CN116432164A - Identity authentication method and device of SRAM - Google Patents

Identity authentication method and device of SRAM Download PDF

Info

Publication number
CN116432164A
CN116432164A CN202210010593.4A CN202210010593A CN116432164A CN 116432164 A CN116432164 A CN 116432164A CN 202210010593 A CN202210010593 A CN 202210010593A CN 116432164 A CN116432164 A CN 116432164A
Authority
CN
China
Prior art keywords
sram
bit
stable
original state
same
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210010593.4A
Other languages
Chinese (zh)
Inventor
何丹地
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Pafu Information Technology Co ltd
Original Assignee
Nanjing Pafu Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Pafu Information Technology Co ltd filed Critical Nanjing Pafu Information Technology Co ltd
Priority to CN202210010593.4A priority Critical patent/CN116432164A/en
Publication of CN116432164A publication Critical patent/CN116432164A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an identity authentication method and device of SRAM, comprising: respectively reading bit distribution of the original state of the corresponding SRAM after the first power-up and the second power-up, and extracting a characteristic value and identity identification information; the characteristic value includes a plurality of stable bit groups. Searching the original state of the SRAM chip to be authenticated according to the characteristic value, and extracting packet address information of n continuous bit groups when the n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value. And comparing the packet address information with the identity identification information, and if the packet address information is the same as the identity identification information, passing the identity authentication of the SRAM chip and the equipment where the SRAM chip is located. And extracting stable characteristic values and packet address information by using the original state information of the SRAM, and generating a secret key for identity authentication by using the stable characteristic values and the packet address information in an encryption system of the SRAM and equipment where the SRAM is positioned. The process does not generate help data, does not have plaintext storage, does not leak data information, and improves the safety of the SRAM and the encryption system of the equipment.

Description

Identity authentication method and device of SRAM
Technical Field
The invention relates to the technical field of SRAM (static random Access memory), in particular to an identity authentication method and device of SRAM.
Background
The PUF is an abbreviation of Physical unclonable function physical unclonable function, and the SRAM PUF is a PUF characteristic of an SRAM (static random access memory) and represents bit distribution of an original state of a chip when the SRAM is powered on. The original state, i.e., after the SRAM is powered up, each bit cell of the SRAM has its original state before no data is written due to the random difference in threshold voltages.
The original state is related to the fine process deviation in the SRAM manufacturing process, and is related to the working voltage, temperature and aging of the chip. The original state of the SRAM represents a bit distribution of "0" and "1" across the SRAM chip, which is random after the SRAM is powered up before data is not written.
The disadvantage of SRAM PUFs is very sensitive, and is susceptible to environmental factors such as operating voltage, temperature, aging, etc., because of these effects, the original state of each power-on SRAM is different from one time to another, and thus the information of the SRAM PUF after each power-on of the same SRAM is different.
That is, the original state after the power-up is read at present is not the original state read after the power-up before, and the original state is always changed, so that the identification authentication cannot be compared. To overcome this problem, it is conventional practice to recover the previous original state, i.e. the previous PUF information, by fuzzy error correction using an error correction algorithm. The specific method is to generate Helper Data, firstly, a random number is used to obtain a random code u through a coding algorithm, and the Helper Data is obtained by bitwise exclusive-or of the u and a response R of a PUF at one time. The help data and the current response R 'of the PUF are exclusive-or to obtain a code u', compared with the code u, the code u is recovered by error correction through a decoding algorithm, and then the code u and the help data are exclusive-or to recover a certain previous response R.
However, in the prior art, the help data is needed to be stored or transmitted in a plaintext through the original state information of the SRAM before the help data is recovered through an error correction algorithm, however, the help data and the response have a certain correlation, the information can be revealed by the data stored or transmitted in the plaintext, an attacker can attack the original state information of the SRAM through rewriting the help data, and the security of the encryption system is reduced by the way of storing or transmitting the help data in the plaintext.
Therefore, on the basis of the existing method and device for obtaining the original state (SRAM PUF) of the SRAM, how to provide an identity authentication method and device, so as to extract the stable characteristic value of the PUF from the information of the original state of the SRAM with different powers on each time, and use the corresponding packet address information as an encryption material for the encryption system of the SRAM and the device where the SRAM is located, as a means for authenticating the identity, which is a problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above problems, the present invention provides an identity authentication method and apparatus for an SRAM, which at least solves some of the above technical problems, and may extract a feature value of original state information of the SRAM, obtain packet address information corresponding to the feature value, and perform identity recognition, authentication, encryption and decryption on the SRAM and a device where the SRAM is located.
The embodiment of the invention provides an identity authentication method of an SRAM, which comprises the following steps:
s1, respectively reading bit distribution of the original state of the corresponding SRAM after the first power-up and the second power-up, and extracting a characteristic value and identity identification information; the characteristic value comprises a plurality of stable bit groups; the bit distribution of the original state of the SRAM comprises: each bit value and address in the SRAM;
s2, searching the original state of the SRAM chip to be authenticated according to the characteristic value, and extracting grouping address information of n continuous bit groups when the n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value; n is a preset threshold value; the matching includes: the order of the digits is the same and the number is the same;
s3, comparing the grouping address information with the identity identification information, and if the grouping address information is the same, passing the identity authentication of the SRAM chip and the equipment where the SRAM chip is located; the same includes: the number of bits is the same and the number of digits is the same.
Further, the step S1 includes:
s11, reading each bit value and each address of the SRAM after the first power-on, recording and storing, generating bit distribution of the original state of the first SRAM, and dividing a first bit group set;
s12, powering off the SRAM, powering on again, reading each bit value and address of the SRAM after the second power-on, recording and storing, generating bit distribution of the original state of the second SRAM, and dividing a second bit group set;
s13, comparing the bit distribution of the first SRAM original state with the bit distribution of the second SRAM original state bit by bit, and classifying the same bit value as a stable bit;
s14, classifying the bit group with the most stable bits in the second bit group set as the most stable group; extracting continuous m stable bits from the most stable group to form a stable bit group, wherein a plurality of stable bit groups form a characteristic value; taking the grouping address information corresponding to the characteristic value as identity identification information; m is a preset number.
Further, in the step S1, the feature value and the identification information are stored separately.
Further, the step S2 includes:
s21, reading each bit value and address of the SRAM chip to be authenticated after power-on, recording and storing, generating bit distribution of the original state of the SRAM chip to be authenticated, and dividing a third bit group set;
s22, comparing the bit groups in the third bit group set with the characteristic values respectively; when n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value, extracting grouping address information of the n continuous bit groups; n is a preset threshold value; the contiguous group of bits comprises m contiguous bits; the matching includes: the order of the bits is the same and the number is the same.
The embodiment of the invention also provides an identity authentication device of the SRAM, which is suitable for the identity authentication method of the SRAM, and comprises the following steps:
the extraction module is used for respectively reading bit distribution of the corresponding SRAM original state after the first power-up and the second power-up, and extracting the characteristic value and the identity identification information; the characteristic value comprises a plurality of stable bit groups; the bit distribution of the original state of the SRAM comprises: each bit value and address in the SRAM;
