CN112702327A - Security service design method of main control chip - Google Patents

Abstract

The invention discloses a method for designing the safety service of a main control chip, which has the characteristics of low cost and high safety, and realizes the safety service design of the main control chip by combining software and chip hardware; various single-point security characteristics (a firewall, a code protection area, a secure user area, an algorithm module, a PUF (physical unclonable function), a storage encryption module and the like) of hardware are integrated into a complete security system through software, and the master control chip can be protected from multiple aspects such as key protection, algorithm operation, operation environment protection of the master control chip, protection of sensitive codes and the like when being electrified, so that high-level secure starting and secure updating services of the master control chip are realized. These multiple security features can be flexibly selected by the user according to the respective situation, and the minimum resources are used to reach the security level required by the application.

Description

Security service design method of main control chip

Technical Field

The invention relates to a security service design of a main control chip in the field of Internet of things, in particular to an application method of soft and hard combination of the main control chip in a security service program.

Background

At present, the internet of things technology is developed vigorously in China, so that people can see a wide market in the future, and according to the estimation of experts, a trillion-level large market is formed in the future within 3-5 years along with the popularization and the popularization of the internet of things technology in China. With the rapid development of the internet of things, the safety problem of the terminal of the internet of things is increasingly highlighted; in order to avoid the potential safety hazard in the network and in the complex application scenarios, the need for solutions involving high safety and low cost in different application scenarios is stronger.

The internet of things terminal realizes data acquisition and data transmission to a network layer, and has a large distribution range, a large amount and certain requirements on cost; it is responsible for multiple functions such as data acquisition, preliminary processing, encryption, transmission, etc., and is often in various heterogeneous network environments; therefore, the application requirements of the internet of things terminal are varied, certain requirements are required for data transmission, and some network attacks need to be avoided; therefore, certain requirements are provided for some safety characteristics and upgrading services of the main control chip; on the one hand, the security of the terminal in the network is protected, and on the other hand, the intellectual property of the product is also protected.

According to the invention, by designing the low-cost high-safety main control chip and combining the safety service program, the requirements on data safety in the loaded Internet of things can be met, good intellectual property protection is provided, the application requirements of the continuously changing Internet of things can be met, and the safety online upgrading function is provided.

Disclosure of Invention

The method is a soft and hard combined method, the main control chip and the software safety service designed by the method are characterized in that:

the main control chip provides hardware security peripherals (a security user area, a resource firewall, a CPA code protection area, a PUF module, a write protection area and a storage encryption module), software is realized through related configuration flows and services, and the security peripheral functions of the main control chip are connected in series, so that the design method is low in cost, and meets security requirements and application diversification.

1) And (3) electrifying flow processing of the main control chip: before entering program processing, all data analysis (such as safety configuration information and the like) is completed by hardware, including integrity check of data and the like; the trust chain is guaranteed not to be participated by a third party when being transmitted to software by hardware, and the trust chain directly enters a user program (a safety service program) to be executed, so that the position of the first operation after reset is guaranteed not to be changed;

2) the safety service program is in the safety user area of the main control chip; after the safety state of the safety user area is started, the area is not allowed to be accessed again (operations such as reading, writing and executing), and the safety state of the safety user area is opened and then is not allowed to be closed, so that the area code is executed only once in the resetting process; the safe service program is realized in the safe user area, the Bootloader of the main control chip does not need a large storage space, and the user program can flexibly realize the grading of the safe service program and the application program according to the product requirements, thereby not only meeting the safety requirements, but also maximizing the use of storage resources; meanwhile, the cost of the main control chip can be effectively reduced;

3) in combination with a resource firewall of a main control chip, sensitive codes (including but not limited to algorithm processing, Key processing codes and the like), volatile data, non-volatile data, peripherals and other resources in a security service program are classified into security resources, and the non-security resource access to the security resources can only be realized through a specific entry function; the firewall configuration takes effect immediately after the main control chip is powered on and can not be closed; combining the attributes of the write-protected zone and the CPA code protected zone, the security resource can be in the minimum access right, for example: code can only be executed, code and nonvolatile data do not allow write operations, and the like; judging a function address when the software realizes a firewall entrance function, and checking whether the current entrance function call is legal or not; resources such as a security processing algorithm, a security peripheral driver and the like can also be simultaneously used by the security service program and the application program;

4) configuring the whole area of the safety service program into a write-protection area, and forbidding any program to modify the write-protection area;

5) the safety service program comprises safety starting and safety updating, the safety service program firstly checks safety configuration, after the safety configuration is confirmed to be correct, the next-level running program is subjected to identity authentication (not limited to a certain specific algorithm) and integrity, then the safety state of a safety area is started, a trust chain is transmitted to the next-level program, and the next-level program is started to run;

6) after the development of the security service program and the application program is finished, the use of functions such as a firewall area, a PUF (physical unclonable function), a storage encryption module, a CPA (cross access point) code protection area and the like of the main control chip is configured by combining the use condition of the software, and the security peripheral is in a security state after being electrified and reset, so that the software is ensured to be in a security environment at the beginning of operation;

7) a user debugs a program at a development stage, and when the program is abnormal, the program can be downloaded again and the security configuration can be modified (some security configurations need to erase all user storage areas); in the temporary product stage, field test can be carried out, all safety configuration is effective at the moment, the safety service program and the user program are operated in the final product state, leakage of user data and intellectual property rights is avoided, and when problems occur in field test and need to be updated or debugged, the user program can be completely erased to return to the development stage so as to analyze and debug the problems; after the product is stable, the product enters a final product state, the related security configuration cannot be changed, and the application functions can be expanded and repaired through the security updating service.

Drawings

FIG. 1 is a diagram of a hardware and software system architecture in accordance with the present invention

FIG. 2 is a process of powering on, validating security configuration, and entering secure Boot in a master control chip

FIG. 3 is a flow of secure launch in a secure service program

FIG. 4 is a flow of security updates in a security service

FIG. 5 is a flow chart of a main control chip resource firewall entrance software implementation

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Fig. 1 is a diagram of a software and hardware system structure in the present invention, in which a main control chip includes security peripherals such as storage encryption/decryption, PUF, a write protection area, a resource firewall, a CPA code protection area, a secure user area, and an algorithm module; the software is divided into security services (security starting and security updating), a security algorithm library, a security communication interface driver and an application program.

Fig. 2 is a flow of powering on, validating security configuration, and entering secure Boot in the main control chip, which is provided based on the soft and hard combination system of fig. 1 in the present invention:

step 201, electrifying a main control chip, starting chip hardware to work, completing initialization of a hardware module, and processing related data information;

step 202, reading information of a security configuration area for hardware of a main control chip, and preparing for subsequent configuration of a security peripheral;

step 203, verifying the data of the security configuration area, and checking the correctness and the integrity; if the check is passed, go tostep 205, otherwise, go tostep 204;

step 204, exception handling is described, and the exception handling may be an exception handling mechanism such as triggering reset or keeping a CPU reset state;

instep 205, the Key used by the storage encryption and decryption module is restored by using the PUF and transmitted to the storage encryption and decryption module through the hardware signal channel, so as to ensure the confidentiality of the Key;

step 206, configuring a CPA code protection area according to the configuration information, and generating a protection mechanism;

step 207, configuring a write protection region according to the configuration information and generating a protection mechanism;

step 208, configuring the resource firewall, and taking the access mechanism and the protection mechanism of the resource into effect according to the configuration information;

step 209 is configuring the secure user area according to the configuration information to prepare for subsequent program booting;

step 210, selecting a program guide position according to the guide signal and the security configuration information, and if entering a Bootloader, preparing related processing of the Bootloader; if the user program (security service, etc.) is entered, preparing the relevant processing of the user program;

step 211 shows releasing the CPU and starting the post-boot program processing.

Fig. 3 is a diagram of the software and hardware combination system based on fig. 1, showing a process of secure boot in a security service program:

step 301, after the main control chip is powered on, the main control chip is guided to enter a security service program for execution;

step 302, checking relevant conditions for the security service program, and entering a processing branch of security starting;

step 303 is to check whether the security information is consistent with the hardware validation register of the main control chip, for example: whether the CPA code protection area is set correctly, whether the write protection area configuration is normal, the range of a resource firewall, whether the resource firewall is enabled and the like; the step is mainly used for entering the next step of processing under the condition that all the safety mechanisms are determined to be effective; if the anomaly is checked, go tostep 307; checking to be normal and continuing to enter the next step of processing;

step 304, starting the PUF module according to the safety requirement, transmitting Key information into the algorithm module through the hardware channel, and preparing for subsequent algorithm operation;

step 305, performing identity authentication on the application program running at the next level to ensure the identity validity of the next level program; if the authentication is passed, the next step of processing is carried out, otherwise, thestep 307 is carried out;

step 306, integrity check is performed on the application program running at the next level, so that the next level program is ensured not to be illegally tampered; if the verification is passed, the next step of processing is carried out, otherwise, thestep 307 is carried out;

step 307, exception handling for safe starting, which can enter into dead loop handling, etc.;

step 308, removing temporary data, Key information, etc. used in the secure boot process;

step 309, acquiring the address and stack information of the next-level fortune city program;

step 310, starting the state of the safe user area, and when entering the non-safe user area, the safe user area can not be accessed again;

step 311 is to enter the next stage of program operation according to the information obtained instep 309.

Fig. 4 is a diagram of the software and hardware combination system based on fig. 1, showing a security update flow in the security service program:

step 401, after the main control chip is powered on, the main control chip is guided to enter a security service program for execution;

step 402, checking relevant conditions for the security service program, and entering a processing branch of security update;

step 403 is to check whether the security information is consistent with the hardware validation register of the main control chip, for example: whether the CPA code protection area is set correctly, whether the write protection area configuration is normal, the range of a resource firewall, whether the resource firewall is enabled and the like; the step is mainly used for entering the next step of processing under the condition that all the safety mechanisms are determined to be effective; if an exception is checked,step 405 is entered; checking to be normal and continuing to enter the next step of processing;

step 404, initializing a secure communication interface protected by a resource firewall, and performing data communication with the outside;

step 405, exception handling for security update, which may be dead loop handling, etc.;

step 406, starting the PUF module according to the security requirement, and transmitting Key information into the algorithm module through the hardware channel to prepare for subsequent algorithm operation;

step 407, authenticating the identity of the security service program and the outside to ensure the validity of the identities of the two parties; if the identity authentication is passed, the next step of processing is carried out, otherwise, thestep 405 is carried out;

step 408, according to the security requirement, a negotiated temporary session Key communication or a Key of the PUF can be selected to perform the next communication processing; the safety and the randomness of communication are improved, and replay attack and the like are avoided;

step 409, checking whether the program version is legal or not to avoid the safety and function problems caused by the rollback of the version; if the version check is normal, the next step of processing is carried out, otherwise, thestep 405 is carried out;

step 410 shows that under the condition of large data volume, one file needs multi-frame data transmission, and this step mainly checks the integrity of single frame data to ensure that the data is not tampered; if an anomaly is found, go tostep 405;

step 411, decrypting the single frame data, and storing the data;

step 412, performing integrity and identity authentication on all data of the file to ensure the validity of the plaintext data; if an anomaly is found, go tostep 405;

step 413, when no abnormality is found in the upgrading process, updating management information such as program version, program entry and the like;

step 414 is described as completing the update function.

Fig. 5 is a diagram of the software and hardware combined system based on fig. 1, in the present invention, the configuration of the resource firewall has been completed when the CPU is not yet running during the power-on period of the main control chip, and the user only needs to develop the corresponding software function according to the requirement, and the resource firewall entry software needs certain requirements, and the implementation flow is as follows:

step 501, the firewall entrance position is determined by a user and is consistent with the configuration of the firewall;

instep 502, in order to start the firewall to execute code protection, when executing the code inside the firewall and when executing the code outside the firewall (such as interrupting the service function or calling the function outside the firewall), a reset is generated to protect the running of the security code;

step 503 shows that the user has the optional function, and whether the user needs to modify the attribute of the volatile data segment or not is judged according to the requirement; to protect the security of process data;

step 504 is described as running a security code within the firewall; the user can realize the branch processing of different functions according to the classification of the user;

thestep 505 is the operation of running the security peripheral in the firewall;

step 506, after all processing inside the firewall is completed, process data is cleared, and sensitive information is prevented from being leaked;

step 507, executing code protection for closing the firewall, wherein after executing functions except the firewall, the firewall codes (except the firewall entrance) cannot be accessed;

step 507 represents exiting the firewall entry function while the firewall is closed.

Claims (10)

1. A security service design method of a main control chip is based on security peripherals of the main control chip, and comprises but is not limited to a security user area, a resource firewall, a CPA code protection area, a PUF module, a write protection area, a storage encryption module and an algorithm module, and the security service programs are integrated into a system by combining a flow processing mechanism of the security service programs, so that a design method of the system with higher security level is achieved; the method is characterized by mainly comprising the following steps:

1) after the main control chip is powered on and before program processing is carried out, all data analysis including but not limited to integrity check and identity information authentication of data is completed by hardware;

2) after the hardware analyzes the data, the data can directly enter a user storage area according to the configuration data, and the area contains a safety service program and an application program of a user and does not need any software processing and skipping; after the main control chip is powered on, the trust root is directly transmitted to the user program;

3) the user can realize a safety service program by combining with a safety user area of the main control chip and carry out authentication processing on subsequent user application programs; the safe user area is generally a program area which is operated for the first time after the main control chip is powered on;

4) according to the characteristics of a security service program, the security peripheral of the main control chip comprises a security user area, a resource firewall, a CPA code protection area, a PUF module and a write protection area, and a plurality of areas for protecting the security peripheral provided by the main control chip can be arranged according to the size of the storage space of the main control chip and different application requirements, so that the security updating function of a user application program can be flexibly realized;

5) the safety configuration information of the safety peripheral of the main control chip is immediately started after the hardware electrification analysis is completed, so that the safety state of the hardware peripheral is ensured when software runs; the configuration of the security peripheral equipment is provided with a protection mechanism, and after the configuration is enabled, the configuration cannot be changed again, and the system can be reconfigured only when the system is reset next time;

6) all storage areas of the main control chip are provided with storage encryption modules to protect data; a hardware algorithm module is provided, so that various algorithm attacks can be resisted;

7) the main control chip is configured by different safety levels, is used for meeting the requirements of users in different stages of developing products, and is mainly divided into a development stage, a temporary product stage and a final product stage; the final product stage is the final state of the product, and the information of the security configuration area cannot be changed again.

2. The design method of claim 1, wherein 1) the master control chip is powered on and then the integrity and validity of the configuration data is checked by hardware; and if the data is abnormal, performing exception processing to ensure the safety of the chip, and if the data is normal, performing data configuration and recording related guide information to prepare for subsequent program guide.

3. The design method of claim 1, wherein 2) and 3) in order to ensure effective transmission of the trust chain, the main control chip may combine information of the security configuration area according to the boot configuration, and after the hardware processing is completed, may select to directly enter the user program, but is not limited to only enter the user program, and does not need to pass through Bootloader and other programs for transfer processing; therefore, the trust root of the main control chip can be guaranteed to be transmitted to the user, and the user program can perform subsequent multi-stage processing; the user program can flexibly realize the grading of the safety service program and the application program according to the product requirements, thereby not only meeting the safety requirements, but also maximizing the use of storage resources; meanwhile, the cost of the main control chip can be effectively reduced; the security service program can effectively check security configuration and the like at the beginning part, and further check and confirm the user application program after ensuring the security mechanism to take effect, wherein the check and confirmation include but are not limited to integrity and identity authentication; in addition, in combination with the use of safety peripherals such as PUF (physical unclonable function), resource firewall and the like, the safety service program also comprises the safety updating of the user application program, and the version management, the identity authentication and the data safety transmission of the program to be updated are realized.

4. The design method of claim 1, wherein 4) the secure user area has the following characteristics that the position and size of the secure user area are determined by the related information in the secure configuration area, and the main control chip hardware takes effect immediately after being analyzed; the safe user area is used for the user program position which jumps first after the main control chip is powered on, the area is not allowed to be accessed again after the safe state of the safe user area is started, the safe user area is not limited to reading, writing and execution, and the safe state of the safe user area is opened and then is not allowed to be closed, so that the code of the area is executed only once in the resetting process; and the user flexibly configures the size of the area according to the product requirement.

5. The design method as claimed in claim 1, wherein the 4) resource firewall specifically has the following characteristics that relevant information is configured through the security configuration area, resources such as codes, volatile data, non-volatile data, peripherals and the like can be classified as security resources, the non-security resource access to the security resources can only be realized through a specific entry function, and for the purpose of fully utilizing the RAM resources of the main control chip, the access authority of the volatile data can be flexibly configured, including but not limited to allowing the execution codes and the non-security resources to access; the firewall configuration takes effect immediately after the main control chip is powered on and can not be closed; therefore, the master control chip can realize the resource isolation with high security level with lower hardware cost; by combining the attributes of the write protection area and the CPA code protection area, the security resource can reach a higher security level; the firewall entrance function can judge the function address and strengthen the limitation of the calling range of the entrance function.

6. The design method of claim 1, wherein the 4) CPA code protection area is mainly used to protect some sensitive codes or codes with certain intellectual property rights from being obtained by bugs of application programs or application developers; the code attribute of the region is only allowed to be executed and is not allowed to be read and written; and the system cannot be accessed in a mode like DMA, a debugging interface and the like, and is only allowed to be fetched by a CPU.

7. The design method of claim 1, wherein 4) the PUF module can store no plaintext of sensitive data in the chip after the chip is powered down, and can guarantee that the root key of each chip is unique and not duplicated; thus, sensitive resources such as keys can be protected by using a unique root key; the PUF module is connected with the algorithm module through hardware, and the Key can be directly output to the algorithm module without a CPU (central processing unit), so that the Key cannot appear in a RAM (random access memory), a register and the like in the whole operation process, and the confidentiality is improved; key and sensitive data used in the security service program can be processed through the PUF and then stored.

8. The design method of claim 1, wherein 4) and 6) all storage areas of the main control chip are protected by an encryption module, so as to avoid the function of a copy prevention board, and in combination with the PUF module, the difference of data ciphertexts stored in each main control chip can be ensured, and an encryption Key is directly output to the storage encryption module through the PUF module; the storage encryption module can ensure that when the storage area is accessed, the encryption operation is executed by write operation, and the decryption operation is executed by read operation, so that delay is avoided, and the performance of the main control chip is not lost.

9. The design method of claim 1, wherein the algorithm module of the 6) main control chip can provide multiple algorithm choices such as symmetry and asymmetry, and can resist multiple algorithm attacks; the user can flexibly select according to the performance and the safety requirement, and the safe starting and safe updating service of the safe service program is realized.

10. The design method as claimed in claim 1, wherein the 7) security level is configured with the following characteristics that, as more security attributes are introduced into a traditional main control chip, some inconvenience in debugging is brought, in order to facilitate development and debugging of a user, a debugging interface allows normal access to relevant resources in a development stage, and after function debugging is completed, verification is performed in combination with the need to open part of the security attributes; after the development is finished, entering a temporary product stage, providing a sample for a client to carry out field test and the like, wherein the state can return to the development stage, but the user program needs to be completely erased, so that the data of the user is protected, and the product can be prevented from being abandoned; and finally, entering a final product stage, wherein the security configuration cannot be changed in the final product stage, and the user can only upgrade through the update service of the application program or the security service program.

Images