JP2014171005A - Storage device, access pattern concealing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To conceal an access pattern and thereby reduce an overhead.SOLUTION: The present invention comprises: means, being a storage device having a safety guaranteed access area and history data area and a non-access area, for rearranging data in the non-access area only once at random; means for moving to the access area; control means for exchanging, when an access to one data occurs, data between the access area and the non-access area and also accessing other data in the access area, thereby exchanging data between the access area and the non-access area; write means for writing out necessary data in the access area at termination of a process for accessing data to be accessed; means for saving, in the history area, the data moved from the access area to the non-access area. When data to be accessed does not exist in the access area but exists in the non-access area and saved data exists in the history area, the control means moves the data to be accessed and the saved data in the history area to the access area.

Description

  The present invention relates to a storage device that conceals an access pattern and reduces overhead, an access pattern concealment method, and a program.

  In recent years, attacks called side channel attacks against cryptography have become a major problem. As a side channel attack against software, there is an attack that analyzes memory access and restores secret information. In response to such an attack, Obvious RAM has attracted attention in order to protect memory access from attackers (see, for example, Non-Patent Document 1 and Non-Patent Document 2).

Odded Goldrich and Rafir Ostrovsky, “Software protection and simulation on oblivious RAMS,” J. et al. ACM, 43 (3): 431-473, 1996. X. Zhuang et al. "Hardware Assisted Control Flow Obfuscation for Embedded Processors", CASE 2004, 2004. Y. Nakano et al. “Memory Access Pattern Protection for Resource-constrained Devices”, CARDIS 2012, 2012.

  However, the memory protection by the Obvious RAM, which has been studied in Non-Patent Document 1 and the like, has a problem that it has a large overhead and is difficult to put into practical use. Therefore, Non-Patent Document 2 proposes a memory protection method supported by hardware, but this method has a problem that an attacker can obtain information such as access frequency and order of data. There is also a restriction that dedicated hardware is necessary. On the other hand, Non-Patent Document 3 proposes a method for protecting an access pattern from an attacker with a realistic overhead, but a relatively large overhead is required to realize with only software, and the overhead is reduced. In order to do so, there was a problem that a safe memory was necessary.

  Therefore, the present invention has been made in view of the above-described problems, and an object thereof is to provide a storage device that conceals an access pattern and reduces overhead, a method for concealing an access pattern, and a program.

  The present invention proposes the following matters in order to solve the above problems.

  (1) The present invention is a storage device that is divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data. A rearranging means for randomly rearranging data in the non-access area, a moving means for selecting the data in the non-access area according to the memory size of the access area, and moving the data to the access area; When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area When the access process to the data to be accessed and the control means for exchanging data with Writing means for writing data, and storage means for saving data moved from the access area to the non-access area as history data in the history area, wherein the control means has access data in the access area Without moving the data to be accessed and the arbitrary data stored in the history area to the access area when there is data stored in the history area and existing in the non-access area. A storage device is proposed.

  (2) The present invention is a storage device that is divided into a data access area, a history data area, and a non-access area whose safety is ensured by numerical processing of data. A rearranging means for randomly rearranging data in the non-access area, a moving means for selecting the data in the non-access area according to the memory size of the access area, and moving the data to the access area; When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area When the access process to the data to be accessed and the control means for exchanging data with Writing means for writing data, and saving means for saving data moved from the access area to the non-access area as history data in the history area, and the control means saves data to be accessed in the history area In this case, there is proposed a storage device that selects data not stored in the history area and moves the data to be accessed and the selected data to the access area.

  (3) The present invention is a storage device that is divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data. A rearranging means for randomly rearranging data in the non-access area, a moving means for selecting the data in the non-access area according to the memory size of the access area, and moving the data to the access area; When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area When the access process to the data to be accessed and the control means for exchanging data with Writing means for writing data, and saving means for saving data moved from the access area to the non-access area as history data in the history area, wherein the control means saves data to be accessed in the access area In this case, a storage device is proposed in which randomly selected data from the non-access area and the data to be accessed are moved to the access area.

(4) The present invention comprises processing means for performing numerical processing of the data for the storage devices of (1) to (3), wherein the processing means converts the data in the access area and the history data area to v1, _v2, ···, _v m (m is a positive integer), a random number d, y1, y2, y3, ···, y n (n is a positive integer) masking variable vector, an a rank conversion but m + 1, when and its n × rightmost column are all 1 (m + 1) matrix, the number 1, the data x1 they were obfuscated, x2, x3, · · ·, to the _{x n} A storage device characterized by the above is proposed.

  (5) In the storage device according to (1) to (3), the present invention associates information indicating whether each data in the non-access area is in the access area with each data in the non-access area. Thus, there has been proposed a storage device characterized by comprising information adding means for adding.

  (6) In the storage devices of (1) to (3), the present invention provides one block in all the areas when the minimum number of unit bits of data is larger than the number of processing unit bits in all areas. Has proposed storage control means for storing a plurality of data.

(7) The present invention is a method for concealing an access pattern in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data, .., V _m (m is a positive integer), d is a random number, y1, y2, y3,..., Y _n (n is a positive value) ) Is an n × (m + 1) matrix in which the rank is m + 1 and the rightmost column is all 1, the data x1 obfuscated by Equation 2 x2, x3,..., _xn , and information indicating whether each data in the non-access area is in the access area, is added in association with each data in the non-access area Processing, in all areas When the minimum unit bit number of data is larger than the processing unit bit number, a first step of performing a process of storing a plurality of data in one block of all the regions, and once in the initial state A second step of randomly rearranging the data in the non-access area, and a third step of selecting the data in the non-access area according to the memory size of the access area and moving it to the access area And, when access to one data occurs, exchanges data between the access area and the non-access area, and also accesses other data in the access area, Data is exchanged with non-access areas, and the data to be accessed does not exist in the access area but exists in the non-access area When there is data stored in the history area, the access area and arbitrary data stored in the history area are moved to the access area, and the access area is moved according to the moved data size. A fourth step of moving arbitrary data in the history area to the history area, a fifth step of obfuscating the data moved to the access area and the history area by the equation 2, and access to the data to be accessed And a sixth step of writing out necessary data in the access area when the processing is completed.

(8) The present invention is a method for concealing an access pattern in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data, .., V _m (m is a positive integer), d is a random number, y1, y2, y3,..., Y _n (n is a positive value) ) Is a masking variable vector, and A is an n × (m + 1) matrix whose rank is m + 1 and its rightmost column is all 1, data x1 obfuscated by Equation 3 x2, x3,..., _xn , and information indicating whether each data in the non-access area is in the access area, is added in association with each data in the non-access area Processing, in all areas When the minimum unit bit number of data is larger than the processing unit bit number, a first step of performing a process of storing a plurality of data in one block of all the regions, and once in the initial state A second step of randomly rearranging the data in the non-access area, and a third step of selecting the data in the non-access area according to the memory size of the access area and moving it to the access area And, when access to one data occurs, exchanges data between the access area and the non-access area, and also accesses other data in the access area, When data is exchanged with a non-access area and data to be accessed is stored in the history area, the history is The data not stored in the area is selected, the data to be accessed and the selected data are moved to the access area, and the arbitrary data in the access area is transferred to the history according to the moved data size. A fourth step of moving to the area, a fifth step of obfuscating the data moved to the access area and the history area according to the equation 3, and the access when the access processing to the data to be accessed is completed And a sixth step of writing out necessary data in the area, and a method of concealing an access pattern characterized by comprising:

(9) The present invention is a method for concealing an access pattern in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data, .., V _m (m is a positive integer), d is a random number, y1, y2, y3,..., Y _n (n is a positive value) ) Is a variable vector for masking, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1, the data x1 obfuscated by Equation 4 x2, x3,..., _xn , and information indicating whether each data in the non-access area is in the access area, is added in association with each data in the non-access area Processing, in all areas When the minimum unit bit number of data is larger than the processing unit bit number, a first step of performing a process of storing a plurality of data in one block of all the regions, and once in the initial state A second step of randomly rearranging the data in the non-access area, and a third step of selecting the data in the non-access area according to the memory size of the access area and moving it to the access area And, when access to one data occurs, exchanges data between the access area and the non-access area, and also accesses other data in the access area, When exchanging data with a non-access area and the data to be accessed is stored in the access area, A fourth step of moving data randomly selected from the access area and the history area to the access area, a fifth step of obfuscating the data moved to the access area by the equation 4, and the data to be accessed And a sixth step of writing out the necessary data in the access area when the access process is completed. An access pattern concealment method is proposed.

(10) The present invention executes in a computer an access pattern concealment method in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data. , V _m (m is a positive integer), d is a random number, y1, y2, y3,... , Y _n (n is a positive integer) is a masking variable vector, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1, A process of converting these into obfuscated data x1, x2, x3,..., _Xn , and information indicating whether each data in the non-access area is in the access area or not. To data A process of adding and associating, a process of storing a plurality of data in one block of all the areas when the minimum unit bit number of data is larger than the processing unit bit number in all areas 1 step, in the initial state, a second step of randomly rearranging the data in the non-access area only once, and selecting the data in the non-access area according to the memory size of the access area The third step of moving to the access area and exchanging data between the access area and the non-access area when one data is accessed and other data in the access area The data to be accessed is exchanged between the access area and the non-access area. If there is data that does not exist in the access area but exists in the non-access area and is stored in the history area, the data to be accessed and any data stored in the history area are stored in the access area. A fourth step of moving arbitrary data in the access area to the history area according to the moved data size, and obfuscation of the data moved to the access area and history area by the equation (5) A program for causing a computer to execute a fifth step of performing the above and a sixth step of writing out necessary data in the access area when an access process to the data to be accessed is completed is proposed. .

(11) The present invention executes in a computer an access pattern concealment method in a storage device that is divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data. , V _m (m is a positive integer), d is a random number, y1, y2, y3,... , Y _n (n is a positive integer) is a masking variable vector, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1, A process of converting these into obfuscated data x1, x2, x3,..., _Xn , and information indicating whether each data in the non-access area is in the access area or not. To data A process of adding and associating, a process of storing a plurality of data in one block of all the areas when the minimum unit bit number of data is larger than the processing unit bit number in all areas 1 step, in the initial state, a second step of randomly rearranging the data in the non-access area only once, and selecting the data in the non-access area according to the memory size of the access area The third step of moving to the access area and exchanging data between the access area and the non-access area when one data is accessed and other data in the access area Is also accessed, data is exchanged between the access area and the non-access area, and the data to be accessed is When the data is stored in the history area, the data that is not stored in the history area is selected, the data to be accessed and the selected data are moved to the access area, and the data size is changed. A fourth step of moving arbitrary data in the access area to the history area; a fifth step of obfuscating the data moved to the access area and history area by the equation 6; A program for causing a computer to execute a sixth step of writing out necessary data in the access area when a data access process is completed is proposed.

(12) The present invention executes in a computer an access pattern concealment method in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data. , V _m (m is a positive integer), d is a random number, y1, y2, y3,... , Y _n (n is a positive integer) is a masking variable vector, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1, A process of converting these into obfuscated data x1, x2, x3,..., _Xn , and information indicating whether each data in the non-access area is in the access area or not. To data A process of adding and associating, a process of storing a plurality of data in one block of all the areas when the minimum unit bit number of data is larger than the processing unit bit number in all areas 1 step, in the initial state, a second step of randomly rearranging the data in the non-access area only once, and selecting the data in the non-access area according to the memory size of the access area The third step of moving to the access area and exchanging data between the access area and the non-access area when one data is accessed and other data in the access area Is also accessed, data is exchanged between the access area and the non-access area, and the data to be accessed is A fourth step of moving data randomly selected from the non-access area and the history area to the access area when the data is stored in the access area; Proposing a program for causing a computer to execute a fifth step for generating a data and a sixth step for writing out necessary data in the access area when an access process to the data to be accessed is completed Yes.

  According to the present invention, since the safety is ensured by the numerical processing of data, the access pattern can be concealed with a smaller overhead than in the past. Further, since the data in the non-access area is rearranged only once, it is possible to prevent an increase in overhead as in the case of an Obvious RAM in which data is rearranged many times at a predetermined timing. There is an effect. In addition, since data is exchanged between the access area and the non-access area when one data is accessed, the data access pattern can be concealed. Further, since other data in the access area is accessed and data is exchanged between the access area and the non-access area, the data access pattern can be concealed.

  Further, as shown in the equation 1 and the like, the column multiplied by the random number d is always 1, which changes the original data v over the entire obfuscated variable. By applying randomization, changing the random number affects all variables, which has the effect of increasing efficiency compared to rewriting the entire access area.

  Further, for example, by assigning a 1-bit value to all blocks in the storage area and determining whether each data is held in the access area by bits 1 and 0, the management of the data in the access area is small overhead. By realizing the above, there is an effect that the speed can be increased.

  Furthermore, according to the present invention, for example, in the case of the short int type, since one data is 2 bytes (16 bits), it is possible to store four short int types in one block in a 64-bit environment. It becomes. As a result, the required memory size can be reduced. At the same time, four short int type variables can be acquired at a time. Therefore, when data to be continuously accessed is stored in the same block, the access speed can be improved.

It is a figure which shows the structure of the memory | storage device which concerns on the 1st Embodiment of this invention. It is a figure explaining the function of the process part which concerns on the 1st Embodiment of this invention. It is a figure explaining the function of the information addition part which concerns on the 1st Embodiment of this invention. It is a figure explaining the function of the storage control part which concerns on the 1st Embodiment of this invention. It is a figure which shows the process of the memory | storage device which concerns on the 1st Embodiment of this invention. It is a figure which shows the structure of the memory | storage device which concerns on the 2nd Embodiment of this invention. It is a figure which shows the process of the memory | storage device which concerns on the 2nd Embodiment of this invention. It is a figure which shows the structure of the memory | storage device which concerns on the 3rd Embodiment of this invention. It is a figure which shows the process of the memory | storage device which concerns on the 3rd Embodiment of this invention. It is a figure which shows the transition of the data in the storage area at the time of the access which concerns on the Example of this invention. It is a figure which shows the process of the memory | storage device which concerns on the Example of this invention. It is a figure which shows the process of the memory | storage device which concerns on the Example of this invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

<First Embodiment>
The embodiment of the present invention will be described with reference to FIGS.

<Configuration of storage device>
As illustrated in FIG. 1, the storage device according to the present embodiment includes a rearrangement unit 110, a movement unit 120, a control unit 130, a writing unit 140, a storage unit 150, a processing unit 160, and an information addition unit. 170, a storage control unit 180, and a storage area 200. The storage device of the present invention includes not only a general storage device such as a RAM but also a storage medium such as a SIM or an IC card.

  In the storage area 200, the memory is divided into a data access area, a non-access area, and a history area, and the access area and the history data area are more safely processed by numerical processing of data by the processing unit 160 described later. Is secured. The access area, non-access area, and history area are composed of rewritable memories such as DRAM and SRAM. The rearrangement unit 110 randomly rearranges the data in the non-access area only once in the initial state. The moving unit 120 selects data in the non-access area according to the memory size of the access area and moves it to the access area.

  When access to one piece of data occurs, the control unit 130 exchanges data between the access area and the non-access area, and also accesses other data in the access area so that the access area and the non-access area are not. Exchange data with the access area.

  For example, if the data to be accessed does not exist in the access area, exists in the non-access area, and there is data stored in the history area, the data to be accessed and any data stored in the history area are accessed. Move to the area.

  The writing unit 140 writes necessary data in the access area when the access process to the data to be accessed is completed. The storage unit 150 stores data moved from the access area to the non-access area as history data in the history area.

Processor 160, the data of the access area and historical data area _{v1, v2, ···, v m} (m is a positive integer), a random number d, y1, y2, y3, ···, y n (N is a positive integer) is a masking variable vector, A is an n × (m + 1) matrix whose rank is m + 1, and its rightmost column is all 1, and these are obfuscated by Equation 1. Are converted into converted data x1, x2, x3,..., _Xn . Specifically, as shown in FIG. 2, if the access area is taken as an example, the access area is formed of six blocks. Therefore, the access area is divided into two block groups every three blocks. Obfuscation can be performed by converting the three values from y01 to y05 and y11 to y15, respectively, by performing an operation according to Equation 1 on the divided block group.

  In the matrix A, the rightmost column multiplied by the random number d is all 1, so that the change of the original variable v extends to the entire obfuscated variable. In other words, if you change the random number by applying obfuscation, it will affect all variables. Therefore, it is more efficient than rewriting the entire access area, and the access pattern can be concealed with a smaller overhead than the conventional technique realized only by software. Further, by changing the block size to be obfuscated according to the situation, safety and performance can be selected as necessary.

  The information adding unit 170 adds information indicating whether each data in the non-access area is in the access area in association with each data in the non-access area. Specifically, for example, as shown in FIG. 3, a block for additional information is added to the data block in the non-access area, and “1” is added to the data in the access area to this block, A bit string assigned with “0” is added.

  That is, it is important to manage the data stored in the access area, and only one latest data must be held. Therefore, when moving data from the storage area (non-access area) to the access area, it is necessary to confirm that the selected data is not held in the access area. A simple solution is by scanning, but using scanning creates a lot of overhead. Therefore, for example, a 1-bit value is assigned to all blocks in the storage area, and it is determined whether each data is held in the access area by bits 1 and 0. As a result, it is possible to manage the data in the access area at high speed.

  The storage control unit 180 stores a plurality of data in one block of all the areas when the minimum unit bit number of the data is larger than the processing unit bit number in all the areas. Specifically, for example, as shown in FIG. 4, when the CPU word size is 32 bits, four 8-bit data are stored, two 16-bit data are stored, or One 16-bit data and two 8-bit data are stored.

  That is, the size of each block is constant. Therefore, in order to cope with a large data block, it is necessary to configure each block with 32 or 64 bits according to the word size of the CPU. However, the variables handled by the program are often smaller than this, and there is a problem that the required memory increases when a large block is used. Therefore, the size of one block is 32 or 64 bits, and a plurality of small data is stored in one block.

  For example, in the case of the short int type, since one data is 2 bytes (16 bits), it is possible to store four short int types in one block in a 64-bit environment. As a result, the required memory size can be reduced. At the same time, four short int type variables can be acquired at a time. Therefore, when data to be continuously accessed is stored in the same block, the access speed can be improved.

<Storage device processing>
The processing of the storage device according to this embodiment will be described with reference to FIG.

First, the data of the access area and historical data area _{v1, v2, ···, v m} (m is a positive integer), a random number d, y1, y2, y3, ···, y n (n is , A positive integer) is a masking variable vector, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1. Processing for converting to x1, x2, x3,..., _xn , processing for adding information indicating whether each data in the non-access area is in the access area in association with each data in the non-access area In all the areas, when the minimum number of unit bits of data is larger than the number of processing unit bits, a process of storing a plurality of data in one block of all areas is performed (step S100).

  Next, in the initial state, the data in the non-access area is rearranged randomly only once (step S200), and the data in the non-access area is selected according to the memory size of the access area, Move (step S300).

  Furthermore, when one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area Data is exchanged between them, and if the data to be accessed does not exist in the access area, exists in the non-access area, and there is data saved in the history area, the data to be accessed and the history area are saved. Arbitrary data is moved to the access area, the arbitrary data in the access area is moved to the history area according to the moved data size, and the access area and the data moved to the history area are obfuscated by Equation 2. (Step S400).

  Then, when the access processing to the data to be accessed is completed, necessary data in the access area is written (step S500).

  As described above, according to the present embodiment, since the data in the non-access area is rearranged only once, like an Obvious RAM that rearranges the data many times at a predetermined timing. It is possible to prevent the overhead from becoming large.

  In addition, by applying obfuscation as described above, if the random number is changed, it affects all variables, which has the effect of increasing efficiency compared to rewriting the entire access area. In addition, by determining whether each data is held in the access area by the added data, there is an effect that the management of the data in the access area is realized with a small overhead, and the speed can be increased. .

  Furthermore, if the minimum unit bit number of data in all areas is larger than the number of processing unit bits, it is possible to reduce the required memory size by storing multiple data in one block in all areas. It becomes. In addition, when the data to be accessed continuously is stored in the same block, the access speed can be improved.

<Second Embodiment>
The embodiment of the present invention will be described with reference to FIGS.

<Configuration of storage device>
As illustrated in FIG. 6, the storage device according to the present embodiment includes a rearrangement unit 110, a movement unit 120, a control unit 131, a writing unit 140, a storage unit 150, a processing unit 160, and an information addition unit. 170, a storage control unit 180, and a storage area 200. The storage device of the present invention includes not only a general storage device such as a RAM but also a storage medium such as a SIM or an IC card. In addition, about the component which attaches | subjects the same code | symbol as 1st Embodiment, since it has the same function, the detailed description is abbreviate | omitted.

  When access to one piece of data occurs, the control unit 131 exchanges data between the access area and the non-access area, and also accesses other data in the access area. Exchange data with the access area.

<Storage device processing>
Processing of the storage device according to the present embodiment will be described with reference to FIG.

First, the data of the access area and historical data area _{v1, v2, ···, v m} (m is a positive integer), a random number d, y1, y2, y3, ···, y n (n is , A positive integer) is a masking variable vector, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1. Processing for converting to x1, x2, x3,..., _xn , processing for adding information indicating whether each data in the non-access area is in the access area in association with each data in the non-access area When the minimum number of unit bits of data is larger than the number of processing unit bits in all areas, a process of storing a plurality of data in one block of all areas is performed (step S110).

  Next, in the initial state, the data in the non-access area is rearranged randomly only once (step S210), and the data in the non-access area is selected according to the memory size of the access area, Move (step S310).

  Furthermore, when one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area When data to be accessed is stored in the history area, the data not stored in the history area is selected, and the data to be accessed and the selected data are moved to the access area. Then, according to the moved data size, arbitrary data in the access area is moved to the history area, and the data moved to the access area and the history area is obfuscated by Equation 3 (step S410).

  Then, when the access processing to the data to be accessed is completed, necessary data in the access area is written (step S510).

  As described above, according to the present embodiment, since the data in the non-access area is rearranged only once, like an Obvious RAM that rearranges the data many times at a predetermined timing. It is possible to prevent the overhead from becoming large.

  In addition, by applying obfuscation as described above, if the random number is changed, it affects all variables, which has the effect of increasing efficiency compared to rewriting the entire access area. In addition, by determining whether each data is held in the access area by the added data, there is an effect that the management of the data in the access area is realized with a small overhead, and the speed can be increased. .

  Furthermore, if the minimum unit bit number of data in all areas is larger than the number of processing unit bits, it is possible to reduce the required memory size by storing multiple data in one block in all areas. It becomes. In addition, when the data to be accessed continuously is stored in the same block, the access speed can be improved.

<Third Embodiment>
The embodiment of the present invention will be described with reference to FIGS.

<Configuration of storage device>
As illustrated in FIG. 8, the storage device according to the present embodiment includes a rearrangement unit 110, a movement unit 120, a control unit 132, a writing unit 140, a storage unit 150, a processing unit 160, and an information addition unit. 170, a storage control unit 180, and a storage area 200. The storage device of the present invention includes not only a general storage device such as a RAM but also a storage medium such as a SIM or an IC card. In addition, about the component which attaches | subjects the same code | symbol as 1st Embodiment, since it has the same function, the detailed description is abbreviate | omitted.

  When access to one piece of data occurs, the control unit 132 exchanges data between the access area and the non-access area, and also accesses other data in the access area so that the access area and the non-access area are not. Exchange data with the access area.

<Storage device processing>
The processing of the storage device according to this embodiment will be described with reference to FIG.

First, the data of the access area and historical data area _{v1, v2, ···, v m} (m is a positive integer), a random number d, y1, y2, y3, ···, y n (n is , A positive integer) is a masking variable vector, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1. Processing for converting to x1, x2, x3,..., _xn , processing for adding information indicating whether each data in the non-access area is in the access area in association with each data in the non-access area When the minimum unit bit number of data is larger than the processing unit bit number in all the regions, a process of storing a plurality of data in one block of all the regions is performed (step S120).

  Next, in the initial state, the data in the non-access area is randomly rearranged only once (step S220), and the data in the non-access area is selected according to the memory size of the access area and is set in the access area. Move (step S320).

  Furthermore, when one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area When data to be accessed is stored in the access area, randomly selected data from the non-access area and history area is moved to the access area, and the data moved to the access area is Obfuscation is performed using Equation 4 (step S420).

  Then, when the access processing to the data to be accessed is completed, necessary data in the access area is written (step S520).

  As described above, according to the present embodiment, since the data in the non-access area is rearranged only once, like an Obvious RAM that rearranges the data many times at a predetermined timing. It is possible to prevent the overhead from becoming large.

  In addition, by applying obfuscation as described above, if the random number is changed, it affects all variables, which has the effect of increasing efficiency compared to rewriting the entire access area. In addition, by determining whether each data is held in the access area by the added data, there is an effect that the management of the data in the access area is realized with a small overhead, and the speed can be increased. .

  Furthermore, if the minimum unit bit number of data in all areas is larger than the number of processing unit bits, it is possible to reduce the required memory size by storing multiple data in one block in all areas. It becomes. In addition, when the data to be accessed continuously is stored in the same block, the access speed can be improved.

<Example>
An embodiment of the present invention will be described with reference to FIGS.

  FIG. 10 shows the program in the order of 5 → D → 8 → 5 → A when 1, 2,..., 9, A, B,. The memory transition when accessing data is shown. Hereinafter, this process will be described as an example. Regardless of the example of FIG. 10, the non-access area may be further divided into a plurality.

First, the data of the access area and historical data area _{v1, v2, ···, v m} (m is a positive integer), a random number d, y1, y2, y3, ···, y n (n is , A positive integer) is a masking variable vector, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1. Processing for converting to x1, x2, x3,..., _xn , processing for adding information indicating whether each data in the non-access area is in the access area in association with each data in the non-access area When the minimum unit bit number of data is larger than the processing unit bit number in all areas, a process of storing a plurality of data in one block of all areas is performed (step S1100).

  Next, in the initial state, the data in the non-access area is rearranged randomly only once (step S1200), and the data in the non-access area is selected according to the memory size of the access area and moved to the access area. (Step S1300).

  First, when accessing 5, since 5 is not included in the access area, 5 and another randomly selected data (2 in FIG. 10) are moved to the access area. Thus, 4 and B moving from the access area are stored in the history area and 5 is accessed. At this time, another data in the access area (2, 3, 8 in FIG. 10) is also accessed (step S1400).

  Next, when accessing D, since D is not included in the access area, D is moved to the access area, and another data is selected from the history area (for example, B in FIG. 10). Thereby, 5 and 8 moved from the access area are stored in the history area, and D is accessed. At this time, another data in the access area (3, B, 2 in FIG. 10) is also accessed (step S1500).

  Further, when accessing 8, since 8 is included in the history area, another data is selected at random (A in FIG. 10) and moved to the access area. To do. As a result, 3 and B moving from the access area are stored in the history area, and 8 is accessed. At this time, another data (A, D, 2 in FIG. 10) in the access area is also accessed (step S1600).

  Further, when accessing 5, since 5 is included in the history area, another data is randomly selected that is not included in the history area (6 in FIG. 10) and moved to the access area. Thus, 2 and 8 moving from the access area are stored in the history area and 5 is accessed. Further, access is made to other data in the access area (A, D, 6 in FIG. 10) (step S1700).

  Finally, when accessing A, since A is included in the access area, randomly selected data not included in the access area and data stored in the history area (in FIG. 10, 3, F ) Move to the access area. As a result, 6 and D moving from the access area are written to the non-access area and A is accessed. Further, access is also made to other data (5, F, 3 in FIG. 10) in the access area (step S1800).

  When all the processes are completed, necessary data in the access area is written and the process ends (step S1900).

  Note that the storage device of the present invention can be realized by recording the processing of the storage device on a recording medium readable by the computer system, reading the program recorded on the recording medium into the storage device, and executing the program. The computer system here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, what is called a difference file (difference program) may be sufficient.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

110; rearrangement unit 120; movement unit 130; control unit 131; control unit 132; control unit 140; writing unit 150; storage unit 160; processing unit 170; information addition unit 180; storage control unit 200;

Claims (12)

A storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data,
In an initial state, rearrangement means for randomly rearranging data in the non-access area only once,
Moving means for selecting data in the non-access area according to the memory size of the access area and moving the data to the access area;
When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area Control means for exchanging data with
Writing means for writing out the necessary data in the access area when the access process to the data to be accessed is completed;
Storage means for storing data moved from the access area to the non-access area as history data in the history area;
Prepared,
The control means includes
If the data to be accessed does not exist in the access area, exists in the non-access area, and there is data stored in the history area, the data to be accessed and any data stored in the history area And moving the arbitrary data in the access area to the history area in accordance with the moved data size. A storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data,
In an initial state, rearrangement means for randomly rearranging data in the non-access area only once,
Moving means for selecting data in the non-access area according to the memory size of the access area and moving the data to the access area;
When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area Control means for exchanging data with
Writing means for writing out the necessary data in the access area when the access process to the data to be accessed is completed;
Storage means for storing data moved from the access area to the non-access area as history data in the history area;
Prepared,
The control means includes
When data to be accessed is stored in the history area, data that is not stored in the history area is selected, the data to be accessed and the selected data are moved to the access area, and moved A storage device that moves arbitrary data in the access area to the history area according to a data size. A storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data,
In an initial state, rearrangement means for randomly rearranging data in the non-access area only once,
Moving means for selecting data in the non-access area according to the memory size of the access area and moving the data to the access area;
When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area Control means for exchanging data with
Writing means for writing out the necessary data in the access area when the access process to the data to be accessed is completed;
Storage means for storing data moved from the access area to the non-access area as history data in the history area;
Prepared,
The control means includes
When data to be accessed is stored in the access area, data randomly selected from the non-access area and the data to be accessed are moved to the access area, and the access is performed according to the moved data size. Arbitrary data in an area is moved to the history area. , V _m (m is a positive integer), and d are stored in the access area and the history data area. .., Y _n (n is a positive integer) is a masking variable vector, A is a rank m + 1, and its rightmost column is all 1 × (m + 1) matrices 4 is converted into obfuscated data x1, x2, x3,..., _{Xn according} to the equation (1). Storage device.

  The information adding means for adding information indicating whether each data in the non-access area is in the access area in association with each data in the non-access area is provided. The storage device according to claim 3.   The storage control means for storing a plurality of data in one block of all the areas when the minimum unit bit number of the data is larger than the processing unit bit number in all the areas. The storage device according to any one of claims 1 to 3. A method for concealing an access pattern in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data,
.., V _m (m is a positive integer), d is a random number, y1, y2, y3,..., Y _n (n is a positive value) ) Is an n × (m + 1) matrix in which the rank is m + 1 and the rightmost column is all 1, the data x1 obfuscated by Equation 2 x2, x3,..., _xn , and information indicating whether each data in the non-access area is in the access area, is added in association with each data in the non-access area Process, a first step of performing a process of storing a plurality of data in one block of all areas when the minimum unit bit number of data is larger than the process unit bit number in all areas;
A second step of randomly rearranging the data in the non-access area only once in an initial state;
A third step of selecting the data in the non-access area according to the memory size of the access area and moving the data to the access area;
When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area When the data to be accessed does not exist in the access area, exists in the non-access area, and there is data stored in the history area, the data to be accessed and the data A fourth step of moving arbitrary data stored in a history area to the access area, and moving arbitrary data in the access area to the history area according to the moved data size;
A fifth step of obfuscating the data moved to the access area and the history area according to Equation 2;
A sixth step of writing out necessary data in the access area when the access process to the data to be accessed is completed;
A method for concealing an access pattern, comprising:

A method for concealing an access pattern in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data,
.., V _m (m is a positive integer), d is a random number, y1, y2, y3,..., Y _n (n is a positive value) ) Is a masking variable vector, and A is an n × (m + 1) matrix whose rank is m + 1 and its rightmost column is all 1, data x1 obfuscated by Equation 3 x2, x3,..., _xn , and information indicating whether each data in the non-access area is in the access area, is added in association with each data in the non-access area Process, a first step of performing a process of storing a plurality of data in one block of all areas when the minimum unit bit number of data is larger than the process unit bit number in all areas;
A second step of randomly rearranging the data in the non-access area only once in an initial state;
A third step of selecting the data in the non-access area according to the memory size of the access area and moving the data to the access area;
When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area When data to be accessed is stored in the history area, data not stored in the history area is selected, and the data to be accessed and the selected data are A fourth step of moving arbitrary data in the access area to the history area according to the moved data size;
A fifth step of obfuscating the data moved to the access area and the history area according to Equation 3;
A sixth step of writing out necessary data in the access area when the access process to the data to be accessed is completed;
A method for concealing an access pattern, comprising:

A method for concealing an access pattern in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data,
.., V _m (m is a positive integer), d is a random number, y1, y2, y3,..., Y _n (n is a positive value) ) Is a variable vector for masking, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1, the data x1 obfuscated by Equation 4 x2, x3,..., _xn , and information indicating whether each data in the non-access area is in the access area, is added in association with each data in the non-access area Process, a first step of performing a process of storing a plurality of data in one block of all areas when the minimum unit bit number of data is larger than the process unit bit number in all areas;
A second step of randomly rearranging the data in the non-access area only once in an initial state;
A third step of selecting the data in the non-access area according to the memory size of the access area and moving the data to the access area;
When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area A fourth step of exchanging data with each other and moving data randomly selected from the non-access area and the history area to the access area when the data to be accessed is stored in the access area When,
A fifth step of obfuscating the data moved to the access area according to the equation (4);
A sixth step of writing out necessary data in the access area when the access process to the data to be accessed is completed;
A method for concealing an access pattern, comprising:

A program for causing a computer to execute an access pattern concealment method in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data. ,
.., V _m (m is a positive integer), d is a random number, y1, y2, y3,..., Y _n (n is a positive value) ) Is a variable vector for masking, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1, the data x1 obfuscated by Equation 5 x2, x3,..., _xn , and information indicating whether each data in the non-access area is in the access area, is added in association with each data in the non-access area Process, a first step of performing a process of storing a plurality of data in one block of all areas when the minimum unit bit number of data is larger than the process unit bit number in all areas;
A second step of randomly rearranging the data in the non-access area only once in an initial state;
A third step of selecting the data in the non-access area according to the memory size of the access area and moving the data to the access area;
When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area When the data to be accessed does not exist in the access area, exists in the non-access area, and there is data stored in the history area, the data to be accessed and the data A fourth step of moving arbitrary data stored in a history area to the access area, and moving arbitrary data in the access area to the history area according to the moved data size;
A fifth step of obfuscating the data moved to the access area and the history area according to Equation 5;
A sixth step of writing out necessary data in the access area when the access process to the data to be accessed is completed;
A program that causes a computer to execute.

A program for causing a computer to execute an access pattern concealment method in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data. ,
.., V _m (m is a positive integer), d is a random number, y1, y2, y3,..., Y _n (n is a positive value) ) Is a variable vector for masking, and A is an n × (m + 1) matrix whose rank is m + 1 and the rightmost column is all 1, the data x1 obfuscated by Equation 6 x2, x3,..., _xn , and information indicating whether each data in the non-access area is in the access area, is added in association with each data in the non-access area Process, a first step of performing a process of storing a plurality of data in one block of all areas when the minimum unit bit number of data is larger than the process unit bit number in all areas;
A second step of randomly rearranging the data in the non-access area only once in an initial state;
A third step of selecting the data in the non-access area according to the memory size of the access area and moving the data to the access area;
When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area When data to be accessed is stored in the history area, data not stored in the history area is selected, and the data to be accessed and the selected data are A fourth step of moving arbitrary data in the access area to the history area according to the moved data size;
A fifth step of obfuscating the data moved to the access area and the history area according to Equation 6;
A sixth step of writing out necessary data in the access area when the access process to the data to be accessed is completed;
A program that causes a computer to execute.

A program for causing a computer to execute an access pattern concealment method in a storage device divided into a data access area, a history data area, and a non-access area that are secured by numerical processing of data. ,
.., V _m (m is a positive integer), d is a random number, y1, y2, y3,..., Y _n (n is a positive value) ) Is an n × (m + 1) matrix in which the rank is m + 1 and the rightmost column is all 1, the data x1 obfuscated by Equation 7 x2, x3,..., _xn , and information indicating whether each data in the non-access area is in the access area, is added in association with each data in the non-access area Process, a first step of performing a process of storing a plurality of data in one block of all areas when the minimum unit bit number of data is larger than the process unit bit number in all areas;
A second step of randomly rearranging the data in the non-access area only once in an initial state;
A third step of selecting the data in the non-access area according to the memory size of the access area and moving the data to the access area;
When one data is accessed, data is exchanged between the access area and the non-access area, and other data in the access area is also accessed, and the access area and the non-access area A fourth step of exchanging data with each other and moving data randomly selected from the non-access area and the history area to the access area when the data to be accessed is stored in the access area When,
A fifth step of obfuscating the data moved to the access area according to Equation 7;
A sixth step of writing out necessary data in the access area when the access process to the data to be accessed is completed;
A program that causes a computer to execute.

Images