the searching module is used for searching the original state of the SRAM chip to be authenticated according to the characteristic value, and extracting grouping address information of n continuous bit groups when the n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value; n is a preset threshold value; the matching includes: the order of the digits is the same and the number is the same;
the authentication module is used for comparing the grouping address information with the identity identification information, and if the grouping address information is the same as the identity identification information, the SRAM chip and the equipment where the SRAM chip is located pass the identity authentication; the same includes: the number of bits is the same and the number of digits is the same.
Further, the extraction module includes:
the first reading submodule is used for reading each bit value and address of the SRAM after the first power-on, recording and storing, generating bit distribution of the original state of the first SRAM, and dividing a first bit group set;
the second reading submodule is used for reading each bit value and address of the SRAM after the second power-up when the SRAM is powered off and powered on again, recording and storing the bit values and addresses, generating bit distribution of the original state of the second SRAM, and dividing a second bit group set;
the first comparison submodule is used for comparing the bit distribution of the first SRAM original state and the bit distribution of the second SRAM original state bit by bit and classifying the same bit value as a stable bit;
an acquisition sub-module, configured to classify, as a most stable group, a bit group in the second bit group in which the most stable bits exist; extracting continuous m stable bits from the most stable group to form a stable bit group, wherein a plurality of stable bit groups form a characteristic value; taking the grouping address information corresponding to the characteristic value as identity identification information; m is a preset number.
Further, the searching module includes:
the third reading submodule is used for reading each bit value and address of the SRAM chip to be authenticated after power-on, recording and storing, generating bit distribution of the original state of the SRAM chip to be authenticated, and dividing a third bit group set;
a second comparing sub-module, configured to compare the bit groups in the third bit group set with the feature values respectively; when n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value, extracting grouping address information of the n continuous bit groups; n is a preset threshold value; the contiguous group of bits comprises m contiguous bits; the matching includes: the order of the bits is the same and the number is the same.
The technical scheme provided by the embodiment of the invention has the beneficial effects that at least:
the identity authentication method of the SRAM provided by the embodiment of the invention comprises the following steps: respectively reading bit distribution of the original state of the corresponding SRAM after the first power-up and the second power-up, and extracting a characteristic value and identity identification information; the characteristic value comprises a plurality of stable bit groups; the bit distribution of the original state of the SRAM includes: each bit value in SRAM, and an address. Searching the original state of the SRAM chip to be authenticated according to the characteristic value, and extracting grouping address information of n continuous bit groups when the n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value; n is a preset threshold value; matching includes: the order of the bits is the same and the number is the same. And comparing the packet address information with the identity identification information, and if the packet address information is the same as the identity identification information, passing the identity authentication of the SRAM chip and the equipment where the SRAM chip is located. The method utilizes the original state information of the SRAM to extract stable characteristic values and grouping address information, and is used for an encryption system of the SRAM and equipment where the SRAM is located to generate a secret key for identity authentication, encryption and decryption. The process does not generate help data, does not have plaintext storage or transmission of the help data, further does not leak data information, and improves the safety of the SRAM and the encryption system of the equipment.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
FIG. 1 is a flowchart of an identity authentication method of an SRAM according to an embodiment of the present invention;
FIG. 2 is a diagram of an external hardware configuration provided in an embodiment of the present invention;
fig. 3 is a block diagram of an identity authentication device of an SRAM according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The embodiment of the invention provides an identity authentication method of an SRAM, which is shown by referring to FIG. 1 and comprises the following steps:
s1, respectively reading bit distribution of the original state of the corresponding SRAM after the first power-up and the second power-up, and extracting a characteristic value and identity identification information; the characteristic value comprises a plurality of stable bit groups; the bit distribution of the original state of the SRAM includes: each bit value and address in the SRAM;
s2, searching an initial state of the SRAM chip to be authenticated according to the characteristic value, and extracting grouping address information of n bit groups when the n bit groups in the initial state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value; n is a preset threshold value; matching includes: the order of the digits is the same and the number is the same;
s3, comparing the grouping address information with the identity identification information, and if the grouping address information is the same, passing the identity authentication of the SRAM chip and the equipment where the SRAM chip is located; the same includes: the number of bits is the same and the number of digits is the same.
Specifically, the "coincidence" means that the above-mentioned n bit groups are identical to the bit order of the bits in each of the n stable bit groups, and at the same time, the respective values of the bits in each group are identical. The term "identical" means that the packet address information and the identification information are identical not only in the total number of bits of the information, but also in the numerical value of each bit. For example, 101 and 101 are compared, the total number of bits is 3, the first bit is the same as 1, the second bit is the same as 0, and the third bit is the same as 1, which can be regarded as "same".
The SRAM chip and the device thereof refer to an electronic device including an SRAM memory, for example, an air conditioner, a mobile phone, a telephone, a smart IC card, and the like all include an SRAM for storing programs and exchanging data. In practice, the single-chip microcomputer widely uses SRAM in a manner of an internal SRAM or an external SRAM, so that the device in which the single-chip microcomputer is located mainly refers to an electronic device including the single-chip microcomputer.
In this embodiment, a characteristic value of PUF stability can be extracted from different PUF information (original state of SRAM) of the SRAM when power is applied each time, and packet address information corresponding to the SRAM is obtained by using the characteristic value, and is used for an SRAM memory and an encryption system of the device where the SRAM memory is located to generate a key for identity authentication, encryption and decryption. The identity authentication method of the SRAM does not generate help data, does not store or transmit the help data in a plaintext mode, further does not leak data information, and improves the safety of the SRAM and an encryption system of equipment where the SRAM is located.
The following describes the steps in detail with specific examples:
firstly, an external hardware structure is established, and referring to fig. 2, the external hardware structure comprises an SRAM memory, a single chip Microcomputer (MCU) and a power supply, wherein the SRAM memory contains SRAM PUF information (SRAM original state).
And extracting the characteristic value and the identity identification information of the SRAM.
After power-on, the SRAM PUF reading program reads the value of each bit of the SRAM and the corresponding address in the SRAM, records and stores the value and the address of each bit of the SRAM, and forms the bit distribution of the original state of the SRAM. After the SRAM is powered off, the SRAM is powered on again, and the SRAM PUF reading program reads the bit distribution of the original state of the SRAM in the same way as above.
For each identical address, the SRAM PUF read program compares its value bit by bit for the bit distribution after the second power up. For the same address, the secondary power-on bit values are all the same, unchanged, and for a stable bit, SRAM is usually in units of bytes, which are stable bytes if the bytes are all the same. The bit values after the secondary power-up are different, the unstable bit is changed, and the byte is the unstable byte.
The bits of the SRAM are grouped, and the bit groups are divided according to an arbitrary division rule, which is not limited in this embodiment.
For example: taking 128Kbytes SRAM as an example, 128Kbytes are basic units, so that 128Kbytes are divided into 1000 x 128bytes, that is, 1000 groups. The stable bytes in each group are counted, and the most stable group is the stable bytes, for example, 71 stable bytes in 128bytes in 70 groups in 1000 groups and 71 stable bytes in 1000 groups are the most, so that the 70 groups are determined to be the most stable groups. After the most stable group is determined, the eigenvalues are found and determined for that group. The rule for determining the characteristic value is that consecutive stable bits or bytes constitute a characteristic value. That is, a plurality of consecutive stable bits constitute one stable bit group, and a plurality of stable bit groups constitute one characteristic value. In this embodiment, the dividing rule of the feature value and the value of the number of continuous stable bits are not limited, and may be set according to practical situations.
Continuing with the 128KBytes SRAM as an example, the most stable set of specific bytes is distributed as follows, with unstable bytes underlined and stable bytes not underlined:
38 F0 50 F3 28 A9 D9 0F ED A5 37 45 AE 55 B5 D7 D1 7A 07 92 B8 6E 82B3 FA 32 B0 77 B6 63 31 ED D8 1A D7 B8 98 3E 57 25 A0 AB FE E1 42 30 47 20 A8 A8 32 14 8C D4 B6 53 E1 D2 9B 90 A4 0A B2 21 FC AB A2 1F 5D F1 E2 96 BB 44 F1 8A C9 64 EB 52 78 0A 2A D4 76 9A CD 24 47 63 C5 AA F4 0A EC A6 BC E3 38 12 D4 2B 71 B4 53 BE 78 84 DA 2E B0 54 96 3F A2 95 2A 3E FA 66 93 B5 A8 15 4A 64 9C 6F
the characteristic value of the most stable group is determined, and assuming that 3 continuous stable bytes form a stable bit group, 3 bytes identified as follows [ in terms of rules ] are taken as a stable bit group, and total 17 stable bit groups are taken as a total to form a characteristic value:
【38 F0 50】【F3 28 A9】D9 1F AD【A5 37 45】【AE 55 B5】【D7 D1 7A】07 8A B8 6E 83 B3 FA 33【F0 77 B6】61 31 ED 50【1A D7 B8】18 3A 5F A5 A0 8B 76【E1 42 30】C5 24A8 A8 BA 34 8C D4 16 D1 E1 DA DB【90 A4 0A】90 21 74 AA【A2 1F 5D】91 E2 16 BA【44 F1 8A】【C9 64 EB】72 68 0A 1A【D4 76 9A】【CD 24 47】【63 C5 AA】D4【0A EC A6】BC E3 29 12 D4 2B 71 B4 53 BE 78 84 DA【2E B0 54】96 3F A2 95 2A 3E FA 66 93 B5 A8 15 4A 64 9C 6F
the 17 stable bit groups are listed singly, the original state of the SRAM is searched through the characteristic value, and the 17 stable bit groups form a characteristic value:
【38 F0 50】【F3 28 A9】【A5 37 45】【AE 55 B5】【D7 D1 7A】【F0 77 B6】【1A D7 B8】【E1 42 30】【90 A4 0A】【A2 1F 5D】【44 F1 8A】【C9 64 EB】【D4 76 9A】【CD 24 47】【63 C5 AA】【0A EC A6】【2E B0 54】
finally, according to the most stable group being the 70 th group, the corresponding 128byte address range is 20008200-2000827F, and certain address such as 2000823C is selected as packet address information (characteristic information) to be used as identity identification information for identity authentication, encryption and decryption.
The following four embodiments specifically illustrate the practical application scenario of the SRAM identity authentication method:
example 1
The identification of the SRAM chip is carried out by the searched characteristic value and the packet address information, and the implementation process is as follows:
a: the extracted characteristic value is recorded as the characteristic of the SRAM chip fingerprint. Meanwhile, the address information of the packet in which the feature value is located is registered as identity identification information. To enhance security, the identification information is recorded separately from the characteristic values.
B: when identity authentication is carried out, the original state of the SRAM chip is searched according to the characteristic value, and if a plurality of continuous bytes exceeding the threshold number in a certain group are matched with the recorded characteristic value, the group is confirmed to be the most stable group (the most stable group) when the power is on before. The method specifically comprises the following steps:
since the original state of the SRAM is different from the original state of the SRAM after power-on every time, the PUF information (the original state of the SRAM) of the SRAM after power-on is searched and compared according to the characteristic values, and most of the characteristic values do not coincide. If there are a plurality of bytes in succession in the original state of the SRAM chip that match a stable bit set in the extracted feature values, the SRAM matches a stable bit set. The continuous bytes are consistent with the recorded characteristic values, and the number of bits is the same in one aspect; and secondly, the numerical values are the same.
Searching the original state of the SRAM with the feature value, it happens that one feature value searches for two or more consecutive byte matches, and thus two different packets, one of which is false, correspond to the feature value. The number of stable bit groups in the coincidence characteristic value is compared, and the packets which are more than the number of stable bit groups and are larger than the threshold value are true. The most stable packet before power-on is searched by the characteristic value, and the address information of the packet is used as encryption material.
Optionally, a threshold value is set, for example, 4, if there are more than the threshold number of continuous feature values in a certain packet of the SRAM chip, the chip is the target that we search for, the identity authentication is passed, and the packet is the most stable packet when powered up before. The value of the threshold is not limited in this embodiment.
The most stable packet before power-on is searched by the characteristic value, and the address information of the packet is used as encryption material.
Continuing to take the 128kbytes as an example, searching the original state of the SRAM chip after power-on one by one according to 17 stable bit groups, and finding that 6 continuous 3 bytes in one packet 128Byte conform to 6 of the 17 stable bit groups, wherein the following feature values with double quotation marks ("") are the conforming feature values:
38 F0 50“F3 28 A9”A5 37 45“AE 55 B5”“D7 D1 7A”F0 77 B6“1A D7 B8”E1 42 30“90 A4 0A”A2 1F 5D 44 F1 8A C9 64 EB“D4 76 9A”CD 24 47 63 C5 AA 0A EC A6 2E B0 54
c: and extracting address information of the packet, comparing the address information with registered identity identification information, and if the address information is the same, passing the identity authentication of the SRAM and the equipment where the SRAM is located.
Example 2
The method for applying the searched characteristic value and the packet address information as encryption materials to identity authentication, encryption and decryption takes an M-sequence linear shift register as an example, and the process is as follows:
a: and taking the extracted characteristic value as a random number seed of the M-sequence linear shift register.
B: the extracted packet address information is used as an input signal (of an encryption algorithm) and is input into an M-sequence linear shift register, a rule of M-sequence polynomial shift is determined, a pseudo-random sequence is obtained through linear shift, and the number of linear shift times is stored.
C: the pseudo-random sequence is transmitted to the counterpart and recorded as identification information.
D: when the identity authentication is carried out, the opposite party sends back the pseudo-random sequence, the pseudo-random signal is utilized to carry out descrambling operation on the M-sequence linear shift register, and the random number seeds can be restored according to the previously determined M-sequence polynomial shift rule (comprising the linear shift times) in a reverse linear shift mode, and the initial input signal is obtained.
E: since the random number seed is composed of the characteristic values, the original state of the SRAM after power-on is searched by the random number seed, if a plurality of continuous bytes exceeding the threshold number in a certain group are searched to be consistent with the characteristic values, the group is confirmed to be the most stable group (the most stable group) when power-on is performed at a certain time.
Successive bytes match the eigenvalues meaning that the order of the digits is the same as the numerical value, e.g., the eigenvalue is 3 bytes and successive 3 bytes match the eigenvalue.
F: checking whether the address information corresponding to the packet is the same as the input signal obtained by the descrambling operation, and if so, confirming the chip identity and passing the authentication.
Example 3
The method for applying the searched characteristic value and the packet address information as encryption materials to identity authentication, encryption and decryption takes an M-sequence linear shift register as an example, and the process is as follows:
a: the extracted packet address information is used as a random number seed of an M-sequence linear shift register.
B: the extracted characteristic value is used as an input signal (of an encryption algorithm) and is input into an M-sequence linear shift register, a rule of M-sequence polynomial shift is determined, a pseudo-random sequence is obtained through linear shift, and the number of linear shift times is stored.
C: the pseudo-random sequence is transmitted to the counterpart and recorded as identification information.
D: when the identity authentication is carried out, the opposite party sends back the pseudo-random sequence, the pseudo-random signal is utilized to carry out descrambling operation on the M-sequence linear shift register, and the random number seeds can be restored according to the previously determined M-sequence polynomial shift rule (comprising the linear shift times) in a reverse linear shift mode, and the initial input signal is obtained.
E: because the input signal obtained by the descrambling operation is composed of the eigenvalues, the original state of the SRAM after power-on is searched by using the input signal after descrambling, if a plurality of continuous bytes exceeding the threshold number in a certain group are searched to be consistent with the eigenvalues, the group is confirmed and is the most stable group (the most stable group) when power-on is performed at the previous time.
Successive bytes match the eigenvalues meaning that the order of the digits is the same as the numerical value, e.g., the eigenvalue is 3 bytes and successive 3 bytes match the eigenvalue.
F: checking whether the address information corresponding to the packet is the same as the random number seed obtained by descrambling, and if so, confirming the chip identity and passing the authentication.
Example 4
The chip is simply encrypted by using the searched characteristic value and the packet address information, and the implementation process is as follows:
a: registering the searched characteristic value as the characteristic of the chip fingerprint.
B: and carrying out logic operation on the chip of the encryption object by using the searched packet address information. Such as: the private key exclusive or is scrambled.
C: when identity authentication is carried out, the original state of the chip is searched one by one according to the characteristic value, and if the number of continuous bytes exceeding the threshold number in a certain group of the chip accords with the registered characteristic value, the group is confirmed and is the most stable group (the most stable group) when the power is on before.
D: address information of the packet is extracted, and verification is performed using the packet address information. Such as: checking with the previously stored packet address information, and if the same, passing the authentication. And recovering the private key by using the packet address information, performing reverse logic operation, namely descrambling, on the private key, and recovering the previous private key.
Optionally, the identity authentication method of the SRAM is also suitable for other dynamic memories, including: DRAM, MRAM, STT-MRAM, reRAM, feRAM, PCRAM, etc., which is not limited in this embodiment.
In the above embodiment, in order to enhance the security of the SRAM and the device encryption system where it is located, the identification information is stored separately from the feature value (here, stored as physically separate storage or software partition storage). And help data existing in the PUF characteristic value is not acquired by the traditional method, and the help data is not stored or transmitted in a clear text, so that the risk of data leakage is fundamentally prevented. The packet address information is used for identification information, and has the advantage of safety. The reason is that since an attacker cannot acquire the feature value through the attack chip, the most stable packet cannot be found according to the feature value, and the corresponding packet address information therein is found. The attacker only uses all address information to make traversal attempts by the traversal method, and the system can identify such traversal attempts for identifying the attacker.
Further, the security of the M-sequence linear shift register is widely used in modern communications, such as CDMA, and the eigenvalue and packet address information can be applied in a mature encryption system, and input as an input signal to the linear shift register to obtain a pseudo-random sequence. The security of the pseudo-random sequence is proved in communication, the pseudo-random sequence is very difficult to crack, the characteristic value and the packet address information are also very difficult to crack, the characteristic value and the packet address information are added, the dual insurance ensures that an attacker cannot crack, and the security of the SRAM and the encryption system of the equipment is ensured. Therefore, the characteristic value and the packet address information provided by the embodiment are applied to the existing encryption security system as encryption materials, and the root trust based on the PUF technology is overlapped on the existing encryption system, so that the highest security of the system is ensured by double security.
The method for grouping address information can be flexibly and conveniently applied to authentication and encryption systems as an encryption material. Such as simply scrambling, the packet address information performs a logical operation on the encrypted object; during authentication, the address information of the previous most stable group is searched through the characteristic value, whether the address information is the same as the address information registered before is checked, if the address information is the same as the address information registered before, the authentication is passed, and the address information carries out reverse logic operation on the encrypted object to obtain descrambled data.
In the encryption system, the packet address information scrambles the private key, and the most stable packet address information in the previous power-on process is found through searching the characteristic value during descrambling, and whether the packet address information is the same as the registered address information or not is checked, and if the packet address information is the same, the authentication is passed. And performing reverse logic operation on the private key to obtain a descrambled private key, thereby recovering the previous private key.
The method for carrying out identity authentication by utilizing the grouping address information obtained by the characteristic value (bit distribution of the original state of the SRAM) of the SRAM PUF is based on the characteristic value extraction method and the most stable grouping obtaining method, is based on the technology of the SRAM PUF, is unclonable, has firm root credibility, improves the safety of an encryption system, and is very suitable for the applications of safety key generation and storage, equipment authentication, flexible key supply, chip asset management and the like. They can be used to protect payments, to protect highly sensitive data, to guard against counterfeiting and anti-cloning, to prevent identity theft, piracy of media content and software applications, reverse engineering of software, and so forth.
Based on the same inventive concept, the embodiment of the invention also provides an identity authentication device of the SRAM, and because the principle of the solution of the device is similar to that of the identity authentication method of the SRAM, the implementation of the device can refer to the implementation of the method, and the repetition is omitted.
An identity authentication device of an SRAM, as shown with reference to fig. 3, includes:
the extracting module 31 is configured to respectively read bit distributions of the original states of the SRAM corresponding to the first power-up and the second power-up, and extract a feature value and identity identification information; the characteristic value comprises a plurality of stable bit groups; the bit distribution of the original state of the SRAM includes: each bit value and address in the SRAM;
the searching module 32 is configured to search an original state of the SRAM chip to be authenticated according to the feature value, and extract packet address information where n continuous bit groups are located when n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the feature value; n is a preset threshold value; matching includes: the order of the digits is the same and the number is the same;
the authentication module 33 is configured to compare the packet address information with the identity identification information, and if the packet address information is the same, the SRAM chip and the identity of the device where the SRAM chip is located pass the authentication; the same includes: the number of bits is the same and the number of digits is the same.
Specifically, the extraction module includes:
the first reading submodule is used for reading each bit value and address of the SRAM after the first power-on, recording and storing, generating bit distribution of the original state of the first SRAM, and dividing a first bit group set;
the second reading submodule is used for reading each bit value and address of the SRAM after the second power-on when the SRAM is powered off and powered on again, recording and storing the bit values and addresses, generating bit distribution of the original state of the second SRAM, and dividing a second bit group set;
the first comparison submodule is used for comparing the bit distribution of the first SRAM original state with the bit distribution of the second SRAM original state bit by bit and classifying the same bit value into stable bits;
an acquisition sub-module, configured to classify, as a most stable group, a bit group having the most stable bits in the second bit group set; extracting continuous m stable bits from the most stable group to form a stable bit group, wherein a plurality of stable bit groups form a characteristic value; taking the grouping address information corresponding to the characteristic value as the identity identification information; m is a preset number.
The searching module comprises:
the third reading submodule is used for reading each bit value and address of the SRAM chip to be authenticated after power-on, recording and storing, generating bit distribution of the original state of the SRAM chip to be authenticated, and dividing a third bit group set;
the second comparing sub-module is used for comparing the bit groups in the third bit group set with the characteristic values respectively; when n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value, extracting grouping address information of the n continuous bit groups; n is a preset threshold value; the consecutive bit group includes m consecutive bits; matching includes: the order of the bits is the same and the number is the same.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (7)

