JP2008061035A - File system, virtual memory system, tamper resistant improvement system and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a file system which enables it to improve tamper resistant characteristics in a case that the data with which a single value or single pattern is repeated are set as object of encryption. <P>SOLUTION: A repetition partial detecting section 22 searches whether there exists a repetition portion in the file data passed from a user program 10. If there is a repetition portion, a random value generation section 23 generates a random value, and a repetition partial editorial section 24 changes a repetition portion into a random value. A meta-information storage section 25 stores the meta-information for returning the repeated portion, which has been changed into the random value, to the original value. Furthermore, a control section 21 writes file data and meta-information which are blocked by a data/block conversion section 26 via a block encryption/decryption module 30, into an external storage 3. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a technique for improving tamper resistance of encryption suitable for application to a computer that executes encryption when outputting data to an external storage device.

  In recent years, various types of personal computers such as a notebook type and a desktop type have been widely used, and their performance has been dramatically improved. With the progress of digital compression encoding technology for moving images, personal computers capable of handling HD (High Definition) standard high-definition video have begun to circulate.

Under these circumstances, how to handle copyright-protected content on a personal computer has become a very big problem recently. This is because digitized information can be copied for generations without degrading quality. And encryption exists as a main technique for preventing unauthorized copying, and various proposals have been made so far (see, for example, Patent Document 1).
JP 2002-93058 A

  By the way, data in which a single value or pattern is repeated is said to be data that is easy to solve in the decryption of cryptography (this is called “low tamper resistance”). Therefore, for example, in a personal computer that encrypts copyright-protected content and writes it to an external storage device such as an HDD, it is urgent to provide a mechanism that does not reduce tamper resistance of any data.

  The present invention has been made in consideration of such circumstances, and a file system capable of improving tamper resistance when data having a single value or pattern is subject to encryption. An object of the present invention is to provide a virtual storage system, a tamper resistance improving system, and a tamper resistance improving method.

  In order to achieve this object, the present invention provides a file for writing a file to an external storage device and reading a file from the external storage device via an encryption / decryption device for encrypting and decrypting data. In the system, a search unit that searches for a repeated portion in which a single value or pattern is repeated when transferring data of a file to be written to the encryption / decryption device, and a repeated portion detected by the search unit A replacement means for replacing the value of the file with a random value, information for restoring the value of the repeated portion replaced with the random value by the replacement means to the original state, and the data of the file to be written in the external storage And recording means for recording as meta-information for management on the apparatus, That.

  Further, the present invention executes swap-out from the main storage device to the external storage device and page-in from the external storage device to the main storage device via an encryption / decryption device that encrypts and decrypts data. In the virtual storage system, search means for searching for a repeated portion in which a single value or pattern is repeated from the data of a page to be swapped out, and the value of the repeated portion detected by the search means is replaced with a random value. Meta information for managing the data of the page to be swapped out in virtual memory, information for restoring the value of the repetitive portion replaced with a random value by the replacement means to the original state And a recording means for recording as.

  According to the present invention, it is possible to improve tamper resistance when data having a single value or pattern is to be encrypted.

  Embodiments of the present invention will be described below with reference to the drawings.

(First embodiment)
First, a first embodiment of the present invention will be described. FIG. 1 is a diagram schematically showing a system configuration of a computer on which the file system according to the first embodiment operates.

  As shown in FIG. 1, the computer includes a CPU 1, a main storage device 2, an external storage device 3, a display controller 4, a keyboard controller 5, and the like, which are interconnected via a system bus.

  The CPU 1 is a processor that controls the operation of the computer, and executes various programs loaded from the external storage device 3 to the main storage device 2. The file system according to the present embodiment is realized as one of various programs executed by the CPU 1.

  The main storage device 2 is a high-speed small-capacity memory device such as a dynamic random-access memory (DRAM) used as the main storage of the computer, while the external storage device 3 is used as an external storage of the computer. A low-speed and large-capacity memory device such as a hard disk drive (HDD).

  The display controller 4 is a device responsible for the output side of the user interface provided by the computer, and displays display data created by the CPU 1 on a display device such as an LCD (liquid crystal display). On the other hand, the keyboard controller 5 is a device responsible for the input side of the user interface provided by the computer, and digitizes the operation of the user, for example, a keyboard and a mouse, and transmits it to the CPU 1.

  Next, a flow of access processing for the external storage device 3 executed in the computer having such a system configuration will be described with reference to FIG.

  When the user program 10 writes a file to the external storage device 3, the file system 20 receives the data of the file from the user program 10 and has a data length that can be handled by the external storage device 3. Convert to block. At this time, the file system 20 creates meta information for managing the data on the external storage device 3, and, similarly to the file data, the data length that the external storage device 3 can handle the meta information. Convert to block.

  In this computer, a block encryption / decryption module 30 is interposed between the file system 20 and the external storage device 3, and blocks (meta information and file data) created by the file system 20 are block encrypted. / After being encrypted by the decryption module 30, it is written in the external storage device 3. Therefore, even if the external storage device 3 is taken away, the written file data can be prevented from being illegally used.

  On the other hand, when the user program 10 reads a file from the external storage device 3, the block of the external storage device 3 is first decrypted by the block encryption / decryption module 30, and then in the file system 20. Then, the conversion from the block to the file data is executed, the original state is restored, and the file data is delivered to the user program 10. Therefore, the user program 10 that normally operates on the computer can use the file data written in the external storage device 3 without any problem.

  By the way, if the block delivered from the file system 20 to the block encryption / decryption module 30 includes “low tamper resistance” data, the encryption algorithm of the block encryption / decryption module 30 is decrypted. There is a fear. A typical example of “low tamper resistance” data is data in which a single value or pattern is repeated. Therefore, in this computer, the file system 20 is provided with a mechanism that prevents the block encryption / decryption module 30 from performing encryption on data in which a single value or pattern is repeated, Hereinafter, this point will be described in detail.

  As shown in FIG. 2, the file system 20 includes a control unit 21, a repeated part detection unit 22, a random value generation unit 23, a repeated part editing unit 24, a meta information recording unit 25, and a data / block conversion unit 26. Yes. In the file system 20, overall operation control is controlled by a control unit 21, and a repeated part detection unit 22, a random value generation unit 23, a repeated part editing unit 24, a meta information recording unit 25, and a data / block conversion unit 26. These parts operate under the control of the control unit 21.

  When the file data is passed from the user program 10, first, the repetitive part detecting unit 22 repeats a single value or pattern in the file data (herein, this is referred to as "repetitive part"). Check for the existence of. If the repetitive part is detected by the repetitive part detection unit 22, the random value generation unit 23 generates a random value for modifying the repetitive part.

  Next, the repetitive part editing unit 24 modifies the repetitive part detected by the repetitive part detection unit 22 to the random value generated by the random value generation unit 23, and the meta information recording unit 25 changes the random value to a random value. Information for returning the modified repeated portion to the original value is recorded as meta information for managing the file data on the external storage device 3.

  Then, the data / block conversion unit 26 is a block having a data length that can be handled by the external storage device 3 for file data in which the repeated portion is modified and meta information including information for returning the modified repeated portion to the original value. Convert to These blocks are delivered to the block encryption / decryption module 30 under the control of the control unit 21, encrypted, and then written to the external storage device 3.

  For example, in the file data received from the user program 10, if there is a portion where “0” continues as shown in FIG. 3A, this portion is detected by the repeated portion detection unit 22 as a repeated portion. The Then, random value generation by the random value generation unit 23 and repetitive part modification by the repetitive partial editing unit 24 are performed, and a portion where “0” continues is “J2K...” As shown in FIG. Will be replaced with a random value. As a result, when the block encryption / decryption module 30 performs encryption on “low tamper resistance” data that is normally “0” continuously, the block encryption is performed on the replaced random value. Since the encryption by the encryption / decryption module 30 is executed, the tamper resistance of the system is improved.

  At this time, the meta information recording unit 25 records information for returning the repeated portion replaced with the random value “J2K...” To “0” as meta information. FIG. 4 is a diagram exemplifying information for returning a modified repetitive portion, which is recorded as meta information by the meta information recording unit 25, to the original value. As shown in FIG. 4, the meta information recording unit 25 adds “repetitive part position”, “repetitive part length”, and “repeated value” to the information that is generally recorded as meta information. To record. Information generally recorded as meta information includes, for example, “file length”, “correspondence between data position in file and position of external storage device 3”, “file name”, “File attribute information”, “time related to file”, and the like exist.

  On the other hand, when the block is read from the external storage device 3 (via the block encryption / decryption module 30) and conversion from the block to meta information or file data is executed by the file data / block conversion unit 26, control is performed. The unit 21 checks whether or not the repetitive portion has been modified from the meta information, and if so, causes the repetitive partial editing unit 24 to restore the original value of the modified repetitive portion. As a result, the file data is delivered to the user program 10 in its original state.

  FIG. 5 is a flowchart showing an operation procedure of the file system 20 when the user program 10 writes a file to the external storage device 3.

  The repetitive part detection unit 22 searches for a repetitive part in the file data passed from the user program 10 (step A1). If there is a repeated part (YES in step A2), the random value generation unit 23 generates a random value (step A3), and the repeated part editing unit 24 modifies the repeated part to a random value (step A4). Further, the meta information recording unit 25 records meta information for returning the repeated portion modified to a random value to the original value (step A5).

  The control unit 21 writes the file data blocked by the data / block conversion unit 26 to the external storage device 3 via the block encryption / decryption module 30 (step A6), and also by the data / block conversion unit 26. The blocked meta information is written to the external storage device 3 via the block encryption / decryption module 30 (step A7).

  FIG. 6 is a flowchart showing an operation procedure of the file system 20 when the user program 10 reads a file from the external storage device 3.

  When the control unit 21 reads a block from the external storage device 3 via the block encryption / decryption module 30 (step B1), the control unit 21 refers to the meta information reorganized from the block by the data / block conversion unit 26 (step B2). Then, it is determined whether or not the repeated portion has been altered (step B3). If the repeated portion has been modified (YES in step B3), the control unit 21 causes the repeated partial editing unit 24 to restore the modified repeated portion (step B4). Then, the control unit 21 returns the file data (where the repetitive part is restored appropriately) to the user program 10.

  As described above, according to the file system 20 of the present embodiment, tamper resistance when data with a single value or pattern is subject to encryption is improved.

(Second Embodiment)
Next explained is the second embodiment of the invention. FIG. 7 is a diagram illustrating functional blocks of the file system 20 according to the second embodiment.

  As shown in FIG. 7, the file system 20 of the second embodiment replaces the repetitive part detection unit 22 and the repetitive part edit unit 24 that were provided in the first embodiment with a hole / fragment detection unit 27 and a hole / A fragment editing unit 28 is provided.

  A file is a “byte sequence”, but can be written at any location. Therefore, it is possible to create “an area that is reserved as an area of the file but is not written with actual data by the user program” in the file. Such a region is usually called a “hole”. The values of these areas are set to “0” in POSIX (portable operating system convention).

  Assume that a hole exists in the file area as shown in FIG. If the file data / block conversion unit 26 blocks the data as it is and passes it to the block encryption / decryption module 30, “low tamper resistance” data including a portion in which a single value “0” is repeated. Encryption on the part will be executed.

  Therefore, in the file system 20 of the second embodiment, first, the hole is regarded as equivalent to the repeated portion of the first embodiment, and this is detected by the hole / fragment detector 27 and randomly detected by the hole / fragment editor 28. Change to value.

  Further, for example, at the end of the file, there may be a “region where a block for the file is allocated but a part of the block is not a part of the file”. Such regions are usually called “fragments”. Since no user data exists in this area, for example, “0” is assigned by the file system itself.

  Now, as shown in FIG. 9, it is assumed that a fragment is present in a block storing a file end. If the file data / block conversion unit 26 blocks the data as it is and passes it to the block encryption / decryption module 30, “low tamper resistance” data including a portion in which a single value “0” is repeated. Encryption on the part will be executed.

  Therefore, in the file system 20 of the second embodiment, secondly, the fragment is regarded as equivalent to the repetitive portion of the first embodiment, which is detected by the hole / fragment detector 27 and randomly detected by the hole / fragment editor 28. Change to value.

  FIG. 10 is a flowchart showing an operation procedure of the file system 20 when the user program 10 writes a file to the external storage device 3.

  The hole / fragment detection unit 27 searches whether the file data passed from the user program 10 generates a hole or a fragment (step C1). If a hole or fragment has been generated (YES in step C2), the random value generator 23 generates a random value (step C3), and the hole / fragment editor 28 changes the generated hole or fragment to a random value. Modify (step C4). Further, the meta information recording unit 25 records meta information for returning the repetitive portion modified to the random value to the original value (step C5).

  The control unit 21 writes the file data blocked by the data / block conversion unit 26 to the external storage device 3 via the block encryption / decryption module 30 (step C6), and also by the data / block conversion unit 26. The blocked meta information is written to the external storage device 3 via the block encryption / decryption module 30 (step C7).

  The operation procedure of the file system 20 when the user program 10 reads a file from the external storage device 3 is the same as the operation procedure of the file system 20 of the first embodiment (shown in FIG. 6). Therefore, the description is omitted here.

  Further, here, in order to make the explanation easy to understand, in place of the process of changing the repetitive portion present in the actual data received from the user program 10 to the random value, the process of changing the hole or fragment to the random value is performed. Although an example has been shown, in addition to the process of changing a repetitive portion existing in actual data received from the user program 10 to a random value, it is natural to perform the process of changing a hole or a fragment to a random value. It is possible and more preferred.

  As described above, according to the file system 20 of the present embodiment, tamper resistance when data with a single value or pattern is subject to encryption is improved.

(Third embodiment)
Next explained is the third embodiment of the invention. FIG. 11 is a diagram illustrating functional blocks of the virtual storage system according to the third embodiment.

  The computer can execute the user program 10 larger than the actual capacity of the main storage device 2 by temporarily sweeping out the contents held by the user program 10 on the main storage device 2 to the external storage device 3. It has a mechanism to do. This mechanism is called virtual memory, and a module that realizes virtual memory is called a “virtual memory system”.

  In the computer according to the third embodiment, the content of the user program 10 that the virtual storage system 40 sweeps to the external storage device 3 is encrypted by the block encryption / decryption module 30 in order to enhance security. Therefore, if there is a portion where a single value or pattern is repeated in the content to be swept out to the external storage device 3, the virtual storage system 40 of the third embodiment modifies that portion to a random value. The reason is to improve the tamper resistance as in the file systems of the first and second embodiments.

  For this purpose, the virtual storage system 40 includes a repeated part detection unit 42, a random value generation unit 43, a repeated part editing unit 44, and a meta information recording unit 45. The virtual storage system 40 is also realized as one of various programs executed by the CPU 1.

  The repeated part detector 42 checks whether there is a repeated part in the page data to be swapped out on the main storage device 2. The random value generation unit 43 generates a random value for modifying the repeated portion. The repeated part editing unit 44 modifies the repeated part to a random value. Then, the meta information recording unit 45 records information for restoring the modified repeated portion to the original value as meta information.

  Note that the page data stored in the external storage device 3 by the virtual storage system 40 is temporarily saved data, and meta information is stored in the external storage device 3 so as to be permanently managed on the external storage device 3. Since it is not necessary to store, the virtual storage system 40 self-manages this meta information only during the operation period.

  FIG. 12 is a flowchart showing the operation procedure of the virtual storage system 40 when performing swap-out from the main storage device 2 to the external storage device 3.

  The repetitive part detection unit 42 searches for a repetitive part in the page data to be swapped out (step D1). If there is a repeated part (YES in step D2), the random value generation unit 43 generates a random value (step D3), and the repeated part editing unit 44 modifies the repeated part to a random value (step D4). Further, the meta information recording unit 25 records meta information for returning the repeated portion modified to a random value to the original value (step D5).

  Then, the control unit 41 writes the page data blocked by the data / block conversion unit 46 to the external storage device 3 via the block encryption / decryption module 30 (step D6).

  FIG. 13 is a flowchart showing an operation procedure of the virtual storage system 40 when page-in from the external storage device 3 to the main storage device 2 is performed.

  When the control unit 41 reads the block from the external storage device 3 via the block encryption / decryption module 30 (step E1), the control unit 41 refers to the self-managed meta information (step E2), and the repetitive portion has been modified. Judgment is made (step E3). If the repeated portion has been modified (YES in step E3), the control unit 41 causes the repeated partial editing unit 44 to restore the modified repeated portion (step B4). Then, the control unit 41 causes the main storage device 2 to page in page data (where the repetitive portion is restored appropriately) (step E5).

  As described above, according to the virtual storage system 40 of the present embodiment, tamper resistance when data with a single value or pattern is to be encrypted is improved.

(Fourth embodiment)
Next explained is the fourth embodiment of the invention. FIG. 14 is a diagram showing a flow of access processing for the external storage device 3 executed in the fourth embodiment.

  In the first embodiment and the second embodiment, the file system 20 includes a mechanism for modifying a repeated portion to a random value, and in the third embodiment, the virtual storage system 40 includes a mechanism for modifying a repeated portion to a random value. Explained. On the other hand, in the fourth embodiment, the mechanism for changing the repeated portion to a random value is made independent as the tamper resistance improving module 50, and the existing file system 20 and virtual storage system 40 (from the tamper resistance improving module 50) are separated. When viewed, the upper system) can be applied as it is.

  The tamper resistance improving module 50 is interposed between the file system 20 and the virtual storage system 40 and the block encryption / decryption module 30 so that a repetitive portion is included in the block received from the file system 20 or the virtual storage system 40. Check for the existence. If it exists, the repetitive portion is changed to a random value, and meta information for restoring the changed repetitive portion to the original value is managed. This meta information is unique information different from the meta information managed by the file system 20 and the virtual storage system 40.

  When the block of the external storage device 3 is delivered to the file system 20 or the virtual storage system 40, the tamper resistance improving module 50 sets the modified repeated portion to the original value based on the meta information managed by itself. Restore.

  As described above, according to the tamper resistance improving module 50 of the present embodiment, data having a single value or pattern is encrypted without accompanying modification of the existing file system 20 and virtual storage system 40. Improve tamper resistance when targeted.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. In addition, various inventions can be formed by appropriately combining a plurality of components disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

The figure which shows schematically the system configuration | structure of the computer which concerns on each embodiment of this invention. The figure which shows the functional block of the file system of 1st Embodiment. The figure for demonstrating the modification to the random value of the repetition part in the file data which the file system of 1st Embodiment performs The figure which illustrates the meta information recorded in order to return the repetition part which the file system of 1st Embodiment changed into the random value to the original value The flowchart which shows the operation | movement procedure in case the user program of the file system of 1st Embodiment writes the file to an external storage device. The flowchart which shows the operation | movement procedure in case the user program of the file system of 1st Embodiment reads the file from an external storage device. The figure which shows the functional block of the file system of 2nd Embodiment. The figure for demonstrating the hole which the file system of 2nd Embodiment performs the modification to a random value The figure for demonstrating the fragment which the file system of 2nd Embodiment performs the modification to a random value The flowchart which shows the operation | movement procedure in case the user program of the file system of 2nd Embodiment writes a file to an external storage device. The figure which shows the functional block of the virtual storage system of 3rd Embodiment. The flowchart which shows the operation | movement procedure at the time of performing the swap out from the main storage apparatus of the virtual storage system of 3rd Embodiment to an external storage device The flowchart which shows the operation | movement procedure in the case of performing page in to the main memory from the external memory of the virtual memory system of 3rd Embodiment. The figure which shows the flow of the access process with respect to the external storage device performed in 4th Embodiment

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... CPU, 2 ... Main storage device, 3 ... External storage device, 4 ... Display controller, 5 ... Keyboard controller, 10 ... User program, 20 ... File system, 21 ... Control part, 22 ... Repeat part detection part, 23 ... random value generation unit, 24 ... repetitive partial editing unit, 25 ... meta information recording unit, 26 ... data / block conversion unit, 27 ... hole / fragment detection unit, 28 ... hole / fragment editing unit, 30 ... block encryption / Decoding module, 40 ... virtual storage system, 41 ... control unit, 42 ... repeated portion detection unit, 43 ... random value generation unit, 44 ... repeated portion editing unit, 45 ... meta information recording unit, 46 ... data / block conversion unit, 50: A module for improving tamper resistance.

Claims (11)

In a file system for executing writing of a file to an external storage device and reading of a file from the external storage device via an encryption / decryption device that encrypts and decrypts data,
Search means for searching for a repeated portion in which a single value or pattern is repeated when transferring data of a file to be written to the encryption / decryption device;
Replacement means for replacing the value of the repeated portion detected by the search means with a random value;
Information for restoring the value of the repeated portion replaced with a random value by the replacement means to the original state is recorded as meta information for managing the data of the file to be written on the external storage device Recording means;
A file system comprising:   When the data of the file to be read is received from the encryption / decryption device, based on the meta information recorded by the recording unit, the value of the repetitive portion replaced with a random value by the replacement unit is restored to the original state. 2. The file system according to claim 1, further comprising restoring means for restoring.   2. The file system according to claim 1, wherein the retrieval unit retrieves repeated portions from actual data written by a user program.   2. The file system according to claim 1, wherein the retrieval unit retrieves, as a repeated portion, an area that is secured as an area of the file to be written but is not written with actual data by a user program. .   2. The file system according to claim 1, wherein the search means searches the area where the data of the file in the block allocated for storing the data of the file to be written does not exist as a repeated portion. In a virtual storage system for performing swap-out from a main storage device to an external storage device and page-in from the external storage device to the main storage device via an encryption / decryption device that encrypts and decrypts data,
A search means for searching for repeated portions of a single value or pattern in the data of the pages to be swapped out;
Replacement means for replacing the value of the repeated portion detected by the search means with a random value;
A record for recording information for restoring the value of the repeated portion replaced with a random value by the replacement means to the original state as meta information for managing the data of the page to be swapped out on virtual storage Means,
A virtual storage system comprising:   When the page-in target page data is received from the encryption / decryption device, based on the meta information recorded by the recording unit, the value of the repeated portion replaced with a random value by the replacement unit is restored to the original state. 7. The virtual storage system according to claim 6, further comprising restoring means for restoring the data into the virtual storage system. An upper system that executes writing of data to an external storage device and reading of data from the external storage device, and encryption of the write data and the read data interposed between the upper system and the external storage device A tamper resistance improving system that is provided between the encryption / decryption device that performs decryption of the encryption and decryption device and executes processing for improving tamper resistance of encryption by the encryption / decryption device,
Search means for searching for a repetitive portion in which a single value or pattern is repeated when the write data is delivered to the encryption / decryption device;
Replacement means for replacing the value of the repeated portion detected by the search means with a random value;
Recording means for recording information for restoring the value of the repeated portion replaced with a random value by the replacement means to the original state as meta information for managing the write data on the external storage device;
A tamper resistance improving system characterized by comprising:   When the read data is received from the encryption / decryption device, based on the meta information recorded by the recording unit, the value of the repeated portion replaced with a random value by the replacement unit is restored to the original state The tamper resistance improving system according to claim 1, further comprising means. A method for improving tamper resistance of a computer system for performing data writing to an external storage device and data reading from the external storage device through an encryption / decryption device for encrypting and decrypting data,
A search step of searching for a repetitive portion in which a single value or pattern is repeated when the write data is delivered to the encryption / decryption device;
A replacement step of replacing the value of the repeated portion detected by the search step with a random value;
A recording step of recording information for restoring the value of the repeated portion replaced with a random value by the replacement step to an original state as meta information for managing the write data on the external storage device;
A tamper resistance improving method comprising the steps of:   When the read data is received from the encryption / decryption device, based on the meta information recorded by the recording step, a restoration of restoring the value of the repeated portion replaced by a random value by the replacement step to the original state The method for improving tamper resistance according to claim 10, further comprising a step.

Images