计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2014年
22期
92-96
,共5页
刘根贤%王海霞%刘振宇%汪东升
劉根賢%王海霞%劉振宇%汪東升
류근현%왕해하%류진우%왕동승
嵌入式%微处理器%片外访存%加密认证
嵌入式%微處理器%片外訪存%加密認證
감입식%미처리기%편외방존%가밀인증
embedded%microprocessor%off-chip memory%encryption and authentication
高安全敏感领域的嵌入式系统面临总线监听、数据篡改、离线分析等类型的恶意攻击,试图窃取密码、篡改信息等。特别是配合硬件电路的攻击,给用户造成重大的损失。为了从根本上解决系统外部电路系统攻击威胁,提出片外访存加密认证机制,选择AES-GCM算法,对所有片外写数据进行加密,对读数据进行解密并认证。同时设计一次密码与页地址置乱函数产生二次密钥,保障了加密强度。进一步通过软件实现LRU Cache优化性能,在STM32系列微处理器硬件平台上,软件实现片外访存加密认证机制。在内存压力测试中,加密片外访存性能平均降低了9%。
高安全敏感領域的嵌入式繫統麵臨總線鑑聽、數據篡改、離線分析等類型的噁意攻擊,試圖竊取密碼、篡改信息等。特彆是配閤硬件電路的攻擊,給用戶造成重大的損失。為瞭從根本上解決繫統外部電路繫統攻擊威脅,提齣片外訪存加密認證機製,選擇AES-GCM算法,對所有片外寫數據進行加密,對讀數據進行解密併認證。同時設計一次密碼與頁地阯置亂函數產生二次密鑰,保障瞭加密彊度。進一步通過軟件實現LRU Cache優化性能,在STM32繫列微處理器硬件平檯上,軟件實現片外訪存加密認證機製。在內存壓力測試中,加密片外訪存性能平均降低瞭9%。
고안전민감영역적감입식계통면림총선감은、수거찬개、리선분석등류형적악의공격,시도절취밀마、찬개신식등。특별시배합경건전로적공격,급용호조성중대적손실。위료종근본상해결계통외부전로계통공격위협,제출편외방존가밀인증궤제,선택AES-GCM산법,대소유편외사수거진행가밀,대독수거진행해밀병인증。동시설계일차밀마여혈지지치란함수산생이차밀약,보장료가밀강도。진일보통과연건실현LRU Cache우화성능,재STM32계렬미처리기경건평태상,연건실현편외방존가밀인증궤제。재내존압력측시중,가밀편외방존성능평균강저료9%。
Embedded systems in high security-sensitive areas are susceptible to various types of attacks, including stealing passwords, tampering data and offline analysis. Especially, the hardware-level attacks often result in significant losses to the users. In order to defend the above attacks, the off-chip memory is encrypted and authenticated through AES-GCM algorithm. This scheme writes data after encryption, decrypt and authenticate after read data. In addition, a function is built that scrambling password with page address to ensure the encryption strength. Finally LRU cache is introduced to improve its performance. The scheme is implemented on STM32F103 microprocessor platform in software and the feasi-bility of the system design is proved. The memory stress experiment shows that the system security is strengthened with 9%performance degradation.
