CN113722750A - Network-on-chip security domain construction method based on authentication encryption and group key - Google Patents
Network-on-chip security domain construction method based on authentication encryption and group key Download PDFInfo
- Publication number
- CN113722750A CN113722750A CN202110821321.8A CN202110821321A CN113722750A CN 113722750 A CN113722750 A CN 113722750A CN 202110821321 A CN202110821321 A CN 202110821321A CN 113722750 A CN113722750 A CN 113722750A
- Authority
- CN
- China
- Prior art keywords
- security domain
- members
- data packet
- group key
- new data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000010276 construction Methods 0.000 title claims description 5
- 238000004364 calculation method Methods 0.000 claims abstract description 33
- 238000000034 method Methods 0.000 claims abstract description 24
- 238000012545 processing Methods 0.000 claims abstract description 23
- 238000004891 communication Methods 0.000 claims abstract description 14
- 230000005540 biological transmission Effects 0.000 claims description 22
- 230000004083 survival effect Effects 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 8
- 238000004806 packaging method and process Methods 0.000 claims 4
- 239000011248 coating agent Substances 0.000 claims 1
- 238000000576 coating method Methods 0.000 claims 1
- 238000002360 preparation method Methods 0.000 claims 1
- 230000007246 mechanism Effects 0.000 description 13
- 238000007726 management method Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000000903 blocking effect Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000007943 implant Substances 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for constructing a network-on-chip security domain based on authentication encryption and a group key, and belongs to the technical field of calculation, calculation or counting. Firstly, the security domain members are divided into continuous security domain members, internal members of discontinuous security domains and boundary members of discontinuous security domains. Before establishing the security domain, configuring information for each security domain member. And transmitting the encrypted data between the boundary members of the discontinuous security domains by calculating the group key. All three members perform message digest processing on the header slice of the data packet. The inner members of the continuous security domain and the discontinuous security domain directly transmit the new data packet. At a receiving end, decrypting the data packet of the discontinuous security domain boundary member and then performing header slicing processing; and performing message digest processing on the header slices received by the other members. And the receiving end compares the new message abstract with the message abstract of the sending end, and if not, the communication is attacked and the data packet is discarded. The scheme improves the safety and reduces the expenditure.
Description
Technical Field
The invention discloses a method for constructing a network-on-chip security domain based on authentication encryption and a group key, relates to the field of hardware security, and belongs to the technical field of calculation, calculation or counting.
Background
In recent years, with the rise and globalization of the semiconductor industry, the hardware security problem becomes a big problem following the software security problem. In terms of integrated circuits, in order to reduce development costs, circuits are often outsourced to other external vendor designs, which provides a good opportunity for malicious third party vendors to implant trojans in the circuit design phase, which often perform malicious acts such as information leakage, function changes, denial of service, reduced performance, permanent damage, and so on. Therefore, there is a strong need to develop security research and design of soc chips.
The network-on-chip is a system chip which uses a network structure to connect each IP core, and compared with the traditional system-on-chip based on bus connection, the network-on-chip supports concurrent transmission of data and has higher efficient data transmission efficiency, but the application and development of the network-on-chip are challenged by attacks which may be introduced by malicious IP. The malicious IP can achieve the purpose of interfering the normal operation of the system on chip by modifying or stealing sensitive data in the system on chip.
The security domain is a technology which is adopted to protect the network-on-chip security, and the definition of the network-on-chip security domain is given as follows: the security domain of the network-on-chip is to divide each node in the network-on-chip into sensitive nodes and non-sensitive nodes according to the requirement of an application program mapped to the network-on-chip, wherein the sensitive nodes are security domain members and are used for storing and processing important data, and the security domain members can communicate with each other; the non-sensitive node is a non-security domain member, is easy to attack and may influence normal work of the network on chip, and cannot communicate with the sensitive node. The sensitive node participates in various steps of security domain construction to establish a dynamically configurable security domain. In order to protect the communication of sensitive data, a security domain can be introduced, the IP members mapped by the application program can be considered to be mutually trusted, and the IP of the sensitive application program can perform secure data exchange through a protection mechanism of the security domain. Aiming at the defects that the security mechanism provided by the existing network-on-chip security protection technology such as a firewall technology can not carry out dynamic configuration of a security module in time according to the system state, the protection granularity is thick and the like, the application aims to establish a security domain between sensitive IPs in a mode of combining the integrity guarantee provided by a Diffielman group key protocol and a sha256 algorithm and the protection mechanism of a special message format based on additional security information, effectively improve the resistance of the system-on-chip to malicious attacks and support security domain reconfiguration to adapt to the current system working state.
Disclosure of Invention
The invention aims to provide a method for constructing a network-on-chip security domain based on authentication encryption and group keys aiming at the characteristics that a system-on-chip in the background technology can be attacked by stealing, modifying sensitive data and the like caused by malicious IP, provides a message digest through a Diffielman group key protocol and a hash function, and effectively improves the malicious attack resistance of the network-on-chip by combining a protection mechanism of a special message format added with security information, thereby realizing the invention aim of establishing the network-on-chip security domain and solving the technical problems that the security mechanism provided by the existing network-on-chip security protection technology can not carry out dynamic configuration of a security module according to the system state in time and the protection granularity is thicker.
The invention adopts the following technical scheme for realizing the aim of the invention:
the method for constructing the network-on-chip security domain based on authentication encryption and group key specifically comprises the following 7 steps,
step S1: and (5) a configuration stage. Firstly, the upper computer distributes a large prime number p required by calculating a group key, an original root g of the large prime number p and a private key s (s is more than or equal to 1 and less than or equal to p) for all members, and inputs the data and member configuration information to a management module SM, wherein the private keys s corresponding to different members are different. The configuration information comprises router numbers of security domain members, p, g and s, flag bits for marking member types and corresponding numbers when the members are organized into a closed loop in a group key calculation stage. And the SM distributes the configuration information to the secure network interface modules of all the members, and the secure network interface modules determine the storage content of the secure path information storage area according to the router numbers of the secure domain members.
Step S2: if the current member is a boundary member of the discontinuous security domain, the member performs the first shared key calculation by using p, g and s, the calculation is recorded as ci1, then multi-round calculation and transmission of the shared key are performed according to the requirements of the multi-party diffie hellman group key protocol to obtain the final group key, and all related calculations are completed in a group key calculation module. And if the security domain is a continuous security domain member or an internal member of a discontinuous security domain, skipping the step of calculating the group key.
Step S3: at present, any type of member performs message digest processing on the data packet header slices by using a sha256 algorithm in a message digest module to obtain a message digest, and then packs the message digest and an original data packet into a new data packet in a secure network interface module. And for the boundary members of the discontinuous security domain, symmetrically encrypting the packaged new data packet by using the group key and then transmitting the data packet, and for the internal members of the continuous security domain and the discontinuous security domain, directly transmitting the packaged new data packet without encryption processing (group key negotiation is not performed by the members).
Step S4: adding additional fields into the data packet, adding 1 to the survival time calculation field and storing the corresponding router number into the path information field after each level of routing, wherein the path information forms a digital signature because the path of the routing is fixed. And if the value of the time-to-live field exceeds a preset value, the data packet is regarded as a malicious data packet blocking the network and is discarded. The protection mechanism provided by the path information is only applied to the internal members of the non-continuous security domain and the continuous security domain, and the protection mechanism provided by the survival time is applied to all types of members. In actual implementation, the security information field is added to the message regardless of the member type.
Step S5: the receiving end receives the data packet transmitted from the transmitting end. For the internal members of the continuous security domain and the discontinuous security domain, firstly, comparing the contents of the path information field and the security path information storage region, if the comparison result is consistent, marking the path information to be safe, and continuing to process the message abstract; if not, the data packet is from the non-security domain member, the received data packet is discarded, and the path information is sent to the management module so as to carry out the reconfiguration operation of the routing table. And the boundary members of the discontinuous security domains do not compare the path information.
Step S6: the boundary members of the non-continuous security domain perform decryption operation on the received data packet, namely, the group key is used for symmetrically decrypting the received encrypted data, and the original data packet is obtained after decryption, wherein the original data packet comprises data such as a header slice, an effective data part, a message digest given by a sending end and the like.
Step S7: the boundary members of the non-continuous security domain decrypt the received data packet to obtain the original head slice part, and the data packets received by the inner members of the continuous security domain and the non-continuous security domain are not encrypted to directly obtain the original head slice data. In order to ensure the integrity of communication, the head slice part needs to be subjected to hash function processing again to obtain a new message digest no matter how the member type is, the obtained new message digest is compared with the message digest obtained by the sending end, if the two are the same, the message is not tampered, and the communication is safe; if the two are different, the message is tampered, and the data packet received this time needs to be discarded.
Further, in step S1, a non-contiguous security domain is defined as being non-contiguous in physical location between members. Data communication between physically discrete members requires passing through non-secure domain members. The definition of non-contiguous security domain boundary members is: a non-contiguous security domain member physically contiguous with at least one non-security domain member. The definition of the internal members of the non-contiguous security domain is: non-contiguous security domain members other than border members of the non-contiguous security domain are all internal members of the non-contiguous security domain. The definition of the contiguous security domains is: physically contiguous security domain members. The members except the boundary members of the continuous security domains are all the internal members of the continuous security domains, and the data communication between the internal members of the continuous security domains does not need to be routed through the routers of the non-security domain members.
Further, in step S3, the sha256 algorithm is a standard cryptographic hash function algorithm, which is a kind of hash function, and for any length of message, the algorithm will generate a 256-bit hash value, called message digest.
The invention adopts the technical scheme to realize the network-on-chip safety protection, and has the following beneficial effects:
(1) the invention ensures that group key negotiation is needed only between boundary members of discontinuous security domains by finely classifying the types of the security domain members, reduces the expense introduced by introducing a Diffie Hellman group key protocol, ensures the confidentiality and integrity of communication among various types of security domain members by introducing means such as message abstract, special message format and the like, provides guarantee for the safe transmission of sensitive information, and reduces the on-chip network safety protection granularity.
(2) The invention is realized in the network interface of the network on chip, has the advantages of good portability, good expansibility and the like, and has simple structure and easy realization.
(3) The security domain realized by the invention can be dynamically configured, when member configuration information changes, the upper computer sends the configuration information to the management module, and each related member renegotiates the group key according to the new configuration information based on the group key protocol.
Drawings
Fig. 1 is an overall block diagram of a network-on-chip security domain construction method based on authenticated encryption and group key.
Fig. 2 is a schematic diagram of a new data packet format after adding a message digest.
Fig. 3 is a schematic diagram of a message format after security information is added.
Fig. 4 is a schematic diagram of a two-level network-on-chip structure after a security domain is added.
Fig. 5 is a schematic diagram of a secure network interface module.
Fig. 6 is a schematic diagram of a multiparty diffie hellman group key calculation process.
Detailed Description
The technical scheme of the invention is explained in detail in the following with reference to the attached drawings.
Referring to fig. 1, the present invention provides a method for constructing a network-on-chip security domain based on authenticated encryption and a group key. Firstly, the establishment of security domains is divided into the following three categories based on the relationship of the security domain member positions: the method comprises the steps of a continuous security domain, inner members of a discontinuous security domain and boundary members of the discontinuous security domain, and distributing special zone bits for marking member types. Before establishing a security domain, an upper computer inputs configuration information into a management module SM, wherein the configuration information comprises router numbers of security domain members, p, g and s, flag bits for marking member types and corresponding numbers when all the members are organized into a closed loop in a group key calculation stage. The SM forwards the configuration information to the secure network interface module of each router member, and each router member knows which one of the three types the security domain type belongs to according to the configuration information. For boundary members of the non-continuous security domain, the members negotiate the same group key based on a Diffie Hellman group key calculation protocol so as to realize encrypted data transmission between the boundary members of the non-continuous security domain, and for a modular exponentiation operation part in a Diffie Hellman algorithm, a Montgomery algorithm module is used for completing comprehensive modular exponentiation operation; any member of the three types uses the sha256 algorithm to perform message digest processing on the header slice of the data packet transmitted between the security domain members to obtain a digital signature so as to ensure the integrity of data packet transmission. In the invention, when a sending end transmits a data packet, the digital signature is attached to the tail slice part of the data packet to be used as a new tail slice to be packaged into a new data packet, and the format of the packaged new data packet is shown in fig. 2. For the boundary members of the discontinuous security domain, encrypting the combined new data packet by using a group key; for the inner members of the continuous security domain and the discontinuous security domain, the combined new data packet is not encrypted but directly transmitted. And the boundary members of the discontinuous security domain decrypt the data packet by using the group key at a security network interface module of the router at the receiving end, perform sha256 algorithm processing on the received header slice to obtain a new message digest, compare the new message digest obtained by the calculation at the receiving end with the message digest at the tail part of the received data packet, prove that the communication is successful after the new message digest is consistent with the message digest at the tail part of the received data packet, and otherwise indicate that the communication is attacked and perform corresponding discarding or restarting processing. Boundary members of the continuous security domain or the discontinuous security domain do not carry out symmetric decryption at the receiving end but directly carry out message digest processing and then compare, and accordingly whether the transmission is safe or not is judged.
In order to further improve the safety and reduce the expenditure, the invention adds safety information in the message. The data packet is added with a field for storing the routing path information of the data packet and a survival time calculation field of the data packet, and a safe path information storage area is added into a safe network interface module of the router. When a data packet is transmitted through a router (any router, no matter whether the router is a security domain member or not), the number of the local router is written into a path information field in the data packet, a survival time calculation field is added with one (the initial value of the survival time is 0), the path information field is compared with the security path information in a security path information storage unit at a receiving end, the path information shows that the security data packet is received, otherwise, the security data packet is a malicious data packet and is sent to an SM, the SM transmits the path information to an upper computer, the upper computer compiles the received information, reconfigures a routing table of the router, and the security domain is bypassed when the sending end transmits data next time according to the new routing table. Aiming at denial of service (DOS) attack, writing a survival time calculation field of a data packet into a message, wherein the initial value is 0, adding one to the field value every time a first-level route is passed, discarding the data packet when the value of the field exceeds a preset value, and preventing the data packet from blocking a network access, wherein the format of the message added with safety information is shown in fig. 3. Assuming that each slice has 192 bits, the security information occupies 53 bits, and the remaining 139 bits are data bits freely used by the user, the user can write a field with special purpose in the data bits according to the requirement. It is worth noting that different network-on-chip message formats are different, and when the invention is applied to different network-on-chip, corresponding fields are added according to requirements. The invention introduces the ideas of authentication encryption and group key encryption, realizes a novel configuration and management method of the network router on the security chip, and provides guarantee for the integrity and confidentiality of data packet transmission among security domain members.
And the implementation process of the security domain comprises steps S1 to S7.
Step S1: and (5) a configuration stage. Firstly, the upper computer distributes a large prime number p required by calculating a group key, an original root g of the large prime number p and a private key s (s is more than or equal to 1 and less than or equal to p) for all members, and inputs the data and member configuration information to a management module SM, wherein the private keys s corresponding to different members are different. The configuration information comprises router numbers of security domain members, p, g and s, flag bits for marking member types and corresponding numbers when the members are organized into a closed loop in a group key calculation stage. And the SM distributes the configuration information to the secure network interface modules of all the members, and the secure network interface modules determine the storage content of the secure path information storage area according to the router numbers of the secure domain members. Referring to fig. 4, the present invention implements a two-stage NOC (Network On Chip) by introducing a management module SM and a secure Network interface module SNI, and the internal structure of the SNI is shown in fig. 5. And in the initial stage of security domain configuration, the upper computer sends parameters such as p, g, s and the like to the SM, the SM sends security domain member configuration information to the SNI module of each security domain member and simultaneously sends a flag signal to block the conventional data routing of the router corresponding to the security domain member, and after the conventional routing is blocked, the security domain members transmit a series of handshake signals required by calculating the group key by using the service router SR to complete the group key negotiation. At the same time, the non-secure domain members may proceed with conventional data routing. It should be noted that, in order to implement secure data transmission between security domain members, it is necessary to ensure that the non-security domain members do not perform data communication with the security domain members when the security domain members are divided, that is, no data communication will occur between the security domain members and the non-security domain members in the key negotiation stage, so that the abstracted service router SR and data router DR can complete conventional data routing between the non-security domain members while the security domain members perform group key negotiation. After the security domain configuration stage is completed, the security domain members send completion signals to the SM, the SM cancels the conventional routing blocking signals in the configuration starting stage after receiving the completion signals sent by all the members, and all the members of the network on chip can continue conventional routing.
In step S1, in order to implement the multiparty diffie hellman algorithm, the numbers of security domain members are organized into a closed loop form. When the security domain member number is n, the number is: from 0 to n-1. The numbering scheme logically organizes the security domain members into a closed loop to enable closed loop transmission of the shared secret key. In particular to implementation, when the local security domain member number is i, the local security domain member transmits the shared key calculated in the current round to the member number ((i +1) mod n).
Step S2: if the current member is a boundary member of the discontinuous security domain, the member performs first shared key calculation by using p, g and s, and the calculation is recorded as ci1, and then performs multi-round calculation and shared key transmission according to a multi-party diffie hellman group key protocol to finally obtain a group key. And if the security domain is a continuous security domain member or an internal member of a discontinuous security domain, skipping the step of calculating the group key.
In order to clearly illustrate the implementation method of the multiparty diffie hellman protocol in the network on chip, fig. 4 takes the establishment of the non-continuous security domain with the membership of 3 as an example, and the group key protocol with more membership only needs to increase the number of the transmitted rounds and the number of times of calculation.
Referring to fig. 6, the present invention introduces diffie hellman group key agreement to the system on chip for group key agreement, and fig. 6 illustrates the group key agreement process for the border members of the non-contiguous security domains, such as fig. IP1, IP2, and IP0, which are border members to establish the non-contiguous security domains. Step 1 represents the SM sending configuration information to the security domain members, where the security domain members router numbers 0, 1, 2, in order to organize the shared key transmission between the members into a closed loop. The configuration information includes p, g, s, which the members will use in step 2 to formulate gsmod p computes respective shared secret keys ci1. It is noted that to implement hardware synthesizable power-modulo arithmetic, the Montgomery algorithm is integrated within the SNIThe module completes the calculation of the shared key and only needs to use the formula gsThe three parameters in mod p are used as input to the Montgomery algorithm module to obtain the shared secret key ci1As an output. Three different ci were obtained1Then, in the order of step 3, IP1 sends it ci1Sent to IP2, IP2 sends its ci1Sent to IP0, IP0 sends its ci1Sent to IP1, each member gets the ci needed for the second round of computation1Then, according to the formula gci1mod p calculates ci2Will ci2After transmitting to the corresponding members according to the transmission sequence, each member reuses the received ci2According to formula gci2mod p computes the group key. According to the algorithm established by the diffie hellman multi-party group key, in order to calculate the final same group key in the SNI of all router members, when the number of security domain members is n, the transmission of the shared key needs to be performed for n-1 rounds, the number of calculation needs to be performed for n times, and the result of the nth calculation is the group key.
In step S2, only the boundary members of the non-contiguous security domain need to perform diffie hellman group key agreement, because the boundary members provide abstraction to the form of the security domain and all data packets transmitted from the external IP to the security domain must pass through the routes of the boundary members to continue to be transmitted to the inside of the security domain, and for the transmission of data packets between the contiguous security domain and the inner members of the non-contiguous security domain, the group key encryption operation is not required, and only the following two schemes need to be adopted: 1. performing hash function processing on a header slice of a data packet to be transmitted to obtain a message digest so as to be compared at a receiving end; 2. protection mechanisms based on path information. The reason for differentially managing the continuous security domain and the discontinuous security domain by adopting the method is that security domain boundary members are likely to generate data exchange with an external IP, so that encryption processing is required, while discontinuous security domain internal members are physically surrounded by the boundary members, and the continuous security domain members are not likely to generate data exchange with the external IP.
In step S2, if an IP belongs to multiple security domains, multiple different group keys are calculated in the secure network interface module corresponding to the IP, and it is noted that in order to ensure feasibility of hardware implementation and orderly and effective operation of the system, it is necessary to set an upper limit for the number of security domains to which a single IP belongs.
In step S2, a symmetric encryption method is used to encrypt the data packet, and the data packet is xored with the generated group key to obtain encrypted data.
Step S3: at present, any type of member uses the sha256 algorithm to perform message digest processing on the data packet header slices, and after a message digest is obtained, the message digest and an original data packet are packaged into a new data packet in a secure network interface module. And for the boundary members of the discontinuous security domain, symmetrically encrypting the packaged new data packet by using the group key and then transmitting the data packet, and for the internal members of the continuous security domain and the discontinuous security domain, directly transmitting the packaged new data packet without encryption processing (group key negotiation is not performed by the members).
The data packet transmitted in the network on chip has a header slice which is not changed during transmission and contains routing information such as a transmission destination address, a transmission source address and the like, and all the other slices of the data packet are transmitted according to the routing information provided by the header slice. Considering the characteristic that the header slice does not change during transmission, the header slice can be used as an input of a hash function sha256 algorithm, a 256-bit digital signature is obtained after processing, and the digital signature is attached to the end of the data packet. Since the number of bits of the digital signature is fixed, the number of additional slices is also fixed, and it can be easily distinguished which slices are valid data bits and which slices are digital signature bits. When the boundary member of the discontinuous security domain transmits the data packet, encrypting the digital signature, the valid data and other slices by using the group key as the input of the sending end; when the internal members of the continuous security domain and the discontinuous security domain transmit the data packet, the data packet added with the digital signature is not encrypted but is directly transmitted.
Step S4: and adding a path information field and a survival time calculation field into the data packet, storing the corresponding router number into the path information field and adding one to the survival time calculation field after each level of routing. And if the survival time exceeds a preset value in a certain router, the data packet is regarded as a malicious data packet blocking a network path and is discarded. The protection mechanism provided by the path information is only applied to the internal members of the non-continuous security domain and the continuous security domain, but the path information field is written in the data packet routing process regardless of the member types. The protection mechanism provided by time-to-live applies to all types of members. The protection mechanism based on the path information can effectively prevent malicious data packets transmitted by an external malicious IP from entering a security domain to implement attack behaviors.
Step S5: the receiving end receives the data packet transmitted from the transmitting end. For boundary members of the continuous security domain and the discontinuous security domain, firstly, comparing the path information field with the content of the secure path information storage area, if the comparison result is consistent, marking the path information to be secure, and continuing to process the message abstract; and if the data packets are inconsistent, the data packets are from an external malicious IP, the received data packets are discarded, the receiving end sends the path information to the SM, the SM sends the path information to the upper computer, the upper computer reconfigures the routing table by using the path information, and the sending end bypasses the security domain when carrying out data transmission through the network on chip again according to the information of the newly configured routing table. The boundary members of the non-contiguous security domain do not compare the path information, because the boundary members of the non-contiguous security domain must accept the data packets passing through the non-security domain members, and the protection mechanism based on the path information aims to ensure that the continuous security domain does not accept the external data packets from the non-security domain, the boundary members of the non-contiguous security domain do not adopt the protection mechanism based on the path information.
Step S6: the boundary members of the non-continuous security domain perform decryption operation on the received data packet, namely, the group key is used for symmetrically decrypting the received encrypted data, and the original data packet is obtained after decryption, wherein the original data packet comprises data such as a header slice, an effective data part, a message digest given by a sending end and the like.
The symmetric decryption method comprises the following steps: and carrying out XOR on the data and the group key to obtain original data.
Step S7: the boundary members of the non-continuous security domain decrypt the received data packet to obtain the original head slice part, and the data packets received by the inner members of the continuous security domain and the non-continuous security domain are not encrypted to directly obtain the original head slice data. In order to ensure the integrity of communication, no matter what the member type, the head slice part needs to be processed by the hash function again to obtain a new message digest, and the obtained new message digest is compared with the original message digest obtained after decryption. If the two are the same, the message is not tampered, and the communication is safe; if the two are different, the message is tampered, and the data packet received this time needs to be discarded.
If the malicious program forges the data packet to attack the network on chip, that is, the malicious program sends the data packet carrying malicious information, which is constructed by the malicious program itself, to the receiving end, the end of the malicious data packet is not the message digest generated based on the header slice part, so that the integrity verification based on the sha256 algorithm cannot be performed, and the malicious data packet is discarded.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (6)
1. A method for constructing a network-on-chip security domain based on authentication encryption and group keys is characterized in that,
distributing a router number, parameters required by calculating a group key, a member type flag bit and a number corresponding to the group key calculation stage when all members are organized into a closed loop, wherein the member type flag bit is a continuous security domain member or an internal member of a discontinuous security domain or a boundary member of the discontinuous security domain;
performing message digest processing on packet header slices of data packets received by the continuous security domain members and the internal members of the discontinuous security domain, packaging the message digest and the received original data packets into new data packets, and then sending the new data packets;
calculating and transmitting a shared key to boundary members of the discontinuous security domain to obtain a group key, performing message digest processing on packet header slices of data packets received by the boundary members of the discontinuous security domain, packaging the message digest and the received original data packets into new data packets, and encrypting the new data packets by using the group key and then transmitting the new data packets;
recording a path information field and survival time in the process of transmitting the new data packet to a receiving end, and discarding the new data packet with the survival time exceeding a preset value;
for a new data packet transmitted to a receiving end by internal members of a continuous security domain and a discontinuous security domain, when the new data packet meets the requirement of a preset survival time value, comparing a path information field with the security path information, when the comparison result is consistent, performing information summary processing on a header slice of the new data packet, when the comparison result is inconsistent, discarding the new data packet and uploading path information for reconfiguring a routing table of a transmitting end, wherein the security path information consists of router numbers distributed to the members of the security domain;
for a new data packet transmitted to a receiving end by a boundary member of a discontinuous security domain, symmetrically decrypting the new data packet by using a group key, and performing message digest processing on a header slice of an original data packet obtained after decryption;
and comparing the message abstract of the data packet sent by the receiving end with the message abstract processing result obtained by the receiving end, wherein the communication safety is represented when the comparison results are the same, and the new data packet received at the time is discarded when the comparison results are different.
2. The authenticated encryption and group key based network-on-chip security domain construction method according to claim 1, wherein the non-contiguous security domain boundary member is a non-contiguous security domain member that is physically contiguous with at least one non-security domain member, the inner members of the non-contiguous security domain are non-contiguous security domain members excluding the boundary members of the non-contiguous security domain, and the contiguous security domain members are physically contiguous security domain members.
3. The method for constructing a network-on-chip security domain based on authenticated encryption and group key as claimed in claim 1, wherein a sha256 algorithm is used to perform message digest processing on a header slice of a data packet.
4. The method for constructing a network-on-chip security domain based on authenticated encryption and a group key according to claim 1, wherein a Montgomery algorithm shared key calculation is adopted, and a group key is obtained by transmitting the shared key in multiple rounds according to a multi-party Diffie Hellman group key protocol.
5. The method for constructing a network-on-chip security domain based on authenticated encryption and group key according to claim 1, wherein the method for recording the path information field and the lifetime of the new packet during transmission to the receiving end comprises: and when the new data packet is transmitted through any router, writing the number of the local router into the path information field in the data packet and adding one to the survival time calculation field.
6. The method for constructing a network-on-chip security domain based on authenticated encryption and group key as claimed in claim 1 is implemented by a secure network interface module built in a router, the secure network interface module comprising:
the safety path information storage area is used for caching the router numbers distributed to the members of the safety domain;
the group key calculation module outputs a group key according to the shared key output by the multi-round transmission Montgomery algorithm module of the multi-party Diffie Hellman group key protocol;
the symmetric decryption module is used for symmetrically decrypting a new data packet transmitted to the receiving end by the boundary member of the discontinuous security domain by using the group key and outputting an original data packet;
the data packet packaging module is used for packaging the message abstract and the received original data packet into a new data packet;
the hash function sha256 module is used for performing message digest processing on the head slice of the data packet and taking the processed digital signature as a message digest; and a process for the preparation of a coating,
and the Montgomery algorithm module is used for calculating the shared key by adopting the Montgomery algorithm according to the parameters required by the group key calculation and distributed by the boundary members of the discontinuous security domain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110821321.8A CN113722750B (en) | 2021-07-20 | 2021-07-20 | Authentication encryption and group key based network-on-chip security domain construction method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110821321.8A CN113722750B (en) | 2021-07-20 | 2021-07-20 | Authentication encryption and group key based network-on-chip security domain construction method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113722750A true CN113722750A (en) | 2021-11-30 |
| CN113722750B CN113722750B (en) | 2024-03-19 |
Family
ID=78673594
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110821321.8A Active CN113722750B (en) | 2021-07-20 | 2021-07-20 | Authentication encryption and group key based network-on-chip security domain construction method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113722750B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108958649A (en) * | 2018-05-17 | 2018-12-07 | 天津飞腾信息技术有限公司 | A kind of security isolation method and device for storage system |
| CN110543764A (en) * | 2019-09-11 | 2019-12-06 | 天津飞腾信息技术有限公司 | System-on-chip memory protection method, password acceleration engine and memory protection device |
| CN112422276A (en) * | 2020-11-04 | 2021-02-26 | 郑州信大捷安信息技术股份有限公司 | Method and system for realizing multi-party key agreement |
-
2021
- 2021-07-20 CN CN202110821321.8A patent/CN113722750B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108958649A (en) * | 2018-05-17 | 2018-12-07 | 天津飞腾信息技术有限公司 | A kind of security isolation method and device for storage system |
| CN110543764A (en) * | 2019-09-11 | 2019-12-06 | 天津飞腾信息技术有限公司 | System-on-chip memory protection method, password acceleration engine and memory protection device |
| CN112422276A (en) * | 2020-11-04 | 2021-02-26 | 郑州信大捷安信息技术股份有限公司 | Method and system for realizing multi-party key agreement |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113722750B (en) | 2024-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7051365B1 (en) | Method and apparatus for a distributed firewall | |
| US8484486B2 (en) | Integrated cryptographic security module for a network node | |
| Kapoor et al. | A security framework for noc using authenticated encryption and session keys | |
| US20080130889A1 (en) | Multi-data rate cryptography architecture for network security | |
| Alkady et al. | A new security protocol using hybrid cryptography algorithms | |
| Sajeesh et al. | An authenticated encryption based security framework for NoC architectures | |
| Lu et al. | Ipsec implementation on xilinx virtex-ii pro fpga and its application | |
| Assiri et al. | Key exchange using ternary system to enhance security | |
| JPH10210023A (en) | Authentication method, cipher key sharing method, and communication system | |
| CN115174061A (en) | Message transmission method and device based on block chain relay communication network system | |
| Azad et al. | CAESAR-MPSoC: Dynamic and efficient MPSoC security zones | |
| Sarihi et al. | Securing network-on-chips via novel anonymous routing | |
| CN103379103A (en) | Linear encryption and decryption hardware implementation method | |
| Haase et al. | Secure communication protocol for network-on-chip with authenticated encryption and recovery mechanism | |
| Zhou et al. | Mimic encryption box for network multimedia data security | |
| CN114553411B (en) | Distributed memory encryption device and distributed memory decryption device | |
| CN113722750B (en) | Authentication encryption and group key based network-on-chip security domain construction method | |
| Sarihi et al. | Securing on-Chip Communications: An On-The-Fly Encryption Architecture for SoCs | |
| Harttung et al. | Lightweight authenticated encryption for network-on-chip communications | |
| Patooghy et al. | Securing Network-on-chips Against Fault-injection and Crypto-analysis Attacks via Stochastic Anonymous Routing | |
| Meadows | Representing partial knowledge in an algebraic security model | |
| Suo et al. | Encryption technology in information system security | |
| Ricci et al. | Hybrid Keys in Practice: Combining Classical, Quantum and Post-Quantum Cryptography | |
| Achary | Cryptography and Network Security: An Introduction | |
| Heigl et al. | Embedded plug-in devices to secure industrial network communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |