基于轻量级分组密码算法的SoC安全存储器设计

doi:10.16180/j.cnki.issn1007-7820.2023.09.003

摘要/Abstract

摘要：

针对嵌入式片上系统的RAM(Random Access Memory)、Flash存储器面临的安全风险,文中概述了针对传统SoC(System on Chip)芯片存储器的物理攻击,并提出一种支持加密算法的存储器控制器。使用轻量级分组密码算法LBlock-s,通过密码学安全分析证明了该算法具有较好的抵抗差分分析的能力。相对于传统分组密码算法AES(Advanced Encryption Standard),文中所提方法在保证安全性的前提下减少了硬件资源开销,适用于各种资源受限的安全SoC芯片。为提高数据的吞吐率,将算法的硬件结构进行展开,使标准的32轮加/解密耗时1个时钟周期。该方案在不耗费较多硬件资源和加密延时的前提下,保证了存储器的数据即使被攻击者获取也无法解析出敏感数据,有效避免了安全芯片遭受物理攻击。

关键词: 安全存储器, 安全SoC芯片, 信息安全, 数据加密, 轻量级分组密码, 差分分析, 物理攻击, 吞吐率

Abstract:

In view of the security risks faced by RAM(Random Access Memory) and Flash memory of embedded on-chip systems, this study outlines physical attacks against memory of traditional SoC(System on Chip) chips, and presents a memory controller that supports encryption algorithms. Using the lightweight block cipher algorithm LBlock-s, the cryptographic security analysis shows that the algorithm has a good resistance to differential cryptanalysis. Compared with traditional block cipher algorithms such as AES(Advanced Encryption Standard), the proposed method reduces hardware resource consumption while guaranteeing security and is suitable for all kinds of resource-constrained secure SoC chips. To improve the data throughput, the hardware structure of the algorithm is expanded so that the standard 32 rounds of encryption or decryption take 1 clock cycle. This scheme guarantees that sensitive data cannot be parsed even if acquired by the attacker without consuming more hardware resources and encrypting delay, and effectively avoids physical attack on the security chip.

Key words: secure memory, secure SoC chip, information security, data encryption, lightweight block cipher, differential cryptanalysis, physical attacks, throughput

中图分类号:

TP309

刘伟,曾祥义,肖昊. 基于轻量级分组密码算法的SoC安全存储器设计[J]. 电子科技, 2023, 36(9): 15-20.

LIU Wei,ZENG Xiangyi,XIAO Hao. Design of SoC Secure Memory Based on Lightweight Block Cipher[J]. Electronic Science and Technology, 2023, 36(9): 15-20.

图/表 8

图1

图2

图3

表1

图4

图5

图6

表2

参考文献 18

[1]	Won Y S, Bhasin S. Are cold boot attacks still feasible: A case study on raspberry Pi with stacked memory[C]. Milan: Proceedings of the Eighteenth Workshop on Fault Detection and Tolerance in Cryptography, 2021: 56-60.
[2]	Anagnostopoulos N A, Arul T, Rosenstihl M, et al. Low-temperature data remanence attacks against intrinsic SRAM PUFs[C]. Prague: Proceedings of the Twenty-first Euromicro Conference on Digital System Design, 2018: 581-585.
[3]	Skorobogatov S. Local heating attacks on flash memory devices[C]. San Francisco: IEEE International Workshop on Hardware-Oriented Security and Trust, 2009:1-6.
[4]	张翌维, 邬可可, 陈佳佩. 一种抵御侵入式分析的密码芯片存储总线[J]. 小型微型计算机系统, 2012, 33(4):785-788.
	Zhang Yiwei, Wu Keke, Chen Jiapei. Security chip memory bus for resisting invasive analysis[J]. Journal of Chinese Computer Systems, 2012, 33(4):785-788.
[5]	Samyde D, Skorobogatov S, Anderson R. et al. On a new way to read data from memory[C]. Greenbelt: Proceedings of the First International IEEE Security in Storage Workshop, 2003:65-69.
[6]	黄小苑, 戴紫彬. 基于FPGA的AES算法芯片设计实现[J]. 微电子学与计算机, 2005(8):62-4.
	Huang Xiaoyuan, Dai Zibin. Design on FPGA implementation of AES algorithm chip[J]. Microelectronics and Computer, 2005(8):62-64.
[7]	刘根贤, 王海霞, 刘振宇, 等. 嵌入式处理器片外访存加密机制设计与实现[J]. 计算机工程与应用, 2014, 50(22):92-96.
	Liu Genxian, Wang Haixia, Liu Zhenyu, et al. Encryption scheme design and implementation of embedded processor off-chip memory access[J]. Computer Engineering and Applications, 2014, 50(22):92-6.
[8]	麦涛涛, 潘晓中, 苏阳. 基于KLEIN密码的存储器加密技术[J]. 武汉大学学报(理学版), 2016, 62(2):171-176.
	Mai Taotao, Pan Xiaozhong, Su Yang. Storage encryption technology based on KLEIN cipher[J]. Journal of Wuhan University(Natural Science Edition), 2016, 62(2):171-176.
[9]	Peterson P A H. Cryptkeeper: Improving security with encrypted RAM[C]. Waltham: Proceedings of the IEEE International Conference on Technologies for Homeland Security, 2010:120-126.
[10]	Werner M, Unterluggauer T, Schilling R, et al. Transparent memory encryption and authentication[C]. Ghent: Proceedings of the Twenty-seventh International Conference on Field Programmable Logic and Applications, 2017:1-6.
[11]	何卫国, 黄金金, 李军, 等. 一种Flash安全存储控制器的设计与实现[J]. 通信技术, 2020, 53(5):1300-1303.
	He Weiguo, Huang Jinjin, Li Jun, et al. Design and implementation of Flash safe storage controller[J]. Communications Technology, 2020, 53(5):1300-1303.
[12]	Mahantesh R S, Mohapatra S. Design of secured block ciphers present and hight algorithms and its FPGA implementation[C]. Madurai: Proceedings of the Second International Conference on Intelligent Computing and Control Systems, 2018:1113-1118.
[13]	Mhaouch A, Elhamzi W, Atri M. Lightweight hardware architectures for the piccolo block cipher in FPGA[C]. Sousse: Proceedings of the Fifth International Conference on Advanced Technologies for Signal and Image Processing, 2020:1-4.
[14]	Wu W L, Zhang L. LBlock: A lightweight block cipher[C]. Malaga: Proceedings of the Ninth International Conference on Applied Cryptography and Network Security, 2011:327-344.
[15]	张溪. LAC认证加密算法的研究与分析[D]. 西安: 西安电子科技大学, 2017:17-19.
	Zhang Xi. Research and analysis of LAC authentication encryption algorithm[D]. Xi'an: Xidian University, 2017:17-19.
[16]	Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems[J]. Journal of Cryptology, 1991, 4(1):3-72. doi: 10.1007/BF00630563
[17]	Shan J Y, Hu L, Sun S W. Security of LBlock-s against related-key differential attack[C]. Coimbatore: Proceedings of the Second International Conference on Electronics and Communication Systems, 2015:1278-1283.
[18]	曾小波, 唐忠彪, 焦歆. 基于单片机的SM3算法优化及Verilog模型验证[J]. 电子科技, 2015, 28(2):38-40.
	Zeng Xiaobo, Tang Zhongbiao, Jiao Xin. Optimization of SM3 algorithm and verilog model validation based on SCM[J]. Electronic Science and Technology, 2015, 28(2): 38-40.

分组密码算法	时钟周期/Cycle	100 kHz下吞吐率/kbit·s^-1
AES-128^[6]	1 032	12.4
Piccolo^[13]	79	81.0
KLEIN-80^[8]	16	400.0
HIGHT^[12]	34	188.2
PRESENT-80^[12]	32	200.0
标准LBlock	32	200.0
本文	1	6 400.0