CN117910058A - Data processing method and system based on data security protection between FPGA chips - Google Patents
Data processing method and system based on data security protection between FPGA chips Download PDFInfo
- Publication number
- CN117910058A CN117910058A CN202311690844.9A CN202311690844A CN117910058A CN 117910058 A CN117910058 A CN 117910058A CN 202311690844 A CN202311690844 A CN 202311690844A CN 117910058 A CN117910058 A CN 117910058A
- Authority
- CN
- China
- Prior art keywords
- data
- noise
- scrambling
- module
- processing unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 11
- 238000012545 processing Methods 0.000 claims abstract description 97
- 238000000034 method Methods 0.000 claims abstract description 27
- 239000000523 sample Substances 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000005540 biological transmission Effects 0.000 description 32
- 230000006854 communication Effects 0.000 description 12
- 238000004891 communication Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000004088 simulation Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000002457 bidirectional effect Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 230000007175 bidirectional communication Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a data processing method and a system based on data security protection between FPGA chips, wherein the method comprises the following steps: the method comprises the steps of storing first noise data generated by a first noise source module into a first noise data buffer module, reading the first noise data from the first noise buffer module through a first processing unit, carrying out scrambling operation through a first scrambling module according to first service data and the first noise data, generating first ciphertext data, sending the first ciphertext data to a second processing unit through a first service channel interface, sending the first noise data to the second processing unit through the first noise channel interface, carrying out descrambling operation through the second scrambling module according to the first ciphertext data and the first noise data, generating first service data, then sending the first service data to a second logic processing module, and encrypting the service data by the second processing unit and sending the service data to the first processing unit in the same mode. The invention uses a lightweight data scrambling technology and has certain safety protection strength.
Description
Technical Field
The invention relates to a data processing method and system based on data security protection between FPGA chips, and belongs to the fields of communication technology and information security.
Background
With the development of FPGA (Field Programmable GATE ARRAY) technology, more and more electronic or communication systems use fpgas to realize rapid data transmission. With the increasing throughput of communication data, transmission overhead is reduced, and the improvement of data processing performance becomes an increasing demand for clients. Meanwhile, as the demands of people for data security and data confidentiality are increasing, the stability and the security of information transmission are ensured while the rapid transmission processing of a large amount of data is ensured.
Scrambling is a technique for randomizing digital information in a digital transmission system, and is widely used in various fields of communication. The function is to randomize the digital sequence sent from the data source to transform it into a digital sequence approximating white noise. In the course of transmission in an electronic or communication system, there is a need to maintain the stability, confidentiality and efficiency of the system. Because the scrambling code is helpful to improve the confidentiality of communication, the scrambling code can be used for preventing the data from revealing the plaintext in the transmission process, thereby improving the security of the system.
Disclosure of Invention
The invention provides a data processing method and a data processing system based on data security protection between FPGA chips, which aim to at least solve one of the technical problems in the prior art.
The technical scheme of the invention also relates to a data processing method based on the data security protection between the FPGA chips, which is applied to a data processing system, wherein the data processing system comprises a first processing unit and a second processing unit; the first processing unit comprises a first noise source module, a first noise data buffer module, a first service channel interface, a first noise channel interface and a first scrambling and descrambling module; the second processing unit comprises a second noise source module, a second noise data buffer module, a second service channel interface, a second noise channel interface and a second scrambling and descrambling module. In this aspect, the method according to the invention comprises the steps of:
S110, after the system is detected to finish power-on initialization, storing first noise data generated by the first noise source module into the first noise data buffer module;
s120, when a first processing unit receives a first service data input, the first processing unit reads first noise data from the first noise buffer module;
S130, according to the first service data and the first noise data, scrambling operation is carried out through the first scrambling and descrambling module so as to generate first ciphertext data; then sending the first ciphertext data to the second processing unit via the first traffic channel interface, and sending the first noise data to the second processing unit via the first noise channel interface;
S140, when the second processing unit receives the first service data output, descrambling operation is carried out through the second scrambling and descrambling module according to the first ciphertext data and the first noise data so as to generate first service data, and then the first service data is sent to the second logic processing module;
And
S210, after the system is detected to finish power-on initialization, storing second noise data generated by the second noise source module into the second noise data buffer module;
S220, when a second processing unit receives a second service data input, the second processing unit reads second noise data from the second noise buffer module;
S230, scrambling operation is carried out through the second scrambling and descrambling module according to the second service data and the second noise data so as to generate second ciphertext data; then sending the second ciphertext data to the first processing unit via the second traffic channel interface, and sending the second noise data to the first processing unit via the second noise channel interface;
s240, when the first processing unit receives the second service data output, descrambling operation is performed through the first scrambling and descrambling module according to the second ciphertext data and the second noise data, so as to generate second service data, and then the second service data is sent to the first logic processing module.
Further, wherein the first scrambling and descrambling module is provided with a first linear feedback shift register for generating a pseudo random sequence; the second scrambling and descrambling module is provided with a second linear feedback shift register for generating a pseudo-random sequence.
Further, the first noise channel interface and the second noise channel interface are custom interfaces.
Further, the first scrambling and descrambling module and the second scrambling and descrambling module are respectively provided with an enabling signal for realizing self-synchronization of the receiving end.
Further, the output end of the first scrambling and descrambling module and the enabling signal are output after logical AND operation; and the output end of the second scrambling and descrambling module and the enabling signal are output after logical AND operation.
Further, wherein, the method comprises the steps of,
The scrambling operation of the first scrambling and descrambling module and the second scrambling and descrambling module is represented as follows:
S8=D8⊕(S6⊕S5⊕S4⊕S0)•EN
The descrambling operation of the first scrambling and descrambling module and the second scrambling and descrambling module is represented as follows:
D8=S8⊕(S6⊕S5⊕S4⊕S0)•EN
Wherein S8 represents ciphertext data; s6, S5, S4 and S0 each represent noise data; d8 represents service data; EN represents an enable signal.
Further, the initial state values of the first linear feedback shift register and the second linear feedback shift register are all non-zero data.
Further, in the step S110, the first noise data is continuously input until the first noise buffer module is full, and after the first noise data is fetched, the first noise buffer module continuously receives the data generated by the first noise source module; in the step S210, the second noise data is continuously input until the second noise buffer module is full, and after the second noise data is fetched, the second noise buffer module continues to receive the data generated by the second noise source module.
An aspect of the present invention relates to a storage medium having stored thereon program instructions which, when executed by a processor, implement the above-described method.
Another aspect of the present invention relates to a data processing system, comprising: the storage medium described above.
The beneficial effects of the invention are as follows.
The invention relates to a data processing method and a system based on data security protection among FPGA chips, which are beneficial to ensuring that data security transmission among chips is completed in an electronic or communication system by using a lightweight data scrambling technology under lower system delay and processing cost. Meanwhile, due to the fact that random noise is used, the scrambling factors used by different data packets are different even in the same system and in the same transmission, the safety of data end-to-end transmission is greatly improved, the technical problem of safety of short-distance high-speed data transmission is solved, and the safety level of product information is improved. The data bidirectional transmission between the two FPGA units uses independent channels, so that the data can be transmitted in a full duplex mode, the safety of the data transmission is guaranteed, and the independent noise data is used, so that the data scrambling and descrambling processes of the bidirectional communication are irrelevant, and the safety of the data transmission is further enhanced.
Drawings
Fig. 1 is a basic flow chart of a method according to an embodiment of the invention.
FIG. 2 is a schematic diagram of a data processing system according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of a scrambler in accordance with a method of an embodiment of the present invention.
Fig. 4 is a schematic diagram of a descrambler according to a method of an embodiment of the invention.
FIG. 5 is a schematic diagram of a simulation platform in accordance with an embodiment of the present invention.
Fig. 6 is a simulated waveform diagram of the scrambling and descrambling data processing in the method according to the invention.
Detailed Description
The conception, specific structure, and technical effects produced by the present invention will be clearly and completely described below with reference to the embodiments and the drawings to fully understand the objects, aspects, and effects of the present invention.
It should be noted that, unless otherwise specified, when a feature is referred to as being "fixed" or "connected" to another feature, it may be directly or indirectly fixed or connected to the other feature. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Furthermore, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art. The terminology used in the description presented herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used herein includes any combination of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in this disclosure to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element of the same type from another.
Referring to fig. 1 and 2, the technical scheme of the present invention is based on a data processing system, which includes a first processing unit and a second processing unit, where the first processing unit includes a first noise source module, a first noise data buffer module, a first traffic channel interface, a first noise channel interface, and a first scrambling/descrambling module, and the second processing unit includes a second noise source module, a second noise data buffer module, a second traffic channel interface, a second noise channel interface, and a second scrambling/descrambling module. Further, in some embodiments, the first processing unit and the second processing unit of the embodiments of the present invention are both based on FPGA chips.
Specifically, random noise data can be generated uninterruptedly through the first noise source module and the second noise source module, and no correlation exists between any noise data, so that the generated noise data is unexpected, and the two noise source modules are basic modules of safety protection. In some embodiments, a separate noise chip may be accessed as a noise source.
Further, by arranging the first noise data buffer module and the second noise data buffer module, a special dynamic storage space is divided inside the first processing unit and the second processing unit and used for accessing random noise data generated by the first noise source module and the second noise source module, so that the speed difference between noise generation and use is smoothed. It will be appreciated that the spatial magnitudes of the first noise data buffer module and the second noise data buffer module are determined by the rate at which noise is generated and the rate at which noise is taken.
Further, a first service channel interface and a second service channel interface are provided as interfaces used by the service flow channels carried by the FPGA in the whole electronic or communication system. In some embodiments, the first traffic channel interface and the second traffic channel interface are typically standard protocol interfaces that are native to the FPGA device or interfaces that are analog to GPIO.
Further, a first noise channel interface and a second noise channel interface are provided as interfaces for transmitting random noise data between FPGA devices. It should be noted that, for safety, the first noise channel interface and the second noise channel interface should use custom interfaces of common IO simulation of FPGA, instead of using common standard protocol interfaces.
Further, a first scrambling and descrambling module and a second scrambling and descrambling module are arranged, the two scrambling and descrambling modules are respectively provided with a corresponding scrambler and a corresponding descrambler, the scrambler performs scrambling operation on plaintext data through a scrambling algorithm to generate ciphertext, and the descrambler performs descrambling operation on the ciphertext data through a descrambling algorithm to restore plaintext, namely service data is restored. The first scrambling and descrambling module and the second scrambling and descrambling module in the embodiment of the invention scramble signals without increasing redundancy, change the statistical characteristics of digital signals and obtain data similar to the statistical characteristics of white noise, which is a technology based on pseudo random sequences in a Linear Feedback Shift Register (LFSR). In one embodiment, an 8-th order LFSR expression is described herein as:
G(x) = X8+X4+X3+X2+1 (1)
The above formula (1) represents one primitive polynomial, i.e., an irreducible polynomial having a maximum period. A pseudo random sequence with a period of 2 8 -1 is generated by equation (1). When the embodiment of the invention designs a scrambler, the bit number of the longest period is determined first, a corresponding scrambling polynomial is selected according to the bit number, and an LFSR sequence generated by taking the primitive polynomial as a generator polynomial is the maximum period sequence. In some embodiments of the present invention, the scrambling rule performs a scrambling operation according to an exponent with a primitive polynomial coefficient of 1 term, that is, the scrambling value output in the current state is the result of performing a modulo-two addition operation by the current state and the previous state value. The length of the shift register, that is, the number of shift registers is determined by the input bit length, but the relationship between the input and the output, for example, the relationship between the first bit input and the first bit output, is determined by the number of shift registers, and the value of a few bits after the bit is separated from the first bit.
Referring to fig. 1 to 6, in some embodiments, a data processing method based on data security protection between FPGA slices according to the present invention is applied to the above data processing system, and at least includes the following steps:
s110, after the system is detected to finish power-on initialization, storing first noise data generated by a first noise source module into a first noise data buffer module;
S120, when the first processing unit receives the first business data input, the first processing unit reads first noise data from the first noise buffer module;
S130, according to the first service data and the first noise data, scrambling operation is carried out through a first scrambling module to generate first ciphertext data, then the first ciphertext data is sent to the second processing unit through the first service channel interface, and the first noise data is sent to the second processing unit through the first noise channel interface. Specifically, the first noise data which is random in the first noise buffer module is read by the first scrambling module as an initial vector of the scrambling algorithm, and the first noise data is synchronously transmitted to the second processing unit through the first noise channel interface (see the sign 1 in fig. 2). The first scrambling and descrambling module performs scrambling operation by using the initial vector noise data through a scrambling and descrambling algorithm, generates ciphertext data, and then transmits the scrambled ciphertext data to the second processing unit through the first service channel interface (see the symbol 2 in fig. 2). The second processing unit receives the random first noise data and immediately sends it to the second scrambling and descrambling processing module (see reference numeral 3 in fig. 2).
S140, when the second processing unit receives the first service data output, descrambling operation is performed through the second scrambling and descrambling module according to the first ciphertext data and the first noise data, so as to generate first service data, and then the first service data is sent to the second logic processing module (see the mark 4 in fig. 2);
And
S210, after the system is detected to finish power-on initialization, second noise data generated by a second noise source module are stored in a second noise data buffer module;
s220, when the second processing unit receives the second business data input, the second processing unit reads second noise data from the second noise buffer module;
S230, scrambling operation is carried out through a second scrambling and descrambling module according to the second service data and the second noise data so as to generate second ciphertext data; the second ciphertext data is then sent to the first processing unit via the second traffic channel interface, and the second noise data is sent to the first processing unit via the second noise channel interface. Specifically, the second noise data which is random in the second noise buffer module is read by the second scrambling module as an initial vector of the scrambling algorithm, and the second noise data is synchronously transmitted to the first processing unit through the second noise channel interface (see the symbol 5 in fig. 2). And the second scrambling and descrambling module performs scrambling operation by using the initial vector noise data through a scrambling and descrambling algorithm, generates ciphertext data, and then transmits the scrambled ciphertext data to the first processing unit through the second service channel interface (see the sign 6 in fig. 2). The first processing unit receives the random second noise data and immediately sends it to the first scrambling and descrambling processing module (see reference 7 in fig. 2).
S240, when the first processing unit receives the second service data output, a descrambling operation is performed through the first scrambling module according to the second ciphertext data and the second noise data, so as to generate second service data, and the second service data is sent to the first logic processing module (see the sign 8 in fig. 2).
The data processing method based on the FPGA inter-chip data security protection comprises data scrambling and data descrambling based on the FPGA inter-chip data security protection, so that high-speed data transmission can be realized under the conditions of lower expenditure and time delay by an electronic or communication system, and meanwhile, the data processing method also has certain security protection strength and does not leak plaintext information in the transmission process. The data bidirectional transmission between the two FPGA units uses independent channels, so that the data can be transmitted in a full duplex mode, the safety of the data transmission is guaranteed, and the independent noise data is used, so that the bidirectional communication has no correlation to the scrambling and descrambling process of the data, and the safety of the data transmission is further enhanced.
Specifically, in the embodiment of the invention, in the electronic or communication system diagram, two FPGA units mutually transmit data, which are provided with a first transmission channel and a second transmission channel, service data in the first transmission channel is transmitted from the first processing unit to the second processing unit (i.e., steps S110 to S140), and service data in the second transmission channel is transmitted from the second processing unit to the first processing unit (i.e., steps S210 to S240), so that bidirectional transmission of independent channels is realized, data transmission efficiency is improved, and data transmission security is also improved. The first processing unit provides noise data by the first noise source module and the second processing unit provides noise data by the second noise source module, so that the two FPGA units use independent noise sources, and the two-way communication has no correlation to the scrambling and descrambling process of the data.
In an embodiment, after each chip in the system is powered on and initialized, the first noise data is continuously input until the first noise buffer module is full, and after the first noise data is fetched, the first noise buffer module continuously receives data generated by the first noise source, and the second noise data is continuously input until the second noise buffer module is full, and after the second noise data is fetched, the second noise buffer module continuously receives data generated by the second noise source. Specifically, the two FPGAs continuously receive noise data transmitted by the external noise source chip and store the noise data in the internal noise data buffer areas respectively. And stopping receiving the noise data after the noise data buffer area is fully written, and continuing to receive the writing of the noise data until the noise data is taken away. The noise data receiving is set to be automatically and uninterruptedly executed, and is irrelevant to whether the two FPGA units process service data or not.
In an embodiment, when service data needs to be sent to an opposite-end FPGA unit in a local-end FPGA unit, that is, a first processing unit (local end) needs to send data to a second processing unit (opposite end), or the second processing unit (local end) needs to send data to the first processing unit (opposite end), the local-end FPGA unit sequentially reads noise data in a noise buffer module, the noise data and the service data are converted into ciphertext in a scrambling module through a scrambling algorithm, and then sent to the opposite-end FPGA through a service channel interface, and meanwhile, the local-end FPGA unit uses a synchronous clock to send the taken noise data to the opposite-end FPGA through a noise channel. After receiving ciphertext data sent by the service channel interface, the opposite-end FPGA is restored to plaintext data in the scrambling and descrambling module through a descrambling algorithm together with noise data of the noise channel interface which is synchronously received, namely restored to service data, and then transmitted to a later logic for processing, so that plaintext information cannot be revealed in the transmission process.
In an embodiment, the first scrambling module is provided with a first linear feedback shift register for generating a pseudo random sequence; the second scrambling and descrambling module is provided with a second linear feedback shift register for generating the pseudo-random sequence. Furthermore, the first linear feedback shift register and the second linear feedback shift register are eight-bit registers, and it should be noted that the linear feedback shift register of the embodiment of the present invention may use a linear feedback shift register with multiple bits, and the eight-bit linear feedback shift register is only used for illustration. Further, the initial state values of the first linear feedback shift register and the second linear feedback shift register are all non-zero data.
In an application embodiment, referring to fig. 3, two scrambling and descrambling modules of the embodiment of the present invention generate a pseudo random sequence by using an eight-bit linear feedback shift register, where parameters to be determined include a generator polynomial and a shift register initial state value. Wherein, inside the service channel, the generating polynomials and initial state values of the scrambling and descrambling modules of both communication parties must be the same. In different channels of service or management, the generating polynomial and the initial state value of the scrambling and descrambling module can be different, but the initial state value cannot be selected to be all 0, otherwise, when the input noise data is 0, the output constant is 0, so that the system safety is reduced. The initial state value of the first scrambling and descrambling module is generated by reading the true random noise output by the first noise source module, and the initial state value of the second scrambling and descrambling module is obtained by reading the true random noise output by the second noise source module, and the noise data cannot be expected and cannot be all 0, so that the safety of the system is further improved. It should be noted that the linear feedback shift register according to the embodiment of the present invention may be a linear feedback shift register with a plurality of bits, and an eight-bit linear feedback shift register is used herein for illustration only.
In an application embodiment, referring to fig. 4, the first scrambling and descrambling module and the second scrambling and descrambling module are both provided with enable signals for implementing self-synchronization of the receiving end, so that the starting time of scrambling and descrambling is convenient to control to be the same, and the initial value of the scrambler is firstly sent to the receiving end as unscrambled data, so that the polynomial of the scrambler and the descrambler in the first scrambling and descrambling module is the same as the initial state value, and the polynomial of the scrambler and the descrambler in the second scrambling and descrambling module is the same as the initial state value, thereby being beneficial to ensuring that the data can be unscrambled correctly. Specifically, an enable signal EN is added to each of the two scrambling and descrambling modules, so as to flexibly control the scrambling process, thereby realizing self-synchronization of the receiving-end descrambler. In a specific embodiment of the present invention, an initial state value of a shift register in a local end scrambler as a transmitting end is sent to an opposite end descrambler in Wen Xingshi, so that after receiving the initial value of the shift register of the local end scrambler, the opposite end descrambler as a receiving end configures the shift register of the opposite end descrambler to realize a correct descrambling function.
In an application embodiment, the output end of the first scrambling/descrambling module and the enable signal are output after logical AND operation. Referring to fig. 4, an and is added before the input and output modulo-2 addition operation of the scrambling and descrambling module, so as to realize switch control, that is, when the enable signal is 0, the transmitting end does not perform scrambling and the receiving end does not perform descrambling, whereas when the enable signal is 1, the transmitting end performs scrambling and the receiving end performs descrambling. The switches are denoted by EN and can be described by the following formulas, and it should be noted that the method of the present invention is not limited to using a specific polynomial and order, and the use of an eight-bit linear feedback shift register is only described here as an example.
Scrambling operation: s8=d8 + (s6 +.s5 +.s4 +.s0). EN
Descrambling operation: d8 S8 # (S6 # (S5) S4 # (S0)) # (EN)
Wherein S8 represents ciphertext data; s6, S5, S4 and S0 all represent the processing states of each stage; d8 represents service data; EN represents an enable signal. It can be understood that when the embodiment of the invention adopts registers with different digits, a polynomial with corresponding order is needed to operate in scrambling and descrambling processing.
In the embodiment of the invention, when transmitting the next service message, the first processing unit and the second processing unit update noise data first so as to use different random noise to carry out scrambling and descrambling operation, thereby realizing 'one packet one cipher', namely different messages use different noise scrambling, and greatly improving the security of data transmission between chips. It should be noted that, the transmission of random noise of the initial vector is to keep clock synchronization with the transmission of the corresponding service data, so as to ensure that the service data can be accurately unscrambled to restore the plaintext.
This is described in terms of one specific embodiment. For example, a binary non-zero sequence 100011101 is used to simulate the random sequence generated by the noise source as the initial state value; the EN signal selects a high level 1 to represent enabling scrambling and descrambling; the pseudo-random sequence randomly generated by the system function $random is selected as the original service data, and is input into a logic circuit generated by a polynomial G (X) =X 8+X4+X3+X2 +1, and ciphertext data is generated after the operation of a shifting register of a scrambler shown in fig. 1. Then the ciphertext data is input into the descrambler shift register operation shown in fig. 2, and the pseudo-random plaintext generated before can be restored.
The invention performs experimental verification on the data processing system. The scrambling and descrambling device are respectively realized by hardware description language, a simple simulation platform (see figure 5) is built, and the output of the scrambling device and the input signal of the descrambling device are directly butted together to verify the effect. The scrambler and the descrambler are cascaded together during simulation, namely, the descrambling is performed immediately after the data scrambling. The data sequence is generated by a pseudo-random function and the input signal din re-sent to the scrambler is read in the stimulus, see the red signal in fig. 6. The ciphertext signal scram dout of the scrambled output is completely different from the original signal din, and has a scrambling effect, as shown in the green signal of fig. 6. After the signal is input to the descrambler again, the output descram _dout is completely consistent with the original signal din, and the signal is accurately restored, as shown by the yellow signal in fig. 6. According to the simulation result, the descrambled output signal descram _dout can be restored to the original data din without error, and only one clock period delay is provided, so that the influence on the data transmission performance is very small. The existing standard symmetric encryption and decryption algorithm is adopted, so that not only is the logic resource occupied more, but also the data transmission delay is more than tens of clock cycles.
Furthermore, the operations of the processes described herein may be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes (or variations and/or combinations thereof) described herein may be performed under control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications), by hardware, or combinations thereof, collectively executing on one or more processors. The computer program includes a plurality of instructions executable by one or more processors.
The computer program can be applied to input data to perform the functions described herein, thereby converting the input data to generate output data. In a preferred embodiment of the invention, the transformed data represents physical and tangible objects, including specific visual depictions of physical and tangible objects produced on a display.
The present invention is not limited to the above embodiments, but can be modified, equivalent, improved, etc. by the same means to achieve the technical effects of the present invention, which are included in the spirit and principle of the present invention. Various modifications and variations are possible in the technical solution and/or in the embodiments within the scope of the invention.
Claims (10)
1. The data processing method based on the data security protection between the FPGA chips is applied to a data processing system and is characterized in that the data processing system comprises a first processing unit and a second processing unit; the first processing unit comprises a first noise source module, a first noise data buffer module, a first service channel interface, a first noise channel interface and a first scrambling and descrambling module; the second processing unit comprises a second noise source module, a second noise data buffer module, a second service channel interface, a second noise channel interface and a second scrambling and descrambling module;
The method comprises the following steps:
S110, after the system is detected to finish power-on initialization, storing first noise data generated by the first noise source module into the first noise data buffer module;
s120, when a first processing unit receives a first service data input, the first processing unit reads first noise data from the first noise buffer module;
S130, according to the first service data and the first noise data, scrambling operation is carried out through the first scrambling and descrambling module so as to generate first ciphertext data; then sending the first ciphertext data to the second processing unit via the first traffic channel interface, and sending the first noise data to the second processing unit via the first noise channel interface;
S140, when the second processing unit receives the first service data output, descrambling operation is carried out through the second scrambling and descrambling module according to the first ciphertext data and the first noise data so as to generate first service data, and then the first service data is sent to the second logic processing module;
And
S210, after the system is detected to finish power-on initialization, storing second noise data generated by the second noise source module into the second noise data buffer module;
S220, when a second processing unit receives a second service data input, the second processing unit reads second noise data from the second noise buffer module;
S230, scrambling operation is carried out through the second scrambling and descrambling module according to the second service data and the second noise data so as to generate second ciphertext data; then sending the second ciphertext data to the first processing unit via the second traffic channel interface, and sending the second noise data to the first processing unit via the second noise channel interface;
s240, when the first processing unit receives the second service data output, descrambling operation is performed through the first scrambling and descrambling module according to the second ciphertext data and the second noise data, so as to generate second service data, and then the second service data is sent to the first logic processing module.
2. The method of claim 1, wherein the first scrambling module is provided with a first linear feedback shift register for generating a pseudo-random sequence; the second scrambling and descrambling module is provided with a second linear feedback shift register for generating a pseudo-random sequence.
3. The method of claim 2, wherein the first noise channel interface and the second noise channel interface each employ a custom interface.
4. The method of claim 2, wherein the first scrambling and descrambling module and the second scrambling and descrambling module are each provided with an enable signal for implementing self-synchronization of a receiving end.
5. The method of claim 4, wherein the output of the first scrambling and descrambling module and the enable signal are logically anded and outputted; and the output end of the second scrambling and descrambling module and the enabling signal are output after logical AND operation.
6. The method of claim 5, wherein,
The scrambling operation of the first scrambling and descrambling module and the second scrambling and descrambling module is represented as follows:
S8=D8⊕(S6⊕S5⊕S4⊕S0)•EN
The descrambling operation of the first scrambling and descrambling module and the second scrambling and descrambling module is represented as follows:
D8=S8⊕(S6⊕S5⊕S4⊕S0)•EN
In the formula, S8 represents ciphertext data of service data; s6, S5, S4 and S0 all represent the processing states of each stage; d8 represents service data; EN represents an enable signal.
7. The method of claim 2, wherein the initial state values of the first and second linear feedback shift registers are non-all zero data.
8. The method of claim 1, wherein the step of determining the position of the probe comprises,
In the step S110, the first noise data is continuously input until the first noise buffer module is full, and after the first noise data is fetched, the first noise buffer module continues to receive the data generated by the first noise source module;
In the step S210, the second noise data is continuously input until the second noise buffer module is full, and after the second noise data is fetched, the second noise buffer module continues to receive the data generated by the second noise source module.
9. A storage medium having stored thereon program instructions which, when executed by a processor, implement the method of any of claims 1 to 8.
10. A data processing system, comprising: the storage medium of claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311690844.9A CN117910058A (en) | 2023-12-11 | 2023-12-11 | Data processing method and system based on data security protection between FPGA chips |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311690844.9A CN117910058A (en) | 2023-12-11 | 2023-12-11 | Data processing method and system based on data security protection between FPGA chips |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117910058A true CN117910058A (en) | 2024-04-19 |
Family
ID=90694403
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311690844.9A Pending CN117910058A (en) | 2023-12-11 | 2023-12-11 | Data processing method and system based on data security protection between FPGA chips |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117910058A (en) |
-
2023
- 2023-12-11 CN CN202311690844.9A patent/CN117910058A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6009135A (en) | Method and apparatus for generating a stream cipher | |
| US7978851B2 (en) | Keystream encryption device, method, and program | |
| US6879689B2 (en) | Stream-cipher method and apparatus | |
| US20090103726A1 (en) | Dual-mode variable key length cryptography system | |
| EP1133099A2 (en) | Method and apparatus for symmetric-key encryption | |
| US10567351B1 (en) | Polymorphic one time pad matrix | |
| CN105391701A (en) | Data encryption method and system | |
| CN105337728A (en) | Data encryption method and system | |
| Huang et al. | A novel structure with dynamic operation mode for symmetric-key block ciphers | |
| US9418245B2 (en) | Encryption processing device, encryption processing method, and program | |
| US8122075B2 (en) | Pseudorandom number generator and encryption device using the same | |
| Lam et al. | An improved method for locating and extracting the eye in human face images | |
| Gielata et al. | AES hardware implementation in FPGA for algorithm acceleration purpose | |
| CN105429748A (en) | Data encryption method and system | |
| Abderrahim et al. | A chaotic stream cipher based on symbolic dynamic description and synchronization | |
| Ghazi et al. | Robust and efficient dynamic stream cipher cryptosystem | |
| Kwok et al. | Effective uses of FPGAs for brute-force attack on RC4 ciphers | |
| CN117910058A (en) | Data processing method and system based on data security protection between FPGA chips | |
| Mobilon et al. | 100 Gbit/s AES-GCM cryptography engine for optical transport network systems: architecture, design and 40 nm silicon prototyping | |
| CN111049639B (en) | Dynamic data encryption and decryption implementation method based on FPGA | |
| Pal et al. | FPGA implementation of stream cipher using Toeplitz Hash function | |
| Teh et al. | A stream cipher based on spatiotemporal chaos and true random synchronization | |
| EP0619659A2 (en) | A shrinking generator for cryptosystems | |
| CN114978699B (en) | Data encryption and data decryption methods, devices, equipment and storage medium | |
| US20220276841A1 (en) | Communication data text confusion encryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |