JP2009253490A - Memory system encrypting system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve the problem, wherein a data encryption converting rule can, in principle, be deduced, and the encrypted data are decoded even though the data have been encrypted for protecting the data of a memory system. <P>SOLUTION: A memory system encrypting system includes a reference key which is perfectly private and from the outside, only changes cane be made; an owner key which is to be set by the owner of the data; and a conversion key which is to be generated by the reference key and the owner key, and memory data are encrypted through the use of the conversion key. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a memory system that realizes basic functions of a computer system together with a microprocessor, and more particularly, to an encryption system for a memory system having encryption means.

  An apparatus such as a computer system includes a microprocessor that decodes a program and processes data, and a memory system that stores the program and data. Programs and data stored in the memory system of these devices are intellectual property and are very important. For this reason, in general, programs and data are protected from being stolen and modified from the outside so as to be protected and transferred between devices.

  Thus, an encryption method with high strength has been put into practical use in order to safely carry programs and data between devices. However, even if the program and data can be carried in a safe form, the program needs to be decrypted and returned to an executable form before being executed. If it is data, when the program that handles the data is executed, the encryption must be canceled so that the program can read the data. In such file-level encryption, by restricting access to the decrypted program and data files, a mechanism is provided to prevent the program or data from being decrypted by a third party. Yes. However, there is a possibility that an access right can be easily acquired by a malicious third party due to a management error, and if the access right is acquired, the program or data is easily deciphered. Met.

  On the other hand, it is common to provide programs and data as intellectual property for a fee and to an unspecified number of users. In such a case, the user has administrator authority and can easily access the decrypted program and data. The malicious user can avoid the license management mechanism intended by the provider, for example, by modifying the part of the program that is authenticating the license.

  The program supports advanced encryption and the program is encrypted in response to the problem of file-level encryption that allows you to obtain programs and data that have been decrypted. A method of accessing the data is proposed. In this case, even if data or a program can be obtained as a file, since it is in an encrypted state, its decryption is generally difficult.

  However, even if such a method is adopted, the encrypted program is unencrypted at the time of execution and is developed in an executable state on the memory. Further, if the data is, for example, numerical data, it is necessary to decrypt the data in a form suitable for calculation that can be handled by the hardware and develop it on the memory. Since the intermediate results of the calculation in the memory are not encrypted, if the memory can be referred to, the program and data can be decrypted as in the case of file level encryption. There is a case where a mechanism is provided for referring to a memory used by another user or preventing a malicious third party from referring to the memory. However, even in this case, for example, there is no means of referring to the memory, such as obtaining the administrator authority and illegally collecting the memory dump.

  Similar to file-level encryption, administrator rights may be obtained illegally due to human factors. Considering these, even if the program supports encryption, it is necessary to assume that the program or data is decrypted by a malicious third party. In particular, in a case where a malicious user has the authority of a system administrator and avoids the above-described license management, it is possible to easily refer to the memory. Therefore, there is a demand for means for preventing the program or data to be protected from being decrypted even if the malicious user refers to the memory.

  As described above, there is a need for means for preventing a program or data to be protected from being decrypted even if a malicious user refers to the memory. In order to prevent data from being decrypted even if a malicious user refers to the memory, the data on the memory may also be encrypted. In the following description, the program on the memory is also a kind of data and will be treated as a kind of data unless it is necessary to distinguish between them.

  In a typical computer system, the processor has a cache. The time for accessing the data on the cache is short, and the processing can be performed at high speed. However, since there is a limit to the amount of cache, control is performed such that data that is unlikely to be used is saved in the memory and is taken into the cache again when necessary. Here, in order to process the data on the cache, for example, if it is numerical data, it is stored as a binary number in a standard numerical expression format, that is, in a format that can be easily decoded. Since the memory is used as a cache save area, it is common to store exactly the same data as the data on the cache. Therefore, a conversion process is added when the data on the cache is saved in the memory, and an inverse conversion process is performed to return to the original when the data is loaded from the memory into the cache. By performing such conversion processing, the data on the memory is encrypted and cannot be easily decrypted.

  Such a conversion process is a method in which a person who wants to protect data can easily think of it. However, if an appropriate data set is prepared as the data to be converted, there is a problem that the processing rule of the conversion process can be estimated in principle and the data is decoded. In addition, depending on the implementation, the current technology is expected to degrade the performance of memory access. Therefore, in the situation where the value of data protection has not been recognized, the value of the obtained effect is relatively small. No examples can be found. That is, there is a problem that there is no effective encryption method at present.

  SUMMARY OF THE INVENTION An object of the present invention is to provide a memory system encryption method that can in principle estimate the conversion rules for data encryption and solve the problem of data being decrypted.

  In order to solve the above problems, the encryption method of the memory system having the encryption means of the present invention is set by the owner of the data and the reference key that is completely private and can be changed only from the outside. And a conversion key generated from the reference key and the owner key, and the memory data is encrypted by the conversion key.

  Further, the memory system having the encryption means of the present invention includes a reference key holding means for holding a reference key that is completely private and can be changed from the outside, and an owner key set by the data owner Owner key holding means, conversion key holding means for holding a conversion key generated from the reference key and the owner key, and encryption means for encrypting the transmitted data with the conversion key and transmitting it to the memory It is characterized by having.

  Further, the encryption method of the memory system according to the present invention includes a reference key that is completely private and can be changed only from the outside, an owner key set by the data owner, a reference key, and an owner key. The memory key is encrypted with the conversion key, and the conversion key is updated when the number of times of encryption reaches a predetermined number.

  In the present invention, it is assumed that a malicious user has administrator authority, prepares a data set for estimating conversion, and can decode data even if the data on the converted memory can be acquired. It can be difficult and data security can be improved.

  According to the present invention, it is possible to obtain an encryption method for a memory system that can increase the safety of data.

  Embodiments of the present invention will be described in detail with reference to the accompanying drawings.

(First embodiment)
A first embodiment of the present invention will be described in detail with reference to FIG. FIG. 1 shows a computer system configuration diagram of the present invention. In FIG. 1, 1 is a microprocessor, 2 is a memory access encryption / decryption means which is an embodiment of the memory access encryption method of this patent, 3 is a memory, 4 is a bypass for reloading, and 21 is a reference key holding Means 22, owner key holding means, 26 process ID holding means, 23 conversion key holding means, 24 encryption means, and 25 decryption means. In the present invention, the memory access encryption / decryption means 2 and the memory 3 are collectively referred to as a memory system. In the following description, encryption will be described, and decryption will not be described in detail because the data flow is the same as that of encryption, although it is similar and understandable.

  The reference key holding means 21 holds a reference key, the owner key holding means 22 holds an owner key, and the conversion key holding means 23 holds a conversion key. The conversion key is generated from the reference key and the owner key. For example, by adopting a state transition machine, etc., a plurality of conversion keys are generated from the combination of the same reference key and owner key, and furthermore, the generation method cannot be easily inferred from the plurality of generated conversion keys. It is also possible. Such a key generation method is established as a well-known technique. The encryption means 24 is means for encrypting data written in the memory with the conversion key. The decryption means 25 is a means for decrypting the data read from the memory and stored in the memory encrypted with the conversion key.

  The microprocessor 1 accesses data stored in the memory 3 via the memory access encryption / decryption means 2 in order to execute the program. The microprocessor 1 employs a virtual memory mechanism, and logical / physical address conversion is performed in units of pages by address conversion means on the microprocessor 1. A logical address has an extended part specified for a process, and can have an independent logical address space for each process. The process ID holding unit 26 holds an extended portion of a logical address designating the process.

  The operations of the microprocessor 1, the memory 3, and the virtual memory mechanism that constitute the computer system of the present invention are well known to those skilled in the art and are not directly related to the present invention, and thus detailed configuration thereof is omitted. The operation relating to the present invention will be described below.

  In the present embodiment, the following three keys are used to encrypt data on the memory.

Criteria key: Completely private, can only be changed from outside.
Owner key: Set by the owner of the data.
Conversion key: Generated from the base key and the owner key. Data is encrypted using this conversion key.

  Even if a malicious third party gains complete control of the computer, what can be analyzed is a conversion key that is directly involved in encryption. This conversion key is updated at predetermined intervals. Therefore, even if a malicious third party prepares a data set for analyzing the conversion key and performs the conversion for analyzing the conversion key, the conversion key is updated before all conversions are completed. You cannot ask for the rules. There is a problem with the concept of updating the conversion key, and even if the conversion key is analyzed, it is updated at a predetermined interval, so that it is almost difficult to decrypt the data. That is, most of the data that can be decrypted with the analyzed conversion key is the data set by itself to analyze the conversion key, and there are few other data, that is, data to be analyzed.

  In order for a third party to decrypt the encryption using the conversion key, it is necessary to prepare a data set for analyzing the conversion key, convert the data, and analyze the conversion key. Thus, in order for a third party to decrypt the encryption using the conversion key, a certain number of conversions is required. An interval that is smaller than the number of times of conversion required for decrypting the encryption by the conversion key is set as an interval for updating the conversion key. In this way, a malicious third party obtains a conversion rule by updating the conversion key at a predetermined interval before the number of conversions necessary to decrypt the encryption with the conversion key is performed. Can make it difficult.

  Furthermore, if there is a problem in updating the conversion key, and the conversion key is continuously analyzed, the malicious user has the owner key, so that it is possible in principle to obtain the reference key. When the reference key is obtained, the conversion system can be generated if the reference key and the owner key are present, and the encryption system is broken. Even in such a situation, if the reference key is changed for each user, a malicious user cannot decipher another user's data.

  In the present embodiment, an encryption unit that performs address conversion and data conversion in a page is provided on the memory access pipeline of the processor. The encryption means has a reference key inside. The reference key cannot be read out using any means. When the process ID is specified for the encryption means and the owner key is given, the encryption means generates a conversion key from the reference key and the owner key based on the rule, and the access performed by the process having the process ID Encrypt data only for. Decoding is performed when reading data.

  Even if a malicious third party performs an illegal memory read operation, the process number is different, so the data is not decrypted and the data cannot be read correctly. Even if encryption is set, since encryption / decryption is performed with a different conversion key, data can be decrypted only by those having an owner key. Since only the owner of the data knows the owner key, the administrator cannot decrypt the contents of the memory.

  In addition, when it is detected that some kind of illegal operation has been performed, the reference key is updated, so that the data on the memory can be destroyed instantaneously. Safe to protect.

  The process ID is always set as a pair with the owner key, and those who do not know the owner key cannot change the process ID. Further, the owner key cannot be read out by any means.

  Since the process ID and the owner key need only be written once when the process is activated, the processing time does not matter. Therefore, the owner key can be encrypted using a strong encryption means, and the decryption can be performed inside the encryption means. In other words, it is possible to further enhance security by not handling the owner key on the processor.

  The encryption means has a number of conversion keys corresponding to the pages to be managed. The conversion key corresponding to one page is updated when a predetermined number of times are written on the page. The conversion key before update is referred to as conversion key 1, and the conversion key after update is referred to as conversion key 2. When updating the conversion key, a page-out is forcibly generated before the update, and page-in is performed immediately after the conversion key is updated. As a result, the data is decrypted with the conversion key 1 and again stored in the memory in the state encrypted with the conversion key 2. If this page-out / page-in overhead cannot be ignored, a dedicated reload bypass 4 may be provided in the encryption means.

  In the present embodiment, in the case of page-out, it is decrypted with a conversion key, separately encrypted with high strength by the swap file encryption / decryption means, and the encrypted data is written to the HDD. In the case of swap-in, the swap file encryption / decryption means decrypts a cipher having a high strength, encrypts it with a conversion key given at that time, and writes it into the memory. Since page-out / in is an operation that causes access to the HDD, a certain amount of delay due to encryption can be tolerated. However, the following means may be used without taking such encryption means. .

  In the case of page-out, the page is handled in the same way as a normal page that is not encrypted, and is written to the page file. In other words, the data is also encrypted on the page file. In the case of page-in, it is handled and read into the memory in the same way as an ordinary unencrypted page. In the page-out state, since no data is written to the page, the conversion key before the page-out is valid. When the data is further read into the processor, it is decrypted into the original data using the conversion key. In this case, the conversion key used for encrypting the page is separately held. If the conversion key is tampered with, the data is destroyed, so countermeasures against tampering are not important. However, since the conversion rule can be found by examining the conversion key, the conversion key itself is separately encrypted so that it cannot be read.

  According to this embodiment, there is a reference key, an owner key, and a conversion key generated from the reference key and the owner key, and data encryption / decryption is performed using the conversion key. Furthermore, the conversion key is updated before the number of times required by a malicious third party to decrypt the conversion key. In this way, it is difficult to decipher data, and an encryption method for a memory system with high data safety can be obtained.

(Second Embodiment)
The second embodiment of the present invention will be described in detail below. The present embodiment is an application example to an ECU (Engine Control Unit). The memory 3 in FIG. 1 includes a ROM such as a flash memory, for example, and the microprocessor 1 has a function as an engine controller. However, these configurations are not particularly limited, and can be various configurations.

  In a system such as this ECU, it is possible to access a ROM in which data is stored. By analyzing the data stored in the ROM, a control parameter is specified, for example, an illegal output such as changing the output of the engine. Remodeling is possible in principle.

  In this embodiment, when the engine is started, the original data that is encrypted and stored is expanded and stored in the flash memory. When traveling, various controls related to the engine are performed by the program using the data stored in the flash memory. Even if the data stored in the flash memory is collected by some method after traveling, it is difficult to decipher because it is converted data. Also, since the encryption key is changed each time the engine is started, the data at the same place always changes and it is difficult to analyze the data.

  Furthermore, the important point is that it is possible to analyze parameters, and when data on the flash memory is changed to change the operation, it is possible to easily detect that the data has been altered. In other words, the data has changed and the value you are trying to set was generated by an encryption key that you have used before, so the new encryption key that will be used will not successfully decrypt and the data has been altered. This can be easily detected.

  In this embodiment, the data on the flash memory is updated when the engine is started. However, for example, it is assumed that the system is modified so as not to detect that the engine has stopped for the purpose of modifying the data. Assuming such modification, two flash memories for storing data can be prepared. While controlling the engine using one, new data is developed on the other flash memory every predetermined time. It is also possible to perform control such as switching the flash memory used for post-development control. By performing such control, it is possible to prevent the modification effect from being maintained for a certain period of time. If the update interval is set short, it is necessary to analyze the cipher in almost real time, and the modification can be made virtually impossible.

  Also in the present embodiment, it is difficult to decrypt the data, and an encryption method for the memory system with high data safety can be obtained.

  According to the present invention, a reference key that is completely private and can only be changed externally, an owner key set by the data owner, and a conversion key generated from the reference key and the owner key And a memory system encryption method characterized by encrypting memory data with the conversion key.

  This conversion key can be updated before the number of conversions necessary to decrypt the encryption by a third party is performed, and the conversion key can also be updated at predetermined intervals. In this way, the conversion rules are changed before performing the conversion necessary to estimate the regular conversion. By changing the conversion rules at fixed intervals, even if a malicious user has administrator privileges and can obtain the data in the converted memory, it is difficult to decrypt the data. , Can increase the safety of data.

  The conversion key can be set for each page to be managed, and the reference key can be set for each data owner. Furthermore, the owner key is set as a pair with the process ID when the process is started, and the owner key can be encrypted. Further, the memory data may be data stored in the ROM. It is also possible to provide two ROMs, make one ROM an accessible memory, develop new data in the other ROM, and switch the two ROMs after data expansion.

  Further, according to the present invention, a reference key holding means for holding a reference key that is completely private and can only be changed from the outside, and an owner key for holding an owner key set by the data owner Holding means, conversion key holding means for holding a conversion key generated from the reference key and the owner key, and encryption means for encrypting the transmitted data with the conversion key and transmitting it to the memory A memory system is obtained. In this memory system, the conversion key can be updated before the conversion key means performs the conversion as many times as necessary to decrypt the encryption by a third party.

  Further, according to the present invention, a reference key that is completely private and can be changed from the outside, an owner key set by the data owner, the reference key, and the owner key are generated. There is obtained a memory system encryption method characterized in that memory data is encrypted with the conversion key, and the conversion key is updated when the number of times of encryption reaches a predetermined number.

  As described above, the present invention has been described with reference to the embodiment, but the present invention is not limited to the above embodiment. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.

1 is a configuration diagram of a computer system according to the present invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Microprocessor 2 Memory access encryption / decryption means 3 Memory 4 Reload bypass 21 Reference key holding means 22 Owner key holding means 23 Conversion key holding means 24 Encryption means 25 Decoding means 26 Process ID holding means

Claims (12)

  In an encryption system of a memory system having an encryption means, a reference key that is completely private and can be changed only from the outside, an owner key set by a data owner, the reference key, and the reference key A memory system encryption system comprising a conversion key generated from an owner key and encrypting memory data with the conversion key.   2. The encryption method of the memory system according to claim 1, wherein the conversion key is updated before the number of conversions necessary for decrypting encryption by a third party is performed.   The memory system encryption method according to claim 1, wherein the conversion key is updated at a predetermined interval.   4. The memory system encryption method according to claim 1, wherein the conversion key is set for each page to be managed.   5. The encryption system for a memory system according to claim 1, wherein the reference key is set for each owner of data.   6. The memory system encryption method according to claim 1, wherein the owner key is set as a pair with a process ID when the process is started.   The memory system encryption method according to claim 1, wherein the owner key is encrypted.   8. The memory system encryption method according to claim 1, wherein the memory data is data stored in a ROM.   9. The memory according to claim 8, comprising two ROMs, wherein one ROM is an accessible memory, data is newly expanded in the other ROM, and the two ROMs are switched and accessed after data expansion. The system encryption method.   Reference key holding means for holding a reference key that is completely private and can only be changed from the outside, owner key holding means for holding an owner key set by the data owner, and the reference key And a conversion key holding unit that holds a conversion key generated from the owner key, and an encryption unit that encrypts transmitted data with the conversion key and transmits the encrypted data to a memory. .   11. The memory system according to claim 10, wherein the conversion key means updates the conversion key before the conversion is performed as many times as necessary to decrypt the encryption by a third party.   In the memory system encryption method, a reference key that is completely private and can only be changed externally, an owner key set by the data owner, and the reference key and the owner key A memory system encryption method, comprising: encrypting memory data using the conversion key, and updating the conversion key when the number of times of encryption reaches a predetermined number.

Images