[go: up one dir, main page]

CN114817931B - Terminal security protection method, device, equipment and medium based on star-shaped trust chain - Google Patents

Terminal security protection method, device, equipment and medium based on star-shaped trust chain Download PDF

Info

Publication number
CN114817931B
CN114817931B CN202210436201.0A CN202210436201A CN114817931B CN 114817931 B CN114817931 B CN 114817931B CN 202210436201 A CN202210436201 A CN 202210436201A CN 114817931 B CN114817931 B CN 114817931B
Authority
CN
China
Prior art keywords
value
kernel
algorithm
key information
bit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210436201.0A
Other languages
Chinese (zh)
Other versions
CN114817931A (en
Inventor
朱朝阳
周亮
张晓娟
朱亚运
缪思薇
姜琳
蔺子卿
曹靖怡
王海翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electric Power Research Institute Co Ltd CEPRI
Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd
State Grid Corp of China SGCC
Original Assignee
China Electric Power Research Institute Co Ltd CEPRI
Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd
State Grid Corp of China SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electric Power Research Institute Co Ltd CEPRI, Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd, State Grid Corp of China SGCC filed Critical China Electric Power Research Institute Co Ltd CEPRI
Priority to CN202210436201.0A priority Critical patent/CN114817931B/en
Publication of CN114817931A publication Critical patent/CN114817931A/en
Application granted granted Critical
Publication of CN114817931B publication Critical patent/CN114817931B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the field of embedded security, and discloses a terminal security protection method, device, equipment and medium based on a star-shaped trust chain; the method comprises the steps of starting an embedded system, measuring a trusted root through a first algorithm in a trusted platform module to obtain a new PCR measurement value, comparing a decrypted standard value with the new PCR measurement value, if the comparison is passed, continuing to start a kernel, if the comparison is not passed, interrupting the starting process of the kernel, after the kernel is started, measuring preset key information of the file system through the first algorithm in the trusted platform module to obtain a new PCR value of the preset key information when the file system is loaded, and comparing the decrypted standard value of the preset key information with the new PCR value of the preset key information, if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel. The invention can greatly improve the security of the private key of the asymmetric cryptographic algorithm and has good application prospect.

Description

Terminal safety protection method, device, equipment and medium based on star-shaped trust chain
Technical Field
The invention relates to the field of embedded security, in particular to a mobile terminal security protection method and system based on a star-shaped trust chain.
Background
The energy internet is formed by connecting hundreds of millions of devices, machines and systems of an energy production end, an energy transmission end and an energy consumption end, wherein the problems that an internet of things terminal is difficult to trust, the integrity of a mass of embedded terminals cannot be guaranteed and the like exist. At present, aiming at the security problem of a terminal embedded system, the existing solution is to introduce a trusted computing technology, and the main idea is to establish a trusted root and a trust chain to ensure the complete new and security of the system. The traditional trusted starting process is to communicate with the embedded CPU by adopting a trusted platform module (trusted platform module, TPM for short) proposed by a trusted computing group (trusted Computing Program, TCG for short). Taking the TPM as a trusted root, storing an initial expected measurement value of a starting entity in the TPM, loading the entity into a memory during starting, and determining whether the starting process can be safely continued by comparing the consistency of the initial expected measurement value and a current calculation value. However, the TPM chip has low calculation power, lacks active control capability, and the scheduling capability of a processor in the embedded system is relatively weak, complex scheduling and allocation cannot be performed, the measurement and expansion process of the whole trust chain are difficult to control, and in addition, the embedded device has very strict control on cost and mostly has no trusted platform module. Therefore, this type of method has a great limitation for embedded systems.
Disclosure of Invention
The invention aims to provide a terminal safety protection method, device, equipment and medium based on a star-shaped trust chain, so as to solve the technical problems. The invention takes the huge quantity of mobile terminals and remarkable transformation cost into consideration, takes bootloader (uboot) as a trusted base on the premise of not changing the hardware architecture of the existing mobile terminal, takes a PUF key (secure encryption key) realized based on SRAM as a trusted root key, takes SM3 and SM4 cryptographic algorithms realized based on FPGA as a trusted measurement root of trusted starting, takes an on-chip storage area as a trusted storage root of trusted starting, and comprehensively forms a TPM module instead of directly using a commercialized TPM chip. The trusted mobile terminal trusted starting flow of the star-shaped trust chain comprises the steps of loading an operating system by a bootstrap program, carrying out integrity measurement on important files of the operating system, comparing an integrity measurement value with a measurement value stored in an encrypted mode, starting the operating system if the integrity measurement value is consistent with the measurement value, and stopping system starting if the integrity measurement value is inconsistent with the measurement value.
In order to solve the safety problem, the invention adopts the following technical scheme:
in a first aspect, the present invention provides a terminal security protection method based on a star-shaped trust chain, including:
The embedded system is started, a new PCR metric value is obtained by measuring a trusted root through a first algorithm, an encrypted standard value is read from a ROM, a second algorithm is adopted to decrypt the encrypted standard value by taking a secure encryption key as a kernel key, and the decrypted standard value and the new PCR metric value are compared;
After the kernel is started, measuring preset key information of the file system through a first algorithm to obtain a new PCR value of the preset key information when the file system is loaded, reading a standard value of the encrypted preset key information from the ROM, decrypting the encrypted preset key information through a second algorithm by taking a secure encryption key as a kernel key, comparing the decrypted standard value of the preset key information with the new PCR value of the preset key information, and if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel;
wherein the encrypted standard value and the secure encryption key are obtained from components of the embedded system.
The invention further improves that the acquisition of the secure encryption key specifically comprises the following steps:
the embedded system reads a boot loader, loads a system program and initializes peripheral hardware, firstly reads a section of static random access memory initial Value Seed-Value with the size of k bits, generates an n-bit standard BCH codeword through BCH coding the static random access memory initial Value Seed-Value, and additionally reads a section of static random access memory initial Value identify-Value with the size of n bits;
The verification stage comprises the steps of after the embedded system is powered on, reading an identification code NID with noise of n bits with the same address and the same length as an identification code of an identification-Value of a static random access memory in a registration stage, reading n bit Data Helper-Data stored in a nonvolatile memory, performing exclusive OR operation on the n bit identification code NID with noise and the n bit Data Helper-Data to obtain a BCH code with errors of the n bits, performing BCH decoding operation on the n bit BCH code with errors, generating an n bit standard BCH code if the actual errors are smaller than a design error correction tolerance t, and performing system authentication successfully, otherwise, performing BCH decoding failure, performing exclusive OR operation on the n bit standard BCH code generated by decoding and the n bit Data Helper-Data if the decoding is successful, recovering the n bit initial Value Id-Value used in the system registration stage, comparing the recovered n bit Data id-Value with an initial Value generated during system registration, and performing normal operation of the system as the same verification stage;
and a hash processing stage, namely after successful verification in the verification stage and normal operation of the system, generating a secure encryption key by using a first algorithm hash operation on the n bits initial Value Identified-Value recovered in the verification stage.
The invention further improves that in the step of reading the encrypted standard value from the ROM and adopting the second algorithm to decrypt by taking the secure encryption key as the kernel key, the encrypted standard value is obtained by the following steps:
And after the embedded system is powered on, when the kernel is loaded, measuring the kernel through a first algorithm to obtain a PCR measurement value of the kernel as a verification standard value, and adopting a second algorithm to encrypt the verification standard value by taking a secure encryption key as the kernel key, and storing the encrypted standard value in a nonvolatile memory to obtain the encrypted standard value.
The invention further improves that in the step of reading the standard value of the encrypted preset key information from the ROM and decrypting by using the second algorithm and taking the secure encryption key as the kernel key, the standard value of the encrypted preset key information is obtained by the following steps:
And after the kernel is started, when the file system is loaded, measuring preset key information through a first algorithm, taking the obtained PCR measurement value as a standard value for checking the preset key information, adopting a second cryptographic algorithm, taking a secure encryption key as a kernel key, carrying out encryption processing on the standard value of the preset key information, and storing the standard value in a nonvolatile memory to obtain the standard value of the encrypted preset key information.
The invention further improves that the first algorithm is an SM3 algorithm and the second algorithm is an SM4 algorithm.
In a second aspect, the present invention provides a terminal security protection device based on a star-shaped trust chain, including:
the system comprises a core verification module, a ROM, a second algorithm, a core verification module and a core verification module, wherein the core verification module is used for measuring a core through a first algorithm after the embedded system is started to obtain a new PCR measurement value;
The key information verification module is used for measuring preset key information of the file system through a first algorithm to obtain a new PCR value of the preset key information when the file system is loaded after the kernel is started again, reading a standard value of the encrypted preset key information from the ROM, decrypting the encrypted standard value of the preset key information through a second algorithm by taking a secure encryption key as a kernel key, comparing the decrypted standard value of the preset key information with the new PCR value of the preset key information, and loading the file system by the kernel if the comparison is passed, otherwise, interrupting the loading of the file system by the kernel;
wherein the encrypted standard value and the secure encryption key are obtained from components of the embedded system.
The invention further improves that the acquisition of the security encryption key used in the kernel verification module and the key information verification module specifically comprises the following steps:
the embedded system reads a boot loader, loads a system program and initializes peripheral hardware, firstly reads a section of static random access memory initial Value Seed-Value with the size of k bits, generates an n-bit standard BCH codeword through BCH coding the static random access memory initial Value Seed-Value, and additionally reads a section of static random access memory initial Value identify-Value with the size of n bits;
The verification stage comprises the steps of after the embedded system is powered on, reading an identification code NID with noise of n bits with the same address and the same length as an identification code of an identification-Value of a static random access memory in a registration stage, reading n bit Data Helper-Data stored in a nonvolatile memory, performing exclusive OR operation on the n bit identification code NID with noise and the n bit Data Helper-Data to obtain a BCH code with errors of the n bits, performing BCH decoding operation on the n bit BCH code with errors, generating an n bit standard BCH code if the actual errors are smaller than a design error correction tolerance t, and performing system authentication successfully, otherwise, performing BCH decoding failure, performing exclusive OR operation on the n bit standard BCH code generated by decoding and the n bit Data Helper-Data if the decoding is successful, recovering the n bit initial Value Id-Value used in the system registration stage, comparing the recovered n bit Data id-Value with an initial Value generated during system registration, and performing normal operation of the system as the same verification stage;
and a hash processing stage, namely after successful verification in the verification stage and normal operation of the system, generating a secure encryption key by using a first algorithm hash operation on the n bits initial Value Identified-Value recovered in the verification stage.
The invention further improves that the standard value after encryption in the kernel verification module is obtained by measuring the kernel through a first algorithm when the kernel is loaded after the embedded system is powered on to obtain the PCR measurement value of the kernel as the verification standard value;
The method comprises the steps of obtaining a standard value of preset key information after encryption in a key information verification module, carrying out encryption processing on the standard value of the preset key information by adopting a second national encryption algorithm by taking a secure encryption key as a kernel key, and storing the standard value in a nonvolatile memory to obtain the standard value of the preset key information after encryption;
wherein the encrypted standard value and the secure encryption key are obtained from components of the embedded system.
In a third aspect, the present invention provides an electronic device, including a processor and a memory, where the processor is configured to execute a computer program stored in the memory to implement the star-based trust chain terminal security protection method.
In a fourth aspect, the present invention provides a computer readable storage medium, where at least one instruction is stored, where the at least one instruction, when executed by a processor, implements the method for protecting a terminal based on a star-shaped trust chain.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a terminal safety protection method, device, equipment and medium based on a star trust chain, which are characterized in that a standard value of the star trust chain is built based on trusted hardware, trusted protection is provided for starting of a terminal under the condition of not changing the architecture of the mobile terminal, files such as a kernel are prevented from being tampered, the safety of a starting process is effectively guaranteed under low cost and low complexity.
The invention generates the root key of the trusted platform module TPM by using the PUF technology, ensures the safety of the kernel of the trust chain, encrypts and stores the private key based on the PUF technology, improves the safety of the private key, and effectively ensures that the private key is difficult to be cracked and stolen by the outside, thereby causing the leakage of the private key.
On the premise of not changing the hardware architecture of the existing mobile terminal, bootloader (uboot) is taken as a trusted base, a PUF key realized based on SRAM is taken as a kernel key, a cryptographic algorithm realized based on FPGA is taken as a trusted measurement root of trusted starting, and an on-chip storage area is taken as a trusted storage root of trusted starting to comprehensively form a trusted platform module TPM.
The invention uses the related technology of trusted computing, firstly, the credibility of the internet of things foundation in the energy internet is ensured by utilizing the kernel in the hardware layer, and then, the trust chain is expanded to the kernel layer, the credible component layer and other higher layers, thereby realizing the credibility of the whole execution environment of the terminal. The invention specifically adopts two technologies of trusted starting and safe storage to realize the construction of the execution environment of the trusted terminal. The trusted starting refers to that after the system is powered up each time, the calculated hash value is compared with a standard value layer by layer so as to realize the safe starting of the equipment. The secure storage is aimed at sensitive data stored in the secret-related terminal, an encryption and decryption algorithm such as a national secret algorithm is applied, and a corresponding key management mechanism is provided, so that the security of the sensitive data in the secret-related terminal is effectively ensured.
Under the condition that the embedded equipment is not modified by using the traditional commercialized external TPM chip, the invention forms a trusted storage root, a trusted measurement root and a trusted root key by utilizing the existing components and technologies of the embedded system, and finally forms a trusted platform module under the condition that the existing embedded system architecture is not changed, and utilizes the module to construct a star-shaped trust chain. The star trust chain takes a trusted root key in a constructed trusted platform module as a trusted root to ensure the trust of the trusted platform module, and the trusted platform module measures and stores the measurement value and reports the security operation to the bootstrap program, the kernel and preset key information respectively, so that the construction of the star trust chain is completed.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention. In the drawings:
FIG. 1 is a diagram of a star-type trust chain architecture in the present invention.
Fig. 2 is a diagram of a specific embodiment of a terminal security protection method based on a star-shaped trust chain in example 1 of the present invention.
FIG. 3 is a block diagram of the BCH algorithm of the present invention.
Fig. 4 is a flow chart of the invention for generating an encryption key based on a PUF.
Fig. 5 is an overall framework diagram of the terminal security protection method based on the star-shaped trust chain of the invention.
FIG. 6 is a flow chart of a terminal security protection method based on a star-shaped trust chain in the embodiment 2 of the invention;
FIG. 7 is a block diagram of a terminal security device based on a star-type trust chain;
fig. 8 is a block diagram of an electronic device according to the present invention.
Detailed Description
The invention will be described in detail below with reference to the drawings in connection with embodiments. It should be noted that, without conflict, the embodiments of the present invention and features of the embodiments may be combined with each other.
The following detailed description is exemplary and is intended to provide further details of the invention. Unless defined otherwise, all technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments in accordance with the invention.
The invention uses PUF (physical unclonable function ) key as a trusted root, uses random SRAM (static random access memory) area in embedded equipment to electrify data, and uses PUF technology to encrypt the key used only in the chip, and generates the key through 'physical electronic fingerprint' when in use, and returns to physical mode for storage after use. All initial PCR (program clock reference ) values are stored in ROM after being encrypted by SM4 algorithm, bootLoader (boot loader) checks the integrity of kernel by TPM before kernel is loaded, SM3 algorithm is firstly called to calculate the PCR value of kernel, standard value is taken out from ROM, PUF key is used to decrypt and then compares with measurement value, after TPM reports the result to bootLoader, if verification is passed, bootloader loads kernel, similarly, kernel calculates the PCR value of key file in file system by SM3 algorithm before file system is loaded, standard value is taken out from ROM and compared, TPM reports the result to kernel, if verification is passed, kernel loads file system, thus forming safe basic environment of trusted starting.
The security key generated by the PUF technology has high correlation with the embedded equipment hardware, and can well resist physical attack. The security key generated by the PUF is encrypted by adopting an SM4 cryptographic algorithm, and the private key is stored in a nonvolatile memory.
After the system is powered up, bootloader measures kernel through SM3 algorithm in TPM, and SM3 (input, len, output) is called, PCR value is used as abstract of kernel, initially generated module measurement value to be verified is used as standard value of verification, SM4 algorithm is used as root key through PUF key, and encryption is carried out and stored in ROM of the system. And then comparing the new measurement value with the standard value for each start, reading the standard value from the ROM, and calling a cmp_pcr function for measurement value verification after decryption, wherein if the integrity verification is passed, the kernel is continuously started, if the integrity verification is not passed, the integrity is considered to be destroyed, the code is possibly tampered, and a user needs to be prompted and the starting process of kernel is interrupted. After kernel is started, when the file system is loaded, key information of the file system is measured through an SM3 algorithm in a TPM, a standard value is read from a ROM, decrypted through an SM4 algorithm, and then a cmp_pcr function is called to verify a measurement value, and if the measurement value is successful, the file system is loaded.
The root key is important as a trusted root, is the starting point of the star-shaped trust chain, and the PUF is selected as a tool for generating the root key, because the general root key needs to be stored in a safe area in an encrypted manner, and in order to save expenditure and enhance safety, the PUF is selected as a physical unclonable function to generate the root key.
The method for realizing the safe storage of the private key by using the PUF technology comprises the following steps of extracting a group of SRAM data uniquely related to the embedded platform by utilizing the characteristic data of the SRAM on the embedded platform after power-on, carrying out Hash processing on the group of data to generate a group of secret keys, and then adopting the secret keys to encrypt and store the private key by using a symmetric encryption algorithm.
The PUF technology based on SRMA is divided into a registration phase and a verification phase, and a secure symmetric decryption key can be generated only in the verification phase, so that a private key can be decrypted.
And acquiring SRAM characteristic data after the embedded platform is electrified to generate an encryption key of a symmetric encryption algorithm based on an SRAM PUF technology. The method mainly comprises three stages, namely a registration stage, a verification stage and a hash processing stage:
1. In the register stage, the embedded system reads Bootloader, loads the system program, and starts the SRAM PUF register stage after the initialization of peripheral hardware is completed. In the registration phase:
(1) The embedded system firstly reads a section of SRAM initial Value Seed-Value with the size of k bits, which is used for generating a standard BCH code with fault tolerance function, which is called Seed Value S (Seed-Value);
(2) The SRAM seed value is subjected to BCH coding to generate an n-bit standard BCH codeword with an error tolerance of t;
(3) In addition, a section of SRAM initial Value Identified-Value with the size of n bits is read, and is used for generating a unique key Value of the piece of SRAM, which is called as an identification code ID (Identified-Value);
(4) The n-bit standard BCH codeword and the n-bit identification code ID are subjected to exclusive OR processing to generate n-bit Data Helper-Data, and the n-bit Data Helper-Data is stored in a nonvolatile memory, and is used for recovering the identification code ID by using a key reconstruction helping identification code NID (Noised Identified-Value) with noise, so that the n-bit Data Helper-Data is called Helper Data HD (Helper-Data).
(5) And the system registration stage is completed, and the normal operation of the system is started.
2. In the verification stage, the embedded system reads Bootloader, loads a system program, and starts the SRAM PUF verification stage after initializing peripheral hardware. In the verification phase:
(1) Reading an identification code NID with noise at the same address n bits as the identification code ID;
(2) Reading n bits help data HD stored in a nonvolatile memory;
(3) Performing exclusive OR operation on the identification code NID with noise of n bits and the helper data HD of n bits to obtain a BCH code with errors of n bits;
(4) The BCH codes with errors in n bits are subjected to BCH decoding operation, if the actual errors are not greater than the design error correction tolerance t, n bits standard BCH codes are generated, system authentication is successful, otherwise, BCH decoding fails, and the program ends;
(5) If the decoding in the step (4) is successful, performing exclusive OR operation on the n-bit standard BCH code generated in the step (4) and the n-bit helper data HD, and recovering an n-bit identification code ID used in a system registration stage;
(6) Comparing the recovered n bits identification code ID with the identification code ID generated during system registration, and if the n bits identification code ID is the same as the identification code ID, obtaining success;
(7) And the verification stage is completed, and normal operation of the system is started.
3. And a hash processing stage, which is executed only when the verification stage is normally completed, wherein the n bits ID value generated in the verification stage is processed by using an SM3 algorithm to generate a 256bits secure encryption key.
And (3) encrypting and storing a private key:
The private key is encrypted by the encryption key generated by the encryption key generation module through an SM4 symmetric encryption algorithm and is stored in a nonvolatile memory.
Example 1
Referring to fig. 1 to 5, the method for protecting the security of the mobile terminal based on the star-shaped trust chain of the present invention comprises the following steps:
S1, generating a secure encryption key based on an SRAM PUF:
Registration:
1.1, an embedded system reads Bootloader, loads a system program, and starts an SRAM PUF system registration stage after initializing peripheral hardware;
1.2, firstly, the embedded system reads a section of SRAM initial Value Seed-Value with the size of k bits, wherein the SRAM initial Value Seed-Value is called as a Seed Value S;
1.3, performing BCH coding on the SRAM seed value S to generate an n-bit standard BCH codeword (the BCH algorithm is shown in figure 3);
1.4, the embedded system additionally reads a section of SRAM initial identifier-Value with the size of n bits, wherein the SRAM initial identifier-Value is called as an identification code ID;
1.5, performing exclusive OR processing on an n-bit standard BCH codeword and an n-bit identification code ID to generate n-bit Data Helper-Data, encrypting the Data Helper-Data and storing the encrypted Data Helper-Data on a nonvolatile memory, wherein the n-bit Data Helper-Data is used for reconstructing a key to restore the identification code ID (Noised Identified-Value) with noise by using the identification code ID with noise, so that the identification code ID is called Helper Data HD (Helper-Data);
Verification:
1.6, after the embedded system is powered on, reading an n bits identification code NID with noise and the same address as the identification code ID in the registration stage, reading n bits help data HD stored in a nonvolatile memory, performing exclusive OR operation on the n bits identification code NID with noise and the n bits help data HD to obtain an n bits BCH code with errors, performing BCH decoding operation on the n bits BCH code with errors, generating an n bits standard BCH code if the actual errors are smaller than the design error correction tolerance t, and ending operation if the BCH decoding is failed, and performing exclusive OR operation on the n bits standard BCH code generated by decoding and the n bits help data HD if the decoding is successful, recovering the n bits identification code ID used in the system registration stage, comparing the recovered n bits identification code ID with the identification code ID generated during the system registration, namely, completing the verification stage and starting normal operation of the system;
A hash processing stage:
1.7, the stage is executed only when the verification stage is normally completed, and the n bits identification code ID value generated in the verification stage is used for carrying out hash operation by using an SM3 algorithm to generate a 256bits security encryption key.
S2, a security key generated based on a PUF technology encrypts a private key:
The security encryption key generated by the PUF technology has high correlation with the hardware of the embedded equipment, and can well resist physical attack.
After the embedded system is powered up, when the bootloader loads kernel, the kernel is measured by SM3 algorithm in TPM, SM3 (input, len, output) is called, the output, namely PCR measurement value is used as the abstract of kernel, the initially generated module measurement value to be verified is used as the standard value of verification, SM4 cryptographic algorithm is adopted, the security encryption key generated by PUF is used as the kernel key, the standard value of verification is encrypted, and the standard value of verification is stored in a nonvolatile memory.
After kernel is started, when a file system is loaded, the preset key information is measured through an SM3 algorithm in a TPM to obtain a standard value of PCR measurement value verification, an SM4 cryptographic algorithm is adopted, a security encryption key generated by a PUF is adopted as a kernel key, the standard value of the preset key information is encrypted, and the standard value is stored in a nonvolatile memory.
S3, safety protection authentication:
The embedded system reads the encrypted standard value from the ROM, decrypts the encrypted standard value by using the SM4 algorithm and taking the secure encryption key as a kernel key, and then calls a cmp_pcr function to compare the decrypted standard value with the new PCR metric value, if the comparison is passed, the kernel is continuously started, if the comparison is not passed, the integrity of the kernel is considered to be damaged, the code is possibly tampered, and the user is prompted to interrupt the starting process of the kernel;
After kernel starts, when loading the file system, the SM3 algorithm in TPM measures the preset key information of the file system to obtain the new PCR value of the preset key information, the SM4 algorithm is used to read the standard value of the encrypted preset key information from ROM, the SM4 algorithm is used to decrypt the key by using the secure encryption key as the kernel key, then the cmp_pcr function is called to compare the standard value of the decrypted preset key information with the new PCR value of the preset key information, the TPM reports the comparison result to kernel, if the comparison is passed, the kernel loads the file system, thereby forming the secure basic environment of trusted starting, otherwise, the kernel interrupts loading the file system.
Example 2
Referring to fig. 6, the invention provides a terminal security protection method based on a star-shaped trust chain, which comprises the following steps:
S1, starting an embedded system, namely measuring a kernel through an SM3 algorithm in a trusted platform module to obtain a new PCR measurement value, reading an encrypted standard value from a ROM, decrypting the encrypted standard value by taking a security encryption key as a kernel key through an SM4 algorithm, and comparing the decrypted standard value with the new PCR measurement value, wherein if the comparison is passed, starting the kernel continuously, and if the comparison is not passed, interrupting the starting process of the kernel;
S2, after the kernel is started, measuring preset key information of the file system through an SM3 algorithm in the trusted platform module when the file system is loaded, obtaining a PCR value of new preset key information, reading a standard value of the encrypted preset key information from the ROM, decrypting by using a SM4 algorithm with a secure encryption key as a kernel key, comparing the standard value of the decrypted preset key information with the PCR value of the new preset key information, loading the file system by the kernel if the comparison is passed, and otherwise, interrupting the loading of the file system by the kernel.
In the embodiment of the invention, the acquisition of the secure encryption key specifically comprises the following steps:
The embedded system reads a Bootloader, loads a system program, completes initialization on peripheral hardware, firstly reads a section of SRAM initial Value Seed-Value with the size of k bits, generates an n-bit standard BCH codeword through BCH coding the SRAM initial Value Seed-Value, and additionally reads a section of SRAM initial Value identifier-Value with the size of n bits;
the verification stage comprises the steps of after the embedded system is powered on, reading an identification code NID with noise of n bits with the same address length as the SRAM initial Value of the registration stage, reading n bit Data Helper-Data stored in a nonvolatile memory, performing exclusive OR operation on the n bit identification code NID with noise and the n bit Data Helper-Data to obtain an n bit BCH code with errors, performing BCH decoding operation on the n bit BCH code with errors, generating an n bit standard BCH code if the actual errors are smaller than the design error tolerance t, and if the system authentication is successful, otherwise, performing BCH decoding failure, performing exclusive OR operation on the n bit standard BCH code generated by decoding and the n bit Data Helper-Data if the decoding is successful, recovering the n bit initial Value Id-Val used in the system registration stage, comparing the recovered n bit initial Value Id-Val with the initial Value Id-Val generated in the system registration, and completing the normal operation of the system;
The hash processing stage is used for carrying out hash operation on the n bits initial Value Identified-Value recovered in the verification stage by using an SM3 algorithm after the verification is successful in the verification stage and the system operates normally, so as to generate a secure encryption key;
The encrypted standard value is obtained by measuring the kernel through an SM3 algorithm in a trusted platform module when the kernel is loaded after the embedded system is powered on, obtaining a PCR measurement value of the kernel as a verification standard value, encrypting the verification standard value by adopting an SM4 algorithm and taking a safe encryption key as a kernel key, and storing the verification standard value in a nonvolatile memory to obtain the encrypted standard value.
The standard value of the encrypted preset key information is obtained through the steps that after a kernel is started, when a file system is loaded, the preset key information is measured through an SM3 algorithm in a trusted platform module, the obtained PCR measurement value is used as the standard value for verifying the preset key information, an SM4 algorithm is adopted, a safe encryption key is used as a kernel key, the standard value of the preset key information is encrypted, and the encrypted standard value of the preset key information is stored in a nonvolatile memory.
Example 3
Referring to fig. 7, the present invention provides a terminal security protection device based on a star-shaped trust chain, which includes:
The kernel verification module is used for measuring the kernel through an SM3 algorithm in the trusted platform module after the embedded system is started to obtain a new PCR measurement value, reading an encrypted standard value from the ROM, decrypting the encrypted standard value by adopting an SM4 algorithm and taking a security encryption key as a kernel key, and comparing the decrypted standard value with the new PCR measurement value, wherein if the comparison is passed, starting the kernel continuously, and if the comparison is not passed, interrupting the starting process of the kernel;
The key information verification module is used for measuring preset key information of the file system through an SM3 algorithm in the trusted platform module when the file system is loaded after the kernel is started, obtaining a new PCR value of the preset key information, reading a standard value of the encrypted preset key information from the ROM, decrypting the encrypted standard value by using a SM4 algorithm with a security encryption key as a kernel key, comparing the decrypted standard value of the preset key information with the new PCR value of the preset key information, and loading the file system by the kernel if the comparison is passed, otherwise, interrupting the loading of the file system by the kernel.
Example 4
Referring to fig. 8, the present invention further provides an electronic device 100, where the electronic device 100 includes a memory 101, at least one processor 102, a computer program 103 stored in the memory 101 and executable on the at least one processor 102, and at least one communication bus 104.
Memory 101 may be used to store the computer program 103, and the processor 102 implements the star-based trust chain terminal security protection steps of embodiments 1 or 2 by running or executing the computer program stored in the memory 101 and invoking data stored in the memory 101. The memory 101 may mainly include a storage program area that may store an operating system, application programs required for at least one function (such as a sound playing function, an image playing function, etc.), etc., and a storage data area that may store data (such as audio data) created according to the use of the electronic device 100, etc. In addition, memory 101 may include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart memory card (SMART MEDIA CARD, SMC), secure Digital (SD) card, flash memory card (FLASH CARD), at least one disk storage device, flash memory device, or other non-volatile solid-state storage device.
The at least one Processor 102 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), field-Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 102 may be a microprocessor or the processor 102 may be any conventional processor or the like, the processor 102 being a control center of the electronic device 100, the various interfaces and lines being utilized to connect various portions of the overall electronic device 100.
The memory 101 in the electronic device 100 stores a plurality of instructions to implement star-based trust chain terminal security, the processor 102 being executable to implement:
The embedded system is started, a new PCR metric value is obtained by measuring the kernel through a first algorithm in the trusted platform module, an encrypted standard value is read from the ROM, and the encrypted standard value is decrypted by adopting a second algorithm and taking a secure encryption key as a kernel key;
After the kernel is started, when the file system is loaded, measuring preset key information of the file system through a first algorithm in the trusted platform module to obtain a new PCR value of the preset key information, reading a standard value of the encrypted preset key information from the ROM, decrypting by using a second algorithm with a secure encryption key as a kernel key, comparing the decrypted standard value of the preset key information with the new PCR value of the preset key information, and if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel.
Example 5
The modules/units integrated in the electronic device 100 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, and a Read-Only Memory (ROM).
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the specific embodiments of the present invention without departing from the spirit and scope of the present invention, and any modifications and equivalents are intended to be included in the scope of the claims of the present invention.

Claims (7)

1.基于星型信任链的终端安全防护方法,其特征在于,包括:1. A terminal security protection method based on a star-shaped trust chain, characterized by comprising: 嵌入式系统启动,通过第一算法对内核进行度量,获得新的PCR度量值;从ROM读取加密后的标准值,采用第二算法以安全加密密钥为内核密钥解密;对解密后的标准值和所述新的PCR度量值进行比对:如果比对通过,继续启动内核,如果比对不通过,中断内核的启动过程;The embedded system starts up, measures the kernel by the first algorithm, and obtains a new PCR measurement value; reads the encrypted standard value from the ROM, and decrypts it by the second algorithm with the security encryption key as the kernel key; compares the decrypted standard value with the new PCR measurement value: if the comparison passes, continues to start the kernel; if the comparison fails, interrupts the kernel startup process; 内核启动后,在加载文件系统时,通过的第一算法对文件系统的预设关键信息进行度量,获得新的预设关键信息的PCR值;从ROM读取加密后预设关键信息的标准值,用第二算法以安全加密密钥为内核密钥解密;对解密后的预设关键信息的标准值和新的预设关键信息的PCR值比对,若比对通过,内核加载文件系统,否则内核中断加载文件系统;After the kernel is started, when loading the file system, the preset key information of the file system is measured by the first algorithm to obtain the PCR value of the new preset key information; the standard value of the encrypted preset key information is read from the ROM, and the second algorithm is used to decrypt the encrypted preset key information with the security encryption key as the kernel key; the standard value of the decrypted preset key information is compared with the PCR value of the new preset key information, and if the comparison is successful, the kernel loads the file system, otherwise the kernel interrupts the loading of the file system; 其中,所述加密后的标准值和安全加密密钥根据所述嵌入式系统的部件获得;wherein the encrypted standard value and the secure encryption key are obtained according to the components of the embedded system; 所述安全加密密钥的获取具体包括以步骤:The acquisition of the security encryption key specifically includes the following steps: 注册阶段:嵌入式系统读取引导加载程序,加载系统程序,对外围硬件完成初始化;嵌入式系统首先读取一段大小为k bits的静态随机存取存储器初始值,称作初始值Seed-Value;将初始值Seed-Value经过BCH编码,生成n bits标准BCH码字;嵌入式系统另外读取一段大小为n bits的静态随机存取存储器初始值,称作初始值Identified-Value;将nbits标准BCH码字与n bits初始值Identified-Value做异或处理,生成n bits数据Helper-Data,将n bits数据Helper-Data加密后保存于非易失性存储器上;Registration phase: The embedded system reads the boot loader, loads the system program, and initializes the peripheral hardware; the embedded system first reads a segment of k bits of static random access memory initial value, called the initial value Seed-Value; the initial value Seed-Value is encoded by BCH to generate an n-bit standard BCH codeword; the embedded system also reads a segment of n bits of static random access memory initial value, called the initial value Identified-Value; the n-bits standard BCH codeword is XORed with the n-bit initial value Identified-Value to generate n-bit data Helper-Data, and the n-bit data Helper-Data is encrypted and stored in the non-volatile memory; 验证阶段:在嵌入式系统加电后,读取与注册阶段静态随机存取存储器初始值Identified-Value相同地址相同长度n bits带有噪声的识别码NID;读取非易失性存储器保存的n bits数据Helper-Data;将n bits带有噪声的识别码NID与n bits数据Helper-Data做异或操作,得到n bits带有错误的BCH码;将n bits带有错误的BCH码经过BCH译码操作,若实际错误小于设计纠错容限t,生成n bits标准BCH码,系统认证成功,否则,BCH译码失败;若译码成功,则将译码生成的n bits标准BCH码与n bits数据Helper-Data做异或操作,恢复出系统注册阶段使用的n bits初始值Identified-Value;将恢复出来的n bits初始值Identified-Value与系统注册时产生的初始值Identified-Value比较,相同为成功;验证阶段完成,开始系统正常运行;Verification phase: After the embedded system is powered on, read the n-bit noisy identification code NID with the same address and length as the initial value Identified-Value in the static random access memory during the registration phase; read the n-bit data Helper-Data stored in the non-volatile memory; perform an XOR operation on the n-bit noisy identification code NID and the n-bit data Helper-Data to obtain the n-bit BCH code with errors; perform a BCH decoding operation on the n-bit BCH code with errors. If the actual error is less than the designed error correction tolerance t, an n-bit standard BCH code is generated and the system authentication is successful. Otherwise, the BCH decoding fails. If the decoding is successful, perform an XOR operation on the n-bit standard BCH code generated by the decoding and the n-bit data Helper-Data to restore the n-bit initial value Identified-Value used in the system registration phase; compare the restored n-bit initial value Identified-Value with the initial value Identified-Value generated when the system is registered, and if they are the same, it is successful; the verification phase is completed and the system starts to operate normally; hash处理阶段:在验证阶段验证成功,系统正常运行后,对验证阶段恢复出来的n bits初始值Identified-Value使用第一算法hash运算,生成安全加密密钥;Hash processing stage: After the verification is successful in the verification stage and the system is running normally, the first algorithm is used to perform hash operation on the n bits of the initial value Identified-Value recovered in the verification stage to generate a secure encryption key; 所述第一算法为SM3算法;所述第二算法为SM4算法。The first algorithm is the SM3 algorithm; the second algorithm is the SM4 algorithm. 2.根据权利要求1所述的基于星型信任链的终端安全防护方法,其特征在于,所述从ROM读取加密后的标准值,采用第二算法以安全加密密钥为内核密钥解密的步骤中,所述加密后的标准值通过以下步骤获得:2. The terminal security protection method based on the star-shaped trust chain according to claim 1 is characterized in that, in the step of reading the encrypted standard value from the ROM and decrypting it using the second algorithm with the security encryption key as the kernel key, the encrypted standard value is obtained by the following steps: 在嵌入式系统加电后,加载内核时,通过第一算法对内核进行度量,获得内核的PCR度量值作为校验的标准值;采用第二算法,以安全加密密钥为内核密钥,对校验的标准值进行加密处理,存储于非易失性存储器中,获得加密后的标准值。After the embedded system is powered on, when the kernel is loaded, the kernel is measured by the first algorithm to obtain the PCR measurement value of the kernel as the standard value for verification; the second algorithm is used, with the security encryption key as the kernel key, to encrypt the standard value for verification, store it in a non-volatile memory, and obtain the encrypted standard value. 3.根据权利要求1所述的基于星型信任链的终端安全防护方法,其特征在于,所述从ROM读取加密后预设关键信息的标准值,用第二算法以安全加密密钥为内核密钥解密的步骤中,所述加密后预设关键信息的标准值通过以下步骤获得:3. The terminal security protection method based on the star-shaped trust chain according to claim 1 is characterized in that, in the step of reading the standard value of the encrypted preset key information from the ROM and decrypting it using the second algorithm with the security encryption key as the kernel key, the standard value of the encrypted preset key information is obtained by the following steps: 内核启动后,在加载文件系统时,通过第一算法对预设关键信息进行度量,获得的PCR度量值作为校验预设关键信息的标准值;采用第二国密算法,以安全加密密钥为内核密钥,对预设关键信息的标准值进行加密处理,存储于非易失性存储器中,获得加密后预设关键信息的标准值。After the kernel is started, when the file system is loaded, the preset key information is measured by the first algorithm, and the obtained PCR measurement value is used as the standard value for verifying the preset key information; the second national secret algorithm is adopted, and the security encryption key is used as the kernel key to encrypt the standard value of the preset key information and store it in the non-volatile memory to obtain the standard value of the encrypted preset key information. 4.基于星型信任链的终端安全防护装置,其特征在于,包括:4. A terminal security protection device based on a star-shaped trust chain, characterized by comprising: 内核校验模块,用于在嵌入式系统启动后,通过第一算法对内核进行度量,获得新的PCR度量值;从ROM读取加密后的标准值,采用第二算法以安全加密密钥为内核密钥解密;对解密后的标准值和所述新的PCR度量值进行比对:如果比对通过,继续启动内核,如果比对不通过,中断内核的启动过程;The kernel verification module is used to measure the kernel by the first algorithm after the embedded system is started to obtain a new PCR measurement value; read the encrypted standard value from the ROM, and decrypt it by using the second algorithm with the security encryption key as the kernel key; compare the decrypted standard value with the new PCR measurement value: if the comparison passes, continue to start the kernel, if the comparison fails, interrupt the kernel startup process; 关键信息校验模块,用于再内核启动后,在加载文件系统时,通过第一算法对文件系统的预设关键信息进行度量,获得新的预设关键信息的PCR值;从ROM读取加密后预设关键信息的标准值,用第二算法以安全加密密钥为内核密钥解密;对解密后的预设关键信息的标准值和新的预设关键信息的PCR值比对,若比对通过,内核加载文件系统,否则内核中断加载文件系统;The key information verification module is used to measure the preset key information of the file system by the first algorithm when loading the file system after the kernel is started, and obtain the PCR value of the new preset key information; read the standard value of the encrypted preset key information from the ROM, and decrypt it by the second algorithm with the security encryption key as the kernel key; compare the standard value of the decrypted preset key information with the PCR value of the new preset key information, if the comparison is passed, the kernel loads the file system, otherwise the kernel interrupts the loading of the file system; 其中,所述加密后的标准值和安全加密密钥根据所述嵌入式系统的部件获得;wherein the encrypted standard value and the secure encryption key are obtained according to the components of the embedded system; 所述内核校验模块和所述关键信息校验模块中用到的安全加密密钥的获取具体包括以步骤:The acquisition of the security encryption key used in the kernel verification module and the key information verification module specifically includes the following steps: 注册阶段:嵌入式系统读取引导加载程序,加载系统程序,对外围硬件完成初始化;嵌入式系统首先读取一段大小为k bits的静态随机存取存储器初始值Seed-Value;将静态随机存取存储器初始值Seed-Value经过BCH编码,生成n bits标准BCH码字;嵌入式系统另外读取一段大小为n bits的静态随机存取存储器初始值Identified-Value;将n bits标准BCH码字与静态随机存取存储器初始值Identified-Value做异或处理,生成n bits数据Helper-Data,将n bits数据Helper-Data加密后保存于非易失性存储器上;Registration phase: The embedded system reads the boot loader, loads the system program, and initializes the peripheral hardware; the embedded system first reads a section of k bits of static random access memory initial value Seed-Value; the static random access memory initial value Seed-Value is encoded by BCH to generate n bits of standard BCH codeword; the embedded system also reads a section of n bits of static random access memory initial value Identified-Value; the n bits of standard BCH codeword and the static random access memory initial value Identified-Value are XORed to generate n bits of data Helper-Data, and the n bits of data Helper-Data are encrypted and stored in the non-volatile memory; 验证阶段:在嵌入式系统加电后,读取与注册阶段静态随机存取存储器初始值Identified-Value相同地址相同长度n bits带有噪声的识别码NID;读取非易失性存储器保存的n bits数据Helper-Data;将n bits带有噪声的识别码NID与n bits数据Helper-Data做异或操作,得到n bits带有错误的BCH码;将n bits带有错误的BCH码经过BCH译码操作,若实际错误小于设计纠错容限t,生成n bits标准BCH码,系统认证成功,否则,BCH译码失败;若译码成功,则将译码生成的n bits标准BCH码与n bits数据Helper-Data做异或操作,恢复出系统注册阶段使用的n bits初始值Identified-Value;将恢复出来的n bits初始值Identified-Value与系统注册时产生的初始值Identified-Value比较,相同为成功;验证阶段完成,开始系统正常运行;Verification phase: After the embedded system is powered on, read the n-bit noisy identification code NID with the same address and length as the initial value Identified-Value in the static random access memory during the registration phase; read the n-bit data Helper-Data stored in the non-volatile memory; perform an XOR operation on the n-bit noisy identification code NID and the n-bit data Helper-Data to obtain the n-bit BCH code with errors; perform a BCH decoding operation on the n-bit BCH code with errors. If the actual error is less than the designed error correction tolerance t, an n-bit standard BCH code is generated and the system authentication is successful. Otherwise, the BCH decoding fails. If the decoding is successful, perform an XOR operation on the n-bit standard BCH code generated by the decoding and the n-bit data Helper-Data to restore the n-bit initial value Identified-Value used in the system registration phase; compare the restored n-bit initial value Identified-Value with the initial value Identified-Value generated when the system is registered, and if they are the same, it is successful; the verification phase is completed and the system starts to operate normally; hash处理阶段:在验证阶段验证成功,系统正常运行后,对验证阶段恢复出来的n bits初始值Identified-Value使用第一算法hash运算,生成安全加密密钥;Hash processing stage: After the verification is successful in the verification stage and the system is running normally, the first algorithm is used to perform hash operation on the n bits of the initial value Identified-Value recovered in the verification stage to generate a secure encryption key; 所述第一算法为SM3算法;所述第二算法为SM4算法。The first algorithm is the SM3 algorithm; the second algorithm is the SM4 algorithm. 5.根据权利要求4所述的基于星型信任链的终端安全防护装置,其特征在于,内核校验模块中加密后的标准值通过以下步骤获得:在嵌入式系统加电后,加载内核时,通过第一算法对内核进行度量,获得内核的PCR度量值作为校验的标准值;采用第二算法,以安全加密密钥为内核密钥,对校验的标准值进行加密处理,存储于非易失性存储器中,获得加密后的标准值;5. The terminal security protection device based on the star-shaped trust chain according to claim 4 is characterized in that the encrypted standard value in the kernel verification module is obtained by the following steps: after the embedded system is powered on, when the kernel is loaded, the kernel is measured by a first algorithm to obtain the PCR measurement value of the kernel as the standard value for verification; a second algorithm is used to encrypt the standard value for verification with a secure encryption key as the kernel key, and the encrypted standard value is stored in a non-volatile memory to obtain the encrypted standard value; 所述关键信息校验模块中加密后预设关键信息的标准值通过以下步骤获得:内核启动后,在加载文件系统时,通过第一算法对预设关键信息进行度量,获得的PCR度量值作为校验预设关键信息的标准值;采用第二算法,以安全加密密钥为内核密钥,对预设关键信息的标准值进行加密处理,存储于非易失性存储器中,获得加密后预设关键信息的标准值。The standard value of the encrypted preset key information in the key information verification module is obtained by the following steps: after the kernel is started, when the file system is loaded, the preset key information is measured by a first algorithm, and the obtained PCR measurement value is used as the standard value for verifying the preset key information; a second algorithm is used, with the security encryption key as the kernel key, to encrypt the standard value of the preset key information, store it in a non-volatile memory, and obtain the standard value of the encrypted preset key information. 6.一种电子设备,其特征在于,包括处理器和存储器,所述处理器用于执行存储器中存储的计算机程序以实现如权利要求1至3中任意一项所述的基于星型信任链的终端安全防护方法。6. An electronic device, characterized in that it includes a processor and a memory, wherein the processor is used to execute a computer program stored in the memory to implement the terminal security protection method based on the star-shaped trust chain as described in any one of claims 1 to 3. 7.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有至少一个指令,所述至少一个指令被处理器执行时实现如权利要求1至3中任意一项所述的基于星型信任链的终端安全防护方法。7. A computer-readable storage medium, characterized in that the computer-readable storage medium stores at least one instruction, and when the at least one instruction is executed by a processor, it implements the terminal security protection method based on the star trust chain as described in any one of claims 1 to 3.
CN202210436201.0A 2022-04-22 2022-04-22 Terminal security protection method, device, equipment and medium based on star-shaped trust chain Active CN114817931B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210436201.0A CN114817931B (en) 2022-04-22 2022-04-22 Terminal security protection method, device, equipment and medium based on star-shaped trust chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210436201.0A CN114817931B (en) 2022-04-22 2022-04-22 Terminal security protection method, device, equipment and medium based on star-shaped trust chain

Publications (2)

Publication Number Publication Date
CN114817931A CN114817931A (en) 2022-07-29
CN114817931B true CN114817931B (en) 2025-04-08

Family

ID=82506648

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210436201.0A Active CN114817931B (en) 2022-04-22 2022-04-22 Terminal security protection method, device, equipment and medium based on star-shaped trust chain

Country Status (1)

Country Link
CN (1) CN114817931B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117807605A (en) * 2022-09-23 2024-04-02 华为技术有限公司 Data protection method and electronic device
CN115941203A (en) * 2022-11-28 2023-04-07 重庆智网科技有限公司信息通信分公司 A method and device for securely storing private keys based on PUF technology
CN117131519B (en) * 2023-02-27 2024-06-11 荣耀终端有限公司 Information protection method and device
US20250047712A1 (en) * 2023-08-02 2025-02-06 Dell Products L.P. Contextual security policy engine for compute node clusters
CN116880331B (en) * 2023-08-18 2025-07-22 江苏金智科技股份有限公司 Low-cost trusted loading method and system for embedded main control chip
CN119903525A (en) * 2024-12-31 2025-04-29 中国南方电网有限责任公司 A safe startup method and system for a control chip of a low voltage power distribution system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN205356399U (en) * 2015-12-21 2016-06-29 浙江工业职业技术学院 Network safety isolating device
CN106384052A (en) * 2016-08-26 2017-02-08 浪潮电子信息产业股份有限公司 A method for realizing BMC U‑boot trusted boot control

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7343493B2 (en) * 2002-03-28 2008-03-11 Lenovo (Singapore) Pte. Ltd. Encrypted file system using TCPA
US8166304B2 (en) * 2007-10-02 2012-04-24 International Business Machines Corporation Support for multiple security policies on a unified authentication architecture
US8332636B2 (en) * 2007-10-02 2012-12-11 International Business Machines Corporation Secure policy differentiation by secure kernel design
DE102008021567B4 (en) * 2008-04-30 2018-03-22 Globalfoundries Inc. Computer system with secure boot mechanism based on symmetric key encryption
CN101576944B (en) * 2008-11-20 2011-09-07 武汉大学 Computer secure startup system based on trusted platform module and method thereof
DE102015001801A1 (en) * 2015-02-16 2016-08-18 IAD Gesellschaft für Informatik, Automatisierung und Datenverarbeitung mbH Autonomous booting system with encryption of the entire data memory and method therefor
CN106384053A (en) * 2016-09-14 2017-02-08 江苏北弓智能科技有限公司 Trusted boot method and apparatus for mobile operation system
CN108280351A (en) * 2017-12-25 2018-07-13 上海电力学院 A kind of credible startup method of the electricity consumption acquisition terminal based on TPM
CN109995507A (en) * 2019-04-19 2019-07-09 武汉大学 A PUF-based key generation method and device, and private key storage method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN205356399U (en) * 2015-12-21 2016-06-29 浙江工业职业技术学院 Network safety isolating device
CN106384052A (en) * 2016-08-26 2017-02-08 浪潮电子信息产业股份有限公司 A method for realizing BMC U‑boot trusted boot control

Also Published As

Publication number Publication date
CN114817931A (en) 2022-07-29

Similar Documents

Publication Publication Date Title
CN114817931B (en) Terminal security protection method, device, equipment and medium based on star-shaped trust chain
US20250247254A1 (en) Verification of identity using a secret key
US11693754B2 (en) Aggregate GHASH-based message authentication code (MAC) over multiple cachelines with incremental updates
Zhao et al. Providing root of trust for ARM TrustZone using on-chip SRAM
CN109313690B (en) Self-contained encrypted boot policy verification
US10216964B2 (en) Semiconductor integrated circuit and system
EP2965254B1 (en) Systems and methods for maintaining integrity and secrecy in untrusted computing platforms
US12524579B2 (en) SRAM physically unclonable function (PUF) memory for generating keys based on device owner
JP2010527219A (en) Method and system for electronically securing electronic device security using functions that cannot be physically copied
JP2013541783A5 (en)
JP2008204459A (en) Hibernation of processing apparatus for processing secure data
JP2011522469A (en) Integrated circuit having protected software image and method therefor
CN109995507A (en) A PUF-based key generation method and device, and private key storage method
Eichhorn et al. Logically reconfigurable PUFs: Memory-based secure key storage
US11874928B2 (en) Security device, electronic device, secure boot management system, method for generating boot image, and method for executing boot chain
US20250005206A1 (en) Electronic system of puf-based root key entanglement with multiple digital input sequences and root key extractor
CN117688617A (en) Failure detection of cryptographic data object streams
US20240152620A1 (en) Owner revocation emulation container
CN109586898B (en) Dual-system communication key generation method and computer-readable storage medium
WO2023212178A1 (en) Sram physically unclonable function (puf) memory for generating keys based on device owner
CN117610004B (en) Firmware verification method, system startup method, device, system, equipment and medium
CN114816549B (en) Method and system for protecting bootloader and environment variable thereof
CN115941203A (en) A method and device for securely storing private keys based on PUF technology
Zhao et al. Providing Root of Trust for ARM TrustZone using SRAM PUFs.
CN120197170A (en) Computer system startup method, device, computer system, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant