CN115879087A - Safe and trusted starting method and system for power terminal - Google Patents

Safe and trusted starting method and system for power terminal Download PDF

Info

Publication number
CN115879087A
CN115879087A CN202111139203.5A CN202111139203A CN115879087A CN 115879087 A CN115879087 A CN 115879087A CN 202111139203 A CN202111139203 A CN 202111139203A CN 115879087 A CN115879087 A CN 115879087A
Authority
CN
China
Prior art keywords
power terminal
trusted
credible
chip
operating system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111139203.5A
Other languages
Chinese (zh)
Inventor
韩子龙
亢超群
李二霞
李玉凌
刘海涛
吕广宪
杨红磊
何连杰
王利
孙智涛
樊勇华
许保平
张波
刘芸杉
杜金陵
朱克琪
吴殿亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Online Shanghai Energy Internet Research Institute Co ltd
Original Assignee
China Online Shanghai Energy Internet Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Online Shanghai Energy Internet Research Institute Co ltd filed Critical China Online Shanghai Energy Internet Research Institute Co ltd
Priority to CN202111139203.5A priority Critical patent/CN115879087A/en
Publication of CN115879087A publication Critical patent/CN115879087A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a safe and trusted starting method and system for an electric power terminal, and belongs to the technical field of electric power terminal network safety protection. The method comprises the following steps: controlling the MCU to be powered on and starting the power terminal; loading an operating system kernel through U-Boot; loading a key component through an operating system kernel; and the key component loads an application program and completes the starting of the power terminal. The invention realizes the credible verification of the terminal starting process, and effectively prevents the events of malicious code attack, stealing or tampering of key information and the like in the terminal starting process.

Description

Safe and trusted starting method and system for power terminal
Technical Field
The invention relates to the technical field of power terminal network security protection, in particular to a secure and trusted starting method and system for a power terminal.
Background
Power terminals (terminals for short) such as power distribution terminals, distribution area intelligent terminals, concentrators and the like generally have the characteristics of point-to-multipoint and wide range, outdoor operation, unattended operation, complexity of power application scenes and the like, are easy to become targets of hacking, and are easy to be attacked in aspects of illegal eavesdropping, malicious tampering, identity cheating and the like, however, the safety protection level of the power terminals, particularly the terminals with edge computing capability, plays a crucial role in normal operation of the whole system.
At present, an electric terminal generally implements identity authentication with a master station and confidentiality, integrity and availability protection of transmission data in an application layer by a security chip or software mode, but still takes conventional protective measures such as redundant port/service closing and access control measures as main points in the aspect of terminal self security, and the following types of risks still exist:
(1) Power terminal hardware risk: the USB port, the serial port, the network port and the like which are opened by the power terminal can be utilized by illegal access objects such as forged operation and maintenance tools and the like, so that the control right of the terminal equipment is obtained; if the key and the certificate in the terminal are not protected by hardware, the key and the certificate can be illegally stolen by a hacker; if the measures such as data encryption and decryption, random number verification and the like provided by the chip do not have a safety guarantee mechanism, the risk of being bypassed exists.
(2) Risk of the power terminal operating system: the operating system has no checking measure of the state of the operating system, and the risk of tampering the kernel or upper layer important software of the operating system exists; hackers can perform vulnerability attack, malicious code attack, virus infection and the like through measures such as vulnerability scanning and the like; when the system is normally bug-repaired, the risk of illegal patch implantation exists.
(3) The application safety risk of the power terminal is as follows: if the device has no integrity check measure for the received application software, there may be a risk of installing the application software from an illegal source, thereby being implanted with a virus or trojan horse.
Disclosure of Invention
In order to solve the above problems, the present invention provides a secure trusted boot method for an electric power terminal, including:
electrifying the power terminal, starting a credible chip, reading U-Boot data of the power terminal through the credible chip, calculating the metric value of the U-Boot according to the U-Boot data, measuring the metric value of the U-Boot according to a reference metric value through the credible chip, and controlling the MCU to electrify and start the power terminal if the measurement is successful;
loading U-Boot through the MCU, reading kernel data of an operating system of the power terminal by using the U-Boot, calculating a metric value of the kernel of the operating system according to the kernel data, transmitting the metric value of the kernel of the operating system to a trusted chip through the U-Boot, measuring the metric value of the kernel of the operating system according to a reference metric value through the trusted chip, and loading the kernel of the operating system through the U-Boot if the measurement is successful;
calculating the measurement value of the key component of the power terminal by using the trusted component of the kernel of the operating system, measuring the measurement value of the key component according to the reference measurement value through the trusted chip, and loading the key component through the kernel of the operating system if the measurement is successful;
and calculating the measurement values of the application program executable file and the configuration file of the power terminal through the trusted component, measuring the measurement values of the application program executable file and the configuration file according to the reference measurement value through the trusted chip, and if the measurement is successful, loading the application program by the key component and finishing the starting of the power terminal.
Optionally, the method further comprises generating a measurement report, wherein the measurement report comprises a decision or verification conclusion whether the state of the power terminal is authentic.
Optionally, the method further includes establishing a secure trusted protection mechanism for a hardware layer, a system layer, and an application layer of the target power terminal.
Optionally, the secure and trusted protection mechanism of the hardware layer specifically includes: a safe and credible protection mechanism of a credible computing platform module, a safe and credible protection mechanism of a credible chip and an interface safe access mechanism;
the safety credible protection mechanism of the credible computing platform module specifically comprises the following steps: adding a trusted third-party platform with functions of attack prevention, tampering prevention and detection prevention into the power terminal based on the trusted chip; verifying whether the power terminal is credible or not by measuring the operating system software and the application program assembly in the power terminal through the credible third party platform;
the security and credibility protection mechanism of the credible chip comprises the following steps: random number security mechanism, cryptographic algorithm correctness mechanism, COS algorithm security mechanism, and chip hardware security mechanism.
Optionally, the system layer and the application layer establish a secure trusted protection mechanism, specifically: a system layer and an application layer.
The invention also provides a safe and trusted starting system facing the power terminal, which comprises:
the electric power terminal starting unit is used for electrifying the electric power terminal, starting the credible chip, reading U-Boot data of the electric power terminal through the credible chip, calculating the metric value of the U-Boot according to the U-Boot data, measuring the metric value of the U-Boot according to the reference metric value through the credible chip, and controlling the MCU to electrify and start the electric power terminal if the measurement is successful;
the device comprises an operating system kernel loading unit, an operating system kernel loading unit and a power terminal kernel loading unit, wherein the operating system kernel loading unit loads U-Boot through an MCU (microprogrammed control unit), reads kernel data of an operating system of the power terminal by using the U-Boot, calculates a metric value of the operating system kernel according to the kernel data, transmits the metric value of the operating system kernel to a trusted chip through the U-Boot, measures the metric value of the operating system kernel according to a reference metric value through the trusted chip, and loads the operating system kernel through the U-Boot if the measurement is successful;
the key component loading unit is used for calculating the metric value of the key component of the power terminal by using the trusted component of the kernel of the operating system, measuring the metric value of the key component according to the reference metric value through the trusted chip, and loading the key component through the kernel of the operating system if the measurement is successful;
and the application program loading unit is used for calculating the metric values of the application program executable file and the configuration file of the power terminal through the trusted component, measuring the metric values of the application program executable file and the configuration file through the trusted chip according to the reference metric value, and if the measurement is successful, the key component loads the application program and completes the starting of the power terminal.
Optionally, the application loading unit is further configured to generate a measurement report, where the measurement report includes a determination or verification conclusion as to whether the state of the power terminal is authentic.
Optionally, the establishing mechanism unit establishes a secure trusted protection mechanism for a hardware layer, a system layer, and an application layer of the target power terminal.
Optionally, the secure and trusted protection mechanism of the hardware layer specifically includes: a safe and credible protection mechanism of a credible computing platform module, a safe and credible protection mechanism of a credible chip and an interface safe access mechanism;
the safety credible protection mechanism of the credible computing platform module specifically comprises the following steps: adding a trusted third-party platform with functions of attack prevention, tampering prevention and detection prevention at the power terminal based on the trusted chip; verifying whether the power terminal is credible or not through measurement of the credible third party platform on operating system software and application program components in the power terminal;
the security and credibility protection mechanism of the credible chip comprises the following steps: random number security mechanism, cryptographic algorithm correctness mechanism, COS algorithm security mechanism, and chip hardware security mechanism.
Optionally, the system layer and the application layer establish a secure trusted protection mechanism, which specifically includes: a system layer and an application layer.
The invention realizes the credible verification of the terminal starting process, and effectively prevents the events of malicious code attack, stealing or tampering of key information and the like in the terminal starting process.
Drawings
FIG. 1 is a flow chart of the method of the present invention;
FIG. 2 is a flow chart of an embodiment of the method of the present invention;
FIG. 3 is a block diagram of the system of the present invention;
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.
Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
The invention provides a safe and trusted starting method for an electric power terminal, as shown in fig. 1, comprising the following steps:
electrifying the power terminal, starting a trusted chip, reading U-Boot data of the power terminal through the trusted chip, calculating the metric value of the U-Boot according to the U-Boot data, measuring the metric value of the U-Boot according to a reference metric value through the trusted chip, and controlling the MCU to electrify and start the power terminal if the measurement is successful;
loading the U-Boot through the MCU, reading kernel data of an operating system of the power terminal by using the U-Boot, calculating a metric value of the kernel of the operating system according to the kernel data, transmitting the metric value of the kernel of the operating system to the trusted chip through the U-Boot, measuring the metric value of the kernel of the operating system according to a reference metric value through the trusted chip, and loading the kernel of the operating system through the U-Boot if the measurement is successful;
calculating the measurement value of the key component of the power terminal by using the trusted component of the kernel of the operating system, measuring the measurement value of the key component according to the reference measurement value through the trusted chip, and loading the key component through the kernel of the operating system if the measurement is successful;
and calculating the measurement values of the application program executable file and the configuration file of the power terminal through the trusted component, measuring the measurement values of the application program executable file and the configuration file according to the reference measurement value through the trusted chip, and if the measurement is successful, loading the application program by the key component and finishing the starting of the power terminal.
The invention is further illustrated by the following examples:
the operating system in the startup process takes Linux as an example, and the process is shown in fig. 2:
(1) And powering on the terminal, and starting the trusted chip.
(2) The trusted chip reads the U-Boot data and calculates the U-Boot metric value by using an SM3 algorithm.
(3) And the trusted chip measures according to the reference measurement value, if the measurement is successful, the MCU is controlled to be powered on, otherwise, the terminal cannot be started.
(4) The MCU loads the U-Boot, and the U-Boot reads the Linux kernel data.
(5) And the U-Boot calculates the Linux kernel metric value by using an SM3 algorithm through a trusted component.
(6) And the U-Boot transmits the Linux kernel metric value to the trusted chip.
(7) And the trusted chip measures according to the reference metric value and returns the result to the U-Boot.
(8) And if the measurement is successful, loading the Linux kernel by the U-Boot, and measuring the application program by the Linux kernel.
(9) The Linux kernel calculates key component (such as operating system key configuration file) metric values through the trusted component by using an SM3 algorithm.
(10) And the Linux kernel transmits the key component measurement value to the trusted chip.
(11) And the trusted chip measures according to the reference measurement value and returns the result to the Linux kernel.
(12) If the measurement is successful, the Linux kernel loads the critical component.
(13) And the key component calculates the measurement values of the executable file and the configuration file of the application program by using the SM3 algorithm or the SM2 signature verification algorithm through the credible component.
(14) And the key component transmits the executable file of the application program installation package and the configuration file metric value to the trusted chip.
(15) And the trusted chip measures according to the reference metric value and returns the result to the key component.
(16) If the measurement is successful, the critical component loads the application.
(17) And forming a measurement report which carries a judgment or verification conclusion on whether the terminal state is credible or not, and sending the measurement report to an entity needing to interact with the terminal or provide services for the terminal.
In order to protect the SM3 abstract value in the measurement process, a management mechanism is proposed to sign the SM3 abstract value generated in each step, and when a new signature value needs to be written into a trusted chip, the signature value is used for source identification.
The invention aims at establishing a secure and trusted mechanism for a terminal from three aspects of a hardware layer, a system layer and an application layer of the power terminal, and is described in detail below.
A hardware layer;
the hardware layer of the terminal mainly establishes a chip hardware security mechanism and a port security access mechanism;
a hardware layer trusted protection mechanism based on a trusted chip;
trusted computing platform module security mechanism:
the trusted computing of the hardware layer of the terminal is mainly realized by a trusted chip. Compared with the traditional security chip, the trusted chip has the greatest characteristic of embedding a trusted platform module (TCM), which is a system on chip integrated into a hardware structure through a bus. The TCM is internally packaged with security functions such as security storage, password application, certificate mechanism, security detection and the like required by building a trusted computing platform, and is used for providing basic security services for the platform. The method strictly protects important data signal lines and important storage areas, and internally stored data are difficult to snoop by using a man-made physical probe or a general optical detection technology. In addition to protecting the internal data, it also has its own safeguards against physical attacks. The pulling-out is prevented by using a signal detection mode during packaging. If the electronic device is pulled out of the mainboard, a pre-buried signal line is triggered, the signal on the signal line changes, and a hard interrupt is triggered. And then the system executes a self-destruction program to clear all internal data, so that the whole terminal trusted chip cannot be used.
The trusted platform is that a trusted third party with attack prevention, tampering prevention and detection prevention is added on the basis of a traditional trusted chip, and whether the terminal is trusted or not is verified through measurement of the trusted third party on operating system software and application program components in the terminal. The operation of the trusted platform module is prior to that of the operating system and the BIOS, and the trusted platform module mainly comprises five functions of integrity measurement, encrypted storage, identity authentication, access authorization of internal resources, encrypted transmission and the like.
The self security mechanism of the trusted chip;
1) Random number security. During the use of the trusted chip, random numbers are often used as important factors for authentication data and key generation. Therefore, the randomness of the random numbers must be sufficiently ensured. Random number security techniques are generally implemented by employing true random number generators.
2) Cryptographic algorithm security. The trusted chip supports the SM1, SM2, SM3, SM4 and SM7 algorithms, a safety protection mechanism is added in the algorithm implementation process, the adopted algorithms are verified through data provided by the national password administration, the verification result is correct, and the reliability of the safety algorithm is ensured.
3) Cryptographic algorithm correctness. The correctness of the built-in cryptographic algorithm of the trusted chip is checked in a self-checking mode during power-on and use. The method comprises the steps that related keys, plaintext data, ciphertext data and the like of an algorithm are preset in a power distribution credible chip, when the chip is powered on or algorithm related operations are carried out, the preset keys are used for carrying out encryption, decryption, signature verification or Hash calculation on the preset data, the calculation result is compared with an expected value, if the calculation result is the same as the expected value, self-checking is passed, other operations can be continuously executed, if the calculation result is different from the expected value, self-checking is not passed, corresponding error state words are juxtaposed, and other instruction operations cannot be continuously executed subsequently.
4) And (4) COS algorithm safety. The security system of the trusted chip software system (COS) mainly comprises a security state, a file access authority, a data exchange mode and security calculation.
5) Chip hardware security. In order to prevent the attack to the chip, the credible chip is provided with a voltage detector, a frequency detector, a temperature detector and a watchdog reset circuit.
An interface security access mechanism;
the power terminal should adopt a necessary interface security access mechanism to ensure that the physical interface is controllable. Including but not limited to: for the USB port, an authentication mechanism based on a peripheral interface is adopted, and the installation of a drive program of the illegal USB disk is forbidden; for the network port, the port used by the terminal for exchanging service data with the main station is reserved, and other useless ports and services are closed.
An operating system layer trust metric mechanism;
the operating system is the most core basic software loaded on hardware, and if the safety guarantee is lacked, the safety of the whole power terminal loses the basic guarantee. At present, the national standards of the security of an operating system include GB/T34976-2017 information security technology mobile intelligent terminal operating system security technical requirements and test evaluation methods, GB/T20272-2006 information security technology operating system security technical requirements and the like, and the management of software and hardware of mobile intelligent terminal equipment is realized through security functions such as identity authentication, access control, security audit and the like, so that the safe operation of the mobile intelligent terminal is ensured.
Common operating systems in the power terminal include embedded operating systems such as Linux, UNIX, vxworks, and the like, and taking the Linux operating system as an example, security mechanisms of the embedded operating systems mainly include user identity authentication, autonomous access control, mandatory access control, security audit, and the like. The access control mechanism is used as a core to guarantee the security of the system, the identity of an entity is determined through identity authentication, and the implementation of a security strategy is guaranteed through authorization and access control. However, during the operation of the entity inside the system, the security state of the entity may be changed due to an attack, and the security threat of the operating system cannot be protected only by the access control based on the identity authentication.
Structurally, the most different secure operating system from the general operating system is that a Trusted Computing Base (TCB) is built inside the secure operating system, and the whole system is protected by using the functions provided by the TCB. The TCB is the totality of protection devices in the operating system, including the combination of hardware, firmware, software and the responsibility for executing security policies, and is the core of the operating system for implementing security functions. However, the integrity of the TCB cannot be guaranteed, so that combining the trusted computing technology with the traditional secure operating system becomes a new solution for guaranteeing the security of the operating system. A trusted chip is added into a computing platform to serve as a hardware trusted root, the trusted root is incorporated into a TCB to serve as a core of the TCB, and then a trust chain is built and expanded step by means of a trust chain transmission mechanism, first-level measurement and first-level authentication. And by utilizing a trusted computing technology, enhancing the security mechanism of the operating system and constructing a trusted operating environment inside the operating system. In particular, trusted computing technology provides the following important support and guarantee for operating system security:
(1) And a hardware credible root is provided to ensure the credibility of the initial state of the system. A trusted control module TPCM is added into a power terminal computing platform, the TPCM is started before a CPU, active trusted measurement is carried out on initial codes of a system, trusted measurement root Cores (CRTM) in the TPCM are taken as measurement starting points, entities obtaining execution authorities in the platform are subjected to trusted measurement step by step, a trust chain of the system is built, the trust of the initial state of any execution entity in the system is guaranteed, and the trust of the overall initial state of the system is guaranteed through the extension of the trust chain. The initial state of the system is credible, so that the correct implementation of the security strategy and the normal operation of the security mechanism are effectively ensured, and a foundation is laid for the safe operation of the operating system.
(2) And providing the cryptographic service guarantee based on hardware. The cryptographic technology is the core of information security, and a large number of cryptographic mechanism applications exist in confidentiality and integrity security mechanisms in an operating system. The cryptosystem realized in a software mode is difficult to ensure the safety of the cryptosystem, the trusted computing technology provides cryptosystem services supported by physical hardware, the cryptosystem has good isolation and computing efficiency, and the TPCM module provides cryptosystem algorithm engines such as a symmetric cryptosystem algorithm, an asymmetric cryptosystem algorithm and a hash function, and can provide efficient cryptosystem service guarantee for an operating system.
(3) Providing secure storage for important core data. At the heart of the effectiveness of many important security mechanisms, the security of key security data directly determines the security of the data encryption storage mechanism, for example, the security of a key, and the security of a security policy file directly determines the security of the system security function implementation. In a traditional operating system, the isolation of important information such as security policies and user keys from a storage environment and a system operating environment is poor, and a storage protection function is weak, so that effective storage protection support cannot be provided for normal implementation of a security mechanism. Through the security storage function of trusted computing, important key security related data can be directly stored in the TPCM, or the confidentiality and integrity of the important security data are protected by the TPCM, the TPCM is isolated from the operating environment of an operating system, the security of the important security related data is ensured, and effective security storage support is provided for the implementation of a system security mechanism.
(4) Trusted integrity measurement and reporting. The security mechanism of the traditional operating system can only ensure the safe and reliable operation of the system through security measures, but the correct implementation of the internal security mechanism is difficult to prove through the computing platform itself due to the lack of a trusted party relatively independent from the system, and the operating system does not have the capability of proving the safe operation state of the operating system itself. The hardware trusted root is added into the system, the system has the capability of proving the trusted state of the system on the premise that a user trusts the hardware trusted root with uniform and standard, the trusted running state of the operating system can be proved to the outside through the trusted measurement and the trusted report function of the trusted root, and important trust support is provided for safe application in a network environment.
In conclusion, the trusted computing technology is used for providing a hardware trusted root for the terminal operating system, so that a trust chain can be effectively constructed in the system, a password service guarantee and a safe storage capacity are provided for the safety of the operating system, and a powerful password support and a trusted guarantee are provided for the safety of the operating system.
A business application software trust metric;
if the trusted chip is relied on to dynamically measure the process or the application program of the terminal, the normal operation of the service is influenced to a great extent. Therefore, for the key business application software with longer running time and more basic functions, the credibility measurement from the chip to the operating system and then to the business application software is realized on the basis of the credible chip, and the integrity of the business application software is ensured; and for other business application software, a dynamic credibility measurement mode is suggested to be adopted to monitor the application software state of the terminal. The dynamic credibility measurement is mainly based on dynamic monitoring and analysis calculation of important state characteristic indexes and user behavior indexes in operation, correlation analysis is carried out on the characteristic indexes by using a mode identification method, finally the risk types are identified, the risk grades are judged according to the specific change conditions of the characteristic indexes, and the function is realized based on a safety monitoring system or a platform.
The invention further provides a secure trusted boot system for an electric power terminal, as shown in fig. 3, including:
the electric power terminal starting unit 201 is used for electrifying the electric power terminal, starting a credible chip, reading U-Boot data of the electric power terminal through the credible chip, calculating a metric value of the U-Boot according to the U-Boot data, measuring the metric value of the U-Boot according to a reference metric value through the credible chip, and controlling the MCU to electrify and start the electric power terminal if the measurement is successful;
the operating system kernel loading unit 202 loads the U-Boot through the MCU, reads kernel data of the operating system of the power terminal by using the U-Boot, calculates a metric value of the kernel of the operating system according to the kernel data, transmits the metric value of the kernel of the operating system to the trusted chip through the U-Boot, measures the metric value of the kernel of the operating system according to a reference metric value through the trusted chip, and loads the kernel of the operating system through the U-Boot if the measurement is successful;
the key component loading unit 203 is used for calculating the metric value of the key component of the power terminal by using the trusted component of the kernel of the operating system, measuring the metric value of the key component according to the reference metric value through the trusted chip, and loading the key component through the kernel of the operating system if the measurement is successful;
the application program loading unit 204 is used for calculating the metric values of the application program executable file and the configuration file of the power terminal through the trusted component, measuring the metric values of the application program executable file and the configuration file according to the reference metric value through the trusted chip, and if the measurement is successful, the key component loads the application program and completes the starting of the power terminal;
the establishing mechanism unit 205 establishes a secure trusted protection mechanism for a hardware layer, a system layer and an application layer of the target power terminal.
The application loading unit 204 is further configured to generate a measurement report, where the measurement report includes a determination or verification conclusion whether the status of the power terminal is authentic.
The security and trust protection mechanism of the hardware layer specifically includes: a safe and credible protection mechanism of a credible computing platform module, a safe and credible protection mechanism of a credible chip and an interface safe access mechanism;
the safety credible protection mechanism of the credible computing platform module specifically comprises the following steps: adding a trusted third-party platform with functions of attack prevention, tampering prevention and detection prevention into the power terminal based on the trusted chip; verifying whether the power terminal is credible or not by measuring the operating system software and the application program assembly in the power terminal through the credible third party platform;
the security and credibility protection mechanism of the credible chip comprises the following steps: random number security mechanism, cryptographic algorithm correctness mechanism, COS algorithm security mechanism, and chip hardware security mechanism.
The system layer and the application layer establish a secure and trusted protection mechanism, specifically: a system layer and an application layer.
The invention realizes the credible verification of the terminal starting process, and effectively prevents the events of malicious code attack, stealing or tampering of key information and the like in the terminal starting process.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The scheme in the embodiment of the invention can be realized by adopting various computer languages, such as object-oriented programming language Java and transliterated scripting language JavaScript.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A secure trusted boot method for a power terminal, the method comprising:
electrifying the power terminal, starting a credible chip, reading U-Boot data of the power terminal through the credible chip, calculating the metric value of the U-Boot according to the U-Boot data, measuring the metric value of the U-Boot according to a reference metric value through the credible chip, and controlling the MCU to electrify and start the power terminal if the measurement is successful;
loading U-Boot through the MCU, reading kernel data of an operating system of the power terminal by using the U-Boot, calculating a metric value of the kernel of the operating system according to the kernel data, transmitting the metric value of the kernel of the operating system to a trusted chip through the U-Boot, measuring the metric value of the kernel of the operating system according to a reference metric value through the trusted chip, and loading the kernel of the operating system through the U-Boot if the measurement is successful;
calculating the measurement value of a key component of the power terminal by using a trusted component of an operating system kernel, measuring the measurement value of the key component according to a reference measurement value through a trusted chip, and loading the key component through the operating system kernel if the measurement is successful;
and calculating the measurement values of the application program executable file and the configuration file of the power terminal through the trusted component, measuring the measurement values of the application program executable file and the configuration file according to the reference measurement value through the trusted chip, and if the measurement is successful, loading the application program by the key component and finishing the starting of the power terminal.
2. The method of claim 1, further comprising generating a metrics report including a decision or verification conclusion as to whether the power terminal status is authentic.
3. The method of claim 1, further comprising establishing a secure trusted defense mechanism for a hardware layer, a system layer, and an application layer of the target power terminal.
4. The method according to claim 3, wherein the security and trust protection mechanism of the hardware layer specifically includes: a safe and credible protection mechanism of a credible computing platform module, a safe and credible protection mechanism of a credible chip and an interface safe access mechanism;
the safety credible protection mechanism of the credible computing platform module specifically comprises the following steps: adding a trusted third-party platform with functions of attack prevention, tampering prevention and detection prevention into the power terminal based on the trusted chip; verifying whether the power terminal is credible or not by measuring the operating system software and the application program assembly in the power terminal through the credible third party platform;
the security and credibility protection mechanism of the credible chip comprises the following steps: random number security mechanism, cryptographic algorithm correctness mechanism, COS algorithm security mechanism, and chip hardware security mechanism.
5. The method according to claim 3, wherein the system layer and the application layer establish a secure trusted protection mechanism, specifically: a system layer and an application layer.
6. A secure trusted boot system for a power terminal, the system comprising:
the electric power terminal starting unit is used for electrifying the electric power terminal, starting the credible chip, reading U-Boot data of the electric power terminal through the credible chip, calculating the metric value of the U-Boot according to the U-Boot data, measuring the metric value of the U-Boot according to the reference metric value through the credible chip, and controlling the MCU to electrify and start the electric power terminal if the measurement is successful;
the operating system kernel loading unit loads U-Boot through the MCU, reads kernel data of the operating system of the power terminal by using the U-Boot, calculates a metric value of the kernel of the operating system according to the kernel data, transmits the metric value of the kernel of the operating system to the trusted chip through the U-Boot, measures the metric value of the kernel of the operating system according to a reference metric value through the trusted chip, and loads the kernel of the operating system through the U-Boot if the measurement is successful;
the key component loading unit is used for calculating the metric value of the key component of the power terminal by using the trusted component of the kernel of the operating system, measuring the metric value of the key component according to the reference metric value through the trusted chip, and loading the key component through the kernel of the operating system if the measurement is successful;
and the application program loading unit is used for calculating the metric values of the application program executable file and the configuration file of the power terminal through the trusted component, measuring the metric values of the application program executable file and the configuration file through the trusted chip according to the reference metric value, and if the measurement is successful, the key component loads the application program and completes the starting of the power terminal.
7. The system of claim 6, the application loading unit further configured to generate a metrics report, the metrics report including a determination or verification conclusion as to whether the power terminal status is authentic.
8. The system of claim 6, wherein the establishing mechanism unit establishes a secure trusted protection mechanism for a hardware layer, a system layer and an application layer of the target power terminal.
9. The system of claim 8, wherein the secure trusted defense mechanism of the hardware layer specifically includes: a safe and credible protection mechanism of a credible computing platform module, a safe and credible protection mechanism of a credible chip and an interface safe access mechanism;
the safety credible protection mechanism of the credible computing platform module specifically comprises the following steps: adding a trusted third-party platform with functions of attack prevention, tampering prevention and detection prevention into the power terminal based on the trusted chip; verifying whether the power terminal is credible or not by measuring the operating system software and the application program assembly in the power terminal through the credible third party platform;
the security and credibility protection mechanism of the credible chip comprises the following steps: random number security mechanism, cryptographic algorithm correctness mechanism, COS algorithm security mechanism, and chip hardware security mechanism.
10. The system of claim 8, wherein the system layer and the application layer establish a secure trusted defense mechanism, specifically: a system layer and an application layer.
CN202111139203.5A 2021-09-26 2021-09-26 Safe and trusted starting method and system for power terminal Pending CN115879087A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111139203.5A CN115879087A (en) 2021-09-26 2021-09-26 Safe and trusted starting method and system for power terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111139203.5A CN115879087A (en) 2021-09-26 2021-09-26 Safe and trusted starting method and system for power terminal

Publications (1)

Publication Number Publication Date
CN115879087A true CN115879087A (en) 2023-03-31

Family

ID=85763129

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111139203.5A Pending CN115879087A (en) 2021-09-26 2021-09-26 Safe and trusted starting method and system for power terminal

Country Status (1)

Country Link
CN (1) CN115879087A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116340956A (en) * 2023-05-25 2023-06-27 国网上海能源互联网研究院有限公司 Trusted protection optimization method and device for electric embedded terminal equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116340956A (en) * 2023-05-25 2023-06-27 国网上海能源互联网研究院有限公司 Trusted protection optimization method and device for electric embedded terminal equipment
CN116340956B (en) * 2023-05-25 2023-08-08 国网上海能源互联网研究院有限公司 Trusted protection optimization method and device for electric embedded terminal equipment

Similar Documents

Publication Publication Date Title
Wang et al. Enabling security-enhanced attestation with Intel SGX for remote terminal and IoT
KR101296483B1 (en) Validation and/or authentication of a device for communication with a network
CN103038745B (en) Extension integrity measurement
EP3262560B1 (en) System and method for verifying integrity of an electronic device
US20190253417A1 (en) Hardware device and authenticating method thereof
CN106815494A (en) A kind of method that application security certification is realized based on CPU space-time isolation mech isolation tests
US20050283826A1 (en) Systems and methods for performing secure communications between an authorized computing platform and a hardware component
CN106991329A (en) A kind of trust calculation unit and its operation method based on domestic TCM
EP3295352A1 (en) Client software attestation
Paverd et al. Hardware security for device authentication in the smart grid
CN103827881A (en) Method and system for dynamic platform security in a device operating system
CN102833745B (en) Method, communication equipment and communication system that a kind of software security is upgraded
Itoi et al. Personal secure booting
CN106603487A (en) Method for safe improvement of TLS protocol processing based on CPU space-time isolation mechanism
CN113726726B (en) Electric power Internet of things credible immune system based on edge calculation and measurement method
Dave et al. Sracare: Secure remote attestation with code authentication and resilience engine
CN105933117A (en) Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage
CN115879087A (en) Safe and trusted starting method and system for power terminal
CN113132310A (en) Safe access method and system for power distribution terminal and power distribution master station
CN116484379A (en) System starting method, system comprising trusted computing base software, equipment and medium
CN116956298A (en) Application running environment detection method and device
Zaharis et al. Live forensics framework for wireless sensor nodes using sandboxing
CN111723379A (en) Trusted protection method, system, equipment and storage medium for trusted platform zone intelligent terminal
Surendrababu System Integrity–A Cautionary Tale
Galanou et al. Matee: Multimodal attestation for trusted execution environments

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination