CN113515773A - Image content protection module and method applied to single chip microcomputer system - Google Patents

Image content protection module and method applied to single chip microcomputer system Download PDF

Info

Publication number
CN113515773A
CN113515773A CN202110426450.7A CN202110426450A CN113515773A CN 113515773 A CN113515773 A CN 113515773A CN 202110426450 A CN202110426450 A CN 202110426450A CN 113515773 A CN113515773 A CN 113515773A
Authority
CN
China
Prior art keywords
data
encryption
module
data block
image content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110426450.7A
Other languages
Chinese (zh)
Inventor
李博
奚晓明
王彦凯
黄瑜璇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siche Technology Shanghai Co ltd
Original Assignee
Siche Technology Shanghai Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siche Technology Shanghai Co ltd filed Critical Siche Technology Shanghai Co ltd
Priority to CN202110426450.7A priority Critical patent/CN113515773A/en
Publication of CN113515773A publication Critical patent/CN113515773A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention mainly relates to the protection of image content, in particular to an image content protection module and a method applied to a single chip microcomputer system, wherein the single chip microcomputer system comprises an internal memory, a secret key pool and an image content protection module; the cache encryption module is used for encrypting the input data in a counting mode and storing the encrypted data into the internal memory; the cache decryption module is used for taking out the encrypted data from the internal memory, carrying out decryption based on the counting mode and sending the decrypted data to the display equipment; the invention encrypts the image cache data in the memory, and prevents other external programs from obtaining the image cache of the plaintext.

Description

Image content protection module and method applied to single chip microcomputer system
Technical Field
The invention mainly relates to the protection of image content, in particular to an image content protection module and method applied to a single chip microcomputer system.
Background
With the development of scientific technology, small-sized systems mainly based on single-chip microcomputers have been developed into various application scenes including intelligent household appliances, wearable devices and the like. In these scenarios, the malicious program may obtain content on the display device by monitoring the memory, including but not limited to user personal information, device information, and even sensitive information such as passwords and two-dimensional codes. At present, in a small system with a single chip microcomputer as a main component, because of the limitation of computing performance, an encryption operation is usually performed on a data source, for example, data of a user name and a password is encrypted, but a proper protection scheme does not exist for content on a display device. The malicious program can obtain the content displayed on the screen by reading the cache of the displayed image, upload the content to the server and obtain the sensitive information in an image recognition mode.
Disclosure of Invention
In order to protect information in a display output cache and prevent a malicious program from stealing sensitive information in the display output cache in a mode of monitoring a memory, the invention provides an image content protection module and a method applied to a single chip microcomputer system, wherein the single chip microcomputer system comprises a memory, a key pool and an image content protection module, the image content protection module comprises a secret key management module, a cache encryption module and a cache decryption module, and a timer is arranged in the secret key management module, wherein:
the key management module is used for acquiring a key from the key pool when the fixed time is reached, and updating the keys used by the cache encryption module and the cache decryption module when the cache encryption module and the cache decryption module are in an idle state at the same time;
the cache encryption module is used for encrypting the input data in a counting mode and storing the encrypted data into an internal memory;
and the cache decryption module is used for taking out the encrypted data from the internal memory, carrying out decryption based on the counting mode and sending the decrypted data to the display equipment.
Furthermore, when the counting mode is adopted for encryption, the data is divided into n data blocks with the size of 16 bytes, and each data block is distributedAre sequentially T1、T2……Tn
Further, the count value T is the address of the plaintext data block stored in the system memory.
Furthermore, when the count value is encrypted by using a symmetric encryption algorithm, the next data block address is directly predicted according to the data block address of the current data block according to the continuity of data access.
The invention also provides an image content protection method applied to the single chip microcomputer system, which specifically comprises the following steps:
the method comprises the steps of carrying out encryption operation on input data, storing the encrypted data in an internal memory, reading the encrypted data from the internal memory and outputting the decrypted data to a display when the data is output to the display, updating a key used in the encryption and decryption processes at regular intervals, and replacing the key in the encryption and decryption processes when the encryption and decryption processes are idle.
Further, the encrypting in the counting mode includes:
dividing plaintext data into n data blocks with the size of 16 bytes, wherein the count value allocated to each data block is T in sequence1、T2……Tn
Respectively encrypting the count values by using a symmetric encryption algorithm to obtain n count encrypted values of 16 bytes;
and carrying out XOR operation on each count encryption value and the corresponding plaintext data block to generate a ciphertext of the data block, and completing encryption.
Further, decrypting based on the count pattern includes: and encrypting the count value of each ciphertext data block by using a symmetric encryption algorithm to obtain a 16-byte count encryption value, performing exclusive OR operation on the encryption value and the ciphertext data block to obtain a plaintext of the data block, and finishing decryption.
1. The invention encrypts the image cache data in the memory, and prevents other external programs from obtaining the image cache of the plaintext;
2. the encryption and decryption efficiency adopted by the invention is high, the parallel computation is convenient, and the influence on the bandwidth of the memory access is small;
3. and a special module is utilized to control key distribution, so that malicious programs are prevented from directly acquiring the keys.
Drawings
FIG. 1 is a schematic diagram of an image content protection module applied to a single chip microcomputer system according to the present invention;
fig. 2 is a schematic diagram of the encryption and decryption process of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides an image content protection module applied to a single chip microcomputer system, wherein the single chip microcomputer system comprises an internal memory, a secret key pool and an image content protection module, as shown in fig. 1, the image content protection module comprises a secret key management module, a cache encryption module and a cache decryption module, and a timer is arranged in the secret key management module, wherein:
the key management module is used for acquiring a key from the key pool when the fixed time is reached, and updating the keys used by the cache encryption module and the cache decryption module when the cache encryption module and the cache decryption module are in an idle state at the same time;
the cache encryption module is used for encrypting the input data in a counting mode and storing the encrypted data into an internal memory;
and the cache decryption module is used for taking out the encrypted data from the internal memory, carrying out decryption based on the counting mode and sending the decrypted data to the display equipment.
In fig. 1, the key management module is responsible for providing the keys used in the encryptor and the decryptor; the encryptor encrypts the image cache data and stores the image cache data into the memory, and the decryptor takes the encrypted data out of the memory and sends the decrypted data to the display equipment.
The encryption and decryption processes are as shown in fig. 2, fig. 2 omits the processes of storing a ciphertext in a memory after encryption and acquiring the ciphertext from the memory during decryption, the cache encryption module at least comprises a symmetric encryptor and an exclusive or, the cache encryption module acquires a count value from the image cache input end, encrypts the count value through the symmetric encryptor to obtain a count encryption value, and performs exclusive or on a plaintext and the count encryption value to obtain a data ciphertext; during decryption, the cache decryption module acquires the count value, encrypts the count value through the symmetric encryptor to obtain a count encrypted value, performs exclusive or on the data ciphertext and the count encrypted value to obtain a data plaintext, and outputs the obtained plaintext data to the display device from the data cache output end.
In actual practice, if the plaintext data is divided into 100 blocks, the address of the first block of plaintext data is 40, because of the continuity of the image cache data storage and each block of data contains 16 bytes, the second block of data is 56, the third block of data is 72, and so on. Knowing the address of the first data block theoretically, the count value of each data block transmitted next can be calculated according to the data quantity, and the prediction principle is also adopted; and when the address of the first plaintext data block is the address of the system starting the cache encryption module or the cache decryption module, the address is used as an input parameter and is transmitted to the cache encryption decryption module and the cache decryption module.
The secret key management module updates the secret key at regular time, but the updated secret key can be loaded into the cache encryption module and the cache decryption module only when the encryptor and the decryptor are in an idle state at the same time, on one hand, the secret key is set to be issued by the special module, so that a malicious program can be effectively prevented from directly obtaining the secret key, on the other hand, the secret key management module ensures that the secret keys of the cache encryption module and the cache decryption module are updated synchronously, and the correctness of the encryption and decryption processes is ensured.
In the embodiment, a timer module is added in the key management module, and the key management module can automatically extract a new key from the key pool every time a specific time elapses, so that the key cannot be accessed by any program, and a malicious program cannot acquire the key; after obtaining the key, the key management module updates the key used by the encryptor and the decryptor simultaneously when the encryptor and the decryptor are in idle states.
Considering the limited computing capacity of the single chip microcomputer system, the encryption and decryption module adopts a symmetric encryption algorithm such as an AES algorithm or SM 4. The symmetric encryption algorithm has high encryption efficiency, high speed and small calculated amount. Meanwhile, the encryption and decryption engine uses the same key, so that the key maintenance is simplified, and the method is very suitable for a single chip microcomputer system.
In order to meet the real-time requirement, a parallel encryption strategy can be adopted in the specific implementation process. Because the encryption and decryption of each data block in the counting mode are not related to each other, the throughput rate of encryption and writing in the memory can be improved by adopting a mode of parallel encryption of a plurality of data blocks. When the encryptor is designed, a structure that a plurality of symmetric encryption engines are parallel is adopted, and a person skilled in the art can set the number of the symmetric encryption engines according to the actual data rate requirement, so that the number of the symmetric encryption engines is not limited by the invention.
The invention also provides an image content protection method applied to the singlechip system, namely, the input data is encrypted, the encrypted data is stored in the internal memory, when the data is output to the display, the encrypted data is read from the internal memory and is output to the display after being decrypted, a secret key used in the encryption and decryption processes is updated at regular time intervals, and the secret key is replaced into the encryption and decryption processes when the encryption and decryption processes are idle.
When data is encrypted, a counting mode is adopted, and the encryption and decryption processes of the counting mode are as follows:
dividing data into n data blocks during encryption, wherein the size of each data block is 16 bytes;
the data block is distributed with a count value of T1、T2……Tn,;
During encryption operation, encrypting the count value by using a symmetric encryption algorithm to obtain a 16-byte count encrypted value;
carrying out XOR operation on the count encryption value and the plaintext data block to generate a ciphertext of the data block;
and during decryption operation, generating a count encryption value in the same way, and then performing exclusive-or operation on the count encryption value and the ciphertext data block to obtain a plaintext of the data block, wherein the times are not repeated.
In practical applications, the count value of the count mode is replaced by an address corresponding to 16 bytes of data. The design can directly correlate the count encryption value and the address of each data block, so that random access is facilitated, and meanwhile, the count encryption value of each data block is unique, so that potential risks caused by the fact that a plurality of data blocks use the same count encryption value are avoided; in addition, the counting mode only uses an encryption mode of a symmetric encryption algorithm, and the design of an encryptor and a decryptor is also simplified.
During decryption, in order to meet the real-time requirement, a counting encryption value preprocessing mode is adopted, and the counting encryption value required by the next data block is calculated in advance. Because the image is cached in the memory and stored in a continuous mode, and the reading operation of the memory is also in a continuous address access mode in the process of sending the cache to the display device, the address of the next read data block can be predicted by the decryptor in an address increment mode in the process of accessing the memory, the simple strategy can have a high prediction hit rate, and the decryptor can calculate the encryption value according to the predicted address before reading the data. When the data is received, the plaintext of the data is obtained through simple XOR operation.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (9)

1. The utility model provides an image content protection module for single chip microcomputer system, including internal memory, key pool and image content protection module in the single chip microcomputer system, its characterized in that, image content protection module includes secret key management module, buffer memory encryption module and buffer memory decryption module, and is provided with the timer in the secret key management module, wherein:
the key management module is used for acquiring a key from the key pool when the fixed time is reached, and updating the keys used by the cache encryption module and the cache decryption module when the cache encryption module and the cache decryption module are in an idle state at the same time;
the cache encryption module is used for encrypting the input data in a counting mode and storing the encrypted data into an internal memory;
and the cache decryption module is used for taking out the encrypted data from the internal memory, carrying out decryption based on the counting mode and sending the decrypted data to the display equipment.
2. The image content protection module applied to the single chip microcomputer system as claimed in claim 1, wherein when the encryption is performed in the count mode, the plaintext data is divided into n data blocks with the size of 16 bytes, and the count value allocated to each data block is T in sequence1、T2……Tn
3. The image content protection module applied to the single chip microcomputer system according to claim 2, wherein the count value T is an address of the plaintext data block stored in the system memory.
4. The image content protection module applied to the single chip microcomputer system as claimed in claim 3, wherein when the count value is encrypted by using a symmetric encryption algorithm, the next data block address is directly predicted according to the data block address of the current data block according to the continuity of data access.
5. A method for protecting image content applied to single-chip microcomputer system includes carrying out encryption operation on input data, storing encrypted data in internal memory, reading encrypted data from internal memory and outputting decrypted data to display when data is output to display, updating key used in encryption and decryption process at regular time interval and replacing key in encryption and decryption process when encryption and decryption process is idle.
6. The image content protection method applied to the single chip microcomputer system according to claim 5, wherein the encrypting in the counting mode comprises:
dividing plaintext data into n data blocks with the size of 16 bytes, wherein the count value allocated to each data block is T in sequence1、T2……Tn
Respectively encrypting the count values by using a symmetric encryption algorithm to obtain n count encrypted values of 16 bytes;
and carrying out XOR operation on each count encryption value and the corresponding plaintext data block to generate a ciphertext of the data block, and completing encryption.
7. The image content protection method applied to the single chip microcomputer system according to claim 6, wherein the decrypting based on the counting mode comprises: and encrypting the count value of each ciphertext data block by using a symmetric encryption algorithm to obtain a 16-byte count encryption value, performing exclusive OR operation on the encryption value and the ciphertext data block to obtain a plaintext of the data block, and finishing decryption.
8. The image content protection method applied to the SCM system as claimed in claim 6, wherein the count value T is the address of the plaintext data block stored in the system.
9. The image content protection method applied to the single chip microcomputer system according to claim 6 or 7, wherein when the count value is encrypted by using a symmetric encryption algorithm, the next data block address is directly predicted according to the data block address of the current data block according to the continuity of data access.
CN202110426450.7A 2021-04-20 2021-04-20 Image content protection module and method applied to single chip microcomputer system Pending CN113515773A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110426450.7A CN113515773A (en) 2021-04-20 2021-04-20 Image content protection module and method applied to single chip microcomputer system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110426450.7A CN113515773A (en) 2021-04-20 2021-04-20 Image content protection module and method applied to single chip microcomputer system

Publications (1)

Publication Number Publication Date
CN113515773A true CN113515773A (en) 2021-10-19

Family

ID=78062927

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110426450.7A Pending CN113515773A (en) 2021-04-20 2021-04-20 Image content protection module and method applied to single chip microcomputer system

Country Status (1)

Country Link
CN (1) CN113515773A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710287A (en) * 2022-06-06 2022-07-05 中科问天量子科技(天津)有限公司 Encryption method, system, storage medium and encrypted file access method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710287A (en) * 2022-06-06 2022-07-05 中科问天量子科技(天津)有限公司 Encryption method, system, storage medium and encrypted file access method

Similar Documents

Publication Publication Date Title
KR102113937B1 (en) Memory integrity
CN102138300B (en) Message authentication code pre-computation with applications to secure memory
US11269786B2 (en) Memory data protection based on authenticated encryption
US11658808B2 (en) Re-encryption following an OTP update event
US10771236B2 (en) Defending against a side-channel information attack in a data storage device
CN112751852A (en) Data transmission method and related equipment
CN103294958B (en) Kernel-level virtual polymerization and parallel encryption method for class-oriented Linux system
US20140146964A1 (en) Authenticated encryption method using working blocks
CN101632084A (en) Encryption and decryption of a dataset in at least two dimensions
CN116527235A (en) Data encryption method and device based on key rotation and electronic equipment
CN114124364A (en) Key security processing method, device, equipment and computer readable storage medium
US11321475B2 (en) Entropy data based on error correction data
CN113515773A (en) Image content protection module and method applied to single chip microcomputer system
Liu et al. An energy-efficient encryption mechanism for NVM-based main memory in mobile systems
Hu et al. Taming energy cost of disk encryption software on data-intensive mobile devices
Hong et al. Dynamic encryption key design and management for memory data encryption in embedded systems
EP3871368B1 (en) Blockchain secured by backward chained elements
CN115632782B (en) Random number generation method, system and equipment based on SM4 counter mode
CN110457924A (en) Storing data guard method and device
CN115170380A (en) Image layered scrambling encryption method based on chaotic mapping
Liu et al. A parallel encryption algorithm of the logistic map for multicore with OpenMP
CN106463069A (en) Encryption device, storage system, decryption device, encryption method, decryption method, encryption program, and decryption program
CN109120589A (en) A kind of end message guard method and device based on Crypted password
CN117850700B (en) Method for controlling read-write of mobile storage medium file
CN116028958B (en) Key encryption and decryption method and device, security machine and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination