[go: up one dir, main page]

CN115310136B - Data security guarantee method based on SATA bridging chip - Google Patents

Data security guarantee method based on SATA bridging chip Download PDF

Info

Publication number
CN115310136B
CN115310136B CN202211226163.2A CN202211226163A CN115310136B CN 115310136 B CN115310136 B CN 115310136B CN 202211226163 A CN202211226163 A CN 202211226163A CN 115310136 B CN115310136 B CN 115310136B
Authority
CN
China
Prior art keywords
sata
bridge chip
key
data
partition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211226163.2A
Other languages
Chinese (zh)
Other versions
CN115310136A (en
Inventor
孙玉玺
杜辉
苏云学
高凯
宗成强
李铁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Huayi Microelectronic Material Co Ltd
Original Assignee
Shanghai Huayi Microelectronic Material Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Huayi Microelectronic Material Co Ltd filed Critical Shanghai Huayi Microelectronic Material Co Ltd
Priority to CN202211226163.2A priority Critical patent/CN115310136B/en
Publication of CN115310136A publication Critical patent/CN115310136A/en
Application granted granted Critical
Publication of CN115310136B publication Critical patent/CN115310136B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • G06F13/4004Coupling between buses
    • G06F13/4027Coupling between buses using bus bridges
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开一种基于SATA桥接芯片的数据安全保障方法,属于信息安全存储技术领域。本方法将HY0168 SATA桥接芯片连接于主机/服务器与SATA存储设备之间,SATA桥接芯片作为主机/服务器与SATA存储设备之间数据传输的桥梁,对SATA指令和用户数据起到加密和转发的作用,同时SATA桥接芯片中存储有安全策略,对SATA指令和数据进行管控,防止非法侵入和后门监听;安全策略包括白名单体系、数据过滤、三方认证和分区保护,分别从指令、数据、整体系统、分区维度对数据进行安全保护。

Figure 202211226163

The invention discloses a data security guarantee method based on a SATA bridge chip, and belongs to the technical field of information security storage. This method connects the HY0168 SATA bridge chip between the host/server and the SATA storage device, and the SATA bridge chip acts as a bridge for data transmission between the host/server and the SATA storage device, and encrypts and forwards SATA commands and user data At the same time, there are security policies stored in the SATA bridge chip to control SATA commands and data to prevent illegal intrusion and backdoor monitoring; security policies include whitelist system, data filtering, three-party authentication and partition protection, respectively from commands, data, and the overall system , Partition dimension for data security protection.

Figure 202211226163

Description

基于SATA桥接芯片的数据安全保障方法Data Security Guarantee Method Based on SATA Bridge Chip

技术领域technical field

本发明涉及信息安全存储领域,具体是基于SATA桥接芯片的数据安全保障方法。The invention relates to the field of information security storage, in particular to a data security guarantee method based on a SATA bridge chip.

背景技术Background technique

随着人工智能、深度学习、知识图谱、大数据等领域的蓬勃发展,数据规模和数据安全作为支撑以上领域发展的重要基础,以数字经济为代表的新经济成为经济增长新引擎,数据作为核心生产要素成为了基础战略资源。With the vigorous development of artificial intelligence, deep learning, knowledge graph, big data and other fields, data scale and data security are important foundations to support the development of the above fields. The new economy represented by the digital economy has become a new engine of economic growth, and data is the core. Factors of production have become the basic strategic resources.

针对海量存储的设备主要分为SATA接口和PCIe接口硬盘设备,PCIe固态硬盘作为目前主要技术发展方向,占据越来越多的市场。然而SATA接口的机械硬盘(后简称HDD)、固态硬盘(后简称SSD),尤其是HDD,由于其磁存储介质的可恢复性、高DSATA Retention(数据保存时间)表现、成本低廉的特点,在更关注稳定性和价格敏感的场景例如:小规模的数据中心、高校数据库、安防视频服务器等领域,往往有着不可替代的作用。Devices for mass storage are mainly divided into SATA interface and PCIe interface hard disk devices. As the current main technology development direction, PCIe solid state drives occupy more and more markets. However, mechanical hard disk (hereinafter referred to as HDD) and solid-state hard disk (hereinafter referred to as SSD) with SATA interface, especially HDD, due to the recoverability of its magnetic storage medium, high DSATA Retention (data storage time) performance, and low cost, are widely used in the market. Scenarios that pay more attention to stability and price sensitivity, such as small-scale data centers, university databases, security video servers, etc., often play an irreplaceable role.

目前安全SSD采用的方法是使用标准的国际(AES)/国内(SM4)的密码算对数据进行加密,存储密文。而对硬盘(也指代SATA接口的SSD/HDD)通过一定的认证机制(如OPAL指令集),通过密码、硬盘序列号等手段保护使用者的合法性。这种方法对未取得认可的SSD有一定的安全防范作用,但是在认证通过后的第三方隐式攻击,例如通过SATA标准指令集更新硬盘固件、篡改分区表、伪造硬盘序列号等攻击手段显得保护能力不足。而通过主机与硬盘的直接绑定,由于两方都存储有安全信息,并且考虑到产品的兼容性和通用性的原因,对数据的窥探、暴力破解等往往是比较宽容的,例如在主机端或者硬盘就地存储密钥,会通过对内存读取或监测硬盘的特定位置进行密钥猜测。另外,对分区表的破坏可以起到对整个数据硬盘的损坏的目的。The current security SSD adopts the method of using standard international (AES)/domestic (SM4) ciphers to encrypt data and store ciphertext. For the hard disk (also referring to the SSD/HDD of the SATA interface), a certain authentication mechanism (such as the OPAL instruction set) is adopted to protect the legitimacy of the user through passwords, hard disk serial numbers and other means. This method has a certain security effect on unapproved SSDs, but after passing the certification, third-party implicit attacks, such as updating the hard disk firmware through the SATA standard instruction set, tampering with the partition table, and forging the hard disk serial number, etc. Insufficient protection. Through the direct binding between the host and the hard disk, because both parties store security information, and considering the compatibility and versatility of the product, data snooping and brute force cracking are often more tolerant, such as on the host side. Or the hard disk stores the key locally, and guesses the key by reading the memory or monitoring the specific location of the hard disk. In addition, the destruction of the partition table can serve the purpose of damaging the entire data hard disk.

发明内容Contents of the invention

针对现有技术的缺陷,本发明提供一种基于SATA桥接芯片的数据安全保障方法,在运行态对SSD进行全面的保护,有效防止指令后门、固件篡改、引导扇区攻击、接触式攻击,并且赋予通用硬盘以权限分级和设备绑定功能,达到通用存储产品专用应用的目的。Aiming at the defects of the prior art, the present invention provides a data security guarantee method based on a SATA bridge chip, which comprehensively protects the SSD in the running state, effectively prevents command backdoors, firmware tampering, boot sector attacks, and contact attacks, and Endow general-purpose hard drives with permission classification and device binding functions to achieve the purpose of special applications for general-purpose storage products.

为了解决所述技术问题,本发明采用的技术方案是:基于SATA桥接芯片的数据安全保障方法,本方法将HY0168 SATA桥接芯片连接于主机/服务器与SATA存储设备之间,SATA桥接芯片作为主机/服务器与SATA存储设备之间数据传输的桥梁,对SATA指令和用户数据起到加密和转发的作用,同时SATA桥接芯片中存储有安全策略,对SATA指令和数据进行管控,防止非法侵入和后门监听;安全策略包括白名单体系、数据过滤、三方认证和分区保护,分别从指令、数据、整体系统、分区维度对数据进行安全保护。In order to solve the technical problem, the technical solution adopted in the present invention is: a data security guarantee method based on a SATA bridge chip, this method connects the HY0168 SATA bridge chip between the host/server and the SATA storage device, and the SATA bridge chip is used as the host/server The data transmission bridge between the server and the SATA storage device plays the role of encrypting and forwarding the SATA commands and user data. At the same time, the SATA bridge chip stores security policies to control the SATA commands and data to prevent illegal intrusion and backdoor monitoring. ;Security policies include whitelist system, data filtering, three-party authentication and partition protection, which respectively protect data from the dimensions of instructions, data, overall system and partitions.

本发明中,SATA桥接芯片采用山东华翼半导体有限公司的SATA桥接芯片HY0168。In the present invention, the SATA bridge chip adopts the SATA bridge chip HY0168 of Shandong Huayi Semiconductor Co., Ltd.

针对恶意指令攻击,例如非法固件升级、覆盖管理员密码等针对SATA指令集的攻击,设置白名单体系。所述白名单体系是SATA桥接芯片对SATA指令集进行筛选,将指令集分为激活、禁止、管理三种状态,激活态下,SATA桥接芯片转发主机指令到SATA存储设备,作为数据通讯桥梁进行SATA指令数据转发,SATA存储设备作为SATA指令最终受体响应指令并通过SATA桥接芯片反馈给主机;禁止态下,SATA桥接芯片直接响应主机指令,通过显性失败或隐性失败来响应SATA指令,SATA桥接芯片作为最终SATA指令受体,不进行转发,SATA存储设备无法获取禁止态下所有指令;管理态下,SATA桥接芯片参与指令判断,根据SATA桥接芯片当前运行状态来决定进入激活态或者禁止态。Set up a whitelist system for malicious command attacks, such as illegal firmware upgrades, overriding administrator passwords, and other attacks against the SATA command set. The white list system is that the SATA bridge chip screens the SATA instruction set, and divides the instruction set into three states: activation, prohibition, and management. In the active state, the SATA bridge chip forwards the host instruction to the SATA storage device as a data communication bridge. SATA command data forwarding, the SATA storage device responds to the command as the final receptor of the SATA command and feeds back to the host through the SATA bridge chip; in the prohibited state, the SATA bridge chip directly responds to the host command, and responds to the SATA command through a dominant failure or a recessive failure. The SATA bridge chip acts as the final SATA command acceptor and does not forward it. The SATA storage device cannot obtain all commands in the forbidden state; in the management state, the SATA bridge chip participates in command judgment, and decides to enter the active state or prohibit it according to the current operating state of the SATA bridge chip. state.

具体的,SATA桥接芯片通过SATA指令集筛选器对SATA指令集进行筛选,激活态和禁止态由SATA指令集筛选器直接处理,管理态先由SATA指令集筛选器判断,然后传递给SATA桥接芯片,由SATA桥接芯片进行指令和状态判断。Specifically, the SATA bridge chip screens the SATA instruction set through the SATA instruction set filter, the activation state and the prohibition state are directly processed by the SATA instruction set filter, and the management state is first judged by the SATA instruction set filter, and then passed to the SATA bridge chip , the SATA bridge chip performs command and status judgment.

针对对分区表的恶意破坏攻击设置数据过滤,数据过滤是对MBR分区表进行保护,防范主引导分区攻击,具体做法是MBR分区表修改依赖于定制工具,无法通过第三方工具进行修改,当SATA桥接芯片检测到MBR数据修改时,判断当前操作是否是合法用户行为,如果是,则继续,如果不是,则反馈修改失败,然后SATA桥接芯片随机生成一个硬盘实际容量范围之外的LBA地址S,第三方工具获取地址S后生成新分区表信息,并通过S地址写入,SATA桥接芯片解析分区表信息并判断解析出的S与原生成的S是否一致,如果一致则将分区表信息写入SATA桥接芯片内部,并根据分区表修改SATA存储设备分区表的信息和位置,SATA桥接芯片复位,返回分区表修改成功。Data filtering is set for malicious damage attacks on the partition table. Data filtering is to protect the MBR partition table and prevent master boot partition attacks. The specific method is that the modification of the MBR partition table depends on custom tools and cannot be modified by third-party tools. When the bridge chip detects that the MBR data is modified, it judges whether the current operation is a legal user behavior. If yes, it continues. If not, the feedback modification fails, and then the SATA bridge chip randomly generates an LBA address S outside the actual capacity of the hard disk. The third-party tool obtains the address S to generate new partition table information, and writes it through the S address. The SATA bridge chip analyzes the partition table information and judges whether the parsed S is consistent with the original generated S. If they are consistent, the partition table information is written Inside the SATA bridge chip, modify the information and location of the partition table of the SATA storage device according to the partition table, reset the SATA bridge chip, and return that the partition table has been modified successfully.

为了保证安全,S具有一定的保活时间,SATA桥接芯片通过定时器计时,在超过保活时间后,S失效。每次修改MBR分区表时,S重新产生,每次使用S后,SATA桥接芯片将丢弃S不再使用。In order to ensure safety, S has a certain keep-alive time, and the SATA bridge chip counts through a timer. After the keep-alive time is exceeded, S becomes invalid. Every time the MBR partition table is modified, S is regenerated. After using S every time, the SATA bridge chip will discard S and no longer use it.

正常情况下,系统可以读取MBR地址(LBA0)/ GPT(LBA2)获取分区信息,但是当LBA0/LBA2遭受非法写入攻击,HY0168固件将拒绝写入操作,重新分区或者格式化必须通过专用工具进行修改,这样保证了分区表以及分区分配的合法性。分区成功后,将分区表存放到HY0168的内部存储区中,不存储到外部硬盘。当HY0168与硬盘分离,由于硬盘存储的分区表是错误的,在脱离对应的HY0168的情况下,单独连接硬盘呈现未初始化状态。针对GPT分区,也可以通过存储LBA2(GPT分区表的关键数据是存储在LBA2中)来完成分区表保护。Under normal circumstances, the system can read the MBR address (LBA0) / GPT (LBA2) to obtain partition information, but when LBA0/LBA2 suffers from illegal write attacks, the HY0168 firmware will reject the write operation, and special tools must be used to repartition or format Modify it to ensure the legality of the partition table and partition assignment. After the partition is successful, store the partition table in the internal storage area of HY0168 instead of the external hard disk. When HY0168 is separated from the hard disk, because the partition table stored in the hard disk is wrong, in the case of detaching from the corresponding HY0168, the hard disk connected alone will appear in an uninitialized state. For GPT partitions, partition table protection can also be completed by storing LBA2 (the key data of the GPT partition table is stored in LBA2).

针对通用设备的抗攻击情况和篡改序列号等行为,HY0168提出了一套以HY0168为中间介质的三方认证的方法。三方认证是由SATA桥接芯片基于国产商密算法分别认证主机和SATA存储设备,对主机、SATA桥接芯片、SATA存储设备进行三方绑定,主机端要求BIOS或TPM模块支持SM2加解密算法,并具备非易失存储功能;三方认证的流程为:Aiming at the anti-attack situation and tampering serial number of general equipment, HY0168 proposes a set of three-party authentication methods using HY0168 as the intermediate medium. The three-party authentication is based on the SATA bridge chip to authenticate the host and the SATA storage device based on the domestic commercial secret algorithm, and perform three-party binding on the host, SATA bridge chip, and SATA storage device. The host side requires the BIOS or TPM module to support the SM2 encryption and decryption algorithm, and has Non-volatile storage function; the three-party certification process is:

上电后BIOS/TPM获取SATA桥接芯片HY0168生成的SM2密钥对(Pub_a,Pri_a),Pub_a 表示该密钥对中的公钥,Pri_a 表示该密钥对中的私钥,BIOS/TPM获取公钥Pub_a,BIOS/TPM生成一组SM2密钥对(Pub_b,Pri_b), Pub_b表示该密钥对中的公钥,Pri_b表示该密钥对中的私钥,读取BIOS/TPM存储的密钥分量R1,产生一组随机数R11,R11与R1长度相同,将R1、R11以及Pub_b进行连接操作产生C,即C= R1‖R11‖Pub_b,使用Pub_a加密C,加密结果为C1,则C1=SM2Pub_a(C),将C1发送给SATA桥接芯片HY0168, SATA桥接芯片HY0168使用Pri_a解密C1得到C,然后读取HY0168 SATA桥接芯片中存储的R2,计算得到R,R=R1 XORR2,计算SM3(R)并比较存储在HY0168 SATA桥接芯片中的SM3(R)是否一致,如果一致,则认证通过,计算R22,R22 = R XOR R11,R是SATA桥接芯片中设置的计算参数,R=R1 XOR R2,并且R在SATA桥接芯片中以哈希值的方式存储,使用Pub_b加密R11,即C2=SM2Pub_b(R11),发送C2至BIOS/TPM,使用BIOS/TPM模块生成的SM2私钥Pri_b解密C2得到R11,比对R11与R11是否一致,如果一致,则将R1更新为R11,HY0168 SATA桥接芯片将R2更新为R22;After power-on, BIOS/TPM obtains the SM2 key pair (Pub_a, Pri_a) generated by SATA bridge chip HY0168. Pub_a represents the public key in the key pair, and Pri_a represents the private key in the key pair. BIOS/TPM obtains the public key pair. Key Pub_a, BIOS/TPM generates a set of SM2 key pairs (Pub_b, Pri_b), Pub_b represents the public key in the key pair, Pri_b represents the private key in the key pair, and reads the key stored in BIOS/TPM Component R1 generates a set of random numbers R11, R11 and R1 have the same length, connect R1, R11 and Pub_b to generate C, that is, C= R1‖R11‖Pub_b, use Pub_a to encrypt C, and the encrypted result is C1, then C1= SM2Pub_a(C), send C1 to SATA bridge chip HY0168, SATA bridge chip HY0168 uses Pri_a to decrypt C1 to get C, then read R2 stored in HY0168 SATA bridge chip, calculate R ' , R ' = R1 XORR2, calculate SM3 (R ' ) and compare whether the SM3 (R) stored in the HY0168 SATA bridge chip is consistent. If it is consistent, the certification is passed. Calculate R22, R22 = R XOR R11, R is the calculation parameter set in the SATA bridge chip, R= R1 XOR R2, and R is stored as a hash value in the SATA bridge chip, use Pub_b to encrypt R11, that is, C2=SM2Pub_b (R11), send C2 to BIOS/TPM, and use the SM2 private key Pri_b generated by the BIOS/TPM module Decrypt C2 to get R'11 , compare whether R'11 is consistent with R11, if they are consistent, update R1 to R11, and HY0168 SATA bridge chip to update R2 to R22;

读取SATA存储设备序列号S1、隐藏空间的关键信息S2进入SATA桥接芯片与存储设备互认,认证一致后,三方设备相互信任,SATA存储设备进行数据通路释放,将存储在SATA存储设备内部的真实分区表信息发送给主机,主机开始对硬盘进行识别。Read the serial number S1 of the SATA storage device and the key information S2 of the hidden space to enter the SATA bridge chip and the storage device for mutual recognition. After the authentication is consistent, the three-party devices trust each other. The real partition table information is sent to the host, and the host begins to recognize the hard disk.

针对单一密钥对全盘数据的保护强度不够的问题,设置分区保护机制。分区保护是指在SATA桥接芯片内集成LBA分析器和分区密钥扩展模块,分区密钥扩展模块与分区相对应,用于存储每个分区的范围、密钥和模式,并且分区密钥扩展模块进行密钥扩展,完成每个分区的密钥装配;数据传输时,LBA分析器根据每次写入数据的地址和长度解析得到LBA和分区对应关系,调用对应的分区密钥扩展模块的密钥信息进行数据加解密操作。A partition protection mechanism is set up to solve the problem that a single key is not strong enough to protect data on the entire disk. Partition protection refers to the integration of LBA analyzer and partition key expansion module in the SATA bridge chip. The partition key expansion module corresponds to the partition and is used to store the range, key and mode of each partition, and the partition key expansion module Carry out key expansion and complete the key assembly of each partition; during data transmission, the LBA analyzer analyzes the corresponding relationship between LBA and partition according to the address and length of each written data, and calls the key of the corresponding partition key expansion module Information for data encryption and decryption operations.

分区密钥来源包括自动产生和外部导入,HY0168固件量产阶段决定密钥产生模式。Partition key sources include automatic generation and external import, and the HY0168 firmware mass production stage determines the key generation mode.

自动产生:HY0168固件量产完成后,量产工具生成密钥信息,密钥存储到HY0168内部非易失存储区,并且锁定外部导入和密钥生成功能。Automatic generation: After the mass production of HY0168 firmware is completed, the mass production tool generates key information, the key is stored in the internal non-volatile storage area of HY0168, and the external import and key generation functions are locked.

外部导入:HY0168固件量产完成后,量产工具不生成密钥信息,通过安全方法将密钥由外部导入密钥,密钥存储到HY0168内部非易失存储区,并且锁定密钥生成功能。External import: After the mass production of HY0168 firmware is completed, the mass production tool does not generate key information, and the key is imported from the outside through a safe method, and the key is stored in the internal non-volatile storage area of HY0168, and the key generation function is locked.

从数据恢复角度,外部导入密钥用户友好性更高。由于外部导入是由使用厂商完成,密钥由使用厂商保管并进行维护,在HY0168损坏或者进入快速销毁后,可通过重新导入密钥进行密钥导入国产,保证硬盘数据依然可用。From the perspective of data recovery, externally imported keys are more user-friendly. Since the external import is completed by the user, and the key is kept and maintained by the user, after the HY0168 is damaged or enters rapid destruction, the key can be imported to China by re-importing the key to ensure that the hard disk data is still available.

从数据安全角度,自动生成密钥安全性更高。自动产生密钥无法被导出到外部,并且一旦产生会锁定外部导入和密钥生成功能,在HY0168损坏或者进入快速销毁后,HY0168将自动重新生成新密钥替代旧密钥,密钥将永久失去,硬盘数据将无法恢复。From the perspective of data security, automatic key generation is more secure. The automatically generated key cannot be exported to the outside, and once generated, the external import and key generation functions will be locked. After the HY0168 is damaged or enters rapid destruction, the HY0168 will automatically regenerate a new key to replace the old key, and the key will be permanently lost. , the data on the hard disk cannot be recovered.

本发明的有益效果:本发明在主机/服务器与SATA存储设备之间,将SATA桥接芯片定义为“门卫”角色,通过白名单体系、数据过滤、分区密钥、三方认证等机制,在运行态对SSD进行全面的保护,并且通过在主板增加HY0168,完成通用硬盘存储设备变为高安全等级的专用存储设备目的。本发明可以解决存储数据安全及稳定性的问题,利于快速市场化推广,尤其是关注存储安全的行业,具备十分广泛的产业化前景。Beneficial effects of the present invention: the present invention defines the SATA bridge chip as the role of "guard" between the host/server and the SATA storage device, and through mechanisms such as white list system, data filtering, partition key, and tripartite authentication, in the running state Carry out comprehensive protection for SSD, and by adding HY0168 on the main board, the general hard disk storage device can be transformed into a special storage device with high security level. The invention can solve the problems of storage data security and stability, and is beneficial to rapid market promotion, especially in industries concerned with storage security, and has very broad industrialization prospects.

附图说明Description of drawings

图1为SATA桥接芯片存储数据控制示意图;Fig. 1 is a schematic diagram of SATA bridge chip storage data control;

图2是SATA指令筛选状态示意图;Fig. 2 is a schematic diagram of the SATA instruction screening state;

图3是使用第三方工具修改MBR(LBA0)/ GPT(LBA2)的示意图;Figure 3 is a schematic diagram of modifying MBR (LBA0)/GPT (LBA2) using third-party tools;

图4是BIOS、HY0168、硬盘三方认证过程示意图;Figure 4 is a schematic diagram of the three-party authentication process of BIOS, HY0168, and hard disk;

图5是分区保护示意图。Fig. 5 is a schematic diagram of partition protection.

具体实施方式Detailed ways

下面结合附图和具体实施例对本发明做进一步的说明。The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

实施例1Example 1

本实施例公开一种基于SATA桥接芯片的数据安全保障方法,如图1所示,本方法将SATA桥接芯片连接于主机/服务器与SATA存储设备之间,将HY0168定义为“门卫”角色,通过白名单体系、数据过滤、分区密钥、三方认证机制,分别从指令、数据、分区、整体系统这几个维度对SATA存储设备进行数据安全防护,有效防止指令后门、固件篡改、引导扇区攻击、接触式攻击、并且可以赋予通用硬盘以权限分级和设备绑定功能,达到通用存储产品专用应用的目的。This embodiment discloses a data security guarantee method based on a SATA bridge chip. As shown in FIG. The white list system, data filtering, partition key, and three-party authentication mechanism provide data security protection for SATA storage devices from the dimensions of command, data, partition, and overall system, effectively preventing command backdoor, firmware tampering, and boot sector attacks , contact attacks, and can give general hard disks the functions of permission classification and device binding, so as to achieve the purpose of special applications for general storage products.

本实施例中,SATA桥接芯片采用山东华翼半导体有限公司研发生产的SATA桥接芯片HY0168,下面简称HY0168,SATA存储设备为SSD硬盘,下面简称硬盘。In this embodiment, the SATA bridge chip adopts the SATA bridge chip HY0168 developed and produced by Shandong Huayi Semiconductor Co., Ltd., hereinafter referred to as HY0168, and the SATA storage device is an SSD hard disk, hereinafter referred to as hard disk.

如图2所示,针对恶意指令攻击,例如非法固件升级、覆盖管理员密码等针对SATA指令集的攻击。HY0168通过SATA指令集筛选器将指令集分为激活(Active)、禁止(Forbidden),管理(Manage)三种状态,HY0168量产后激活态和禁止态确定,管理态由HY0168固件根据使用场景进行灵活控制。As shown in Figure 2, attacks against malicious instructions, such as illegal firmware upgrades, overwriting administrator passwords, and other attacks on the SATA instruction set. HY0168 uses the SATA instruction set filter to divide the instruction set into three states: active (Active), forbidden (Forbidden), and management (Manage). After HY0168 is mass-produced, the active state and forbidden state are determined, and the management state is determined by the HY0168 firmware according to the usage scenario. Flexible control.

激活态下HY0168转发主机指令到硬盘,作为数据通讯桥梁进行SATA指令数据转发,硬盘作为SATA指令最终受体响应指令,并通过HY0168反馈给主机。具体的,当指令为激活(Active)态,HY0168将指令由固件控制由SATA 存储设备转发给SATA 主机(SATA 主机转发给SATA 存储设备),实际指令受体为硬盘设备,根据硬盘指令响应结果和内容向主机端传递数据,例如IDENTIFY DEVICE(0xEC)。In the activated state, HY0168 forwards host commands to the hard disk, and acts as a data communication bridge to forward SATA command data. The hard disk acts as the final receptor of SATA commands to respond to commands, and feeds back to the host through HY0168. Specifically, when the command is active (Active), HY0168 forwards the command from the SATA storage device to the SATA host under the control of the firmware (the SATA host forwards to the SATA storage device), and the actual command recipient is the hard disk device. According to the hard disk command response result and The content transmits data to the host side, such as IDENTIFY DEVICE (0xEC).

禁止态下HY0168直接响应主机指令,通过显性失败和隐性失败来响应SATA指令,HY0168作为最终SATA指令受体,不进行转发。硬盘无法获取禁止态下所有指令。具体的,当指令为禁止(Forbidden)态,具体指令内容由过滤模块处理,当为读取指令时,自动填充读取长度的数据,数据内容无意义;当为写入指令时,自动将数据丢弃,并返回主机端指令成功,指令功能不发生实际意义,例如DOWNLOAD MICROCODE,指令不发生实际功效,但从SATA指令发起方获取的指令处理结果为成功。In the disabled state, HY0168 directly responds to host commands, and responds to SATA commands through dominant failure and recessive failure. HY0168 acts as the final SATA command acceptor and does not forward. The hard disk cannot obtain all commands in the prohibited state. Specifically, when the command is in the forbidden (Forbidden) state, the specific content of the command is processed by the filter module. When it is a read command, the data of the read length is automatically filled, and the data content is meaningless; when it is a write command, the data is automatically filled. Discard and return the host-side command success, the command function has no practical meaning, such as DOWNLOAD MICROCODE, the command has no actual effect, but the command processing result obtained from the SATA command initiator is success.

管理态下HY0168固件参与指令判断,根据HY0168当前运行状态来进一步分析处理,来决定进入激活态或者禁止态。In the management state, the HY0168 firmware participates in command judgment, and further analyzes and processes according to the current operating state of the HY0168 to decide whether to enter the active state or the forbidden state.

具体的,当指令为管理(Manage)态,HY0168将指令由固件进行解析,根据当前HY0168的安全状态,决定由HY0168应答还是硬盘进行应答。本实施例中通过SATA私有指令实现状态控制,私有指令的方法参见专利CN107729777B 一种安全加密固态存储方法 。Specifically, when the command is in the management (Manage) state, HY0168 will analyze the command by the firmware, and according to the current security status of HY0168, it will be determined whether HY0168 or the hard disk will respond. In this embodiment, state control is realized through SATA private instructions. For the method of private instructions, refer to the patent CN107729777B A method for securely encrypted solid-state storage.

例如进行SECURITY DISABLE PASSWORD(0xF6h)时,HY0168根据SATA私有指令确认身份非法,固件直接拒绝指令行为,显性通知主机端指令失败或隐性通知主机端指令成功但不实际转发给硬盘。For example, when performing SECURITY DISABLE PASSWORD (0xF6h), HY0168 confirms that the identity is illegal according to the SATA private command, and the firmware directly rejects the command behavior, explicitly notifying the host of command failure or implicitly notifying the host of command success but not actually forwarding to the hard disk.

或者进行SECURITY DISABLE PASSWORD(0xF6h)时,HY0168根据SATA私有指令确认身份合法,指令和数据转发给硬盘设备启动功能。Or when performing SECURITY DISABLE PASSWORD (0xF6h), HY0168 confirms that the identity is legal according to SATA private instructions, and forwards the instructions and data to the hard disk device to start the function.

本实施例中,激活态和禁止态由SATA指令集筛选器硬件直接处理,HY0168固件不进行识别和判断。管理态先由SATA指令集筛选器硬件判断,然后传递给HY0168固件,HY0168固件进行指令和状态判断,根据当前状态进行后续处理。In this embodiment, the activation state and the prohibition state are directly processed by the SATA instruction set filter hardware, and the HY0168 firmware does not perform identification and judgment. The management state is first judged by the SATA instruction set filter hardware, and then passed to the HY0168 firmware. The HY0168 firmware judges the command and state, and performs subsequent processing according to the current state.

如图3所示,针对对分区表的恶意破坏攻击设置数据过滤,数据过滤是对MBR分区表进行保护,防范主引导分区攻击,具体做法是MBR分区表修改依赖于定制工具,无法通过第三方工具进行修改,当SATA桥接芯片检测到MBR数据修改时,判断当前操作是否是合法用户行为,如果是,则继续,如果不是,则反馈修改失败,然后SATA桥接芯片随机生成一个硬盘实际容量范围之外的LBA地址S,第三方工具获取地址S后生成新分区表信息,并通过S地址写入,SATA桥接芯片解析分区表信息并判断解析出的S与原生成的S是否一致,如果一致则将分区表信息写入SATA桥接芯片内部,并根据分区表修改SATA存储设备分区表的信息和位置,SATA桥接芯片复位,返回分区表修改成功。As shown in Figure 3, data filtering is set up for malicious damage attacks on the partition table. Data filtering is to protect the MBR partition table and prevent master boot partition attacks. tool to modify, when the SATA bridge chip detects the modification of MBR data, it will judge whether the current operation is a legal user behavior, if yes, continue, if not, feedback modification failure, and then the SATA bridge chip randomly generates a hard disk within the actual capacity range The external LBA address S, the third-party tool generates new partition table information after obtaining the address S, and writes through the S address, the SATA bridge chip analyzes the partition table information and judges whether the parsed S is consistent with the original generated S, if they are consistent, then Write the partition table information into the SATA bridge chip, and modify the information and location of the partition table of the SATA storage device according to the partition table, reset the SATA bridge chip, and return the partition table modification success.

本实施例中,S是一个系统可见分区之外的地址,类似于隐藏分区。比如硬盘实际容量为1024G,固件控制呈献给用户可见区域为1000G,剩下的24G通过固件来控制访问,而无法通过系统或者工具来访问。选取这24G范围内的一个地址作为S,备份分区表。这么做是对分区表的保护,默认系统分区表在LBA0处,暴力修改MBR可能会导致别的分区被呈现出来。In this embodiment, S is an address outside the visible partition of the system, which is similar to a hidden partition. For example, the actual capacity of the hard disk is 1024G, and the visible area presented to the user by the firmware control is 1000G, and the remaining 24G is controlled by the firmware and cannot be accessed by the system or tools. Select an address within the 24G range as S to back up the partition table. This is to protect the partition table. The default system partition table is at LBA0. Violently modifying the MBR may cause other partitions to be displayed.

每次修改MBR(LBA0) /GPT(LBA2)时S将重新产生,并且每次使用S后,HY0168将丢弃S不再使用。HY0168提供限时修改功能,每次使用S后,HY0168启动定时器计时,在规定时间内如果未返回S,HY0168将丢弃S不再使用。S will be regenerated every time MBR(LBA0) /GPT(LBA2) is modified, and after each use of S, HY0168 will discard S and no longer use it. HY0168 provides a time-limited modification function. After each use of S, HY0168 starts a timer to count. If S is not returned within the specified time, HY0168 will discard S and no longer use it.

当非法用户/病毒通过系统自带的分区工具或者格式化工具,进行分区表操作时,HY0168固件返回操作成功但是不转发指令,防止系统触发重试或者长时间卡顿。When an illegal user/virus operates the partition table through the partitioning tool or formatting tool that comes with the system, the HY0168 firmware returns that the operation is successful but does not forward the command to prevent the system from triggering a retry or freezing for a long time.

正常情况下,系统可以读取MBR地址(LBA0)/ GPT(LBA2)获取分区信息,但是当LBA0/LBA2遭受非法写入攻击,HY0168固件将拒绝写入操作,重新分区或者格式化必须通过专用工具进行修改,这样保证了分区表以及分区分配的合法性。分区成功后,将分区表存放到HY0168的内部存储区中,不存储到外部硬盘。当HY0168与硬盘分离,由于硬盘存储的分区表是错误的,在脱离对应的HY0168的情况下,单独连接硬盘呈现未初始化状态。Under normal circumstances, the system can read the MBR address (LBA0) / GPT (LBA2) to obtain partition information, but when LBA0/LBA2 suffers from illegal write attacks, the HY0168 firmware will reject the write operation, and special tools must be used to repartition or format Modify it to ensure the legality of the partition table and partition allocation. After the partition is successful, store the partition table in the internal storage area of HY0168 instead of the external hard disk. When HY0168 is separated from the hard disk, because the partition table stored in the hard disk is wrong, in the case of detaching from the corresponding HY0168, the hard disk connected alone will appear in an uninitialized state.

针对GPT分区,也可以通过存储LBA2(GPT分区表的关键数据是存储在LBA2中)来完成分区表保护。For GPT partitions, partition table protection can also be completed by storing LBA2 (the key data of the GPT partition table is stored in LBA2).

针对通用设备的抗攻击情况和篡改序列号等行为,HY0168提出了一套以HY0168为中间介质的三方认证的方法。三方认证是由SATA桥接芯片基于国产商密算法分别认证主机和硬盘,对主机、SATA桥接芯片、硬盘进行三方绑定,主机端要求BIOS或TPM模块支持SM2加解密算法,并具备非易失存储功能。Aiming at the anti-attack situation and tampering serial number of general equipment, HY0168 proposes a set of three-party authentication methods using HY0168 as the intermediate medium. The three-party authentication uses the SATA bridge chip to authenticate the host and the hard disk based on the domestic commercial secret algorithm, and performs three-party binding on the host, SATA bridge chip, and hard disk. The host side requires the BIOS or TPM module to support the SM2 encryption and decryption algorithm, and has non-volatile storage. Function.

如图4所示,三方认证的流程为:As shown in Figure 4, the three-party authentication process is as follows:

上电后BIOS/TPM获取SATA桥接芯片HY0168生成的SM2密钥对(Pub_a,Pri_a),Pub_a 表示该密钥对中的公钥,Pri_a 表示该密钥对中的私钥,BIOS/TPM获取公钥Pub_a,BIOS/TPM生成一组SM2密钥对(Pub_b,Pri_b), Pub_b表示该密钥对中的公钥,Pri_b表示该密钥对中的私钥,读取BIOS/TPM存储的密钥分量R1,产生一组随机数R11,R11与R1长度相同,将R1、R11以及Pub_b进行连接操作产生C,即C= R1‖R11‖Pub_b,使用Pub_a加密C,加密结果为C1,则C1=SM2Pub_a(C),将C1发送给SATA桥接芯片HY0168, SATA桥接芯片HY0168使用Pri_a解密C1得到C,然后读取HY0168 SATA桥接芯片中存储的R2,计算得到R,R=R1 XORR2,计算SM3(R)并比较存储在HY0168 SATA桥接芯片中的SM3(R)是否一致,如果一致,则认证通过并计算R22,R22 = R XOR R11,R是SATA桥接芯片中设置的计算参数,R=R1 XOR R2,并且R在SATA桥接芯片中以哈希值的方式存储,使用Pub_b加密R11,即C2=SM2Pub_b(R11),发送C2至BIOS/TPM,使用BIOS/TPM模块生成的SM2私钥Pri_b解密C2得到R11,比对R11与R11是否一致,如果一致,则将R1更新为R11,HY0168 SATA桥接芯片将R2更新为R22;After power-on, BIOS/TPM obtains the SM2 key pair (Pub_a, Pri_a) generated by SATA bridge chip HY0168. Pub_a represents the public key in the key pair, and Pri_a represents the private key in the key pair. BIOS/TPM obtains the public key pair. Key Pub_a, BIOS/TPM generates a set of SM2 key pairs (Pub_b, Pri_b), Pub_b represents the public key in the key pair, Pri_b represents the private key in the key pair, and reads the key stored in BIOS/TPM Component R1 generates a set of random numbers R11, R11 and R1 have the same length, connect R1, R11 and Pub_b to generate C, that is, C= R1‖R11‖Pub_b, use Pub_a to encrypt C, and the encrypted result is C1, then C1= SM2Pub_a(C), send C1 to SATA bridge chip HY0168, SATA bridge chip HY0168 uses Pri_a to decrypt C1 to get C, then read R2 stored in HY0168 SATA bridge chip, calculate R ' , R ' = R1 XORR2, calculate SM3 (R ' ) and compare whether the SM3 (R) stored in the HY0168 SATA bridge chip is consistent. If it is consistent, the authentication is passed and R22 is calculated, R22 = R XOR R11, R is the calculation parameter set in the SATA bridge chip, R= R1 XOR R2, and R is stored as a hash value in the SATA bridge chip, use Pub_b to encrypt R11, that is, C2=SM2Pub_b (R11), send C2 to BIOS/TPM, and use the SM2 private key Pri_b generated by the BIOS/TPM module Decrypt C2 to get R'11 , compare whether R'11 is consistent with R11, if they are consistent, update R1 to R11, and HY0168 SATA bridge chip to update R2 to R22;

读取SATA存储设备序列号S1、隐藏空间的关键信息S2进入SATA桥接芯片与存储设备互认,具体为:SATA桥接芯片获取信息S1、S2后,令M=SM3(SM3(S1)XOR S2),比较M与SATA桥接芯片存储的M1是否一致,如果一致,则认证通过三方设备相互信任,SATA存储设备进行数据通路释放,将存储在SATA存储设备内部的真实分区表信息发送给主机,主机开始对硬盘进行识别。Read the serial number S1 of the SATA storage device and the key information S2 of the hidden space to enter the SATA bridge chip and the storage device for mutual recognition, specifically: after the SATA bridge chip obtains the information S1 and S2, set M=SM3 (SM3(S1)XOR S2) , compare whether M is consistent with M1 stored in the SATA bridge chip. If they are consistent, the authentication will pass the mutual trust of the three-party devices, and the SATA storage device will release the data path, and send the real partition table information stored in the SATA storage device to the host. The host starts Identify the hard disk.

BIOS/TPM与SATA桥接芯片认证过程采用一次一密机制:即R是不变的(R=R1XORR2),每次认证完成,用BIOS/TPM生成的R11,计算出R22,R22 = R XOR R11,然后替换R1和R2。为了保证传输过程的安全,引入了两组密钥,对R11和R22在通讯过程中进行加密保护。并且HY1068不存储R2、R22的明文,通过SM3(R2)/SM3(R22)来识别是否认证的数据是正确的。并且HY0168不存储R的明文,存储SM3(R),通过计算SM3(R`)与SM3(R)是否一致,来识别是否认证正确。The BIOS/TPM and SATA bridge chip authentication process adopts a one-time pad mechanism: that is, R is unchanged (R=R1XORR2). After each authentication is completed, use the R11 generated by the BIOS/TPM to calculate R22, R22 = R XOR R11, Then replace R1 and R2. In order to ensure the security of the transmission process, two sets of keys are introduced to encrypt and protect R11 and R22 during the communication process. And HY1068 does not store the plaintext of R2 and R22, and uses SM3(R2)/SM3(R22) to identify whether the authenticated data is correct. And HY0168 does not store the plaintext of R, but stores SM3(R), and identifies whether the authentication is correct by calculating whether SM3(R`) is consistent with SM3(R).

HY0168量产之后,处于初装状态,初装状态下HY0168不存储任何设备认证信息,在未进行绑定设备和绑定主机之前,HY0168可与任意硬盘主机进行连接使用。After mass production, HY0168 is in the initial installation state. In the initial installation state, HY0168 does not store any device authentication information. Before binding the device and the host, HY0168 can be connected to any hard disk host.

当HY0168进行绑定存储设备后,HY0168根据硬盘设备序列号S1作为运算因子,并将一段随机数据S2写入硬盘的隐藏区,将S1和S2作为硬盘的认证信息,通过多次哈希算法生成M1,存储到HY0168中。After HY0168 binds the storage device, HY0168 uses the serial number S1 of the hard disk device as the calculation factor, and writes a piece of random data S2 into the hidden area of the hard disk, uses S1 and S2 as the authentication information of the hard disk, and generates it through multiple hash algorithms M1, stored in HY0168.

BIOS/主机TPM模块需要具备存储能力和SM2密码运算能力。如果都不具备,则HY0168管控从盘设备,在Windows或Linux系统通过软件实现密码算法来进行三方认证,这种方式安全性低于BIOS或TPM直接进行关键数据存储和运算The BIOS/host TPM module needs to have storage capability and SM2 password computing capability. If not available, HY0168 controls the slave disk device, and realizes the three-party authentication through the software encryption algorithm in the Windows or Linux system. This method is less secure than BIOS or TPM to directly store and calculate key data.

BIOS/TPM模块获取密钥分量R1,通过HY0168上电产生的SM2密钥对连接产生的因子C进行加密。The BIOS/TPM module obtains the key component R1, and encrypts the factor C generated by the connection through the SM2 key generated by HY0168 power-on.

HY0168解密认证数据,然后获取R2进行计算,比较是否一致,来验证BIOS/TPM与HY0168桥接芯片是否匹配。HY0168 decrypts the authentication data, then obtains R2 for calculation, and compares whether it is consistent to verify whether the BIOS/TPM matches the HY0168 bridge chip.

BIOS/TPM与HY0168桥接芯片匹配成功后,HY0168重新生成认证数据,通过Pub_b进行加密传输更新认证数据R11,这么做的目的是将R11传递给BIOS/TPM,由BIOS/TPM来判断是否流程成功,进入下一步操作,BIOS/TPM经过计算,更新认证数据,将R1更新为R11,将R2更新为R22,达到认证信息动态更新的目的,提高安全强度。After the BIOS/TPM and HY0168 bridge chip are successfully matched, HY0168 regenerates the authentication data, and encrypts and transmits the updated authentication data R11 through Pub_b. The purpose of this is to pass R11 to the BIOS/TPM, and the BIOS/TPM will judge whether the process is successful. In the next step, the BIOS/TPM updates the authentication data after calculation, and updates R1 to R11 and R2 to R22, so as to achieve the purpose of dynamic update of authentication information and improve security strength.

当HY0168认证主机后,获取设备序列号S1、S2,进行运算来认定HDD/SSD的合法性,并通过读取HY0168存储到隐藏空间的信息进行二元操作,这样可以防止通过篡改identify指令中的序列号来进行硬盘克隆。After the HY0168 authenticates the host, it obtains the device serial numbers S1 and S2, and performs calculations to determine the validity of the HDD/SSD, and performs binary operations by reading the information stored in the hidden space by the HY0168, which prevents tampering with the identify command. serial number for hard drive cloning.

当M和M1一致时,认为HY0168和硬盘绑定,加载HY0168中存储的真实分区表信息,替换MBR/LBA2反馈给主机。这里替换MBR/LBA2不是对硬盘进行覆盖写入,而是当固件检测到读取MBR/LBA0地址时,直接从HY0168中将数据返回主机,不再获取硬盘中的信息。When M and M1 are consistent, it is considered that HY0168 is bound to the hard disk, and the real partition table information stored in HY0168 is loaded, and the MBR/LBA2 is replaced and fed back to the host. The replacement of MBR/LBA2 here is not to overwrite the hard disk, but when the firmware detects that the MBR/LBA0 address is read, it will directly return the data from the HY0168 to the host, and no longer obtain the information in the hard disk.

完成上述认证,HY0168释放主机到硬盘的通路,这样所有的数据在HY0168的监督下进行转发,指令在HY0168的监督下进行过滤。After completing the above certification, HY0168 releases the access from the host to the hard disk, so that all data is forwarded under the supervision of HY0168, and commands are filtered under the supervision of HY0168.

针对单一密钥对全盘数据的保护强度不够的问题,设置分区保护机制。如图5所示,分区保护是指在SATA桥接芯片内集成LBA分析器和分区密钥扩展模块,分区密钥扩展模块与分区相对应,用于存储每个分区的范围、密钥和模式,并且分区密钥扩展模块进行密钥扩展,完成每个分区的密钥装配;数据传输时,LBA分析器根据每次写入数据的地址和长度解析得到LBA和分区对应关系,调用对应的分区密钥扩展模块的密钥信息进行数据加解密操作。A partition protection mechanism is set up to solve the problem that a single key is not strong enough to protect data on the entire disk. As shown in Figure 5, partition protection refers to the integration of an LBA analyzer and a partition key expansion module in the SATA bridge chip. The partition key expansion module corresponds to the partition and is used to store the range, key and mode of each partition. And the partition key expansion module performs key expansion to complete the key assembly of each partition; during data transmission, the LBA analyzer analyzes the corresponding relationship between the LBA and the partition according to the address and length of each written data, and calls the corresponding partition key The key information of the key expansion module is used to perform data encryption and decryption operations.

分区密钥来源包括自动产生和外部导入,HY0168固件量产阶段决定密钥产生模式。Partition key sources include automatic generation and external import, and the HY0168 firmware mass production stage determines the key generation mode.

自动产生:HY0168固件量产完成后,量产工具生成密钥信息,密钥存储到HY0168内部非易失存储区,并且锁定外部导入和密钥生成功能。Automatic generation: After the mass production of HY0168 firmware is completed, the mass production tool generates key information, the key is stored in the internal non-volatile storage area of HY0168, and the external import and key generation functions are locked.

外部导入:HY0168固件量产完成后,量产工具不生成密钥信息,通过安全方法将密钥由外部导入密钥,密钥存储到HY0168内部非易失存储区,并且锁定密钥生成功能。External import: After the mass production of HY0168 firmware is completed, the mass production tool does not generate key information, and the key is imported from the outside through a safe method, and the key is stored in the internal non-volatile storage area of HY0168, and the key generation function is locked.

从数据恢复角度,外部导入密钥用户友好性更高。由于外部导入是由使用厂商完成,密钥由使用厂商保管并进行维护,在HY0168损坏或者进入快速销毁后,可通过重新导入密钥进行密钥导入国产,保证硬盘数据依然可用。From the perspective of data recovery, externally imported keys are more user-friendly. Since the external import is completed by the user, and the key is kept and maintained by the user, after the HY0168 is damaged or enters rapid destruction, the key can be imported to China by re-importing the key to ensure that the hard disk data is still available.

从数据安全角度,自动生成密钥安全性更高。自动产生密钥无法被导出到外部,并且一旦产生会锁定外部导入和密钥生成功能,在HY0168损坏或者进入快速销毁后,HY0168将自动重新生成新密钥替代旧密钥,密钥将永久失去,硬盘数据将无法恢复。From the perspective of data security, automatic key generation is more secure. The automatically generated key cannot be exported to the outside, and once generated, the external import and key generation functions will be locked. After the HY0168 is damaged or enters rapid destruction, the HY0168 will automatically regenerate a new key to replace the old key, and the key will be permanently lost. , the data on the hard disk cannot be recovered.

以上描述的仅是本发明的基本原理和优选实施例,本领域技术人员根据本发明做出的改进和替换,属于本发明的保护范围。The above descriptions are only the basic principles and preferred embodiments of the present invention. Improvements and replacements made by those skilled in the art according to the present invention belong to the protection scope of the present invention.

Claims (6)

1.基于SATA桥接芯片的数据安全保障方法,其特征在于:本方法将SATA桥接芯片连接于主机/服务器与SATA存储设备之间,SATA桥接芯片作为主机/服务器与SATA存储设备之间数据传输的桥梁,对SATA指令和用户数据起到加密和转发的作用,并且SATA桥接芯片中存储有安全策略,对SATA指令和数据进行管控,防止非法侵入和后门监听;安全策略包括白名单体系、数据过滤、三方认证和分区保护,分别从指令、数据、整体系统、分区维度对数据进行安全保护;1. The data security guarantee method based on the SATA bridge chip is characterized in that: the method connects the SATA bridge chip between the host/server and the SATA storage device, and the SATA bridge chip is used as the data transmission between the host/server and the SATA storage device Bridge, which encrypts and forwards SATA commands and user data, and stores security policies in the SATA bridge chip to control SATA commands and data to prevent illegal intrusion and backdoor monitoring; security policies include whitelist system, data filtering , Three-party authentication and partition protection, respectively protect data from the dimensions of instructions, data, overall system and partition; 所述白名单体系是SATA桥接芯片对SATA指令集进行筛选,将指令集分为激活、禁止、管理三种状态,激活态下,SATA桥接芯片转发主机指令到SATA存储设备,作为数据通讯桥梁进行SATA指令数据转发,SATA存储设备作为SATA指令最终受体响应指令并通过SATA桥接芯片反馈给主机;禁止态下,SATA桥接芯片直接响应主机指令,通过显性失败或隐性失败来响应SATA指令,SATA桥接芯片作为最终SATA指令受体,不进行转发,SATA存储设备无法获取禁止态下所有指令;管理态下,SATA桥接芯片参与指令判断,根据SATA桥接芯片当前运行状态来决定进入激活态或者禁止态;The white list system is that the SATA bridge chip screens the SATA instruction set, and divides the instruction set into three states: activation, prohibition, and management. In the active state, the SATA bridge chip forwards the host instruction to the SATA storage device as a data communication bridge. SATA command data forwarding, the SATA storage device responds to the command as the final receptor of the SATA command and feeds back to the host through the SATA bridge chip; in the prohibited state, the SATA bridge chip directly responds to the host command, and responds to the SATA command through a dominant failure or a recessive failure. The SATA bridge chip acts as the final SATA command acceptor and does not forward it. The SATA storage device cannot obtain all commands in the forbidden state; in the management state, the SATA bridge chip participates in command judgment, and decides to enter the active state or prohibit it according to the current operating state of the SATA bridge chip. state; 数据过滤是对MBR分区表进行保护,防范主引导分区攻击,具体做法是MBR分区表修改依赖于定制工具,无法通过第三方工具进行修改,当SATA桥接芯片检测到MBR数据修改时,判断当前操作是否是合法用户行为,如果是,则继续,如果不是,则反馈修改失败,然后SATA桥接芯片随机生成一个硬盘实际容量范围之外的LBA地址S,第三方工具获取地址S后生成新分区表信息,并通过S地址写入,SATA桥接芯片解析分区表信息并判断解析出的S与原生成的S是否一致,如果一致则将分区表信息写入SATA桥接芯片内部,并根据分区表修改SATA存储设备分区表的信息和位置,SATA桥接芯片复位,返回分区表修改成功;Data filtering is to protect the MBR partition table to prevent master boot partition attacks. The specific method is that the modification of the MBR partition table depends on custom tools and cannot be modified by third-party tools. When the SATA bridge chip detects the modification of MBR data, it will judge the current operation Whether it is a legitimate user behavior, if yes, continue, if not, feedback modification failure, then the SATA bridge chip randomly generates an LBA address S outside the actual capacity of the hard disk, and the third-party tool generates new partition table information after obtaining the address S , and write through the S address, the SATA bridge chip analyzes the partition table information and judges whether the parsed S is consistent with the original generated S, and if it is consistent, writes the partition table information into the SATA bridge chip, and modifies the SATA storage according to the partition table The information and location of the device partition table, the SATA bridge chip is reset, and the partition table modification is successful; 三方认证是由SATA桥接芯片基于国产商密算法分别认证主机和SATA存储设备,对主机、SATA桥接芯片、SATA存储设备进行三方绑定,主机端要求BIOS或TPM模块支持SM2加解密算法,并具备非易失存储功能;三方认证的流程为:The three-party authentication is based on the SATA bridge chip to authenticate the host and the SATA storage device based on the domestic commercial secret algorithm, and perform three-party binding on the host, SATA bridge chip, and SATA storage device. The host side requires the BIOS or TPM module to support the SM2 encryption and decryption algorithm, and has Non-volatile storage function; the three-party certification process is: 上电后BIOS/TPM获取SATA桥接芯片HY0168生成的SM2密钥对(Pub_a,Pri_a),Pub_a 表示该密钥对中的公钥,Pri_a 表示该密钥对中的私钥,BIOS/TPM获取公钥Pub_a, BIOS/TPM生成一组SM2密钥对(Pub_b,Pri_b), Pub_b表示该密钥对中的公钥,Pri_b表示该密钥对中的私钥,读取BIOS/TPM存储的密钥分量R1,产生一组随机数R11,R11与R1长度相同,将R1、R11以及Pub_b进行连接操作产生C,即C= R1‖R11‖Pub_b,使用Pub_a加密C,加密结果为C1,将C1发送给SATA桥接芯片HY0168, SATA桥接芯片HY0168使用Pri_a解密C1得到C,然后读取HY0168 SATA桥接芯片中存储的R2,计算得到R,R=R1 XOR R2,计算SM3(R)并比较存储在HY0168 SATA桥接芯片中的SM3(R)是否一致,如果一致,则认证通过,计算R22,R22 = R XORR11,R是SATA桥接芯片中设置的计算参数,R=R1 XOR R2,并且R在SATA桥接芯片中以哈希值的方式存储,使用Pub_b加密R11得到C2,发送C2至BIOS/TPM,使用BIOS/TPM模块生成的SM2私钥Pri_b解密C2得到R11,比对R11与R11是否一致,如果一致,则将R1更新为R11,HY0168SATA桥接芯片将R2更新为R22;After power-on, BIOS/TPM obtains the SM2 key pair (Pub_a, Pri_a) generated by SATA bridge chip HY0168. Pub_a represents the public key in the key pair, and Pri_a represents the private key in the key pair. BIOS/TPM obtains the public key pair. Key Pub_a, BIOS/TPM generates a set of SM2 key pairs (Pub_b, Pri_b), Pub_b represents the public key in the key pair, Pri_b represents the private key in the key pair, and reads the key stored in BIOS/TPM Component R1, generate a set of random numbers R11, R11 and R1 have the same length, connect R1, R11 and Pub_b to generate C, that is, C= R1‖R11‖Pub_b, use Pub_a to encrypt C, the encrypted result is C1, and send C1 Give SATA bridge chip HY0168, SATA bridge chip HY0168 uses Pri_a to decrypt C1 to get C, then read R2 stored in HY0168 SATA bridge chip, calculate R ' , R ' = R1 XOR R2, calculate SM3 (R ' ) and compare the stored Whether the SM3 (R) in the HY0168 SATA bridge chip is consistent, if it is consistent, the certification is passed, calculate R22, R22 = R XORR11, R is the calculation parameter set in the SATA bridge chip, R=R1 XOR R2, and R is in the SATA Store in the form of hash value in the bridge chip, use Pub_b to encrypt R11 to get C2, send C2 to BIOS/TPM, use SM2 private key Pri_b generated by BIOS/TPM module to decrypt C2 to get R'11 , compare R'11 with R11 Whether they are consistent, if they are consistent, update R1 to R11, and HY0168SATA bridge chip to update R2 to R22; 读取SATA存储设备序列号S1、隐藏空间的关键信息S2进入SATA桥接芯片与存储设备互认,认证一致后,三方设备相互信任,SATA存储设备进行数据通路释放,将存储在SATA存储设备内部的真实分区表信息发送给主机,主机开始对硬盘进行识别;Read the serial number S1 of the SATA storage device and the key information S2 of the hidden space to enter the SATA bridge chip and the storage device for mutual recognition. After the authentication is consistent, the three-party devices trust each other. The real partition table information is sent to the host, and the host begins to identify the hard disk; 分区保护是指在SATA桥接芯片内集成LBA分析器和分区密钥扩展模块,分区密钥扩展模块与分区相对应,用于存储每个分区的范围、密钥和模式,并且分区密钥扩展模块进行密钥扩展,完成每个分区的密钥装配;数据传输时,LBA分析器根据每次写入数据的地址和长度解析得到LBA和分区对应关系,调用对应的分区密钥扩展模块的密钥信息进行数据加解密操作。Partition protection refers to the integration of LBA analyzer and partition key expansion module in the SATA bridge chip. The partition key expansion module corresponds to the partition and is used to store the range, key and mode of each partition, and the partition key expansion module Carry out key expansion and complete the key assembly of each partition; during data transmission, the LBA analyzer analyzes the corresponding relationship between LBA and partition according to the address and length of each written data, and calls the key of the corresponding partition key expansion module Information for data encryption and decryption operations. 2.根据权利要求1所述的基于SATA桥接芯片的数据安全保障方法,其特征在于:SATA桥接芯片通过SATA指令集筛选器对SATA指令集进行筛选,激活态和禁止态由SATA指令集筛选器直接处理,管理态先由SATA指令集筛选器判断,然后传递给SATA桥接芯片,由SATA桥接芯片进行指令和状态判断。2. the data security guarantee method based on the SATA bridge chip according to claim 1, is characterized in that: the SATA bridge chip screens the SATA command set by the SATA command set filter, and the activated state and the forbidden state are controlled by the SATA command set filter Direct processing, the management state is first judged by the SATA instruction set filter, and then passed to the SATA bridge chip, and the SATA bridge chip performs command and status judgment. 3.根据权利要求1所述的基于SATA桥接芯片的数据安全保障方法,其特征在于:S具有一定的保活时间,SATA桥接芯片通过定时器计时,在超过保活时间后,S失效。3. The data security guarantee method based on the SATA bridge chip according to claim 1, characterized in that: S has a certain keep-alive time, and the SATA bridge chip is timed by a timer, and after exceeding the keep-alive time, S becomes invalid. 4.根据权利要求1所述的基于SATA桥接芯片的数据安全保障方法,其特征在于:每次修改MBR分区表时,S重新产生,每次使用S后,SATA桥接芯片将丢弃S不再使用。4. the data security method based on SATA bridge chip according to claim 1, is characterized in that: when revising MBR partition table at every turn, S regenerates, after using S at every turn, SATA bridge chip will discard S and no longer use . 5.根据权利要求1所述的基于SATA桥接芯片的数据安全保障方法,其特征在于:根据信息S1、S2余存储设备互认的过程为:SATA桥接芯片获取信息S1、S2后,令M=SM3(SM3(S1)XORS2),比较M与SATA桥接芯片存储的M1是否一致,如果一致,则认证通过。5. the data security guarantee method based on SATA bridge chip according to claim 1, is characterized in that: according to information S1, the process of S2 storage device mutual recognition is: after SATA bridge chip obtains information S1, S2, make M= SM3 (SM3(S1) XORS2), compare whether M is consistent with M1 stored in the SATA bridge chip, and if they are consistent, the authentication is passed. 6.根据权利要求1所述的基于SATA桥接芯片的数据安全保障方法,其特征在于:分区密钥来源包括自动产生和外部导入。6. The data security guarantee method based on the SATA bridge chip according to claim 1, characterized in that: the source of the partition key includes automatic generation and external import.
CN202211226163.2A 2022-10-09 2022-10-09 Data security guarantee method based on SATA bridging chip Active CN115310136B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211226163.2A CN115310136B (en) 2022-10-09 2022-10-09 Data security guarantee method based on SATA bridging chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211226163.2A CN115310136B (en) 2022-10-09 2022-10-09 Data security guarantee method based on SATA bridging chip

Publications (2)

Publication Number Publication Date
CN115310136A CN115310136A (en) 2022-11-08
CN115310136B true CN115310136B (en) 2023-02-03

Family

ID=83866969

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211226163.2A Active CN115310136B (en) 2022-10-09 2022-10-09 Data security guarantee method based on SATA bridging chip

Country Status (1)

Country Link
CN (1) CN115310136B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115993525B (en) * 2023-03-22 2023-08-22 山东华翼微电子技术股份有限公司 Chip batch sample testing and verifying method based on Ymodem protocol

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201017311Y (en) * 2006-12-29 2008-02-06 深圳易拓科技有限公司 Hard disk capable of thermal connect-disconnect
CN108830097A (en) * 2018-06-21 2018-11-16 湖南君瀚信息技术有限公司 A kind of SATA bridge encryption equipment
CN109657502A (en) * 2018-12-11 2019-04-19 于哲 A kind of SATA bridge based on domestic cryptographic algorithm connects real-time Transmission encryption system and method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080294421A1 (en) * 2007-05-23 2008-11-27 Kwok-Yan Leung Hard Disk Drive Adapter For Emulating Hard Disk Drive Interface
JP2012059308A (en) * 2010-09-06 2012-03-22 Workbit Corp Bridge chip, hard disk device, and address conversion program
CN106169041B (en) * 2016-07-06 2019-05-28 于哲 A kind of safety encryption mobile hard disk and its data transmission method based on USBKEY authentication
JP2019061483A (en) * 2017-09-26 2019-04-18 キヤノン株式会社 STORAGE CONTROL DEVICE, CONTROL METHOD THEREOF, PROGRAM, AND INFORMATION PROCESSING DEVICE

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201017311Y (en) * 2006-12-29 2008-02-06 深圳易拓科技有限公司 Hard disk capable of thermal connect-disconnect
CN108830097A (en) * 2018-06-21 2018-11-16 湖南君瀚信息技术有限公司 A kind of SATA bridge encryption equipment
CN109657502A (en) * 2018-12-11 2019-04-19 于哲 A kind of SATA bridge based on domestic cryptographic algorithm connects real-time Transmission encryption system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种SAN存储网络安全保护方案;付园园;《科技资讯》;20100203(第04期);第29-30页 *

Also Published As

Publication number Publication date
CN115310136A (en) 2022-11-08

Similar Documents

Publication Publication Date Title
CN1535411B (en) Method and system for increasing security in computer systems using attached storage devices
US8464073B2 (en) Method and system for secure data storage
US11588644B2 (en) Secure snapshot management for data storage devices
TW202036347A (en) Data storage and verification method and device
US20170244562A1 (en) Security information configuration method, security verification method, and related chip
CN107908574B (en) Safety protection method for solid-state disk data storage
CN109445705B (en) Firmware authentication method and solid state disk
JP2010539584A (en) Data security device
US20240362370A1 (en) Access Control System and a Data Storage Device
CN115310136B (en) Data security guarantee method based on SATA bridging chip
US8667278B2 (en) Information processing apparatus and data transmission method of information processing apparatus
KR102695289B1 (en) Module and method for authenticating data transfer between a storage device and a host device
CN113505363B (en) Method and system for realizing memory space replay prevention through software mode
CN118761107A (en) A security management method for solid state hard disk and solid state hard disk
CN108197483A (en) Data guard method, solid state disk
US20160299854A1 (en) Techniques for preventing physical attacks on contents of memory
CN114817936B (en) Memory full encryption management method, device, equipment and medium based on heterogeneous memory
HK40036887A (en) Data storage and verification method and device
CN118364488A (en) SSD data backup method and device based on intelligent password key
CN118747384A (en) A data security storage device and storage method based on security chip
CN118921661A (en) High-security Bluetooth digital key storage management method based on mobile terminal TEE
CN120493318A (en) Solid state hard disk read and write control method and solid state hard disk
CN117454361A (en) A key management method and related equipment
CN120012178A (en) A USB flash drive secure access method based on storage data block management and control
KR20070017455A (en) Secure protection against access to protected resources within the processor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A Data Security Guarantee Method Based on SATA Bridging Chip

Granted publication date: 20230203

Pledgee: Huaxia Bank Co.,Ltd. Jinan Branch

Pledgor: SHANDONG HUAYI MICRO-ELECTRONICS Co.,Ltd.

Registration number: Y2024980024862

PE01 Entry into force of the registration of the contract for pledge of patent right
PC01 Cancellation of the registration of the contract for pledge of patent right

Granted publication date: 20230203

Pledgee: Huaxia Bank Co.,Ltd. Jinan Branch

Pledgor: SHANDONG HUAYI MICRO-ELECTRONICS Co.,Ltd.

Registration number: Y2024980024862

PC01 Cancellation of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A Data Security Guarantee Method Based on SATA Bridging Chip

Granted publication date: 20230203

Pledgee: Huaxia Bank Co.,Ltd. Jinan Branch

Pledgor: SHANDONG HUAYI MICRO-ELECTRONICS Co.,Ltd.

Registration number: Y2025980024343

PE01 Entry into force of the registration of the contract for pledge of patent right