CN109255259A - A kind of high safety encryption and decryption operational capability extended method and system - Google Patents
A kind of high safety encryption and decryption operational capability extended method and system Download PDFInfo
- Publication number
- CN109255259A CN109255259A CN201811057773.8A CN201811057773A CN109255259A CN 109255259 A CN109255259 A CN 109255259A CN 201811057773 A CN201811057773 A CN 201811057773A CN 109255259 A CN109255259 A CN 109255259A
- Authority
- CN
- China
- Prior art keywords
- main controller
- safety
- encryption
- fpga main
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of high safety encryption and decryption operational capability extended method and systems, the described method includes: the routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA main controller by system communication by primary processor, FPGA main controller receives related data and is cached;Routine call is decomposed into serial subprocess by FPGA main controller, to the operation of safety chip part is related to, generates corresponding command calls sequence and data grouping;FPGA main controller sends corresponding command calls to multiple safety chips and operation result is fed back to FPGA main controller by relevant data, each safety chip;FPGA main controller collects the operation result from whole safety chips, and final operation result is sent to primary processor.The FPGA main controller includes high safety application program, Mach and multi-core CPU;The present invention greatly improves the security protection ability for safety chip.
Description
Technical field
The present invention relates to safety chip technical field more particularly to a kind of high safety encryption and decryption operational capability extended method and
System.
Background technique
Safety chip, which refers to, realizes one or more cryptographic algorithms, is directly or indirectly protected using cryptographic technique close
The IC chip of key and sensitive information.As the bottom safety guarantee of intelligent terminal, the application of safety chip can be effective
Ground prevents hacker attack and cracks, and improves the safety of intelligent terminal, protects userspersonal information and applies data safety.Mesh
Before, safety chip is just increasingly being applied in intelligent terminal, provides reliable guarantee for financial payment, online identity certification.
Safety chip is exactly trusted console module, is the device that can independently carry out key generation, encryption and decryption, inside possesses independence
Processor and storage unit, key and characteristic can be stored, provide encryption and Security Authentication Service for computer, with safe core
Piece is encrypted, and key is stored in hardware, and stolen data can not decrypt, to protect business privacy and data safety.
The usage scenario of traditional safety chip, as shown in Figure 1, safety chip is as the external from setting of system primary processor
It is standby, command calls are sent from primary processor to safety chip, safety chip obtains and explains related command, then executes corresponding
Operation result, is finally fed back to primary processor by encryption and decryption operation and safe handling.
It is low due to safety chip own hardware and software processing capability in such running environment, lead to safety
The encryption and decryption operational capability of chip can not be promoted further.This is because (referring to for safety chip in order to cope with grinding
With mechanical or chemistry method, the circuit in chip is successively removed, reaches dissection and the mesh of chip circuit structure is extracted in repercussion
) etc. physical attacks, laser and electromagnetic signal injection half is intrusive attacks, the non-intrusion types attack such as difference current analysis, safety
It all joined a large amount of protection designs on CPU core, encryption and decryption circuit, memory module and bus in chip, lead to safety chip
System dominant frequency and processing capacity are only capable of operation shirtsleeve operation system and application program all in low middling level, software
Processing capacity and protective capacities are weaker.
The encryption and decryption operation executed inside safety chip has obtained comprehensive security protection, and security level is highest
, in order to extend this high safety encryption and decryption operation, a solution is that multiple safety chips are controlled by primary processor is parallel
Work, as shown in Figure 2.
But there are more serious security risks for such solution:
The encryption and decryption operation result completed there are safety chip is caused to be illegally used for the relay attack of safety chip
Risk, due on primary processor operating system and application program may be by the invasion of Malware, such safety chip institute
The command calls of receiving may be illegal command transmitted by Malware, and safety chip is transmitted according to Malware
After data complete encryption and decryption operation and return result to primary processor, Malware can obtain corresponding operation result,
Carry out the illegal use of next step.Typical relay attack (Relay of the such case aiming at conventional security chip
Attack).
The hardware deficiency of primary processor itself, will lead to Malware can comprehensively grasp operating system and application software
Details and loophole, for Malware obtain system permission and initiate relay attack create conditions.Since primary processor is initial
Defect in design, such as Intel chip and ARM chip largely use fortune in micro-architecture design to most seek high-performance
The design methods such as component is shared, Cache is shared, branch prediction are calculated, so that there are bulk informations in CPU and entire processor system
The side channel of leakage exists, these information leakage side channels are referred to as " cancer " in modern advanced processor, is highly prone to " deep and remote
The attack of the Malware of spirit " and " fusing " type, Malware comprehensively grasp the details of operating system and application software with
Loophole obtains system permission for Malware and initiation relay attack creates conditions.
The security breaches of the operating system run on primary processor will lead to Malware and obtain system permission, and are hair
Relay attack is played to create conditions.Operating system is huge due to its code size, although software maintenance staff has been paid greatly
The publication of effort, operating system update and patch becomes normality, but Malware can always take advantage of a weak point, and obtains system power
Limit.The Malware for obtaining system permission can be convenient initiation relay attack.
That is, it is lower to exist in the prior art safety chip itself encryption and decryption operational capability, while conventional security core
The problem of running environment of piece can not effectively extend high safety encryption and decryption operational capability because of security protection scarce capacity.
Therefore, the existing technology needs to be improved and developed.
Summary of the invention
The technical problem to be solved in the present invention is that for prior art defect, the present invention provides a kind of high safety and adds solution
Close operational capability extended method and system, it is intended to described by increasing FPGA main controller between primary processor and safety chip
FPGA main controller includes high safety application program, Mach and multi-core CPU, when the high safety of calling safety chip is answered
It is executed with when program by FPGA main controller;Mach is used to control the high safety application program for calling safety chip
Safety executes;Multi-core CPU is the multi-core CPU of double-core or three cores, calls the high safety of safety chip to answer in time stopping
With the execution of program, the security sensitive information saved in memory is removed, is sent and is ordered to safety chip by FPGA main controller
It calls, and collects the operation result from safety chip, final operation result is sent to primary processor, is greatly improved
For the security protection ability of safety chip.
The technical proposal for solving the technical problem of the invention is as follows:
A kind of high safety encryption and decryption operational capability extended method, wherein the high safety encryption and decryption operational capability extended method packet
It includes:
The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA master by system communication by primary processor
Device is controlled, FPGA main controller receives related data and cached;
Routine call is decomposed into serial subprocess by FPGA main controller, to the operation of safety chip part is related to, is generated corresponding
Command calls sequence and data grouping;
FPGA main controller sends corresponding command calls and relevant data to multiple safety chips, and each safety chip is by operation
As a result FPGA main controller is fed back to;
FPGA main controller collects the operation result from whole safety chips, and final operation result is sent to primary processor.
The FPGA main controller includes high safety application program, Mach and multi-core CPU;
It is executed when calling the high safety application program of safety chip by FPGA main controller;Mach is adjusted for controlling
It is executed with the safety of the high safety application program of safety chip;Multi-core CPU is the multi-core CPU of double-core or three cores, in due course
Ground stops calling the execution of the high safety application program of safety chip, removes the security sensitive information saved in memory.
The high safety encryption and decryption operational capability extended method, wherein the primary processor need to by system communication
The routine call of the data and encryption and decryption operation of wanting encryption and decryption is transferred to FPGA main controller, and FPGA main controller receives related data simultaneously
Before being cached further include:
It is arranged one between the primary processor and the safety chip in advance for carrying out the FPGA main controller of data processing.
The high safety encryption and decryption operational capability extended method, wherein the FPGA main controller is to multiple safety chips
Corresponding command calls and relevant data are sent, operation result is fed back to FPGA master control implement body packet by each safety chip
It includes:
FPGA main controller sends corresponding command calls and relevant data to multiple safety chips, and each safety chip obtains simultaneously
Explain related command;
Each safety chip executes corresponding encryption and decryption operation and safe handling, and respective operation result is fed back to FPGA master control
Device.
The high safety encryption and decryption operational capability extended method, wherein carry out the configuration code file of fpga chip
Encipherment protection, while disabling the scan chain in fpga chip.
The high safety encryption and decryption operational capability extended method, wherein pass through between FPGA main controller and primary processor
System communication and routine call constitute the distributed variable-frequencypump relationship of equity.
The high safety encryption and decryption operational capability extended method, wherein FPGA main controller is by the way of soft core come real
Existing CPU core, when CPU core is designed using double-core helical structure, in double-core helical structure, two logic functions are identical
CPU core executes identical instruction, and the implementing result and CPU state that instruct are compared.
The high safety encryption and decryption operational capability extended method, wherein FPGA main controller is by the way of soft core come real
Existing CPU core, when CPU core is designed using three core redundancy structures, in three core redundancy structures, three logic functions are identical
CPU core executes identical instruction, and the implementing result and CPU state that instruct are compared.
A kind of high safety encryption and decryption operational capability expansion system, wherein high safety encryption and decryption operational capability extension system
System includes:
Primary processor, for being transferred to the routine call that the data for needing encryption and decryption and encryption and decryption operate by system communication
FPGA main controller;
Routine call is decomposed into serial subprocess for receiving related data and being cached by FPGA main controller, to being related to pacifying
The operation of full chip part, generates corresponding command calls sequence and data grouping, sends corresponding life to multiple safety chips
Calling and relevant data are enabled, and the operation result that each safety chip is fed back is sent to primary processor;
Multiple safety chips execute corresponding encryption and decryption operation and safe handling, by operation for obtaining and explaining related command
As a result FPGA main controller is fed back to;
The FPGA main controller includes high safety application program, Mach and multi-core CPU.
The high safety encryption and decryption operational capability expansion system, wherein call the high safety application program of safety chip
When executed by FPGA main controller;
The safety that Mach is used to control the high safety application program for calling safety chip executes;
Multi-core CPU is removed and is saved in memory in time stopping calling the execution of the high safety application program of safety chip
Security sensitive information.
The high safety encryption and decryption operational capability expansion system, wherein multi-core CPU is the multicore of double-core or three cores
CPU。
The invention discloses a kind of high safety encryption and decryption operational capability extended method and systems, which comprises main place
The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA main controller, FPGA by system communication by reason device
Main controller receives related data and is cached;Routine call is decomposed into serial subprocess by FPGA main controller, to being related to safety
The operation of chip part generates corresponding command calls sequence and data grouping;FPGA main controller is sent to multiple safety chips
Operation result is fed back to FPGA main controller by corresponding command calls and relevant data, each safety chip;FPGA main controller
Collect the operation result from whole safety chips, final operation result is sent to primary processor.The FPGA main controller
Including high safety application program, Mach and multi-core CPU;When call safety chip high safety application program when by
FPGA main controller executes;The safety that Mach is used to control the high safety application program for calling safety chip executes;
Multi-core CPU is the multi-core CPU of double-core or three cores, and the high safety application program in time stopping calling safety chip is held
Row removes the security sensitive information saved in memory.The present invention sends command calls to safety chip by FPGA main controller,
And collect the operation result from safety chip, final operation result is sent to primary processor, greatly improves and is directed to
The security protection ability of safety chip.
Detailed description of the invention
Fig. 1 is the schematic illustration of the usage scenario of traditional safety chip;
Fig. 2 is the schematic illustration for controlling the usage scenario of multiple safety chip concurrent workings by primary processor in the prior art;
Fig. 3 is the flow chart of the preferred embodiment of high safety encryption and decryption operational capability extended method of the present invention;
Fig. 4 is the structure principle chart of the preferred embodiment of high safety encryption and decryption operational capability expansion system of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer and more explicit, right as follows in conjunction with drawings and embodiments
The present invention is further described.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and do not have to
It is of the invention in limiting.
High safety encryption and decryption operational capability extended method described in present pre-ferred embodiments, as shown in figure 3, the Gao An
Full encryption and decryption operational capability extended method the following steps are included:
Step S10, primary processor is transmitted the routine call of the data for needing encryption and decryption and encryption and decryption operation by system communication
FPGA main controller is given, FPGA main controller receives related data and cached.
Specifically, encryption and decryption circuit has obtained a large amount of physics, electricity and security protection in logic in safety chip, this
A little encryption and decryption circuits can resist the physics of the known overwhelming majority, electricity and attack in logic, therefore these are added
The operation that decryption circuit executes is known as high safety encryption and decryption operation.
It is arranged one between the primary processor and the safety chip in advance for carrying out the FPGA master control of data processing
Device, the FPGA main controller include high safety application program, Mach and multi-core CPU;When calling safety chip
It is executed when high safety application program by FPGA main controller;Mach, which is used to control, calls the high safety of safety chip to answer
It is executed with the safety of program;Multi-core CPU is the multi-core CPU of double-core or three cores, calls safety chip in time stopping
The security sensitive information saved in memory is removed in the execution of high safety application program.
The high safety application program for calling safety chip is arranged on FPGA main controller and is executed, master can be efficiently solved
There are problems that the details leakage of high safety application program caused by security breaches on processor, has evaded and having pacified on primary processor
Malware caused by full loophole is invaded, and initiates the safety wind of the relay attack for safety chip on this basis
Danger.
For FPGA main controller as an independent processor, it passes through system communication and program tune between primary processor
With, constitute equity distributed variable-frequencypump relationship, without master-slave.Slave equipment of the safety chip as FPGA main controller,
Command calls are sent from FPGA main controller to multiple safety chips, each safety chip obtains and explains related command, then holds
Operation result is finally fed back to FPGA main controller by the corresponding encryption and decryption operation of row and safe handling, in the present invention, FPGA master control
Device+safety chip constitutes an enhanced secure operating environment.
Step S20, routine call is decomposed into serial subprocess by FPGA main controller, to being related to the behaviour of safety chip part
Make, generates corresponding command calls sequence and data grouping.
Specifically, FPGA main controller is parsed to the routine call for carrying out host processor and is decomposed into serial subprocess,
For being related to the operation of safety chip part, FPGA main controller generates corresponding command calls sequence and data grouping.
Step S30, FPGA main controller sends corresponding command calls and relevant data, Ge Gean to multiple safety chips
Operation result is fed back to FPGA main controller by full chip.
Specifically, FPGA main controller sends corresponding command calls and relevant data, Ge Gean to multiple safety chips
Full chip obtains and explains related command;Each safety chip executes corresponding encryption and decryption operation and safe handling, by operation knot
Fruit feeds back to FPGA main controller;FPGA main controller controls multiple safety chips and is executed concurrently high safety encryption and decryption operation, thus
Promote the efficiency of encryption and decryption operation.
Step S40, FPGA main controller collects the operation result from whole safety chips, and final operation result is sent
To primary processor.
Further, it is executed when calling the high safety application program of safety chip by FPGA main controller, has evaded main place
Security breaches are utilized by Malware on reason device, are caused the details of high safety application program to reveal, are concurrently risen for safety chip
Relay attack risk.For example, due to modern times advanced cpu chip the lacking in micro-architecture design of Intel and ARM company
It falls into, information leakage side channel is that these chips are not eliminable " cancer ", and answering on a large scale due to these CPU primary processors
With by these chips, replacement is impossible completely in a short time.By security protection application of less demanding after continuation of insurance
It stays on original primary processor and executes, and the high safety application program for calling safety chip is arranged on FPGA main controller and is held
Row, can efficiently solve on primary processor that there are the application particulars of the calling safety chip caused by security breaches to let out
Dew, and the risk of the relay attack for safety chip is initiated based on this.
Further, FPGA main controller can use the stronger new design of function of safety protection, eliminate information leakage side letter
The security threat of the high safety application particulars leakage of safety chip is called caused by road.FPGA main controller can be neatly
CPU core is realized by the way of soft core, and is isolated in micro-architecture design using stringenter time and space come effectively
Information leakage side channel is eliminated on ground, enhances FPGA main controller to the security protection ability of high safety application program.
Wherein, the multi-core CPU in FPGA main controller is the multi-core CPU of double-core or three cores, using the reason of multi-core CPU
In promoting the protective capacities for malware attacks, since Malware can only at a time modify one of CPU's
Buffer status, while the buffer status of two or three CPU is modified, and modified multiple CPU states are completely the same
It is difficult to realize, therefore by double-core helical structure or three core redundancy structures, can be effectively detected and find that malice is soft
Attack condition of the part to CPU.Since FPGA main controller mainly executes program relevant to safe encryption and decryption, do not need to execute
Complicated operating system, it is only necessary to execute the Mach simplified.Mach is by simplifying operation
The function and code size (the usually only magnitudes of tens K) of system, therefore Mach can carry out stringent needle
Formal verification to safety (SeL4 micro-kernel has reached highest security level).It can be into one using the micro-kernel of high safety
Step promotes the safety of FPGA main controller.Since FPGA main controller mainly executes application program relevant to safe encryption and decryption, because
This these application program can carry out simplifying for code size, while carry out stringent security test and verifying, while to this
The source of a little application programs and upgrading carry out it is stringent manage and control, guaranteeing these application programs all is the journey of high security
Sequence, to guarantee the safety of FPGA main controller.
Wherein, the multi-core CPU of FPGA main controller can be designed using CPU core double-core helical structure, detection and discovery malice
The attack of software, protection call the safety of the high safety application program of safety chip to execute.Malware is to CPU program
Attack can only modify instruction stream/data flow/system mode of one of CPU, while modify instruction stream/data of two CPU
Stream/system mode, and modify that result is identical to be difficult to realize.The attack of Malware is detected in double-core helical structure
When, it can in time stop the execution for calling the high safety application program of safety chip, remove the peace saved in memory
Full sensitive information achievees the purpose that high safety application security is protected to execute.
Wherein, the multi-core CPU in FPGA main controller can be designed using three core redundancy structure of CPU core, and detection and discovery are disliked
The attack of meaning software, protection call the safety of the high safety application program of safety chip to execute.Malware is to CPU program
Attack, can only modify instruction stream/data flow/system mode of one of CPU, while modifying instruction stream/number of three CPU
According to stream/system mode, and modify that result is identical to be difficult to realize.The attack row of Malware is detected in three core redundancy structures
For when, can in time stop the execution for calling the high safety application program of safety chip, remove and saved in memory
Security sensitive information achievees the purpose that high safety application security is protected to execute.
Further, FPGA main controller can use the higher micro-kernel of security protection ability, promote the peace of software systems
Full protection ability guarantees that the safety for the high safety application program for calling safety chip executes;FPGA main controller can be adopted neatly
CPU core is realized with the mode of soft core, and is isolated in micro-architecture design using stringenter time and space come effectively
Information leakage side channel is eliminated, the security protection to the high safety application program for calling safety chip of FPGA main controller is enhanced
Ability.
In addition, due to safety concerns, the configuration code file needs of fpga chip encrypt, while disabling FPGA
(scan chain is a kind of realization technology of Testability Design to scan chain in chip, it is by implantation shift register, so that surveying
Examination personnel can be externally controlled and observe the signal value of circuit internal trigger) it is the base that FPGA main controller chip secure is run
This requirement.
CPU core and other function module in FPGA main controller can be directed to the needs of security protection and combine currently most
The design of CPU core and other function module is neatly modified in main hardware and software Attack Scenarios and threat, adjusts CPU core
Instruction set, to enhance the security protection ability of whole system.
FPGA is a kind of way of realization of circuit function, is adjusted in the circuit function of FPGA main controller by practical application
After sizing, whole circuit functions in FPGA main controller can be converted to asic chip realization, to further promote chip
Performance reduces power consumption and saves cost.
As shown in figure 4, being based on above-mentioned high safety encryption and decryption operational capability extended method, the present invention further correspondingly provides one kind
High safety encryption and decryption operational capability expansion system, the high safety encryption and decryption operational capability expansion system include:
Primary processor 101, for being transmitted the routine call of the data for needing encryption and decryption and encryption and decryption operation by system communication
To FPGA main controller 102;Routine call is decomposed into series for receiving related data and being cached by FPGA main controller 102
Subprocess generates corresponding command calls sequence and data grouping to the operation of 103 part of safety chip is related to, to multiple peaces
Full chip 103 sends corresponding command calls and relevant data, and the operation result that each safety chip 103 is fed back is sent
To primary processor 101;Multiple safety chips 103 execute corresponding encryption and decryption operation and peace for obtaining and explaining related command
Full processing, feeds back to FPGA main controller 102 for operation result;The FPGA main controller 102 include high safety application program 1021,
Mach 1022 and multi-core CPU 1023.
Wherein, Mach 1022, which is used to control, calls the safety of the high safety application program of safety chip to hold
Row;Multi-core CPU 1023 is removed and is protected in memory in time stopping calling the execution of the high safety application program of safety chip
The security sensitive information deposited;Multi-core CPU 1023 is the multi-core CPU of double-core or three cores.
The present invention is controlled multiple safety chips by FPGA main controller and is executed concurrently high safety encryption and decryption operation, thus
Promote the efficiency of encryption and decryption operation.
In conclusion the present invention provides a kind of high safety encryption and decryption operational capability extended method and system, the method packet
Include: the routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA master control by system communication by primary processor
Device, FPGA main controller receive related data and are cached;Routine call is decomposed into serial subprocess by FPGA main controller, to relating to
And the operation of safety chip part, generate corresponding command calls sequence and data grouping;FPGA main controller is to multiple safe cores
Piece sends corresponding command calls and operation result is fed back to FPGA main controller by relevant data, each safety chip;FPGA
Main controller collects the operation result from whole safety chips, and final operation result is sent to primary processor.The FPGA
Main controller includes high safety application program, Mach and multi-core CPU;When the high safety application journey for calling safety chip
It is executed when sequence by FPGA main controller;Mach is used to control the safety for the high safety application program for calling safety chip
It executes;Multi-core CPU is the multi-core CPU of double-core or three cores, in time stopping calling the high safety application journey of safety chip
The security sensitive information saved in memory is removed in the execution of sequence.The present invention is sent to safety chip by FPGA main controller and is ordered
It enables and calling, and collect the operation result from safety chip, final operation result is sent to primary processor, is greatly promoted
For the security protection ability of safety chip.
Certainly, those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method,
It is that related hardware (such as processor, controller etc.) can be instructed to be automatically performed by computer program, the program can
It is stored in a computer-readable storage medium, described program may include the stream such as above-mentioned each method embodiment when being executed
Journey.Wherein the storage medium can be memory, magnetic disk, CD etc..
It should be understood that the application of the present invention is not limited to the above for those of ordinary skills can
With improvement or transformation based on the above description, all these modifications and variations all should belong to the guarantor of appended claims of the present invention
Protect range.
Claims (10)
1. a kind of high safety encryption and decryption operational capability extended method, which is characterized in that the high safety encryption and decryption operational capability expands
Exhibition method includes:
The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA master by system communication by primary processor
Device is controlled, FPGA main controller receives related data and cached;
Routine call is decomposed into serial subprocess by FPGA main controller, to the operation of safety chip part is related to, is generated corresponding
Command calls sequence and data grouping;
FPGA main controller sends corresponding command calls and relevant data to multiple safety chips, and each safety chip is by operation
As a result FPGA main controller is fed back to;
FPGA main controller collects the operation result from whole safety chips, and final operation result is sent to primary processor;
The FPGA main controller includes high safety application program, Mach and multi-core CPU;
It is executed when calling the high safety application program of safety chip by FPGA main controller;Mach is adjusted for controlling
It is executed with the safety of the high safety application program of safety chip;Multi-core CPU is the multi-core CPU of double-core or three cores, in due course
Ground stops calling the execution of the high safety application program of safety chip, removes the security sensitive information saved in memory.
2. high safety encryption and decryption operational capability extended method according to claim 1, which is characterized in that the primary processor
The routine call that the data for needing encryption and decryption and encryption and decryption operate is transferred to FPGA main controller, FPGA master control by system communication
Before device receives related data and is cached further include:
It is arranged one between the primary processor and the safety chip in advance for carrying out the FPGA main controller of data processing.
3. high safety encryption and decryption operational capability extended method according to claim 1 or 2, which is characterized in that the FPGA
Main controller sends corresponding command calls to multiple safety chips and relevant data, each safety chip feed back operation result
It is specifically included to FPGA main controller:
FPGA main controller sends corresponding command calls and relevant data to multiple safety chips, and each safety chip obtains simultaneously
Explain related command;
Each safety chip executes corresponding encryption and decryption operation and safe handling, and respective operation result is fed back to FPGA master control
Device.
4. high safety encryption and decryption operational capability extended method according to claim 1, which is characterized in that by fpga chip
Configuration code file encrypts, while disabling the scan chain in fpga chip.
5. high safety encryption and decryption operational capability extended method according to claim 1, which is characterized in that FPGA main controller with
The distributed variable-frequencypump relationship of equity is made up of between primary processor system communication and routine call.
6. high safety encryption and decryption operational capability extended method according to claim 5, which is characterized in that FPGA main controller is adopted
CPU core is realized with the mode of soft core, and when CPU core is designed using double-core helical structure, in double-core helical structure, two are patrolled
It collects the identical CPU core of function and executes identical instruction, and the implementing result and CPU state that instruct are compared.
7. high safety encryption and decryption operational capability extended method according to claim 5, which is characterized in that FPGA main controller is adopted
CPU core is realized with the mode of soft core, and when CPU core is designed using three core redundancy structures, in three core redundancy structures, three are patrolled
It collects the identical CPU core of function and executes identical instruction, and the implementing result and CPU state that instruct are compared.
8. a kind of high safety encryption and decryption operational capability expansion system, which is characterized in that the high safety encryption and decryption operational capability expands
Exhibition system includes:
Primary processor, for being transferred to the routine call that the data for needing encryption and decryption and encryption and decryption operate by system communication
FPGA main controller;
Routine call is decomposed into serial subprocess for receiving related data and being cached by FPGA main controller, to being related to pacifying
The operation of full chip part, generates corresponding command calls sequence and data grouping, sends corresponding life to multiple safety chips
Calling and relevant data are enabled, and the operation result that each safety chip is fed back is sent to primary processor;
Multiple safety chips execute corresponding encryption and decryption operation and safe handling, by operation for obtaining and explaining related command
As a result FPGA main controller is fed back to;
The FPGA main controller includes high safety application program, Mach and multi-core CPU.
9. high safety encryption and decryption operational capability expansion system according to claim 8, which is characterized in that call safety chip
High safety application program when executed by FPGA main controller;
The safety that Mach is used to control the high safety application program for calling safety chip executes;
Multi-core CPU is removed and is saved in memory in time stopping calling the execution of the high safety application program of safety chip
Security sensitive information.
10. high safety encryption and decryption operational capability expansion system according to claim 8, which is characterized in that multi-core CPU is double
The multi-core CPU of core or three cores.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811057773.8A CN109255259B (en) | 2018-09-11 | 2018-09-11 | High-security encryption and decryption computing capability expansion method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811057773.8A CN109255259B (en) | 2018-09-11 | 2018-09-11 | High-security encryption and decryption computing capability expansion method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109255259A true CN109255259A (en) | 2019-01-22 |
CN109255259B CN109255259B (en) | 2020-08-04 |
Family
ID=65047251
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811057773.8A Active CN109255259B (en) | 2018-09-11 | 2018-09-11 | High-security encryption and decryption computing capability expansion method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109255259B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110008001A (en) * | 2019-03-29 | 2019-07-12 | 网御安全技术(深圳)有限公司 | Safety encryption, system and the hardware security monitor card of monitor of virtual machine |
CN110166240A (en) * | 2019-06-25 | 2019-08-23 | 南方电网科学研究院有限责任公司 | A kind of Network Isolation password board |
CN112445827A (en) * | 2020-11-26 | 2021-03-05 | 中孚信息股份有限公司 | Data security processing system, method and device in cloud office environment |
CN112910932A (en) * | 2021-04-30 | 2021-06-04 | 北京数盾信息科技有限公司 | Data processing method, device and system |
CN113094762A (en) * | 2021-04-30 | 2021-07-09 | 北京数盾信息科技有限公司 | Data processing method and device and signature verification server |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201665226U (en) * | 2009-11-02 | 2010-12-08 | 北京全路通信信号研究设计院 | Train control center main processing equipment |
CN102799819A (en) * | 2012-07-04 | 2012-11-28 | 北京京航计算通讯研究所 | Embedded software safety protection system |
CN205003526U (en) * | 2015-09-11 | 2016-01-27 | 浙江中烟工业有限责任公司 | PLC cooperative control device based on SOPC technique |
-
2018
- 2018-09-11 CN CN201811057773.8A patent/CN109255259B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201665226U (en) * | 2009-11-02 | 2010-12-08 | 北京全路通信信号研究设计院 | Train control center main processing equipment |
CN102799819A (en) * | 2012-07-04 | 2012-11-28 | 北京京航计算通讯研究所 | Embedded software safety protection system |
CN205003526U (en) * | 2015-09-11 | 2016-01-27 | 浙江中烟工业有限责任公司 | PLC cooperative control device based on SOPC technique |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110008001A (en) * | 2019-03-29 | 2019-07-12 | 网御安全技术(深圳)有限公司 | Safety encryption, system and the hardware security monitor card of monitor of virtual machine |
CN110008001B (en) * | 2019-03-29 | 2021-01-05 | 网御安全技术(深圳)有限公司 | Security reinforcement method and system for virtual machine monitor and hardware security monitoring card |
CN110166240A (en) * | 2019-06-25 | 2019-08-23 | 南方电网科学研究院有限责任公司 | A kind of Network Isolation password board |
CN110166240B (en) * | 2019-06-25 | 2024-05-03 | 南方电网科学研究院有限责任公司 | Network isolation password board card |
CN112445827A (en) * | 2020-11-26 | 2021-03-05 | 中孚信息股份有限公司 | Data security processing system, method and device in cloud office environment |
CN112910932A (en) * | 2021-04-30 | 2021-06-04 | 北京数盾信息科技有限公司 | Data processing method, device and system |
CN113094762A (en) * | 2021-04-30 | 2021-07-09 | 北京数盾信息科技有限公司 | Data processing method and device and signature verification server |
CN112910932B (en) * | 2021-04-30 | 2021-07-20 | 北京数盾信息科技有限公司 | Data processing method, device and system |
CN113094762B (en) * | 2021-04-30 | 2021-12-07 | 北京数盾信息科技有限公司 | Data processing method and device and signature verification server |
Also Published As
Publication number | Publication date |
---|---|
CN109255259B (en) | 2020-08-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109255259A (en) | A kind of high safety encryption and decryption operational capability extended method and system | |
Qiu et al. | Voltjockey: Breaching trustzone by software-controlled voltage manipulation over multi-core frequencies | |
Yuce et al. | Fault attacks on secure embedded software: Threats, design, and evaluation | |
Bossuet et al. | Architectures of flexible symmetric key crypto engines—a survey: From hardware coprocessor to multi-crypto-processor system on chip | |
JP5775738B2 (en) | Information processing apparatus, secure module, information processing method, and information processing program | |
US9792229B2 (en) | Protecting a memory | |
EP2864925B1 (en) | Managing use of a field programmable gate array with reprogrammable cryptographic operations | |
CN101419652B (en) | Software and hardware combined program protecting method | |
EP3311324B1 (en) | Enhanced security of power management communications and protection from side channel attacks | |
US8181008B2 (en) | Secure system-on-chip | |
US9735953B2 (en) | Side channel analysis resistant architecture | |
CN107851162A (en) | For carrying out the technology of safe programming to safe I/O cipher engine | |
CN110210190A (en) | A kind of Code obfuscation method based on secondary compilation | |
La et al. | Denial-of-service on FPGA-based cloud infrastructures—attack and defense | |
EP3271828B1 (en) | Cache and data organization for memory protection | |
Mahmoud et al. | Electrical-level attacks on CPUs, FPGAs, and GPUs: Survey and implications in the heterogeneous era | |
CN110443078B (en) | Security storage system based on privilege hierarchy | |
CN105827388A (en) | Method for cryptographically processing data | |
CN109190407A (en) | A kind of high-performance encryption and decryption operational capability extended method and system | |
Gross et al. | Fpganeedle: Precise remote fault attacks from fpga to cpu | |
Rahimi et al. | Trends and challenges in ensuring security for low-power and high-performance embedded SoCs | |
Ahmed et al. | Multi-tenant cloud FPGA: A survey on security | |
CN110932853A (en) | Key management device and key management method based on trusted module | |
KR101656092B1 (en) | Secured computing system with asynchronous authentication | |
CN109284638B (en) | Protection method and system for operating environment of security chip |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |