KR20170091248A - Method And Apparatus for Memory Integrity Verification Based on Merkle Tree - Google Patents

Method And Apparatus for Memory Integrity Verification Based on Merkle Tree Download PDF

Info

Publication number
KR20170091248A
KR20170091248A KR1020160011954A KR20160011954A KR20170091248A KR 20170091248 A KR20170091248 A KR 20170091248A KR 1020160011954 A KR1020160011954 A KR 1020160011954A KR 20160011954 A KR20160011954 A KR 20160011954A KR 20170091248 A KR20170091248 A KR 20170091248A
Authority
KR
South Korea
Prior art keywords
verification
hash value
memory
merge tree
data
Prior art date
Application number
KR1020160011954A
Other languages
Korean (ko)
Other versions
KR101786006B1 (en
Inventor
윤현수
김세환
김용곤
권오민
Original Assignee
한국과학기술원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국과학기술원 filed Critical 한국과학기술원
Priority to KR1020160011954A priority Critical patent/KR101786006B1/en
Publication of KR20170091248A publication Critical patent/KR20170091248A/en
Application granted granted Critical
Publication of KR101786006B1 publication Critical patent/KR101786006B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1433Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a module or a part of a module
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a method and an apparatus for verifying memory integrity based on a Merkle tree. The method comprises: a reference Merkle tree configuration process of configuring a reference Merkle tree having a measured hash value as a value of each end node by applying a hash function with respect to each partial memory block of a verification target memory in a verification reference time; a memory storage process of storing a root hash value of the reference Merkle tree in an on-chip memory; a verification Merkle tree configuration process of configuring a verification Merkle tree having a measured hash value as a value of each end node by applying the hash function with respect to each partial memory block in a verification performing time; and a memory integrity verification process of verifying memory integrity by comparing the root hash value of the verification Merkle tree with the root hash value of the reference Merkle tree stored in the on-chip memory. Moreover, inner node values of the reference Merkle tree and the verification Merkle tree are determined by summation of hash values of child nodes of the inner nodes.

Description

[0001] The present invention relates to a method and an apparatus for verifying memory integrity based on a merge tree,

An embodiment of the present invention relates to a memory integrity verification method based on a merge tree.

The contents described in this section merely provide background information on the present embodiment and do not constitute the prior art.

The importance of computer security is increasing. The processor must be able to guarantee that the result of the operation is correct despite an external attack. Since the processor receives and processes information from the memory, the integrity of the data in the memory must be ensured in order to ensure the reliability and stability of the processor.

The Merkle tree is used as a data structure for verifying data in various fields and is often used as a method for verifying the integrity of memory. The merge tree constructs the hash value of the memory data as the end node and uses it to create the root node. The generated root node stores all the information of the memory data and stores it in a space that can guarantee the safety of the data.

In the integrity verification method using the existing merge tree, the verification is performed at the same time as the loading of the data. Even if the verification is not necessary, time delay occurs when the verification process is performed. The point at which the verification is required is the point at which the result of the computation of the process is derived and stores the result. Therefore, it can be processed using lazy-processing in order to verify it collectively. However, the conventional RAGE processing has a disadvantage in that the on-chip memory storage space is wasted. In addition, when the data is frequently modified, the root node needs to be updated every time the data is modified. Therefore, the number of operations required for the verification increases and the processing time is delayed.

Embodiments of the present invention have a main object to provide a merge tree-based memory integrity verification method that minimizes time delay according to a verification process and minimizes storage space consumption of on-chip memory.

According to the embodiment of the present invention, a process of constructing a reference merit tree having a hash value calculated by applying a hash function to each partial memory block of the verification target memory at the verification reference time point as the value of each end node, The process of storing the root hash value in the on-chip memory, the process of constructing the merge tree by verifying that the hash value calculated by applying the hash function to each partial memory block at the time of the verification is the value of each end node, And comparing the root hash value of the reference node with the root hash value of the reference merge tree stored in the on-chip memory, and verifying the integrity of the memory, wherein the value of the internal node of the reference merge tree and the verification merge tree is a hash Values of the plurality of memory cells.

In the embodiment of the present invention, when there are a plurality of partial memory blocks in which data load is performed from the verification target memory to the on-chip, each time a data load occurs, the corresponding partial memory block is allocated to an off- Storing a first hash value calculated by applying a hash function to a queue in order, storing the first hash value in a queue, calculating a second hash value applying a hash function to the queue at the time of performing the verification, And comparing the first hash value stored in the on-chip memory with the second hash value to verify the integrity of the queue.

In the embodiment of the present invention, when the data loaded on the chip is modified, the modified data is fetched to the corresponding partial memory block, the integrity of the fetched data is verified, and the hash value And updating the root hash value of the reference merge tree.

According to the embodiment of the present invention, the reference merge tree constituting the reference merge tree having the hash value calculated by applying the hash function to each partial memory block of the verification target memory at the verification reference time point as the value of each end node, A reference root hash value storage unit for storing the root hash value of the reference merge tree in an on-chip memory, a hash value calculated by applying a hash function to each partial memory block at the time of performing the verification, And a memory integrity verifier for verifying the integrity of the memory by comparing the root hash value of the verification merge tree with the root hash value of the reference merge tree stored in the on-chip memory, The values of the internal nodes of the reference merge tree and verification merge tree are determined by the sum of the hash values of the child nodes of the internal node It provides a memory integrity verification apparatus according to claim.

A process of constructing a reference merge tree having a hash value calculated by applying a hash function to each partial memory block of a verification target memory at a verification reference point as a value of each end node, A step of constructing a verification tree having a hash value calculated by applying a hash function to each of the partial memory blocks at the time of verification, as a value of each end node, a process of constructing a verification tree, The root hash value of the reference node is compared with the root hash value of the reference merge tree stored in the on-chip memory to verify the integrity of the memory, and the value of the internal node of the reference merge tree and the verification merge tree is And the hash value of the program is determined by the sum of the hash values.

As described above, according to the embodiments of the present invention, the memory integrity verification algorithm capable of batch verification and batch processing is implemented, thereby reducing the number of operations and delay time required for verification. In addition, it has the effect of minimizing the amount of storage space of the on-chip memory required for verification while enabling batch verification.

1 is a block diagram schematically showing a configuration of a hardware platform for implementing a memory integrity verification method according to an embodiment of the present invention.
2 is a schematic flowchart of a memory integrity verification method according to an embodiment of the present invention.
3 is a diagram for explaining a method of constructing a merge tree for a verification target memory in a memory integrity verification process according to an embodiment of the present invention.
4 is a flow diagram of a memory integrity verification method in accordance with another embodiment of the present invention.
5 is a functional block diagram illustrating major components of a memory integrity verification apparatus according to an exemplary embodiment of the present invention.
6 is a functional block diagram illustrating major components of a memory integrity verification apparatus according to another embodiment of the present invention.

Hereinafter, some embodiments of the present invention will be described in detail with reference to exemplary drawings. It should be noted that, in adding reference numerals to the constituent elements of the drawings, the same constituent elements are denoted by the same reference numerals whenever possible, even if they are shown in different drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

In describing the components of the present invention, terms such as first, second, A, B, (a), and (b) may be used. These terms are intended to distinguish the constituent elements from other constituent elements, and the terms do not limit the nature, order or order of the constituent elements. Throughout the specification, when an element is referred to as being "comprising" or "comprising", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise . In addition, '... Quot ;, " module ", and " module " refer to a unit that processes at least one function or operation, and may be implemented by hardware or software or a combination of hardware and software.

1 is a block diagram schematically illustrating the configuration of a hardware platform for implementing a memory integrity verification method according to an embodiment of the present invention.

The memory integrity verification method according to an exemplary embodiment of the present invention is implemented in a hardware platform having an on-chip (100) area and an off-chip (110) area. The on-chip area 100 is a secure trust domain from a security attack, and the off-chip domain 110 is an untrusted domain that is relatively insecure from a security attack. The on-chip area 100 may include a processor 101 and a cache memory 102. [ The off-chip area 110 may include a main memory 111 such as a DRAM connected to the on-chip area 100. The information to be securely stored in the memory integrity verification process is stored in the memory of the on-chip area 100. [ Information used as a control group such as a hash value of a root node of a reference merge tree constructed in the verification process can be stored in the on-chip 100.

A memory integrity verification method according to an embodiment of the present invention will be described below with reference to FIGS. 2 and 3. FIG.

2 is a schematic flowchart of a memory integrity verification method according to an embodiment of the present invention.

3 is a diagram for explaining a method of constructing a merge tree for a verification target memory in a memory integrity verification process according to an embodiment of the present invention.

First, a reference merge tree having the hash value calculated by applying the hash function to each partial memory block 310 of the verification target memory 10 at the verification reference time point is set as the value of the end node 320 (S210) . A detailed method of constructing the merge tree will be described later with reference to FIG. The verification reference time means a time when all the data in the verification target memory 10 can be trusted.

The hash value of the root node 340 of the reference merge tree (hereinafter, the 'hash value of the root node' is hereinafter referred to as a 'root hash value') corresponds to the data of each partial memory block 310 of the verification target memory 10 Information, and is stored in a secure on-chip 100 memory for use as a control for integrity verification (S220). The end node 320 and the internal node 330 of the other reference merge tree can be stored in the off-chip 110 memory because they do not affect the control group even if they are modulated.

A verification merge tree having a hash value of each partial memory block 310 of the verification target memory 10 as the value of the final node 320 is constructed at the time of verification (S230). The verification execution time means a time at which the integrity of the data in the memory is to be verified. The verification execution time indicates the time at which data is loaded by the processor 101 or the result of the calculation of the process is derived, . ≪ / RTI > A memory block requiring verification of integrity is a partial memory block in which data is loaded into the on-chip 100 of the verification target memory 10. In the process of constructing the verification merge tree, the end node 320 and the internal node 310 stored in the reference merge tree may be used.

The root hash value of the verification merge tree that is constructed is a value including all the information about the data of each partial memory block 310 of the verification target memory 10 at the time of verification. The root hash value of the verification merge tree is compared with the root hash value of the reference merge tree stored in the on-chip memory to verify the integrity of the memory (S340).

Referring to FIG. 3, in the memory integrity verification process according to the embodiment of the present invention, the merge tree 300 for the verification target memory 10 stores a hash value of each partial memory block 310 in the verification target memory 10 as And an internal node 330 is configured by adding the hash values of the child nodes of each internal node 330. [ In this manner, when the root node 340 is reached, the root node 340 has a hash value representing the data block of all child nodes.

For example, the data m1, m2, m3, ... of each partial memory block 310 of the verification target memory 10 , the hash value of m8 is represented by h1, h2, h3, ... , h8, the terminating node 320 may determine that each h1, h2, h3, ... , h8. The internal node h123 332 has a value of h1 + 2 + h3 + h4 and the internal node h1234 332 has a value of h1 + h2 that is the sum of the hash values of the child nodes 321 and 322, h12345678 has a value of h1 + h2 + h3 + h4 + h5 + h6 + h7 + h8.

The hash function used to obtain the hash value in the process of constructing the merge tree according to the present embodiment is a hash function that hash the result of summing a plurality of elements regardless of the order of a plurality of elements, And the result of summing up one result may include the same hash value. That is, when each hash value of the elements a and b is H (a) and H (b)

Figure pat00001
.

The hash function used for obtaining the hash value in the process of constructing the merge tree according to the present embodiment is characterized in that the operation value for updating the hash value increases in proportion to the increase of the input data value when the input data value changes, And the operation value for updating the hash value may decrease in proportion to the decrease of the input data value.

For example, when a hash value corresponding to a message X is H (X), if a message modified for X is X 'and X' = X + m

Figure pat00002
Lt; / RTI >
Figure pat00003
It is not necessary to know X to calculate the hash value, and the hash value can be updated more easily.

In other words,

Figure pat00004
Lt; / RTI >
Figure pat00005
of
Figure pat00006
and
Figure pat00007
Can be obtained. Especially for one element
Figure pat00008
.

Also,

Figure pat00009
Lt; / RTI > is satisfied,
Figure pat00010
, ≪ / RTI >
Figure pat00011
of
Figure pat00012
and
Figure pat00013
Can be obtained. Especially for one element
Figure pat00014
when,
Figure pat00015
.

4 is a flow diagram of a memory integrity verification method in accordance with another embodiment of the present invention. These embodiments further include several processes when there are a plurality of memory blocks in which data loads occur or when there is a modification in the data of memory blocks in which data loads occurred. The steps S401, S402, S406, and S407 in FIG. S202, S203, and S204.

First, in the memory integrity verification process according to the present embodiment, when a plurality of partial memory blocks requiring verification are among the memory blocks 10 to be fully verified, a process for collectively verifying the integrity of the partial memory blocks is described do.

The reference merge tree having the hash value calculated by applying the hash function to each partial memory block 310 of the verification target memory 10 as the value of the end node 320 is constructed at the verification reference time (S401). The root hash value of the constructed reference merge tree is stored in the on-chip memory (S402).

It is determined whether there are a plurality of partial memory blocks in which the data load has occurred in the on-chip 100 among the verification target memory 10 (S403). Here, data load refers to a processor calling data to a cache memory or the like to process data.

In order to verify a plurality of partial memory blocks collectively, whenever a data load occurs, the corresponding partial memory block is stored in a first queue allocated to the off-chip memory 110, and a hash value for the first queue is stored And stored in the on-chip memory 100 (S404). In this embodiment, a queue is allocated to an off-chip 110 memory to minimize occupancy of the storage space of the on-chip memory 100, a hash value for verification of the queue is calculated and stored in the on-chip memory 100. When a hash value for the first queue is calculated by applying any one of the hash functions described above in step S404, the hash value of the first queue is updated. Overhead is reduced.

In step S404, the hash value for the first queue is calculated at the time of performing the verification, and the integrity of the first queue is verified by comparing the hash value with the hash value stored in the on-chip memory 100 in step S404.

Next, a description will be made of a process for collectively processing fetch after update and control update when there is a modification in data of a partial memory block in which a data load occurred in the memory integrity verification process according to the present embodiment. When the loaded data is modified, the modified data is temporarily stored in the second queue of the off-chip memory 110 every time there is a request for data modification for future batch fetch and update.

The verify merge tree having the hash value of each partial memory block 310 of the verification target memory 10 as the value of the end node 320 is constructed at the time of performing the verification (S406). The root hash value of the verification merge tree is compared with the root hash value of the reference merge tree stored in the on-chip memory to verify the integrity of the memory (S407).

When the memory integrity verification process (S407) is completed, it is determined whether the data loaded on the on-chip is modified (S408). When the data loaded on the chip is modified, the modified data stored in the second queue is fetched to the corresponding partial memory block (S409). Since the second queue is a space allocated to the off-chip memory, the integrity of the second queue storing the fetched data is verified (S410). Since the data has been modified, the reference root hash value is updated (S411). The update of the reference route hash value can be performed by calculating and updating the hash value of the second queue whose integrity has been verified and the hash value of the data before modification without reconfiguration of the merge tree. Specifically, the hash value of the second queue is added to the root hash value of the existing reference merge tree stored in the on-chip 100, and the hash value of all the unmodified data is subtracted. The value can be updated. If the loaded data has not been modified, the verification process is terminated.

5 is a functional block diagram illustrating major components of a memory integrity verification apparatus according to an exemplary embodiment of the present invention. FIG. 5 shows functional blocks representing the verification target memory 10 and the memory integrity verification apparatus 500.

The memory integrity verification apparatus 500 according to an exemplary embodiment of the present invention includes a reference merge tree configuration unit 510, a reference root hash value storage unit 520, a verification merge tree configuration unit 530, and a memory integrity verification unit 540 ).

The reference merge tree structure unit 510 according to this embodiment applies the hash value calculated by applying the hash function to each partial memory block 310 of the verification target memory 10 at the verification reference time point to each of the leaf nodes 320 ). ≪ / RTI >

The reference merge tree structure unit 510 according to the present embodiment includes a reference end node storage unit 511 for storing a hash value of an end node of a reference merge tree, a reference internal node 511 for storing a hash value of an internal node of the reference merge tree, A storage unit 512 and a reference root node generating unit 513 for generating a root node of the reference merge tree. .

The reference root hash value storage unit 520 stores the hash value of the root node of the reference merge tree generated by the reference root node creation unit 513 in the on-chip memory 100. [

The verification merge tree constructing unit 530 constructs a verification merge tree having a hash value of each partial memory block in the verification target memory 10 as the value of the leaf node 320 at the time of performing the verification.

The verification merge tree structure unit 530 according to the present embodiment includes a verification end node storage unit 531 for storing the hash value of the end node of the verification merge tree, a verification internal node storing the hash value of the internal node of the verification merge tree, A storage unit 532 and a verification root node generating unit 533 for generating a root node of the verification merge tree.

The memory integrity verification unit 540 obtains the hash value of the root node of the verification merge tree generated by the verification tour node generation unit 531 as the verification root hash value and transmits the reference root hash value stored in the reference root hash value storage unit 520, And verifies the integrity of the verification target memory 10.

6 is a functional block diagram illustrating major components of a memory integrity verification apparatus according to another embodiment of the present invention.

When there are a plurality of partial memory blocks in which data is loaded from the verification target memory 10 to the on-chip 100, the data load information processing unit 610 stores the partial memory blocks in the off-chip 110 memory And sequentially stores the hash value in the allocated first queue, calculates a hash value for the queue, and stores the hash value in the on-chip memory 100. At the time of performing the verification, the hash value for the first queue is calculated and compared with the hash value stored in the on-chip memory 100 to verify the integrity of the first queue.

When the data loaded in the on-chip 100 is modified, the data correction information processing unit 620 fetches the modified data stored in the second queue to the corresponding partial memory block and verifies the integrity of the fetched data. Since the data has been modified, the reference root hash value is updated.

The foregoing description is merely illustrative of the technical idea of the present embodiment, and various modifications and changes may be made to those skilled in the art without departing from the essential characteristics of the embodiments. Therefore, the present embodiments are to be construed as illustrative rather than restrictive, and the scope of the technical idea of the present embodiment is not limited by these embodiments. The scope of protection of the present embodiment should be construed according to the following claims, and all technical ideas within the scope of equivalents thereof should be construed as being included in the scope of the present invention.

As described above, the memory integrity verification method described in FIG. 3 can be implemented by a program and recorded in a computer-readable recording medium. A program for implementing the memory integrity verification method according to the present embodiment is recorded and a computer-readable recording medium includes all kinds of recording devices for storing data that can be read by a computer system. Examples of such computer-readable recording media include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage, etc., and also implemented in the form of a carrier wave (e.g., transmission over the Internet) . The computer readable recording medium may also be distributed over a networked computer system so that computer readable code is stored and executed in a distributed manner. In addition, functional programs, codes, and code segments for implementing the present embodiment can be easily inferred by programmers in the technical field to which the present embodiment belongs.

100: On-chip 101: Processor
102: cache memory 110: off-chip < RTI ID = 0.0 >
10: Verification target memory 300: Mkle tree for verification target memory
310: each partial memory block 320: terminating node
321,322: child nodes of internal node h12
330: internal node 331: internal node h12
332: internal node h1234 340: root node
500: memory integrity verification device

Claims (11)

Constructing a reference merge tree having a hash value calculated by applying a hash function to each partial memory block of the verification target memory at the verification reference time as the value of each end node;
Storing the root hash value of the reference merge tree in an on-chip memory;
Constructing a verification merge tree having a hash value calculated by applying the hash function to each of the partial memory blocks at the time of performing the verification as the value of each end node; And
Verifying the integrity of the memory by comparing the root hash value of the verification merge tree with the root hash value of the reference merge tree stored in the on-chip memory,
Wherein the values of the reference merge tree and the internal nodes of the verification merge tree are determined by the sum of the hash values of the child nodes of the internal node. The method according to claim 1,
The verification reference time point
The entire data of the verification target memory is a reliable time point,
In the verification,
Wherein the processor is one of a time when data is loaded by a processor, a time when a result of calculation of a process is derived, and a time when the result is stored. The method according to claim 1,
The hash function,
Wherein the hash value has a property that indicates a hash value that is the same as a sum of a result obtained by summing a plurality of elements and a result obtained by hashing each element irrespective of the order of the plurality of elements. The method of claim 3,
In the case where there are a plurality of partial memory blocks in which data is loaded from the verification object memory to the on-chip, each partial data memory block is sequentially stored in a queue allocated to an off-chip memory Storing the first hash value calculated by applying the hash function to the queue in an on-chip memory; And
Calculating a second hash value to which the hash function is applied to the queue at the time of performing the verification, and verifying integrity of the queue by comparing the first hash value stored in the on-chip memory with the second hash value
Further comprising the step of verifying the integrity of the memory. The method of claim 3,
The hash function,
When the input data value changes, the characteristic that the operation value for updating the hash value increases in proportion to the increase of the input data value and the characteristic that the operation value for updating the hash value decreases in proportion to the decrease of the input data value is added Wherein the memory integrity verification method further comprises: 6. The method of claim 5,
Fetching the modified data into a corresponding partial memory block when the data loaded on the on-chip is modified;
Verifying the integrity of the retrieved data; And
Updating the root hash value of the reference merge tree by calculating a hash value to which the hash function is applied and the hash value to which the hash function is applied,
Further comprising the step of: The method according to claim 6,
The process of updating the root hash value of the reference merge tree comprises:
The root hash value of the existing merge tree stored in the on-chip memory is summed with the hash value of the fetched data, and the root hash value of the existing merge tree is updated to a value obtained by subtracting the hash value of the unmodified data. A method for verifying memory integrity. A reference merge tree constructing unit for constructing a reference merge tree having a hash value calculated by applying a hash function to each partial memory block of the verification target memory at the verification reference time as the value of each end node;
A reference root hash value storage unit for storing the root hash value of the reference merge tree in an on-chip memory;
A verification merge tree constructing unit having a verification merge tree in which a hash value calculated by applying the hash function to each partial memory block at a verification execution time is a value of each end node; And
And a memory integrity verifying unit for verifying the integrity of the memory by comparing the root hash value of the verification merge tree with the root hash value of the reference merge tree stored in the on-
Wherein the values of the reference merge tree and the internal nodes of the verification merge tree are determined by the sum of the hash values of the child nodes of the internal node. 9. The method of claim 8,
When a plurality of partial memory blocks in which data is loaded from the verification target memory to the on-chip are loaded, storing the partial memory blocks sequentially in a queue allocated to the off-chip memory each time data is loaded, Storing the calculated first hash value in the on-chip memory; And
Calculating a second hash value to which the hash function is applied to the queue at the time of performing the verification, and verifying integrity of the queue by comparing the first hash value stored in the on-chip memory with the second hash value
And a data load information processing unit for performing a memory load verification process on the received data. 10. The method of claim 9,
Fetching the modified data into a corresponding partial memory block when the data loaded on the on-chip is modified;
Verifying the integrity of the retrieved data; And
Calculating a hash value for the fetched data and updating the root hash value of the reference merge tree
And a data correction information processing unit for performing the data integrity correction processing on the data. On the computer,
Constructing a reference merge tree having a hash value calculated by applying a hash function to each partial memory block of the verification target memory at the verification reference time as a value of each end node;
Storing a root hash value of the reference merge tree in an on-chip memory;
Constructing a verification merge tree having a hash value calculated by applying the hash function to each of the partial memory blocks at the time of performing the verification as the value of each end node; And
Comparing the root hash value of the verification merge tree with the root hash value of the reference merge tree stored in the on-chip memory to verify the integrity of the memory,
Wherein the values of the reference merge tree and the internal nodes of the verification merge tree are determined by the sum of the hash values of the child nodes of the internal node.
KR1020160011954A 2016-01-29 2016-01-29 Method And Apparatus for Memory Integrity Verification Based on Merkle Tree KR101786006B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160011954A KR101786006B1 (en) 2016-01-29 2016-01-29 Method And Apparatus for Memory Integrity Verification Based on Merkle Tree

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160011954A KR101786006B1 (en) 2016-01-29 2016-01-29 Method And Apparatus for Memory Integrity Verification Based on Merkle Tree

Publications (2)

Publication Number Publication Date
KR20170091248A true KR20170091248A (en) 2017-08-09
KR101786006B1 KR101786006B1 (en) 2017-10-17

Family

ID=59652660

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160011954A KR101786006B1 (en) 2016-01-29 2016-01-29 Method And Apparatus for Memory Integrity Verification Based on Merkle Tree

Country Status (1)

Country Link
KR (1) KR101786006B1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109376551A (en) * 2018-02-13 2019-02-22 李茗 Digital publishing rights block chain, digital content summary info calculation method and computer equipment
KR20190104793A (en) * 2018-03-02 2019-09-11 주식회사 아이콘루프 Method for generating block chain and verifying integrity in smart contract system
CN111444535A (en) * 2020-03-20 2020-07-24 苏州链原信息科技有限公司 Method, apparatus, and computer storage medium for generating aggregated data tags
KR20200131685A (en) * 2019-05-14 2020-11-24 단국대학교 산학협력단 Method and apparatus for verifying executable code integrity, embedded device including the same
CN112311548A (en) * 2020-03-25 2021-02-02 北京沃东天骏信息技术有限公司 Data possession verification method, system, apparatus, and computer-readable storage medium
CN112487492A (en) * 2019-04-04 2021-03-12 创新先进技术有限公司 Data verification method, system and equipment
US11140134B2 (en) * 2018-02-27 2021-10-05 Visa International Service Association High-throughput data integrity via trusted computing
US11409724B2 (en) 2020-03-10 2022-08-09 International Business Machines Corporation Hashed balanced tree data structure
WO2024066009A1 (en) * 2022-09-30 2024-04-04 蚂蚁区块链科技(上海)有限公司 State verification method and apparatus in blockchain system, and node and blockchain

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101855442B1 (en) * 2017-12-28 2018-05-09 주식회사 차칵 A method for determining forgeries of media files
KR102219751B1 (en) * 2019-01-21 2021-02-24 주식회사 머니브레인 Method for authenticating a normalized pattern based on a block chain with a merkle tree structure and apparatus thereof
KR102218297B1 (en) 2019-08-01 2021-02-24 주식회사 블룸테크놀로지 Verifiable pruning system of ledger
KR102337963B1 (en) * 2020-03-09 2021-12-10 엔에이치엔 주식회사 The faking code of program detecting method and apparatus thereof
KR20240069265A (en) 2022-11-11 2024-05-20 펜타시큐리티 주식회사 Method and apparatus for managing data based on merkle tree
KR20240082916A (en) 2022-12-02 2024-06-11 단국대학교 산학협력단 Method and apparatus for proving continuous action uniqueness using cryptographic hash
KR20240083285A (en) 2022-12-02 2024-06-12 단국대학교 산학협력단 Method and apparatus for integrating individual nfts using merkle tree

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7444523B2 (en) 2004-08-27 2008-10-28 Microsoft Corporation System and method for using address bits to signal security attributes of data in the address space
US8510569B2 (en) 2009-12-16 2013-08-13 Intel Corporation Providing integrity verification and attestation in a hidden execution environment

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109376551A (en) * 2018-02-13 2019-02-22 李茗 Digital publishing rights block chain, digital content summary info calculation method and computer equipment
US11140134B2 (en) * 2018-02-27 2021-10-05 Visa International Service Association High-throughput data integrity via trusted computing
US11848914B2 (en) * 2018-02-27 2023-12-19 Visa International Service Association High-throughput data integrity via trusted computing
US20210392115A1 (en) * 2018-02-27 2021-12-16 Visa International Service Associaton High-throughput data integrity via trusted computing
KR20190104793A (en) * 2018-03-02 2019-09-11 주식회사 아이콘루프 Method for generating block chain and verifying integrity in smart contract system
CN112487492B (en) * 2019-04-04 2023-11-17 创新先进技术有限公司 Data verification method, system and equipment
CN112487492A (en) * 2019-04-04 2021-03-12 创新先进技术有限公司 Data verification method, system and equipment
KR20200131685A (en) * 2019-05-14 2020-11-24 단국대학교 산학협력단 Method and apparatus for verifying executable code integrity, embedded device including the same
US11409724B2 (en) 2020-03-10 2022-08-09 International Business Machines Corporation Hashed balanced tree data structure
CN111444535A (en) * 2020-03-20 2020-07-24 苏州链原信息科技有限公司 Method, apparatus, and computer storage medium for generating aggregated data tags
CN111444535B (en) * 2020-03-20 2024-01-26 苏州链原信息科技有限公司 Method, apparatus and computer storage medium for generating aggregated data tag
CN112311548A (en) * 2020-03-25 2021-02-02 北京沃东天骏信息技术有限公司 Data possession verification method, system, apparatus, and computer-readable storage medium
WO2024066009A1 (en) * 2022-09-30 2024-04-04 蚂蚁区块链科技(上海)有限公司 State verification method and apparatus in blockchain system, and node and blockchain

Also Published As

Publication number Publication date
KR101786006B1 (en) 2017-10-17

Similar Documents

Publication Publication Date Title
KR101786006B1 (en) Method And Apparatus for Memory Integrity Verification Based on Merkle Tree
US11914712B1 (en) Blockchain based secure naming and update verification
KR101647567B1 (en) Method and apparatus for providing security to devices
CN107426165B (en) Bidirectional secure cloud storage data integrity detection method supporting key updating
JP6746156B2 (en) Software repackaging prevention method and apparatus
CN113326058B (en) Version updating method, device, equipment and medium of application
US9953167B2 (en) Trusted platforms using minimal hardware resources
US9578044B1 (en) Detection of anomalous advertising content
US11977637B2 (en) Technique for authentication and prerequisite checks for software updates
US8954949B2 (en) Smart patch delivery system
US11232199B2 (en) Methods and apparatus to defend against DLL side-loading attacks
US9178903B1 (en) Simulating a bot-net spanning a plurality of geographic regions
US11474935B2 (en) Method and system for providing automated testing framework for service
US20200186357A1 (en) Devices and Methods for Key Attestation with Multiple Device Certificates
US10198576B2 (en) Identification of mislabeled samples via phantom nodes in label propagation
EP3948610A1 (en) Attestation of trusted execution environments
CN113127921A (en) Method, electronic device and computer program product for data management
US10467003B1 (en) Divided execution and storage of scripts
US9467291B2 (en) Information processing system, information processing method, and non-transitory computer readable medium for processing requests using an authority object
US20200374318A1 (en) Information sharing with enhanced security
US11687656B2 (en) Secure application development using distributed ledgers
He et al. Extending Over-the-Air Libraries to Secure ESP8266 Updates
CN110569088A (en) client plug-in management method and device, electronic equipment and storage medium
US11740888B2 (en) Method and system for verification of patch installation
CN112363927B (en) Code testing method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X701 Decision to grant (after re-examination)
GRNT Written decision to grant