CN113486399B - Data storage method and system based on RISC-V architecture - Google Patents

Data storage method and system based on RISC-V architecture Download PDF

Info

Publication number
CN113486399B
CN113486399B CN202110796928.5A CN202110796928A CN113486399B CN 113486399 B CN113486399 B CN 113486399B CN 202110796928 A CN202110796928 A CN 202110796928A CN 113486399 B CN113486399 B CN 113486399B
Authority
CN
China
Prior art keywords
information
meta
data
encryption
storage system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110796928.5A
Other languages
Chinese (zh)
Other versions
CN113486399A (en
Inventor
栾皓
利文浩
梁凉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Trustkernel Information Technology Co ltd
Original Assignee
Shanghai Trustkernel Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Trustkernel Information Technology Co ltd filed Critical Shanghai Trustkernel Information Technology Co ltd
Priority to CN202110796928.5A priority Critical patent/CN113486399B/en
Publication of CN113486399A publication Critical patent/CN113486399A/en
Application granted granted Critical
Publication of CN113486399B publication Critical patent/CN113486399B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data storage system and a method based on RISC-V architecture, comprising: step S1: the safe storage system maintains an exclusive internal storage area through a physical memory protection mechanism of RISC-V, and sets a permanent counter in the internal storage area; step S2: obtaining a unique secret key of the equipment according to the unique security identifier of the equipment; and step S3: when the safe storage system carries out the operation of updating the object meta-information, the permanent counter is increased in number; and step S4: generating a message authentication code according to the current count of the permanent counter, the object meta-information and the unique key of the equipment, and storing the message authentication code in the encryption meta-information; step S5: and reading the encryption meta-information and the object meta-information from the external storage, and authenticating the currently read object meta-information by using the encryption meta-information to ensure that the data meta-information is not illegally tampered.

Description

Data storage method and system based on RISC-V architecture
Technical Field
The invention relates to the technical field of data security storage, in particular to a data storage method and a data storage system based on a RISC-V (reduced instruction-set computer-graphics) architecture, and more particularly to security storage.
Background
Data sensitive services have high requirements on the security of data storage, and the leakage of important data caused by the attack on a storage system can cause great loss.
Patent document CN110909391A (application number: 201911228381.8) discloses a RISC-V based secure storage method comprising: step S1: the storage area of the flash is safely isolated by using a RISC-V privileged instruction set; step S2: the application program uses the KDF secret key to derive a storage data secret key, encrypts private data and stores the encrypted private data in a storage area corresponding to the flash; when the application program reads the data, the KDF key is used for deriving a read data key and decrypting the stored data to obtain private data.
Secure storage needs to address data privacy, integrity, and protection against replay attacks.
The conventional method for protecting privacy and integrity is to store a ciphertext and a verification code simultaneously in an authentication encryption mode, and verify whether the ciphertext is tampered by using the verification code when reading data. Both the encryption and authentication steps ensure privacy and integrity. However, the hardware platforms have different measures with respect to key storage and protection against replay attacks. RISC-V is a popular system structure, the invention introduces a software and hardware cooperative mechanism for key storage and replay attack prevention under the RISC-V structure.
RISC-V has a unique physical memory protection mechanism, and can control the access authority of an application program to different physical memory areas. In the invention, the secure storage system needs to maintain an exclusive internal storage area (only the read-write right is granted to the secure storage system by using a physical memory protection mechanism, and the internal storage is also needed to prevent an attacker from modifying the stored value by a low-cost physical means), wherein the exclusive area comprises a root key (used for deriving the key needed by authentication and encryption) and a permanent counter (used for preventing replay attack). The safe storage system stores the verification codes of all data in a persistence structure called object meta-information, and a persistence area called encryption meta-information contains the verification codes generated after the object meta-information is authenticated and encrypted. By enabling the verification codes of all the objects to resist the replay attack prevention, the effect that all the objects can resist the replay attack prevention is achieved.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a data storage method and system based on a RISC-V architecture.
The data storage method based on the RISC-V architecture provided by the invention comprises the following steps:
step S1: the safe storage system maintains an exclusive internal storage area through a physical memory protection mechanism of RISC-V, and sets a permanent counter in the internal storage area;
step S2: obtaining a device unique key according to the device unique security identifier;
and step S3: when the safe storage system carries out the operation of updating the object meta-information, the permanent counter is increased;
and step S4: generating a message authentication code according to the current count of the permanent counter, the object meta-information and the unique key of the equipment, and storing the message authentication code in the encryption meta-information;
step S5: and reading the encryption meta-information and the object meta-information from the external storage, and authenticating the currently read object meta-information by using the encryption meta-information to ensure that the data meta-information is not illegally tampered.
Preferably, the step S2 employs: the device unique secure identifier derives a device unique key using a key derivation algorithm.
Preferably, the step S4 employs: and generating a message authentication code by using an AEAD encryption algorithm according to the current count of the permanent counter, the object meta-information and the unique key of the equipment, and storing the message authentication code in the encryption meta-information.
Preferably, the secure storage system maintains a plurality of file indexes, and writes the meta information alternately, so as to ensure that a file pointed by one index is valid all the time;
and when the meta information is actually written, writing the meta information into the meta information file which is not pointed by the current active file ID pointer, and when the writing is successful, pointing the active file ID pointer to the meta information file which is successfully written.
Preferably, a new location is allocated to the modified object in the object meta information, the original location is deleted after backup, and the secure storage system is only in a state before the write is successful or the modification.
Preferably, a copy-on-write mode is adopted when the data and the meta information are updated;
the meta information includes object meta information and encryption meta information.
The invention provides a data storage system based on RISC-V architecture, comprising:
a module M1: the safe storage system maintains an exclusive internal storage area through a physical memory protection mechanism of RISC-V, and sets a permanent counter in the internal storage area;
a module M2: obtaining a device unique key according to the device unique security identifier;
a module M3: when the safe storage system carries out the operation of updating the object meta-information, the permanent counter is increased in number;
a module M4: generating a message authentication code according to the current count of the permanent counter, the object meta-information and the unique key of the equipment, and storing the message authentication code in the encryption meta-information;
a module M5: and reading the encryption meta-information and the object meta-information from the external storage, and authenticating the currently read object meta-information by using the encryption meta-information to ensure that the data meta-information is not illegally tampered.
Preferably, the module M2 employs: the device unique security identifier obtains a device unique key by using a key derivation algorithm;
the module M4 employs: and generating a message authentication code by using an AEAD encryption algorithm according to the current count of the permanent counter, the object meta-information and the equipment unique key, and storing the message authentication code in the encryption meta-information.
Preferably, the secure storage system maintains a plurality of file indexes, and writes the meta information alternately, so as to ensure that a file pointed by one index is valid all the time;
when the meta-information is actually written, writing the meta-information into a meta-information file which is not pointed by the current active file ID pointer, and when the writing is successful, pointing the active file ID pointer to the meta-information file which is successfully written;
and allocating a new position to the modified object in the object meta information, deleting the original position after backup, and only enabling the safe storage system to be in a state before writing success or modification.
Preferably, a copy-on-write mode is adopted when the data and the meta information are updated;
the meta information includes object meta information and encryption meta information.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention ensures the privacy of the permanent counter through the physical memory protection mechanism of RISC-V, and the physical memory protection mechanism ensures that only the safe storage system can obtain the value of the permanent counter;
2. the invention ensures the integrity of the permanent counter through the physical memory protection mechanism of RISC-V, and limits the illegal modification of the key from the software and physical layer by the physical memory protection mechanism of RISC-V and the internal storage characteristic of the storage chip;
3. the invention prevents data information from being acquired from an external storage medium by physical means through the encryption meta information, and can identify errors when the encrypted data is damaged;
4. according to the invention, the permanent counter is used for generating the authentication code information by carrying the value incremented by the permanent counter after updating the meta-information each time, so that the integrity and replay attack prevention are ensured, and the error can be identified when the content of the meta-information is modified or replaced by an old effective version;
5. when the power failure is abnormal, the advanced counter is used for generating authentication code information and then the permanent counter is actually increased, so that the condition that the system is unavailable due to inconsistency when the abnormality occurs is prevented;
6. when the data and the meta-information are updated, the atomicity when the data are written is ensured by adopting a copy-on-write mode;
7. the invention has the advantage that the leakage of the key on a single device can not affect other devices.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a flow chart of secure storage read and write.
Fig. 2 shows a process of generating a meta information message authentication code.
FIG. 3 is a simplified process for reading and writing objects.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
Example 1
The data storage method based on RISC-V architecture provided by the invention, as shown in FIGS. 1 to 3, comprises:
step S1: the safe storage system maintains an exclusive internal storage area through a physical memory protection mechanism of RISC-V, and sets a permanent counter in the internal storage area;
step S2: obtaining a device unique key according to the device unique security identifier;
and step S3: when the safe storage system carries out the operation of updating the object meta-information, the permanent counter is increased in number;
and step S4: generating a message authentication code according to the current count of the permanent counter, the object meta-information and the unique key of the equipment, and storing the message authentication code in the encryption meta-information;
step S5: and reading the encryption meta-information and the object meta-information from the external storage, and authenticating the currently read object meta-information by using the encryption meta-information to ensure that the data meta-information is not illegally tampered.
Specifically, the step S2 employs: the device unique secure identifier derives a device unique key using a key derivation algorithm.
Specifically, the step S4 employs: and generating a message authentication code by using an AEAD encryption algorithm according to the current count of the permanent counter, the object meta-information and the equipment unique key, and storing the message authentication code in the encryption meta-information.
Specifically, the secure storage system maintains a plurality of file indexes, and writes meta information alternately, so as to ensure that a file pointed by one index is effective all the time;
and when the meta information is actually written, writing the meta information into the meta information file which is not pointed by the current active file ID pointer, and when the writing is successful, pointing the active file ID pointer to the meta information file which is successfully written.
Specifically, a new location is allocated to the modified object in the object meta information, the original location is deleted after backup, and the secure storage system is only in a state of successful writing or before modification.
Specifically, a copy-on-write mode is adopted when data and meta information are updated;
the meta information includes object meta information and encryption meta information.
The data storage system based on the RISC-V architecture provided by the invention comprises:
a module M1: the safe storage system maintains an exclusive internal storage area through a physical memory protection mechanism of RISC-V, and sets a permanent counter in the internal storage area;
a module M2: obtaining a device unique key according to the device unique security identifier;
a module M3: when the safe storage system carries out the operation of updating the object meta-information, the permanent counter is increased in number;
a module M4: generating a message authentication code according to the current count of the permanent counter, the object meta-information and the unique key of the equipment, and storing the message authentication code in the encryption meta-information;
a module M5: and reading the encryption meta-information and the object meta-information from the external storage, and authenticating the currently read object meta-information by using the encryption meta-information to ensure that the data meta-information is not illegally tampered.
Specifically, the module M2 employs: the device unique security identifier obtains a device unique key by using a key derivation algorithm;
the module M4 employs: and generating a message authentication code by using an AEAD encryption algorithm according to the current count of the permanent counter, the object meta-information and the equipment unique key, and storing the message authentication code in the encryption meta-information.
Specifically, the secure storage system maintains a plurality of file indexes, writes meta information alternately, and ensures that a file pointed by one index is valid all the time;
when the meta information is actually written, writing the meta information into a meta information file which is not pointed by the current active file ID pointer, and when the writing is successful, pointing the active file ID pointer to the meta information file which is successfully written;
and allocating a new position to the modified object in the object meta information, deleting the original position after backup, and only enabling the safe storage system to be in a state before writing success or modification.
Specifically, a copy-on-write mode is adopted when data and meta information are updated;
the meta information includes object meta information and encryption meta information.
Example 2
Example 2 is a preferred example of example 1
Anti-replay design
In a secure storage system, data metadata is used to track storage locations and authentication information for all objects. The data meta-information can thus be used as a root of trust for all objects in the storage system, as long as the data meta-information is trusted, the objects are trusted. In order to guarantee the integrity and anti-replay characteristics of the data meta-information, it is necessary to generate a message authentication code by mixing a permanent counter with the data meta-information every time the data meta-information is changed. The message authentication code and the initial vector of the initialization vector of the data meta-information are stored in the encryption meta-information, and the encryption meta-information and the data meta-information need to be written into the nonvolatile storage after the message authentication code is generated. Because the most recent data metadata and encryption metadata are associated with the current value of the persistent counter, it will not be verified if the data metadata is replaced.
When the secure storage system is started, the encryption meta-information and the data meta-information are read from the nonvolatile storage, and the content of the data meta-information needs to be verified by using the encryption meta-information to ensure that the data meta-information is not illegally tampered.
Non-volatile row storage is persistent storage. Including external storage and internal storage. Internal storage may become the exclusive internal storage of the secure storage application through the RISC-V physical memory protection mechanism.
The permanent counter implements:
the persistent counter must be stored in a higher level of security storage and an attacker cannot physically alter the contents of the memory in which the persistent counter resides. At the software level, the secure storage system under the RISC-V architecture may use a physical memory protection mechanism. The monitor opens the read and modify rights of the persistent counter to the secure storage system only.
Initialization and read/write flow
An initialization process: the meta information (encryption meta information and object meta information) is read. And generating a message authentication code of the object meta-information and the permanent counter, and comparing the message authentication code recorded in the encryption meta-information with the message authentication code.
Writing process: and performing authentication encryption on the data, and writing the initialization vector and the ciphertext into an external storage. And updating the object message authentication code generated by authentication and encryption to an object meta-information area in the memory. And generating a message authentication code of the whole of the permanent counter and the object meta-information, storing the message authentication code in the encryption meta-information, and writing the object meta-information and the encryption meta-information into a persistent area.
And (3) reading flow: and reading the ciphertext, acquiring the message authentication code of the object from the object meta information, and executing decryption operation.
Initialization:
deriving from the root key the keys required for AEAD encryption
And reading the meta information of the secure storage system into a memory from Flash, and performing integrity and anti-rollback check.
Step 1, key initialization. The secure storage system obtains the key raw bytes from the high security level non-volatile storage and derives the device unique key required by the AEAD encryption algorithm using a determined key derivation algorithm.
And 2, initializing the storage system. The basic logic of the secure storage system is to maintain the storage location and authentication information of the object, and the actual data storage and atomic interaction of the operation is done to the underlying file system. The storage location of the object and the authentication information are both available through the object slot in the data meta-information. The encrypted data of the object is actually stored in a file, and the ID of the file is implicitly calculated from the index of the object slot. The authentication information for the object is explicitly saved in the object slot. The storage system is initialized by reading the meta-information from the non-volatile storage into memory. In order to protect against replay attacks and to guarantee the integrity of the meta-information, an integrity verification is required after reading the meta-information. In a legal state, the encryption meta-information stores a message authentication code in which the data meta-information and the permanent counter participate in calculation together, and an initial vector for calculation. Therefore, the integrity of the data element information can be verified by carrying out an inverse operation on the information.
The specific steps are (1) reading meta-information and a permanent counter from the non-volatile storage. (2) And using the permanent counter and the data meta-information as additional data of the AEAD, and decrypting by using the unique key of the equipment, the initial vector, the message authentication code in the encryption meta-information and the ciphertext null. If the decryption is successful, the authentication is passed. Because the message authentication code is associated with the latest permanent counter, if the meta-information is tampered or replaced by old meta-information, the integrity verification cannot be passed, and the effect of preventing replay attack is achieved.
Writing an object:
when the secure storage system receives a write request from a client, the secure storage system operates data in an AEAD encryption mode to generate two outputs: encrypted data, and a message authentication code.
Step 1, an application initiates a write request to a secure storage system.
And 2, adopting a copy-on-write strategy by the secure storage system to prevent the storage system from losing consistency due to abnormity during in-place modification. The method is as follows.
And 3, calculating a new storage address, wherein the new storage address is calculated by the idle object slot occupied after the successful writing, otherwise, the corresponding idle object slot can be calculated by the storage address. Therefore, a free object slot needs to be locked from the data meta information, the file ID corresponding to the object slot is calculated according to the index of the object slot, and if the file corresponding to the file ID exists, the corresponding file is deleted.
And 4, encrypting and persistently storing the plaintext data of the object. And acquiring a new initialization vector from the encryption meta-information, and generating a ciphertext and a message authentication code by adopting an AEAD encryption mode for a plaintext. And writing the initial vector and the ciphertext of the initialization vector into the corresponding file in the step 3.
And 5, backing up the old object slot. And finding the old object slot corresponding to the object ID from the data meta information, and copying the old object slot into the temporary backup. And emptying the old object slot to change the old object slot into an idle state.
And 6, filling a new object slot. And (4) calculating the locked free object slot according to the file ID obtained in the step (3). Fill in (object ID, application ID, message authentication code of object) locked free object slots.
And 7, updating the verification code of the meta-information and performing persistent storage. And acquiring a new initialization vector from the encryption meta-information, taking the permanent counter and the data meta-information as additional data, and carrying out AEAD encryption when the plaintext is empty. And writing the generated message authentication code into the encryption meta-information. And finally, writing the encryption meta information and the data meta information into a nonvolatile memory, and if the writing is successful, incrementing a permanent counter. And if the writing fails, restoring the backed-up object slot into the data meta information and emptying the newly allocated object slot.
Deleting the object:
step 1, an application initiates a deletion request to a secure storage system.
And 2, checking whether the object requested to be deleted is in the safe storage system. And searching whether the corresponding object slot exists in the data meta-information (object ID and application ID). If so, the corresponding storage location, i.e., the actual file ID, is calculated from the index of the object slot.
And 3, backing up the old object slot. And finding the old object slot corresponding to the object ID from the data meta information, and copying the old object slot into the temporary backup. And emptying the old object slot to change the old object slot into an idle state.
And 4, updating the verification code of the meta-information and performing persistent storage. And acquiring a new IV from the encryption meta-information, using the permanent counter and the data meta-information as additional data, and carrying out AEAD encryption when the plaintext is empty. And writing the generated message authentication code into the encryption meta-information. And finally writing the encryption meta-information and the data meta-information into a nonvolatile memory, and incrementing a permanent counter if the writing is successful. And if the writing fails, restoring the backed-up object slot into the data meta information.
And 5, deleting the content corresponding to the file ID.
Reading an object:
step 1, an application initiates a read request to a secure storage system.
And 2, checking whether the object requested to be read is in the safe storage system. The secure storage system obtains the application ID, and searches whether the corresponding object slot (object ID, application ID) exists in the data metadata information. If the file exists, the object slot is obtained, the corresponding storage position, namely the actual file ID, is calculated according to the index of the object slot, and if not, the read back fails.
And 3, reading the object data, decrypting and verifying the integrity. The IV and ciphertext are read from the non-volatile storage according to the file ID. Decryption is performed using (device unique key, IV, ciphertext, message authentication code in object slot). If decryption fails, the data may be tampered with, notifying the application of the read failure. If the decryption is successful, the plaintext is returned to the application.
Obtaining the application ID:
RISC-V devices that configure a secure storage system may assign a globally unique application identifier to all applications at the S/U privilege level. The secure storage system, upon receipt of any request, will obtain the globally unique identifier of the requesting application, i.e. the application ID, from the monitor through a system call. Since the monitor is trusted, no application can forge itself into another application to request the secure storage system to obtain or modify data for the other application.
Power failure recovery mechanism
After writing the data metadata, the data metadata cannot be successfully verified the next time the secure storage system is started, if a power loss occurs that would cause the data metadata on the non-volatile storage to advance the persistent counter before incrementing the persistent counter. In order to provide a recovery mechanism when the power is off for the secure storage system, the integrity of the data metadata information needs to be verified once by using a permanent counter +1 when the verification fails, and if the verification is passed, the above situation is indicated, and the permanent counter needs to be incremented after the verification is finished so as to be consistent with the permanent counter generating the message authentication code. If the verification fails, the integrity of the data meta-information is destroyed.
In other abnormal power failure situations, the meta information in the non-volatile storage is consistent with the permanent counter, so that the secure storage system can be successfully initialized, i.e. the content in the data meta information is valid. Since the copy-on-write technology is adopted when writing the object, the file pointed by the object slot is also ensured to be effective. When the object is deleted, the consistency can be ensured by deleting the metadata first and then deleting the actual file.
Atomicity of meta-information writes
To ensure consistency of the secure storage system, atomic update meta-information is required. Thus, if an exception occurs in the updating process, the state before updating can be obtained instead of the destroyed state when the updating process is recovered next time. This is ensured by copy-on-write techniques.
The secure storage system has two fixed file IDs for writing meta information, which are [ meta information file ID1 ] and [ meta information file ID2 ], respectively. After the secure storage system is initialized, a [ active file ID pointer ] pointing to a currently valid meta-information file is maintained in a memory. When the meta information is actually written, if the [ active file ID pointer ] points to the [ meta information file ID1 ], the meta information in the memory is written into the [ meta information file ID2 ], and if the writing is successful, the [ active file ID pointer ] points to the [ meta information file ID2 ], otherwise, the pointing is not changed. In this way, at least one of the meta information files ID1 and 2 contains valid meta information in any case, thereby ensuring the consistency of the secure storage system.
Wherein the application ID is a unique identifier assigned to each application by the RISC-V system. The application ID is static and the system restart does not change.
An object is a data entity in a secure storage system. The object contains the properties of object ID, belonging application ID, data content, data length and the like.
Object ID: within each application, an object possesses a unique identifier. An object ID of 0 is an invalid ID.
Object slot: the component unit of the object meta-information comprises an object ID, an application ID and an object message authentication code.
Meta information: containing encryption meta-information and object meta-information.
Encryption meta information: the encryption meta-information contains a message authentication code of the initial vector and the object meta-information.
Object meta information: used to track information for all objects in the secure storage system. The object meta-information is a fixed-length array, each element of the array being an object slot. When the object ID in the object slot is valid, the object is said to be present in the secure storage system. The affiliated application ID in the object slot is used to identify the owner of the object and the object message authentication code is used to verify the integrity of the object data. Whenever the state of an object in the secure storage system changes (e.g., an object is newly created, an object is modified, an object is deleted), the data metadata needs to generate a new message authentication code and write the new message authentication code to the non-volatile storage.
Initial vector: a counter incremented in the secure storage system as one of the AEAD's parameters. The secure storage system obtains an initial vector each time an AEAD encryption operation is performed and increments the initial vector. The initial vector is stored in the encryption meta-information.
Permanent counter: a counter in a high security level non-volatile storage medium for protection against replay attacks. Only two operations, read and increment, can be performed. The access right is only provided for the safe storage system through the physical memory protection mechanism of RISC-V. The participation of a permanent counter is needed when the message authentication code of the data meta-information is generated, and the permanent counter needs to be increased after the message authentication code is generated each time. Only data meta-information consistent with the persistent counter can be validated.
Key raw byte: a series of bytes in a high security level non-volatile storage medium for deriving a device unique key. The access right is only exposed to the safe storage system through the physical memory protection mechanism of RISC-V. Each device must have a different key raw byte to ensure that the derived key is unique to the device.
Device unique key: keys for cryptographic operations in a secure storage system. The key raw byte derives the device unique key through a determined key derivation function, so the device unique key has determinacy, and the value of the key is not changed when the system is shut down and started. Under the physical memory protection mechanism of RISC-V, only the secure storage system can obtain the original byte of the key, so the derived key has privacy. Meanwhile, during operation, the key is also stored in the memory protected by the RISC-V physical memory, and the external application cannot acquire or tamper the value of the key, so that the privacy and the integrity of the key are further ensured.
And (3) physical memory protection: and the mechanism for limiting the application to access the physical memory under the RISC-V platform. The monitor partitions the physical memory for each application, and the application has no authority over the physical memory outside the partitions.
A monitor: and the manager with the highest authority under the RISC-V platform has the access authority of all hardware resources and is responsible for dividing the hardware resources into upper-layer applications.
Those skilled in the art will appreciate that, in addition to implementing the systems, apparatus, and various modules thereof provided by the present invention in purely computer readable program code, the same procedures can be implemented entirely by logically programming method steps such that the systems, apparatus, and various modules thereof are provided in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system, the device and the modules thereof provided by the present invention can be considered as a hardware component, and the modules included in the system, the device and the modules thereof for implementing various programs can also be considered as structures in the hardware component; modules for performing various functions may also be considered to be both software programs for performing the methods and structures within hardware components.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.

Claims (10)

1. A data storage method based on RISC-V architecture is characterized by comprising the following steps:
step S1: the safe storage system maintains an exclusive internal storage area through a physical memory protection mechanism of RISC-V, and sets a permanent counter in the internal storage area;
step S2: obtaining a device unique key according to the device unique security identifier;
and step S3: when the safe storage system carries out the operation of updating the object meta-information, the permanent counter is increased in number;
and step S4: generating a message authentication code according to the current count of the permanent counter, the object meta-information and the unique key of the equipment, and storing the message authentication code in the encryption meta-information;
step S5: reading the encryption meta-information and the object meta-information from an external storage, and authenticating the currently read object meta-information by using the encryption meta-information to ensure that the data meta-information is not illegally tampered;
in a secure storage system, data meta-information is used to track storage locations and authentication information for all objects; taking the data metadata information as a trust root of all objects in the storage system, wherein the objects are also trusted as long as the data metadata information is trusted; in order to ensure the integrity and anti-replay characteristics of the data meta-information, a permanent counter and the data meta-information need to be mixed together to generate a message authentication code each time the data meta-information is changed; storing a message authentication code and an initialization vector of data meta-information in encryption meta-information, and writing the encryption meta-information and the data meta-information into a nonvolatile memory after generating the message authentication code; the latest data meta-information and encryption meta-information are associated with the current value of the persistent counter, so that the data meta-information cannot be verified if replaced;
when the secure storage system is started, reading encryption meta-information and data meta-information from the nonvolatile storage, wherein the content of the data meta-information needs to be verified by using the encryption meta-information to ensure that the data meta-information is not illegally tampered;
the internal storage becomes the exclusive internal storage of the secure storage application through the RISC-V physical memory protection mechanism.
2. A RISC-V architecture based data storage method according to claim 1, wherein said step S2 employs: the device unique secure identifier derives a device unique key using a key derivation algorithm.
3. A RISC-V architecture based data storage method according to claim 1, wherein said step S4 employs: and generating a message authentication code by using an AEAD encryption algorithm according to the current count of the permanent counter, the object meta-information and the equipment unique key, and storing the message authentication code in the encryption meta-information.
4. A RISC-V architecture based data storage method as claimed in claim 1, wherein the secure storage system maintains a plurality of file indexes, writing meta information alternately, ensuring that a file pointed to by one index is always valid;
and when the meta information is actually written, writing the meta information into the meta information file which is not pointed by the current active file ID pointer, and when the writing is successful, pointing the active file ID pointer to the meta information file which is successfully written.
5. A RISC-V architecture based data storage method as claimed in claim 1, wherein a new location is allocated to the modified object in the object meta information, the original location is deleted after backup, and the secure storage system is only in the state of successful writing or before modification.
6. A RISC-V architecture based data storage method according to claim 1, wherein the data and meta-information are updated by copy-on-write;
the meta information includes object meta information and encryption meta information.
7. A RISC-V architecture based data storage system, comprising:
a module M1: the safe storage system maintains an exclusive internal storage area through a physical memory protection mechanism of RISC-V, and sets a permanent counter in the internal storage area;
a module M2: obtaining a device unique key according to the device unique security identifier;
a module M3: when the safe storage system carries out the operation of updating the object meta-information, the permanent counter is increased in number;
a module M4: generating a message authentication code according to the current count of the permanent counter, the object meta-information and the unique key of the equipment, and storing the message authentication code in the encryption meta-information;
a module M5: reading the encryption meta-information and the object meta-information from an external storage, and authenticating the currently read object meta-information by using the encryption meta-information to ensure that the data meta-information is not illegally tampered;
in a secure storage system, data meta-information is used to track storage locations and authentication information for all objects; taking the data metadata information as a trust root of all objects in the storage system, wherein the objects are also trusted as long as the data metadata information is trusted; in order to ensure the integrity and anti-replay characteristics of the data meta-information, a permanent counter and the data meta-information need to be mixed together to generate a message authentication code each time the data meta-information is changed; storing a message authentication code and an initialization vector of data meta-information in encryption meta-information, and writing the encryption meta-information and the data meta-information into a nonvolatile memory after generating the message authentication code; the latest data metadata and encryption metadata are associated with the current value of the persistent counter, so that if the data metadata is replaced, it will not be verified;
when the secure storage system is started, reading encryption meta-information and data meta-information from the nonvolatile storage, wherein the content of the data meta-information needs to be verified by using the encryption meta-information to ensure that the data meta-information is not illegally tampered;
internal storage becomes the exclusive internal storage of the secure storage application through the RISC-V physical memory protection mechanism.
8. A RISC-V architecture based data storage system according to claim 7, wherein said module M2 employs: the device unique security identifier obtains a device unique key by using a key derivation algorithm;
the module M4 employs: and generating a message authentication code by using an AEAD encryption algorithm according to the current count of the permanent counter, the object meta-information and the unique key of the equipment, and storing the message authentication code in the encryption meta-information.
9. A RISC-V architecture based data storage system as claimed in claim 7, wherein the secure storage system maintains a plurality of file indices, writing meta information in alternation, ensuring that a file always pointed to by one index is valid;
when the meta information is actually written, writing the meta information into a meta information file which is not pointed by the current active file ID pointer, and when the writing is successful, pointing the active file ID pointer to the meta information file which is successfully written;
and allocating a new position to the modified object in the object meta information, deleting the original position after backup, and only enabling the safe storage system to be in a state before writing success or modification.
10. A RISC-V architecture based data storage system as claimed in claim 7, wherein both data and meta information are updated by copy-on-write;
the meta information includes object meta information and encryption meta information.
CN202110796928.5A 2021-07-14 2021-07-14 Data storage method and system based on RISC-V architecture Active CN113486399B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110796928.5A CN113486399B (en) 2021-07-14 2021-07-14 Data storage method and system based on RISC-V architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110796928.5A CN113486399B (en) 2021-07-14 2021-07-14 Data storage method and system based on RISC-V architecture

Publications (2)

Publication Number Publication Date
CN113486399A CN113486399A (en) 2021-10-08
CN113486399B true CN113486399B (en) 2023-03-24

Family

ID=77939276

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110796928.5A Active CN113486399B (en) 2021-07-14 2021-07-14 Data storage method and system based on RISC-V architecture

Country Status (1)

Country Link
CN (1) CN113486399B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584328B (en) * 2022-05-09 2022-08-02 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101427259A (en) * 2006-04-24 2009-05-06 艾利森电话股份有限公司 Authorisation of the installation of a software version
CN103427984A (en) * 2012-05-24 2013-12-04 三星电子株式会社 Apparatus for generating secure key using device ID and user authentication information
CN107506652A (en) * 2017-07-13 2017-12-22 浙江大学 CephFS metadata of distributed type file system accesses the realization method and system of protection mechanism
CN110968530A (en) * 2019-11-19 2020-04-07 华中科技大学 Key value storage system based on nonvolatile memory and memory access method
CN111783097A (en) * 2020-05-28 2020-10-16 东方红卫星移动通信有限公司 Information integrity measurement verification method and system for satellite-borne computing system
CN112540931A (en) * 2020-12-16 2021-03-23 华中科技大学 Method and processor for ensuring data breakdown consistency in secure nonvolatile memory

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107111730B (en) * 2014-11-07 2021-01-08 新思公司 Integrity protection for data storage
CN104391802A (en) * 2014-11-24 2015-03-04 浪潮电子信息产业股份有限公司 Streamline pool metadata node refreshing consistency protecting method
CN104601579A (en) * 2015-01-20 2015-05-06 成都市酷岳科技有限公司 Computer system for ensuring information security and method thereof
US10108557B2 (en) * 2015-06-25 2018-10-23 Intel Corporation Technologies for memory confidentiality, integrity, and replay protection
US10540297B2 (en) * 2017-08-03 2020-01-21 Arm Limited Memory organization for security and reliability
JP7096323B2 (en) * 2017-08-03 2022-07-05 アーム・リミテッド Counter consistency tree for memory security
CN107784121B (en) * 2017-11-18 2020-04-24 中国人民解放军国防科技大学 Lowercase optimization method of log file system based on nonvolatile memory

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101427259A (en) * 2006-04-24 2009-05-06 艾利森电话股份有限公司 Authorisation of the installation of a software version
CN103427984A (en) * 2012-05-24 2013-12-04 三星电子株式会社 Apparatus for generating secure key using device ID and user authentication information
CN107506652A (en) * 2017-07-13 2017-12-22 浙江大学 CephFS metadata of distributed type file system accesses the realization method and system of protection mechanism
CN110968530A (en) * 2019-11-19 2020-04-07 华中科技大学 Key value storage system based on nonvolatile memory and memory access method
CN111783097A (en) * 2020-05-28 2020-10-16 东方红卫星移动通信有限公司 Information integrity measurement verification method and system for satellite-borne computing system
CN112540931A (en) * 2020-12-16 2021-03-23 华中科技大学 Method and processor for ensuring data breakdown consistency in secure nonvolatile memory

Also Published As

Publication number Publication date
CN113486399A (en) 2021-10-08

Similar Documents

Publication Publication Date Title
KR102254256B1 (en) Anti-rollback version upgrade in secured memory chip
US8200961B2 (en) Securing a flash memory block in a secure device system and method
US9641490B2 (en) Trusted storage systems and methods
JP4392241B2 (en) Method and system for promoting safety protection in a computer system employing an attached storage device
US7152165B1 (en) Trusted storage systems and methods
US8281135B2 (en) Enforcing use of chipset key management services for encrypted storage devices
US8719580B2 (en) Data verification method
US6539480B1 (en) Secure transfer of trust in a computing system
US20020157010A1 (en) Secure system and method for updating a protected partition of a hard drive
US11803366B2 (en) Firmware updating system and method
US7117535B1 (en) Software-generated machine identifier
CN111367834A (en) Self-encrypting driver (SED)
CN104598827B (en) Design method of restarting counter of hardware assisted operating system
CN113486399B (en) Data storage method and system based on RISC-V architecture
CN111539042B (en) Safe operation method based on trusted storage of core data files
WO2023073368A1 (en) Methods and systems for secure data storage
CN115310136A (en) Data security guarantee method based on SATA bridging chip
JP2021060721A (en) Memory system
CN116089967B (en) Data rollback prevention method and electronic equipment
JP7438924B2 (en) Information processing device, method and program
JP2022107288A (en) Electronic control apparatus for automobile
CN103119553A (en) Platform firmware armoring technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant