WO2021080050A1 - Système de sécurité électronique dans un véhicule aérien sans pilote, pour un traitement de chiffrement/déchiffrement à grande vitesse - Google Patents

Système de sécurité électronique dans un véhicule aérien sans pilote, pour un traitement de chiffrement/déchiffrement à grande vitesse Download PDF

Info

Publication number
WO2021080050A1
WO2021080050A1 PCT/KR2019/014139 KR2019014139W WO2021080050A1 WO 2021080050 A1 WO2021080050 A1 WO 2021080050A1 KR 2019014139 W KR2019014139 W KR 2019014139W WO 2021080050 A1 WO2021080050 A1 WO 2021080050A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
data
decryption
queue
stored
Prior art date
Application number
PCT/KR2019/014139
Other languages
English (en)
Korean (ko)
Inventor
김강산
박병관
Original Assignee
단암시스템즈 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 단암시스템즈 주식회사 filed Critical 단암시스템즈 주식회사
Priority to PCT/KR2019/014139 priority Critical patent/WO2021080050A1/fr
Publication of WO2021080050A1 publication Critical patent/WO2021080050A1/fr

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B64AIRCRAFT; AVIATION; COSMONAUTICS
    • B64UUNMANNED AERIAL VEHICLES [UAV]; EQUIPMENT THEREFOR
    • B64U10/00Type of UAV
    • B64U10/10Rotorcrafts
    • B64U10/13Flying platforms
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B64AIRCRAFT; AVIATION; COSMONAUTICS
    • B64UUNMANNED AERIAL VEHICLES [UAV]; EQUIPMENT THEREFOR
    • B64U20/00Constructional aspects of UAVs
    • B64U20/80Arrangement of on-board electronics, e.g. avionics systems or wiring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators

Definitions

  • the present invention is a high-speed arm for encrypting/decrypting transmission/reception data in a data-link communication system of an unmanned aerial vehicle (hereinafter referred to as “UAV”). It relates to an electronic security system for decryption processing.
  • UAV unmanned aerial vehicle
  • UAVs were developed for military purposes, but thanks to recent technological advances, the market is rapidly expanding into industrial and private sectors such as broadcasting shooting, communication relay, agriculture, traffic surveillance, disaster response, reconnaissance, delivery, and leisure.
  • UAV uses wireless communication technology to perform a mission through remote control or automatic control, and in order to properly perform a given mission, the high reliability of a wireless communication system that continuously connects the UAV and the ground control system is very important.
  • the UAV's wireless communication channel uses a wireless network that is always open, so it is highly susceptible to wireless security attacks, and it physically damages the UAV by mobilizing security threat technologies related to UAV such as communication hacking, controller hacking, and sensor hacking. It is in an environment where it is very likely to be stolen or stolen and exploited for other purposes.
  • data link spoofing can be said to be a more serious security problem since it can completely take control of the UAV.
  • the conventional UAV data link security technology uses encryption algorithms such as DES (Digital Encryption Standard), AES (Advanced Encryption Standard), ARIA (Academy, Research Institute, Agency), and SEED to encrypt data and then modulate and demodulate the modem. It is implemented in a structure that transmits and receives through. The transmitter encrypts the transmitted data, modulates it through a modem, and transmits it wirelessly, and the receiver demodulates and decrypts the received data to restore the data.
  • data encryption is implemented by being built-in together with a data processing unit, which is a modem unit that performs modulation/demodulation in a data link, or is interfaced with an external encryption device to encrypt/decrypt transmission/reception data.
  • the encryption key is transmitted from the control device that controls the data link or from an external storage medium and is stored internally, and it is common to use a fixed encryption key of a symmetric key method in which the UAV and the control station or radio station use the same key. It is a type of data link transmission/reception data encryption key management and operation.
  • UAV data link transmission/reception data is UAV tele-command (TC), telemetry (TM) or observation image information from the ground control system.
  • TC/TM data are within the system standard. Since it has a pattern that repeats in a certain pattern, the possibility of guessing or estimating the original data is relatively higher than that of general communication when a third party collects or observes data repeatedly transmitted and received over the radio.
  • the characteristics of transmission/reception data, encryption application method, and key management structure provide a high level of security in terms of confidentiality, integrity, and availability from a security perspective. It is difficult to be satisfied or maintained, and in addition to the possibility of observation of a radio channel by a third party, if the UAV is stolen, the security system is exposed and the operation of the existing UAV must be stopped or the structure must be changed.
  • Patent Document 1 Korean Patent Publication No. 10-2015-0001206 (Publication)
  • the present invention has been devised in accordance with the above-described necessity, and the present invention provides a high-speed encryption/decryption system for transmission/reception data in an unmanned aerial vehicle data link communication system.
  • the present invention provides an electronic security system for providing a unique identification that cannot be physically replicated in an unmanned aerial vehicle data link, and for securing encryption key management and security of an encryption device.
  • the present invention provides an electronic security system in an unmanned aerial vehicle capable of high-speed encryption/decryption processing by parallel processing of data in an input/output (Full-Duplex) direction.
  • An electronic security system in an unmanned aerial vehicle for high-speed encryption/decryption processing includes: Plaintext data to be transmitted to the ground control station of the unmanned aerial vehicle and the ground control station.
  • a main processor configured to input/output at least one of the ciphertext data received from the input/output;
  • a buffer unit temporarily storing the at least one data in a plurality of queues;
  • An extended memory interface control unit for generating a write completion signal when storing of the at least one data is completed, and reading the plaintext data or the ciphertext data stored in some of the plurality of queues when a read command is received;
  • the write completion signal is generated, an encryption command or a decryption command for the data stored in the partial queue is generated, and when an encryption completion signal or a decryption completion signal for the data is received, a read command for the read is issued.
  • Generated encryption/decryption control unit And upon receiving the encryption command, encrypting the plaintext data using an encryption/decryption engine unit using a decrypted security key, temporarily storing the encrypted data, and generating an encryption completion signal, and the decryption command Upon receiving, include an encryption/decryption unit that decrypts the encrypted text data using the decrypted security key through an encryption/decryption engine unit, temporarily stores the decrypted plaintext data, and generates a decryption completion signal. I can.
  • a security technology at the link layer for eavesdropping, observation, and hijacking of transmission/reception data by unauthorized third parties in an unmanned aerial vehicle data link wireless communication system is proposed, through which the unmanned aerial vehicle data link It provides an electronic security system that can improve the security of the communication system.
  • the electronic security system of the UAV can be implemented with hardware separate from the data processing unit, thereby increasing the degree of security for a unique security key, and improving the encryption/decryption processing speed of data. have.
  • the electronic security system of the UAV has an effect of reducing a problem that occurs in the unmanned aerial vehicle system (system) due to a delay caused by the encryption/decryption process.
  • the electronic security system of the UAV according to the above-described embodiment of the present invention has an effect of providing the advantage of low-latency processing by shortening the time required for data processing due to encryption/decryption.
  • FIG. 1 is a block diagram of an electronic security system in an unmanned aerial vehicle according to an embodiment of the present invention.
  • FIG. 2 is a diagram illustrating a process of encrypting plain text data to be transmitted to a ground control station according to an embodiment of the present invention.
  • FIG. 3 is a diagram illustrating a process of decrypting Cyphertext data transmitted from a ground control station according to an embodiment of the present invention.
  • FIG. 4 is a diagram for explaining a process in which a security key management unit transmits an encrypted security key to the encryption/decryption processor 160 according to an embodiment of the present invention.
  • FIG. 5 is a diagram illustrating a process of processing plain text data to be transmitted to a ground control station according to an embodiment of the present invention.
  • FIG. 6 is a diagram illustrating a process of processing encrypted text data transmitted from a ground control station according to an embodiment of the present invention.
  • FIG. 7 is a diagram illustrating a simultaneous processing process of plain text data and encrypted text data for high-speed encryption/decryption processing according to an embodiment of the present invention.
  • FIG. 8 is a diagram illustrating a configuration example of an electronic security system according to an embodiment of the present invention.
  • FIG. 9 is a diagram illustrating a configuration example of an electronic security system according to another embodiment of the present invention.
  • block diagrams herein are to be understood as representing a conceptual perspective of exemplary circuits embodying the principles of the invention.
  • all flowcharts, state transition diagrams, pseudocodes, etc. are understood to represent the various processes performed by a computer or processor, whether or not the computer or processor is clearly depicted and that can be represented substantially in a computer-readable medium. It should be.
  • the functions of the various elements shown in the drawings may be provided by the use of dedicated hardware as well as hardware having the ability to execute software in association with appropriate software.
  • the function may be provided by a single dedicated processor, a single shared processor, or a plurality of individual processors, some of which may be shared.
  • DSP digital signal processor
  • ROM read-only memory
  • RAM random access memory
  • non-volatile memory Other commonly used hardware may also be included.
  • components expressed as means for performing the functions described in the detailed description include all types of software including, for example, combinations of circuit elements or firmware/microcodes that perform the above functions. It is intended to include all methods of performing a function to perform the function, and is combined with suitable circuitry for executing the software to perform the function. Since the invention defined by these claims is combined with the functions provided by the various enumerated means and combined with the manner required by the claims, any means capable of providing the above functions are equivalent to those conceived from this specification. It should be understood as.
  • the present invention relates to a hardware-based encryption/decryption apparatus and method for encrypting/decrypting transmission/reception data in an unmanned aerial vehicle (UAV) data-link communication system.
  • UAV unmanned aerial vehicle
  • data link transmission/reception data is high-speed encrypted/decrypted using a queue, which is a multi-data buffer implemented on hardware, and multi-encryption/decryption algorithm engine to minimize transmission delay due to encryption/decryption operation.
  • a queue which is a multi-data buffer implemented on hardware
  • multi-encryption/decryption algorithm engine to minimize transmission delay due to encryption/decryption operation.
  • it is characterized by improving the security of encryption/decryption function and security key management in unmanned aerial vehicles by using a unique identifier generated through a physically unclonable function (PUF) circuit that cannot be physically duplicated.
  • PAF physically unclonable function
  • FIG. 1 is a block diagram of an electronic security system in an unmanned aerial vehicle according to an embodiment of the present invention.
  • FIG. 1 shows an electronic security system 130 for hardware-based encryption/decryption in order to enhance security with a ground control station performing wireless communication with an unmanned aerial vehicle or a ground control station including a radio station.
  • the flight controller 110 controls the flight of the UAV according to the command received from the ground control station, and serves to collect various types of information.
  • the data processing unit 120 demodulates the encrypted data received from the ground control station and transmits it to the flight control unit 110, modulates the encrypted data generated by the flight control unit 110 and transmits it to the ground control station.
  • the electronic security system 130 performs interfacing of data transmitted between the flight control unit 110 and the data processing unit 120, and performs encryption/decryption of the interfacing data.
  • the first serial interface control unit 140a, the main processor 140b, and the second serial interface control unit 140c are included in the main processor unit 140.
  • the first serial interface control unit 140a converts parallel data processed by the main processor 140b and serial data processed by the flight control unit 110 to each other, so that the main processor 140b and the flight control unit
  • the first serial interface is controlled to communicate bidirectional high-speed serial data with (110) in a full-duplex manner.
  • the second serial interface controller 140c controls a second serial interface for communicating bidirectional high-speed serial data between the main processor 140b and the data processing unit 120 in a full-duplex manner.
  • the first serial interface control unit 140a and the second serial interface control unit 140c include serial communication controllers such as Ethernet MAC, UART Controller, SPI, I2C, CAN Controller, and USB Controller, and include Ethernet, RS232, RS422, It inputs and outputs transmission/reception data through serial communication such as CAN and USB.
  • serial communication controllers such as Ethernet MAC, UART Controller, SPI, I2C, CAN Controller, and USB Controller, and include Ethernet, RS232, RS422, It inputs and outputs transmission/reception data through serial communication such as CAN and USB.
  • the main processor 140b may be implemented as a single core or a multi core, and data transmitted and received at high speed through the first serial interface 140a and the second serial interface 140c
  • the encryption/decryption processor 160 is controlled to perform encryption/decryption of the.
  • the encryption/decryption processor 160 may be implemented in a hardware form such as a Field Programmable Gate Array (FPGA), and includes an extension memory interface controller 162 and a plurality of queues. It includes a buffer unit 164, an encryption/decryption control unit 170, an encryption/decryption unit 172, a security key decryption unit 174, and an encryption/decryption engine unit 176 including a plurality of encryption engines. .
  • FPGA Field Programmable Gate Array
  • the extended memory interface control unit 162 accesses the queues 164a 164b, 164c, 164d and the encryption/decryption control unit 170 included in the buffer unit 164 by the main processor 140b through a memory address. To be able to do it.
  • the extended memory interface control unit 162 manages addresses in which data input through the main processor 140b is stored in the queues 164a 164b, 164c, 164d of the buffer unit 164, and the queues 164a 164b, 164c, 164d) and transmits the queue status signal to the encryption/decryption control unit 170.
  • the queue status signal includes a storage space of the queues 164a 164b, 164c, 164d or a read/write signal for the queues 164a 164b, 164c, 164d.
  • the extended memory interface control unit 162 outputs information on the operation state of the encryption/decryption control unit 170 to the main processor 140b.
  • the information on the operation state of the encryption/decryption control unit 170 includes information on the operation state of the encryption/decryption engines included in the encryption/decryption engine unit 176, and the encryption/decryption engines encrypt Includes a busy signal when the decryption operation is in progress, a Ready signal when preparing, and a complete signal when encryption/decryption is completed.
  • the extended memory interface control unit 162 performs data reading and data writing operations for queues 164a 164b, 164c, and 164d included in the buffer unit 164.
  • the extended memory interface control unit 162 Generates a write completion signal including the size and memory address in which the data is stored.
  • the extended memory interface control unit 162 stores data input through the main processor 140b in the queues 164a, 164b, 164c, 164d, or data stored in the queues 164a, 164b, 164c, 164d. Is read and output to the main processor 140b.
  • the buffer unit 164 includes a plurality of queues 164a, 164b, 164c, 164d, and the queues 164a, 164b, 164c, 164d are plain text data and ciphertext input from the main processor 140b.
  • a memory having a first in first out (FIFO) structure for storing data, data encrypted by the encryption/decryption unit 172 or decrypted data.
  • FIFO first in first out
  • the main processor 140b transfers plaintext data transmitted from the flight control unit 110 through the first serial interface control unit 140a to the buffer unit 164 through the extended memory interface control unit 162. It outputs, and receives the encrypted data of the plaintext data, Cyphertext data, through the extended memory interface control unit 162, and transmits the received data to the data processing unit 120 through the second serial interface control unit 140c.
  • the first queue 164a stores plaintext data input from the main processor 140b
  • the second queue 164b stores encrypted data for the plaintext data stored in the first queue 164a.
  • the fourth queue 164d stores the encrypted text data input from the main processor 140b
  • the third queue 164c is the decrypted plaintext data of the encrypted data stored in the fourth queue 164c. Is saved.
  • the time for storing plain text data in the queue and the time for storing plain text data are encrypted. It is possible to smooth the data processing flow by buffering the time synchronization collision and data overhead between the time periods performing the operation, and thus, the high-speed encryption/decryption operation can be sustained.
  • the encryption/decryption control unit 170 stores the memory address of the queue in which plaintext data to be encrypted is stored, the size of the stored data or the memory address of the queue in which the ciphertext data to be decrypted is stored, and the stored data size information.
  • an encryption command or a decryption command is transmitted to the encryption/decryption unit 172.
  • the encryption command or decryption command includes the size of the data to be encrypted/decrypted and the stored memory address.
  • the encryption/decryption unit 172 controls the encryption/decryption engines included in the encryption/decryption engine unit 176 and monitors operation states of each engine. In addition, by receiving the decrypted security key from the security key management unit 150, the encryption/decryption engines control the encryption/decryption of data stored in the buffer unit 164 using the security key.
  • the main processor 140b directly accesses and states the encryption/decryption engine unit 176. Monitoring can be blocked, so confidentiality from the outside can be maintained.
  • the encryption/decryption unit 172 uses a plurality of encryption/decryption algorithm engines included in the encryption/decryption engine unit 176 according to the encryption command or decryption command. Encryption/decryption is performed on the data stored in, and when encryption/decryption is completed, the encrypted data or decrypted data is stored in the buffer unit 164, and then an encryption completion or decryption completion signal is generated. It transmits to the encryption/decryption control unit 170.
  • the encryption/decryption engine unit 176 includes an encryption/decryption engine using a plurality of encryption/decryption algorithms or multiple cryptographic hash functions, and encrypts data. / Responsible for the decryption operation.
  • the encryption/decryption engine unit 176 may be implemented as hardware logic for high-speed encryption operation processing, and the encryption/decryption algorithm is AES (Advanced Encryption Standard) 128/256, DES (Digital Encryption Standard). , SEED, ARIA (Academy, Research Institute, Agency).
  • LEA Lightweight Encryption Algorithm
  • the security key decryption unit 174 decrypts the security key encrypted by the security key management unit 150 and transmits the decryption to the encryption/decryption unit 172.
  • the encryption/decryption unit 172 may perform encryption/decryption through the encryption/decryption engine unit 176 using the security key decrypted by the security key decryption unit 174.
  • the security key decryption unit 174 stores in advance a security key encryption key, which is a key encrypted by the security key management unit 150.
  • the security key management unit 150 includes a Physically Unclonable Function (PUF) circuit 150a, a non-volatile memory 150b, and a security key encryption unit 150c.
  • PPF Physically Unclonable Function
  • the PUF circuit 150a generates a unique key, which is an unpredictable digital value, using a process variation in a semiconductor manufacturing process, and stores it in the nonvolatile memory 150b. At this time, the generated unique key is used as a secure key used in the present invention.
  • the security key encryption unit 150c encrypts the security key, which is a unique key stored in the nonvolatile memory 150b, with an encryption key, and outputs the encrypted key to the security key decryption unit 174.
  • the encryption key is a nonce (Number used ONCE), which is a random number used once, and a hash value generated through a hash function for the nonce.
  • the security key decryption unit 174 since the security key decryption unit 174 knows the security key encryption key in advance, the encrypted security key transmitted from the security key management unit 150 is converted to the security key encryption key ( By decrypting using Secure Key Encryption Key), you can obtain a security key.
  • the encryption/decryption processor 160 implemented as an FPGA performs encryption/decryption of data through the internal encryption/decryption engine unit 176, and the security key management unit 150
  • the unique security key generated by the PUF circuit 150a in the nonvolatile memory 150b is encrypted with an encryption key and transmitted to the encryption/decryption processor 160 to prevent physical exposure to the security key. By doing so, airtightness can be improved.
  • FIG. 2 is a diagram illustrating a process of encrypting plain text data to be transmitted to a ground control station according to an embodiment of the present invention.
  • the electronic security system 130 outputs the encrypted plaintext data 210 input from the flight control unit 110 and the encrypted text data 220 to the data processing unit 120.
  • the data processing unit 120 receiving the ciphertext data 220 modulates the ciphertext data 220 and transmits the modulated ciphertext data 220 to a control station on the ground.
  • the main processor 140b when the plaintext data 210 is received through the first serial interface controller 140a, as shown by reference numeral 250, the main processor 140b, the extended memory interface controller of the encryption/decryption processor 160 ( 162, and the extended memory interface control unit 162 stores the plaintext data in the first queue 164a of the buffer unit 164.
  • reference numeral 230 denotes the plain text data stored in the first queue 164a.
  • the extended memory interface control unit 162 determines the size of the plaintext data 230 stored in the first queue 164a and the first queue 164a.
  • a write completion signal including the memory address stored in) is output to the encryption/decryption control unit 170.
  • the encryption/decryption control unit 170 uses the encryption/decryption unit 172 to store the plaintext data 230 in the first queue 164a. Outputs an encryption command instructing to perform encryption for the data.
  • the encryption command may include the size and memory address of the plaintext data 230 stored in the first queue 164a.
  • the encryption/decryption unit 172 When the encryption/decryption unit 172 receives the encryption command, the plaintext data 230 stored in the first queue 164a is encrypted through the encryption/engine unit 176.
  • the encryption/decryption engine unit 176 encrypts the plaintext data 230 through the security key decrypted by the security key decryption unit 174.
  • the encryption/decryption engine unit 176 may be composed of N encryption/decryption engines, and may perform encryption using only one of the N encryption/decryption engines. , Parallel encryption processing on the plain text data may be performed using a plurality of encryption/decryption engines.
  • the encryption/decryption unit 172 completes encryption of the plaintext data 230 by the encryption/engine unit 176
  • the encrypted encrypted text data is stored in the second queue 164b (240)
  • the encryption completion signal is output to the encryption/decryption control unit 170.
  • the encryption completion signal may include a size of the ciphertext data 240 stored in the second queue 164b and a memory address of the ciphertext data stored in the second queue 164b.
  • the encryption/decryption control unit 170 may determine an encryption/decryption engine to be used by the encryption/decryption unit 172 and determine various parameters of the determined encryption/decryption engine.
  • the encryption/decryption control unit 170 Upon receiving the encryption completion signal, the encryption/decryption control unit 170 outputs a read command for the encrypted text data 240 stored in the second queue 164b to the extended memory interface control unit 162.
  • the extended memory interface control unit 162 After receiving the read command, the extended memory interface control unit 162 reads the encrypted text data 240 stored in the second queue 164b and outputs it to the main processor 140b.
  • the encrypted text transmission data packet 220 is output to the data processing unit 120 through the interface control unit 140c (reference numeral 260).
  • FIG. 3 is a diagram illustrating a decryption process of a ciphertext data 310 transmitted from a ground control station according to an embodiment of the present invention.
  • reference numerals 350, 360, and 370 denote plaintext data 320 obtained by decrypting the ciphertext data 310 input from the data processing unit 120 by the electronic security system 130. 110) shows the process of printing.
  • the data processing unit 120 receiving the encrypted text data 310 demodulates the encrypted text data 310 and outputs it to the electronic security system 130.
  • reference numeral 350 when the encrypted text data 310 is received through the second serial interface controller 140c, the extended memory interface controller of the encryption/decryption processor 160 ( 162, and the extended memory interface control unit 162 stores the encrypted text data in the fourth queue 164d of the buffer unit 164.
  • reference numeral 350 denotes the encrypted text data stored in the fourth queue 164d.
  • the extended memory interface control unit 162 determines the size of the encrypted text data 350 stored in the fourth queue 164d and the fourth queue 164d.
  • a write completion signal including the memory address stored in) is output to the encryption/decryption control unit 170.
  • the encryption/decryption control unit 170 Upon receiving the write completion signal from the extended memory interface control unit 162, the encryption/decryption control unit 170 uses the encryption/decryption unit 172 to store the encrypted text data 350 in the fourth queue 164d. Outputs a decryption command instructing to perform decryption for it.
  • the decryption command may include the size and memory address of the encrypted text data 350 stored in the fourth queue 164d.
  • the encryption/decryption unit 172 Upon receiving the decryption command, the encryption/decryption unit 172 decrypts the encrypted text data 350 stored in the fourth queue 164d through the encryption/decryption engine unit 176.
  • the encryption/decryption unit 172 transmits the secure key decrypted by the security key decryption unit 174 to the encryption/engine unit 176, and the encryption/decryption engine unit 176 includes the The cryptographic data 350 is decrypted through a security key.
  • the encryption/decryption engine unit 176 may be composed of N encryption/decryption engines, and decryption may be performed using only one of the N encryption/decryption engines.
  • a plurality of encryption/decryption engines may be used to perform parallel decryption processing on the encrypted text data.
  • the encryption/decryption unit 172 stores the decrypted plaintext data in the third queue 164c when decryption of the encrypted text data 350 is completed by the encryption/engine unit 176 (360). Then, the decryption completion signal is output to the encryption/decryption control unit 170.
  • the decryption completion signal may include a size of the plaintext data 340 stored in the third queue 164c and a memory address of the plaintext data stored in the third queue 164c.
  • the encryption/decryption control unit 170 may determine an encryption/decryption engine to be used by the encryption/decryption unit 172 and determine various parameters of the determined encryption/decryption engine.
  • the encryption/decryption control unit 170 Upon receiving the decryption completion signal, the encryption/decryption control unit 170 outputs a read command for the plain text data 340 stored in the third queue 164c to the extended memory interface control unit 162.
  • the extended memory interface controller 162 receives the plain text data 340 stored in the third queue 164c and outputs it to the main processor 140b, and the main processor 140b receives the first serial
  • the plaintext reception data packet 320 is output to the flight control unit 110 through the interface control unit 140a (reference number 370).
  • a queue in which plaintext data is stored a queue in which encrypted data of plaintext data is stored, a queue in which ciphertext data is stored, and a queue in which decrypted data of ciphertext data is stored are respectively specified and described.
  • FIG. 4 is a diagram for explaining a process in which the security key management unit 150 transmits an encrypted security key to the encryption/decryption processor 160 according to an embodiment of the present invention.
  • the security key described in the present invention is an encryption key used for encryption/decryption in wired/wireless communication, and includes a master key, a session key, a derived key, and the like.
  • the security key management unit 150 includes a PUF (Physical Unclonable Function) circuit 150a, a nonvolatile memory 150b, and a security key encryption unit 150c.
  • PUF Physical Unclonable Function
  • the PUF (Physical Unclonable Function) circuit 405 is a circuit that generates at least one Secure Key that is physically unclonable, and the nonvolatile memory 150b is a security key generated by the PUF circuit. Save 410.
  • the security key encryption unit 150c encrypts the security key 410 stored in the nonvolatile memory 150b using an encryption key (reference numeral 430). At this time, the security key encryption unit 150c generates an encryption key to encrypt the security key through a nonce (Number used ONCE), which is a random number used once, and a hash value generated through a hash function for the nonce. Generate. Then, the security key encryption unit 150c transmits the encrypted security key 430 to the security key decryption unit 174 of the encryption/decryption processor 160.
  • a nonce Numberer used ONCE
  • the security key decryption unit 174 decrypts the encrypted security key 430 transmitted from the security key management unit 150 through a secure key encryption key previously stored (reference number 450), The decrypted security key is transmitted to the encryption/decryption engine unit 176 through the encryption/decryption unit 172 (460). In addition, the encryption/decryption engine unit 176 performs encryption/decryption through the received security key 470.
  • a security key is encrypted and transmitted from the security key management unit 150 to the encryption/decryption processor 160, so that a third party encrypts/decrypts the security key management unit 150
  • the interface between the processor 160 is monitored or probed in hardware so that the security key cannot be stolen or guessed.
  • the security key management unit 150 encrypts and outputs the security key, thereby maintaining the confidentiality of the security key.
  • FIG. 5 is a diagram illustrating a process of processing plain text data to be transmitted to a ground control station according to an embodiment of the present invention.
  • 5 is an operation of simultaneously processing full-duplex data input and output from the flight control unit 110 and the data processing unit 120 in the electronic security system of the unmanned aerial vehicle, and the plain text data to be transmitted to the ground control station Indicate the processing process.
  • the plain text data output from the flight control unit 110 is encrypted by the encryption engine unit 176 through a specific queue among the plurality of queues, and then transmitted to the data processing unit 120 and transmitted to the ground control station.
  • the flight control unit 110 transmits plain text data (Paintext) to the main processor 140b through the first serial interface under the control of the first serial interface control unit 140a.
  • plain text data Paintext
  • the main processor 140b temporarily stores plain text data in some of the plurality of queues.
  • the plain text data may be stored in the first queue 164a.
  • the extended memory interface control unit 162 When the storage of the plain text data is completed, the extended memory interface control unit 162 generates a write completion signal.
  • the encryption/decryption control unit 170 When a write completion signal is generated from the extended memory interface controller 162, the encryption/decryption control unit 170 generates an encryption command for plain text data stored in a partial queue (first queue).
  • the encryption/decryption unit 172 When receiving the encryption command, the encryption/decryption unit 172 encrypts the plaintext data through the encryption/decryption engine unit using the decrypted security key.
  • the encryption/decryption unit 172 temporarily stores the encrypted text data in some of the plurality of queues and then generates an encryption completion signal.
  • the encrypted text data by encrypting the plain text data may be stored in the second queue 164b.
  • the encryption/decryption control unit 170 When the encryption/decryption control unit 170 receives an encryption completion signal for plain text data, the encryption/decryption control unit 170 generates a read command for reading.
  • the extended memory interface control unit 162 reads out the encrypted text data stored in some queues (second queue) to the data processing unit 120 through the main processor 140b and the second serial interface control unit 140c. Deliver.
  • FIG. 6 is a diagram illustrating a process of processing encrypted text data transmitted from a ground control station according to an embodiment of the present invention.
  • 6 is an operation of simultaneously processing full-duplex data input and output from the flight control unit 110 and the data processing unit 120 in an electronic security system in an unmanned aerial vehicle, Indicate the processing process.
  • Ciphertext data input to the data processing unit 120 is decrypted by the encryption engine unit 176 through a specific queue among a plurality of queues, and then transmitted to the flight control unit 110 and transmitted to the unmanned aerial vehicle.
  • the data processing unit 120 transmits the encrypted text data to the main processor 140b through the second serial interface under the control of the second serial interface controller 140c.
  • the main processor 140b temporarily stores the encrypted text data in some of the plurality of queues.
  • the encrypted text data may be stored in the fourth queue 164d.
  • the extended memory interface control unit 162 When the storage of the encrypted text data is completed, the extended memory interface control unit 162 generates a write completion signal.
  • the encryption/decryption control unit 170 When a write completion signal is generated from the extended memory interface controller 162, the encryption/decryption control unit 170 generates a decryption command for the encrypted text data stored in some queues (fourth queue).
  • the encryption/decryption unit 172 Upon receiving the decryption command, the encryption/decryption unit 172 decrypts the encrypted text data through the encryption/decryption engine unit using the decrypted security key. The encryption/decryption unit 172 temporarily stores the decrypted plaintext data in some of the plurality of queues and then generates a decryption completion signal.
  • the plaintext data obtained by decrypting the ciphertext data may be stored in the third queue 164b.
  • the encryption/decryption control unit 170 When the encryption/decryption control unit 170 receives the decryption completion signal for the encrypted text data, it generates a read command for reading.
  • the extended memory interface control unit 162 reads out the plain text data stored in some queues (third queue), and passes through the main processor 140b and the first serial interface control unit 140a to the flight control unit 110. Deliver.
  • FIG. 7 is a diagram illustrating a simultaneous processing process of plain text data and encrypted text data for high-speed encryption/decryption processing according to an embodiment of the present invention.
  • FIG. 7 shows a simultaneous processing process of simultaneously processing full-duplex data input/output from the flight control unit 110 and the data processing unit 120 in an electronic security system in an unmanned aerial vehicle.
  • the electronic security system can simultaneously process plaintext data and ciphertext data input through both ports 110 and 120, so that encryption/decryption processing can be accelerated.
  • the electronic security system can provide the advantage of low-delay processing by shortening the time required for data processing, and can minimize the effect of delay occurrence through encryption/decryption.
  • the electronic security system encrypts the plaintext data output from the flight control unit 110 through a specific queue among a plurality of queues, and transmits it to the data processing unit 120 after encryption by the encryption engine unit 176 to be transmitted to the ground control station.
  • the operation and the operation of transferring the encrypted text data input to the data processing unit 120 to the flight control unit 110 after being decrypted by the encryption engine unit 176 through a specific queue among the plurality of queues and transmitting it to the unmanned aerial vehicle are processed in parallel. Processing at the same time.
  • the electronic security system performs parallel processing of plaintext data and encrypted text data (queue storage and encryption/decryption processing, etc.), thereby simultaneously processing the encryption/decryption data of unmanned aerial vehicle transmission/reception data, thereby enabling high-speed processing.
  • the electronic security system must apply the same encryption algorithm to the encryption/decryption engine for simultaneous processing.
  • the main processor 140b of the electronic security system processes data in an orderly manner, and performs parallel processing from the step of storing data in some of the plurality of queues through the extended memory interface controller 162.
  • the main processor 140b of the electronic security system may change the processing order according to the set priority when priorities for plain text data and encrypted text data are set. For example, the main processor 140b stops processing the plaintext data when ciphertext data having a higher priority than the plaintext data comes in while processing plaintext data, and processes the ciphertext data to be stored in some of the plurality of queues. I can.
  • the main processor unit 140 inputs/outputs at least one of plain text data to be transmitted to the ground control station of the unmanned aerial vehicle and encrypted text data received from the ground control station.
  • the flight control unit 110 transmits plain text data (Paintext) to the main processor 140b through a first serial interface under the control of the first serial interface control unit 140a, and the data processing unit 120 is a second serial interface control unit. Under the control of 140c, the encrypted text data is transmitted to the main processor 140b through the second serial interface.
  • plain text data Paintext
  • the data processing unit 120 is a second serial interface control unit.
  • the encrypted text data is transmitted to the main processor 140b through the second serial interface.
  • the main processor unit 140 sequentially transfers one of the plaintext data and the ciphertext data to some of the plurality of queues through the extended memory interface control unit 162 according to the input order to be temporarily stored.
  • the buffer unit 164 includes a plurality of queues 164a 164b, 164c, 164d, and temporarily stores at least one data such as plain text data and cipher text data.
  • the plain text data may be stored in the first queue 164a
  • the encrypted text data may be stored in the fourth queue 164d.
  • the extended memory interface control unit 162 When the storage of at least one data such as plain text data and encrypted text data is completed, the extended memory interface control unit 162 generates a write completion signal.
  • the write completion signal includes the size of the plaintext data stored in the first queue 164a, the memory address of the first queue 164a in which the plaintext data is stored, and the size of the ciphertext data stored in the fourth queue 164d and the encrypted text data. It may include the memory address of the stored fourth queue 164d.
  • the extended memory interface controller 162 manages addresses stored so that the plaintext data and the ciphertext data are stored in different queues included in the buffer unit 164 so that the plaintext data and the ciphertext data are processed in parallel.
  • the extended memory interface controller 162 may control the plain text data to be temporarily stored in the first queue 164a, and the encrypted text data to be temporarily stored in the fourth queue 164d. That is, the extended memory interface controller 162 stores plain text data and encrypted text data in parallel in each of the first queue 164a and the fourth queue 164d so that they are processed simultaneously.
  • the encryption/decryption control unit 170 When a write completion signal is generated from the extended memory interface controller 162, the encryption/decryption control unit 170 generates an encryption command or a decryption command for at least one data stored in some queues.
  • the encryption/decryption control unit 170 When a write completion signal is generated from the extended memory interface controller 162, the encryption/decryption control unit 170 generates an encryption command for plain text data stored in some queues (first queue), and partially queues (fourth queue). Generates a decryption instruction for the encrypted text data stored in.
  • the encryption/decryption control unit 170 generates an encryption command for the plaintext data stored in the first queue 164a when a write completion signal for each of the plaintext data and the encrypted text data is generated, and is stored in the fourth queue 164d. Generates decryption instructions for ciphertext data.
  • the encryption/decryption control unit 170 may simultaneously generate an encryption command and a decryption command when a write completion signal for each of the plain text data and the encrypted text data is simultaneously generated.
  • the encryption/decryption unit 172 When receiving the encryption command, the encryption/decryption unit 172 encrypts the plaintext data using the decrypted security key through the encryption/decryption engine unit, temporarily stores the encrypted data, and generates an encryption completion signal. , Upon receiving the decryption command, the encrypted text data is decrypted through the encryption/decryption engine unit using the decrypted security key, the decrypted plaintext data is temporarily stored, and a decryption completion signal is generated.
  • the encryption/decryption unit 172 When receiving the encryption command, the encryption/decryption unit 172 encrypts the plaintext data stored in the first queue using the decrypted security key through the encryption/decryption engine unit.
  • the stored encrypted text data is decrypted through the encryption/decryption engine unit using the decrypted security key.
  • the encryption/decryption unit 172 preferably encrypts plain text data and decrypts the encrypted text data using different encryption/decryption engine units, but is not limited thereto.
  • a single encryption/decryption engine unit may encrypt plain text data and decrypt the encrypted text data.
  • the encryption/decryption unit 172 may simultaneously process plaintext data and ciphertext data by using different encryption/decryption engine units each using the same encryption/decryption algorithm.
  • each of the different encryption/decryption engine units is AES (Advanced Encryption Standard) 128/256, DES (Digital Encryption Standard), SEED, ARIA (Academy, Research Institute, Agency).
  • AES Advanced Encryption Standard
  • DES Digital Encryption Standard
  • SEED Digital Encryption Standard
  • ARIA Analog Encryption Standard
  • LEA Lightweight Encryption Algorithm
  • the encryption/decryption unit 172 temporarily stores the encrypted text data in some of the plurality of queues and then generates an encryption completion signal.
  • the encrypted text data by encrypting the plain text data may be stored in the second queue 164b.
  • the encryption completion signal may include a size of encrypted data stored in the second queue 164b and a memory address of the second queue 164b in which the encrypted data is stored.
  • the encryption/decryption unit 172 temporarily stores the decrypted plaintext data in some of the plurality of queues and generates a decryption completion signal.
  • the plaintext data obtained by decrypting the ciphertext data may be stored in the third queue 164b.
  • the decryption completion signal may include a size of decrypted plaintext data stored in the third queue 164b and a memory address of the third queue 164b in which decrypted plaintext data is stored.
  • the encryption/decryption control unit 170 When the encryption/decryption control unit 170 receives an encryption completion signal or a decryption completion signal for at least one data such as plain text data or encrypted text data, it generates a read command for the reading.
  • the encryption/decryption control unit 170 When the encryption/decryption control unit 170 receives the encryption completion signal for the plaintext data, the encryption/decryption control unit 170 generates a read command for reading the encrypted text data, and when the decryption completion signal for the ciphertext data is received, the decryption completion signal for the plaintext data is received. Issue a read order. Reading commands for reading encrypted text data and reading plain text data may occur simultaneously in parallel.
  • the extended memory interface controller 162 When a read command is received, the extended memory interface controller 162 reads plain text data or encrypted text data stored in some of the plurality of queues. When a read command is received, the extended memory interface control unit 162 reads out the encrypted text data stored in some queues (second queue) and transfers the encrypted text data to the data processing unit 120 through the main processor 140b and the second serial interface control unit 140c. The transfer operation and the operation of reading the plaintext data stored in some queues (third queue) and transferring them to the flight control unit 110 through the main processor 140b and the first serial interface control unit 140a are simultaneously processed.
  • FIG. 8 is a diagram illustrating a configuration example of an electronic security system according to an embodiment of the present invention.
  • the electronic security system 130 is connected between the flight control unit 810 and the data processing unit 820 through serial interfaces, respectively, and performs encryption/decryption of transmitted/received data.
  • FIG. 9 is a diagram illustrating a configuration example of an electronic security system according to another embodiment of the present invention.
  • the electronic security system 130 according to FIG. 9 shows that it is included as a component of the data processing unit 920 and operates.
  • the electronic security system 130 is located at the front end of the modem 940, Communication is performed with the flight control interface 930 through a serial interface, and the flight control interface 930 performs an interface with the flight control unit 910.
  • the modem 940 modulates the ciphertext data output from the electronic providing system 1360 and outputs it through the RF unit 950, or demodulates the ciphertext data received through the RF unit 950 to electronically modulate the ciphertext data. Output to the security system 130.
  • the operation method according to various embodiments of the present invention described above may be implemented as a program and stored in various non-transitory computer readable media and provided.
  • the non-transitory readable medium refers to a medium that stores data semi-permanently and can be read by a device, rather than a medium that stores data for a short moment, such as a register, a cache, and a memory.
  • the above-described various applications or programs may be provided by being stored in a non-transitory readable medium such as a CD, DVD, hard disk, Blu-ray disk, USB, memory card, ROM, or the like.
  • 140a first serial interface control unit
  • security key management unit 150a PUF circuit
  • buffer unit 164a first queue
  • fourth queue 170 encryption/decryption control unit

Landscapes

  • Engineering & Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Remote Sensing (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)

Abstract

Un système de sécurité électronique dans un véhicule aérien sans pilote, pour un traitement de chiffrement/déchiffrement à grande vitesse, peut comprendre : une unité de processeur principal permettant d'effectuer un traitement d'entrée/sortie sur des données de texte en clair à transmettre à une station de commande au sol du véhicule aérien sans pilote et/ou sur des données de texte chiffré reçues en provenance de la station de commande au sol ; une unité tampon permettant de stocker temporairement les données de texte en clair et/ou les données de texte chiffré dans une pluralité de files d'attente ; une unité de commande d'interface de mémoire étendue permettant de générer un signal d'achèvement d'écriture lorsque les données de texte en clair et/ou les données de texte chiffré sont complètement stockées, et de lire les données de texte en clair ou les données de texte chiffré stockées dans une partie de la pluralité de files d'attente lorsqu'une instruction de lecture est reçue ; une unité de commande de chiffrement/déchiffrement permettant de générer une instruction de chiffrement ou une instruction de déchiffrement destinée aux données stockées dans la partie des files d'attente lorsque le signal d'achèvement d'écriture est généré, et de générer une instruction de lecture destinée à la lecture lorsqu'un signal d'achèvement de chiffrement ou un signal d'achèvement de déchiffrement concernant les données est reçu ; et une unité de chiffrement/déchiffrement qui chiffre, lorsque l'instruction de chiffrement est reçue, les données de texte en clair par l'intermédiaire d'une unité de moteur de chiffrement/déchiffrement à l'aide d'une clé de sécurité déchiffrée, stocke temporairement les données de texte chiffré achevées par chiffrement, puis génère le signal d'achèvement de chiffrement, et qui décrypte, lorsque le signal d'achèvement de déchiffrement est reçu, les données de texte chiffré par l'intermédiaire de l'unité de moteur de chiffrement/déchiffrement au moyen de la clé de sécurité déchiffrée, stocke temporairement les données de texte en clair achevées par déchiffrement et génère ensuite le signal d'achèvement de déchiffrement.
PCT/KR2019/014139 2019-10-25 2019-10-25 Système de sécurité électronique dans un véhicule aérien sans pilote, pour un traitement de chiffrement/déchiffrement à grande vitesse WO2021080050A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/KR2019/014139 WO2021080050A1 (fr) 2019-10-25 2019-10-25 Système de sécurité électronique dans un véhicule aérien sans pilote, pour un traitement de chiffrement/déchiffrement à grande vitesse

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2019/014139 WO2021080050A1 (fr) 2019-10-25 2019-10-25 Système de sécurité électronique dans un véhicule aérien sans pilote, pour un traitement de chiffrement/déchiffrement à grande vitesse

Publications (1)

Publication Number Publication Date
WO2021080050A1 true WO2021080050A1 (fr) 2021-04-29

Family

ID=75620710

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2019/014139 WO2021080050A1 (fr) 2019-10-25 2019-10-25 Système de sécurité électronique dans un véhicule aérien sans pilote, pour un traitement de chiffrement/déchiffrement à grande vitesse

Country Status (1)

Country Link
WO (1) WO2021080050A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20100054697A (ko) * 2008-11-14 2010-05-25 한국전자통신연구원 데이터의 암호화 방법 및 그 복호화 방법
KR20110058574A (ko) * 2009-11-26 2011-06-01 삼성전자주식회사 병렬 처리 가능한 암복호화기 및 그것의 암복호 방법
US20170162059A1 (en) * 2014-07-14 2017-06-08 John A. Jarrell Unmanned aerial vehicle communication, monitoring, and traffic management
KR20180077888A (ko) * 2016-12-29 2018-07-09 단암시스템즈 주식회사 무인 항공기에서 전자 보안 시스템
US20180198779A1 (en) * 2015-03-27 2018-07-12 Amazon Technologies, Inc. Unmanned vehicle message exchange

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20100054697A (ko) * 2008-11-14 2010-05-25 한국전자통신연구원 데이터의 암호화 방법 및 그 복호화 방법
KR20110058574A (ko) * 2009-11-26 2011-06-01 삼성전자주식회사 병렬 처리 가능한 암복호화기 및 그것의 암복호 방법
US20170162059A1 (en) * 2014-07-14 2017-06-08 John A. Jarrell Unmanned aerial vehicle communication, monitoring, and traffic management
US20180198779A1 (en) * 2015-03-27 2018-07-12 Amazon Technologies, Inc. Unmanned vehicle message exchange
KR20180077888A (ko) * 2016-12-29 2018-07-09 단암시스템즈 주식회사 무인 항공기에서 전자 보안 시스템

Similar Documents

Publication Publication Date Title
US10491569B1 (en) Secure transfer of independent security domains across shared media
WO2018151390A1 (fr) Dispositif de l'internet des objets
WO2016021981A1 (fr) Système et procédé de gestion de compteur et de mise à jour de clé de sécurité pour communication de groupe de dispositif à dispositif
WO2018026030A1 (fr) Véhicule, et procédé de commande associé
US8417936B2 (en) Node apparatus, method and storage medium
WO2012157880A2 (fr) Procédé de synchronisation d'heure pour une synchronisation d'heure dans un système de communication de machine à machine
WO2016039556A1 (fr) Appareil et procédé de chiffrement de données
WO2015062220A1 (fr) Procédé et système de transmission parallèle sur liaisons sans fil de différents types
WO2023120906A1 (fr) Procédé permettant de recevoir un micrologiciel et procédé permettant de transmettre un micrologiciel
WO2015072788A1 (fr) Procédé et appareil de gestion de clé de sécurité dans un système de communication d2d en champ proche
KR102057525B1 (ko) 무인 항공기에서 전자 보안 시스템
WO2018072261A1 (fr) Procédé et dispositif de chiffrement d'informations, procédé et dispositif de déchiffrement d'informations, et terminal
WO2019182377A1 (fr) Procédé, dispositif électronique et support d'enregistrement lisible par ordinateur permettant de générer des informations d'adresse utilisées pour une transaction de cryptomonnaie à base de chaîne de blocs
WO2019160304A1 (fr) Système et procédé de télécommande reposant sur une balise applicables à un environnement basse puissance ayant une sécurité de haut niveau
US11606346B2 (en) Method and apparatus for managing reception of secure data packets
WO2019143212A1 (fr) Appareil électronique, appareil terminal et procédé de commande de celui-ci
WO2019098790A1 (fr) Dispositif électronique et procédé de transmission et de réception de données d'après un système d'exploitation de sécurité dans un dispositif électronique
WO2021080050A1 (fr) Système de sécurité électronique dans un véhicule aérien sans pilote, pour un traitement de chiffrement/déchiffrement à grande vitesse
WO2013035927A1 (fr) Carte intelligente contenant un mot de passe à usage unique ayant des informations d'image d'iris
US7457409B2 (en) System and method for performing secure communications in a wireless local area network
WO2023113168A1 (fr) Procédé de communication sécurisée de données
WO2018004114A2 (fr) Système d'authentification de proxy, et procédé d'authentification pour fournir un service de proxy
WO2018101533A1 (fr) Dispositif et procédé de traitement d'image
WO2021107389A1 (fr) Système de réseaux et son procédé de sécurité de messages
WO2020067734A1 (fr) Équipement réseau sans adresse et système de sécurité de communication l'utilisant

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19950067

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19950067

Country of ref document: EP

Kind code of ref document: A1