1. The identity authentication method of the SRAM is characterized by comprising the following steps:
s1, respectively reading bit distribution of the original state of the corresponding SRAM after the first power-up and the second power-up, and extracting a characteristic value and identity identification information; the characteristic value comprises a plurality of stable bit groups; the bit distribution of the original state of the SRAM comprises: each bit value and address in the SRAM;
s2, searching the original state of the SRAM chip to be authenticated according to the characteristic value, and extracting grouping address information of n continuous bit groups when the n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value; n is a preset threshold value; the matching includes: the order of the digits is the same and the number is the same;
s3, comparing the grouping address information with the identity identification information, and if the grouping address information is the same, passing the identity authentication of the SRAM chip and the equipment where the SRAM chip is located; the same includes: the number of bits is the same and the number of digits is the same.
2. The method for authenticating an identity of an SRAM according to claim 1, wherein said step S1 comprises:
s11, reading each bit value and each address of the SRAM after the first power-on, recording and storing, generating bit distribution of the original state of the first SRAM, and dividing a first bit group set;
s12, powering off the SRAM, powering on again, reading each bit value and address of the SRAM after the second power-on, recording and storing, generating bit distribution of the original state of the second SRAM, and dividing a second bit group set;
s13, comparing the bit distribution of the first SRAM original state with the bit distribution of the second SRAM original state bit by bit, and classifying the same bit value as a stable bit;
s14, classifying the bit group with the most stable bits in the second bit group set as the most stable group; extracting continuous m stable bits from the most stable group to form a stable bit group, wherein a plurality of stable bit groups form a characteristic value; taking the grouping address information corresponding to the characteristic value as identity identification information; m is a preset number.
3. The method according to claim 1, wherein in the step S1, the feature value and the identification information are stored separately.
4. The method for authenticating an identity of an SRAM according to claim 2, wherein said step S2 comprises:
s21, reading each bit value and address of the SRAM chip to be authenticated after power-on, recording and storing, generating bit distribution of the original state of the SRAM chip to be authenticated, and dividing a third bit group set;
s22, comparing the bit groups in the third bit group set with the characteristic values respectively; when n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value, extracting grouping address information of the n continuous bit groups; n is a preset threshold value; the contiguous group of bits comprises m contiguous bits; the matching includes: the order of the bits is the same and the number is the same.
5. An identity authentication device of an SRAM, characterized in that it is adapted to an identity authentication method of an SRAM according to any one of claims 1 to 4, comprising:
the extraction module is used for respectively reading bit distribution of the corresponding SRAM original state after the first power-up and the second power-up, and extracting the characteristic value and the identity identification information; the characteristic value comprises a plurality of stable bit groups; the bit distribution of the original state of the SRAM comprises: each bit value and address in the SRAM;
the searching module is used for searching the original state of the SRAM chip to be authenticated according to the characteristic value, and extracting grouping address information of n continuous bit groups when the n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value; n is a preset threshold value; the matching includes: the order of the digits is the same and the number is the same;
the authentication module is used for comparing the grouping address information with the identity identification information, and if the grouping address information is the same as the identity identification information, the SRAM chip and the equipment where the SRAM chip is located pass the identity authentication; the same includes: the number of bits is the same and the number of digits is the same.
6. The apparatus of claim 5, wherein the extraction module comprises:
the first reading submodule is used for reading each bit value and address of the SRAM after the first power-on, recording and storing, generating bit distribution of the original state of the first SRAM, and dividing a first bit group set;
the second reading submodule is used for reading each bit value and address of the SRAM after the second power-up when the SRAM is powered off and powered on again, recording and storing the bit values and addresses, generating bit distribution of the original state of the second SRAM, and dividing a second bit group set;
the first comparison submodule is used for comparing the bit distribution of the first SRAM original state and the bit distribution of the second SRAM original state bit by bit and classifying the same bit value as a stable bit;
an acquisition sub-module, configured to classify, as a most stable group, a bit group in the second bit group in which the most stable bits exist; extracting continuous m stable bits from the most stable group to form a stable bit group, wherein a plurality of stable bit groups form a characteristic value; taking the grouping address information corresponding to the characteristic value as identity identification information; m is a preset number.
7. The apparatus of claim 6, wherein the search module comprises:
the third reading submodule is used for reading each bit value and address of the SRAM chip to be authenticated after power-on, recording and storing, generating bit distribution of the original state of the SRAM chip to be authenticated, and dividing a third bit group set;
a second comparing sub-module, configured to compare the bit groups in the third bit group set with the feature values respectively; when n continuous bit groups in the original state of the SRAM chip to be authenticated are consistent with any n stable bit groups in the characteristic value, extracting grouping address information of the n continuous bit groups; n is a preset threshold value; the contiguous group of bits comprises m contiguous bits; the matching includes: the order of the bits is the same and the number is the same.
CN202210010593.4A 2022-01-06 2022-01-06 Identity authentication method and device of SRAM Pending CN116432164A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210010593.4A CN116432164A (en) 2022-01-06 2022-01-06 Identity authentication method and device of SRAM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210010593.4A CN116432164A (en) 2022-01-06 2022-01-06 Identity authentication method and device of SRAM

Publications (1)

Publication Number Publication Date
CN116432164A true CN116432164A (en) 2023-07-14

Family

ID=87086012

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210010593.4A Pending CN116432164A (en) 2022-01-06 2022-01-06 Identity authentication method and device of SRAM

Country Status (1)

Country Link
CN (1) CN116432164A (en)

Similar Documents

Publication Publication Date Title
US7661132B2 (en) Tag privacy protection method, tag device, backend apparatus, updater, update solicitor and record medium carrying such programs in storage
CN101847199B (en) Security authentication method for radio frequency recognition system
US7797541B2 (en) Method and apparatus for providing cellular telephone service using an authenticating cellular telephone device
JP5306465B2 (en) Pre-calculation of message authentication code applied to secure memory
US11089018B2 (en) Global unique device identification code distribution method
TW201812638A (en) Storage design method of blockchain encrypted radio frequency chip
US20060153380A1 (en) Personal cryptoprotective complex
CN110289946B (en) Block chain wallet localized file generation method and block chain node point equipment
US20080212770A1 (en) Key Information Generating Method and Device, Key Information Updating Method, Tempering Detecting Method and Device, and Data Structure of Key Information
CN103279775A (en) RFID (Radio Frequency Identification) system capable of ensuring confidentiality and data integrity and implementation method thereof
CN106100823B (en) Password protection device
CN110704853A (en) Desensitization method and system for sensitive data based on desensitization strategy
CN106027237B (en) Cipher key matrix safety certifying method based on group in a kind of RFID system
CN103544511A (en) Anti-counterfeiting identification
CN112613033A (en) Method and device for safely calling executable file
CN115913577B (en) Anti-physical clone equipment authentication system and method based on lightweight SPONGENT hash algorithm
CN116432164A (en) Identity authentication method and device of SRAM
Zhang et al. Integrity improvements to an RFID privacy protection protocol for anti-counterfeiting
US8681972B2 (en) Method of executing a cryptographic calculation
CN108574578A (en) A kind of black box data protection system and method
CN116781265A (en) Data encryption method and device
Ray et al. Hybrid approach to ensure data confidentiality and tampered data recovery for RFID tag
CA2327037A1 (en) Method to detect fault attacks against cryptographic algorithms
CN116579005B (en) User data safety storage management method
CN116432165A (en) Device and method for searching SRAM PUF characteristic value

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination