recorded data protection method based on embedded symmetric encryption of software authorization according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a record data protection system based on embedded symmetric encryption of software authorization according to an embodiment of the present invention.
Fig. 3 is a display diagram of an application interface for generating an authorization code by an authorization center according to an embodiment of the present invention.
Fig. 4 is a presentation diagram of an application interface for applying an authorization code for decryption software according to an embodiment of the present invention.
FIG. 5 is a presentation diagram of an application interface for decrypting encrypted data read from a PowerPC file system by the decryption software according to an embodiment of the present invention.
Fig. 6 is a presentation diagram of an application interface for the decryption software to count the number of decryption times and quit the reapplication authorization if the number of decryption times reaches the threshold of the decryption times according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
The design principle of the invention is that the key is invisible and the decryption times are limited;
the invisible key means that the key using the encryption algorithm is hidden in the PowerPC memory when the file system record data is written into the PowerPC file system.
The limited number of decryptions means that the authorization of the decryption software is time dependent and total. The decryption software stops running after the use time and the use times of the decryption software exceed, and when the decryption software is restarted, the decryption software needs to be authorized again by an authorization center.
Based on the above design principle, as shown in fig. 1, this embodiment provides a record data protection method based on embedded symmetric encryption of software authorization, which includes the following steps:
(1) the PowerPC generates a secret key through an embedded program; the plaintext of the key does not appear in the process of generating the key by the embedded program; in the embodiment, the embedded program of the PowerPC generates the key by using a random number, row transformation, column-to-rank and digital substitution method;
(2) after the PowerPC generates the key, the key is displayed through a debugging line (such as RS232RS422 and the like), and after a key manager obtains the key generated by the PowerPC, the debugging line display of the PowerPC needs to be closed;
(3) the PowerPC encrypts data to be recorded on a file system by using an AES encryption algorithm (256 bits) and a key generated by the PowerPC to obtain encrypted data;
(4) the PowerPC writes the encrypted data into a PowerPC file system uniformly after the encrypted data reaches a certain amount (can be set according to actual conditions and needs);
(5) after the electronic warfare system finishes working, reading encrypted data recorded in a PowerPC file system by using an FTP file system in decryption software;
(6) the decryption software applies authorization to an authorization center for decryption;
(7) the authorization center generates an authorization code according to the time information and sends the authorization code to the decryption software;
(8) after the decryption software obtains the authorization code, a key manager decrypts the encrypted data (namely the encrypted data read by the FTP file system in the step (5)) by using the key obtained in the step (2) and an AES decryption algorithm (256 bits);
(9) when the decryption software is started, the decryption time is timed, and when the timing exceeds a decryption time threshold (which can be set), the decryption software stops running; when the decryption software stops running and is restarted, the decryption software can run only by being authorized by the authorization center again
(10) When the decryption software is started, the decryption times are counted, and when the count exceeds a decryption time threshold (which can be set), the decryption software stops running; when the decryption software stops running and is restarted, the decryption software can run only by being authorized by the authorization center again.
Therefore, the embodiment also realizes an embedded symmetric encryption recorded data protection system based on software authorization, which comprises a PowerPC, decryption software and an authorization center; the PowerPC, the decryption software and the authorization center are used for executing the above-mentioned record data protection method based on the embedded symmetric encryption of the software authorization. As shown in fig. 2, wherein:
the work done by PowerPC includes: the embedded program generates a key, data which needs to be recorded in a PowerPC file system is encrypted by using an AES encryption algorithm, and the PowerPC writes the encrypted data into the PowerPC file system;
the work done by the decryption software includes: downloading the FTP file system data, applying for authorization, decrypting the encrypted data downloaded by the FTP file system by using an AES decryption algorithm, and recording and judging the decryption time and the decryption times.
The authorization center completes the work and comprises the following steps: and generating an authorization code according to the time information.
Examples of implementations of the invention are shown in fig. 3, 4, 5, 6; the authorization center generates an authorization code (a serial number) for use as shown in figure 3. The application of the decryption software for the authorization code is shown in fig. 4. The decryption software decrypts encrypted data application read from the PowerPC file system as shown in fig. 5. The decryption software counts the decryption times to the decryption time threshold and exits the re-application authorization application as shown in fig. 6. The algorithms used by the PowerPC encryption and decryption software are AES256 algorithms. The authorization code generated by the authorization center is related to the hard disk serial number and time of the computer.
According to the content, the complexity of encryption and decryption of the electronic warfare system is greatly increased through key embedding and limited decryption times, so that the safety of data in the PowerPC file system is ensured. The invention does not need to increase the hardware expense, and can realize the function only by purchasing decryption software and upgrading the file recording part of the embedded program in the PowerPC for multi-machine loading items.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (6)
1. A record data protection method based on embedded symmetric encryption of software authorization is characterized by comprising the following steps:
(1) the PowerPC generates a secret key through an embedded program; the plaintext of the key does not appear in the process of generating the key by the embedded program;
(2) the PowerPC generates a key and displays the key through a debugging line, and after a key manager obtains the key generated by the PowerPC, the debugging line display of the PowerPC needs to be closed;
(3) the PowerPC encrypts data to be recorded on a file system by using an encryption algorithm and a key generated by the PowerPC to obtain encrypted data;
(4) the PowerPC writes the encrypted data into a PowerPC file system uniformly after the encrypted data reaches a certain quantity;
(5) after the electronic warfare system finishes working, reading encrypted data recorded in a PowerPC file system by using an FTP file system in decryption software;
(6) the decryption software applies authorization to an authorization center for decryption;
(7) the authorization center generates an authorization code according to the time information and sends the authorization code to the decryption software;
(8) after the decryption software obtains the authorization code, the key management personnel uses the key obtained in the step (2) and a decryption algorithm to decrypt the encrypted data;
(9) when the decryption software is started, the decryption time is timed, and when the timing exceeds the threshold of the decryption time, the decryption software stops running;
(10) and when the count exceeds the threshold of the decryption times, the decryption software stops running.
2. The recorded data protection method based on embedded symmetric encryption of software authorization as claimed in claim 1, wherein the embedded program of PowerPC in step (1) generates the key by using random number, row transformation, column rotation rank and number replacement.
3. The recorded data protection method based on embedded symmetric encryption of software authorization as claimed in claim 1, wherein the encryption algorithm used by PowerPC in step (3) is AES encryption algorithm; and (4) the decryption algorithm used by the key management personnel in the step (8) is an AES decryption algorithm.
4. The method for protecting recorded data based on embedded symmetric encryption of software authorization in accordance with claim 1, wherein the debug line in step (2) is RS232 or RS 422.
5. The method for protecting recorded data based on embedded symmetric encryption of software authorization according to claim 1, wherein when the decryption software stops running and restarts in steps (9) and (10), the decryption software needs to be authorized again by the authorization center to run.
6. A record data protection system based on embedded symmetric encryption of software authorization is characterized by comprising a PowerPC, decryption software and an authorization center; the PowerPC, the decryption software and the authorization center are used for executing the record data protection method based on the embedded symmetric encryption of the software authorization according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110630882.XA CN113329025B (en) | 2021-06-07 | 2021-06-07 | Recording data protection method and system based on software authorization embedded symmetric encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110630882.XA CN113329025B (en) | 2021-06-07 | 2021-06-07 | Recording data protection method and system based on software authorization embedded symmetric encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113329025A true CN113329025A (en) | 2021-08-31 |
| CN113329025B CN113329025B (en) | 2022-06-28 |
Family
ID=77421201
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110630882.XA Active CN113329025B (en) | 2021-06-07 | 2021-06-07 | Recording data protection method and system based on software authorization embedded symmetric encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113329025B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010012203A1 (en) * | 2008-07-29 | 2010-02-04 | 华为技术有限公司 | Authentication method, re-certification method and communication device |
| CN101646060A (en) * | 2009-09-04 | 2010-02-10 | 四川虹微技术有限公司 | Protecting method of data content in storage device |
| CN102082661A (en) * | 2011-01-21 | 2011-06-01 | 杭州电子科技大学 | PCM/FM telemetering system-based data security communication method |
| CN104333545A (en) * | 2014-10-26 | 2015-02-04 | 重庆智韬信息技术中心 | Method for encrypting cloud storage file data |
| US20160381001A1 (en) * | 2015-06-24 | 2016-12-29 | Lecloud Computing Co., Ltd. | Method and apparatus for identity authentication between systems |
| CN108848064A (en) * | 2018-05-24 | 2018-11-20 | 武汉久乐科技有限公司 | authorization management method and system |
| US20190334884A1 (en) * | 2014-11-07 | 2019-10-31 | Privakey, Inc. | Systems and methods of device based customer authentication and authorization |
| CN110968844A (en) * | 2019-12-02 | 2020-04-07 | 卫盈联信息技术(深圳)有限公司 | Software authorization method in off-line state, server and readable storage medium |
| CN112073380A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Secure computer architecture based on double-processor KVM switching and password isolation |
-
2021
- 2021-06-07 CN CN202110630882.XA patent/CN113329025B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010012203A1 (en) * | 2008-07-29 | 2010-02-04 | 华为技术有限公司 | Authentication method, re-certification method and communication device |
| CN101646060A (en) * | 2009-09-04 | 2010-02-10 | 四川虹微技术有限公司 | Protecting method of data content in storage device |
| CN102082661A (en) * | 2011-01-21 | 2011-06-01 | 杭州电子科技大学 | PCM/FM telemetering system-based data security communication method |
| CN104333545A (en) * | 2014-10-26 | 2015-02-04 | 重庆智韬信息技术中心 | Method for encrypting cloud storage file data |
| US20190334884A1 (en) * | 2014-11-07 | 2019-10-31 | Privakey, Inc. | Systems and methods of device based customer authentication and authorization |
| US20160381001A1 (en) * | 2015-06-24 | 2016-12-29 | Lecloud Computing Co., Ltd. | Method and apparatus for identity authentication between systems |
| CN108848064A (en) * | 2018-05-24 | 2018-11-20 | 武汉久乐科技有限公司 | authorization management method and system |
| CN110968844A (en) * | 2019-12-02 | 2020-04-07 | 卫盈联信息技术(深圳)有限公司 | Software authorization method in off-line state, server and readable storage medium |
| CN112073380A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Secure computer architecture based on double-processor KVM switching and password isolation |
Non-Patent Citations (1)
| Title |
|---|
| 张鹏: "面向软件定义网络的安全机制与技术研究", 《博士电子期刊》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113329025B (en) | 2022-06-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7472285B2 (en) | Apparatus and method for memory encryption with reduced decryption latency | |
| US20210294879A1 (en) | Securing executable code integrity using auto-derivative key | |
| EP0002579A1 (en) | A method of creating a secure data file | |
| JP2012234362A (en) | Information processing device, secure module, information processing method and information processing program | |
| US20110083020A1 (en) | Securing a smart card | |
| CN102918539A (en) | Methods and apparatuses for securing playback content | |
| CN110990851B (en) | Static data encryption protection method and system | |
| CN104506504A (en) | Security mechanism and security device for confidential information of card-free terminal | |
| CN106100851B (en) | Password management system, intelligent wristwatch and its cipher management method | |
| EP2990953A1 (en) | Periodic memory refresh in a secure computing system | |
| WO2020043893A1 (en) | System and method for providing protected data storage in data memory | |
| CN103379483A (en) | Method, device and mobile terminal for mobile terminal information security management | |
| CN107835075A (en) | The processing method and processing device of local password | |
| KR20180117278A (en) | Method of deleting data for mobile device | |
| CN111190614B (en) | Software installation method and computer equipment | |
| CN113329025B (en) | Recording data protection method and system based on software authorization embedded symmetric encryption | |
| US6675297B1 (en) | Method and apparatus for generating and using a tamper-resistant encryption key | |
| CN112395627A (en) | Encryption and decryption method, device and storage medium | |
| CN112711764A (en) | Data reading and writing method and device and electronic equipment | |
| CN103577771A (en) | Virtual desktop data leakage-preventive protection technology on basis of disk encryption | |
| US8413906B2 (en) | Countermeasures to secure smart cards | |
| CN107563226A (en) | A kind of Memory Controller, processor module and key updating method | |
| CN111666577A (en) | Data decryption method, device, equipment and storage medium | |
| KR101405915B1 (en) | Method for writing data by encryption and reading the data thereof | |
| CN108809889B (en) | Data deterministic deletion method based on data block random position negation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |