计算机工程与应用 ›› 2014, Vol. 50 ›› Issue (22): 92-96.

• 网络、通信、安全 • 上一篇    下一篇

嵌入式处理器片外访存加密机制设计与实现

刘根贤1,2,王海霞2,刘振宇2,汪东升2   

  1. 1.清华大学 计算机科学与技术系,北京 100084
    2.清华大学 信息科学技术国家实验室(筹),北京 100084
  • 出版日期:2014-11-15 发布日期:2014-11-13

Encryption scheme design and implementation of embedded processor off-chip memory access

LIU Genxian1,2, WANG Haixia2, LIU Zhenyu2, WANG Dongsheng2   

  1. 1.Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China
    2.Tsinghua Laboratory for Information Science and Technology, Beijing 100084, China
  • Online:2014-11-15 Published:2014-11-13

摘要: 高安全敏感领域的嵌入式系统面临总线监听、数据篡改、离线分析等类型的恶意攻击,试图窃取密码、篡改信息等。特别是配合硬件电路的攻击,给用户造成重大的损失。为了从根本上解决系统外部电路系统攻击威胁,提出片外访存加密认证机制,选择AES-GCM算法,对所有片外写数据进行加密,对读数据进行解密并认证。同时设计一次密码与页地址置乱函数产生二次密钥,保障了加密强度。进一步通过软件实现LRU Cache优化性能,在STM32系列微处理器硬件平台上,软件实现片外访存加密认证机制。在内存压力测试中,加密片外访存性能平均降低了9%。

关键词: 嵌入式, 微处理器, 片外访存, 加密认证

Abstract: Embedded systems in high security-sensitive areas are susceptible to various types of attacks, including stealing passwords, tampering data and offline analysis. Especially, the hardware-level attacks often result in significant losses to the users. In order to defend the above attacks, the off-chip memory is encrypted and authenticated through AES-GCM algorithm. This scheme writes data after encryption, decrypt and authenticate after read data. In addition, a function is built that scrambling password with page address to ensure the encryption strength. Finally LRU cache is introduced to improve its performance. The scheme is implemented on STM32F103 microprocessor platform in software and the feasibility of the system design is proved. The memory stress experiment shows that the system security is strengthened with 9% performance degradation.

Key words: embedded, microprocessor, off-chip memory, encryption and authentication