Computer Engineering and Applications ›› 2018, Vol. 54 ›› Issue (10): 135-142.DOI: 10.3778/j.issn.1002-8331.1612-0438

Previous Articles     Next Articles

Security-enhanced key generation scheme based on USB Key

ZHAO Bo1,2, LI Erhui1,2, MA Jun1,2, HUANG Yuqing1,2   

  1. 1.Computer School, Wuhan University, Wuhan 430072, China
    2.Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education, Wuhan University, Wuhan 430072, China
  • Online:2018-05-15 Published:2018-05-28

基于USB Key的安全增强密钥生成方案

赵  波1,2,李二辉1,2,马  骏1,2,黄宇晴1,2   

  1. 1.武汉大学 计算机学院,武汉 430072
    2.武汉大学 空天信息安全与可信计算教育部重点实验室,武汉 430072

Abstract: Aiming at the shortage of key storage security in embedded system, a Security-Enhanced Key(SEK) generation scheme is proposed. By using the unique hardware eigenvalue of the Embedded System(ES) and the random number generated by the USB Key(UK), the respective key seeds are generated without changing the architecture of the existing ES. Then the key seeds are used to generate the SEK by both sides with Diffie-Hellman Key Exchange(DHKE). Generated when needed only and destroyed immediately after used, SEK does not need to store in embedded device, but improves the security of the key fundamentally and solves the ES key leakage security issues to a certain degree. The implementation of the prototype and the security evaluation show that the scheme can defense a variety of attacks on SEK, the key security is obviously improved after adding the scheme, and the additional overhead will not have a significant negative impact on the system performance.

Key words: security-enhanced key, embedded system, Diffie-Hellman key exchange, USB Key, key storage

摘要: 针对目前嵌入式系统环境下密钥存储安全性不足的问题,提出了一种安全增强密钥(Security-Enhanced Key,SEK)的生成方案。该方案在不改变现有嵌入式系统(Embedded System,ES)架构的前提下,分别利用ES的唯一硬件特征值和USB Key(UK)产生的随机数生成各自的密钥种子,之后ES和UK利用密钥种子进行迪菲-赫尔曼协商(Diffie-Hellman Key Exchange,DHKE)生成SEK。SEK仅在需要时生成,使用后即销毁,不需要在嵌入式设备上存储,从根本上提高了密钥的安全性,并在一定程度上解决了嵌入式系统密钥泄漏的安全问题。方案原型的实现和安全性评估表明,在嵌入式系统中加入该方案之后,密钥的安全性得到明显增强,能够抵抗针对嵌入式系统密钥的多种攻击,且增加的额外开销不会对系统性能造成显著影响。

关键词: 安全增强密钥, 嵌入式系统, 迪菲-赫尔曼协议, USB Key, 密钥存储