基于AES算法的eFlash控制器安全设计

doi:10.16180/j.cnki.issn1007-7820.2023.10.008

摘要/Abstract

摘要：

针对专用集成电路(Application Specific Integrated Circuit,ASIC)芯片数据存储在安全性上的需求,尤其是eFlash(embed Flash)存储敏感数据的安全风险,文中设计了一种基于高级加密标准(Advanced Encryption Standard,AES)算法的eFlash安全存储控制器。与传统基于软件和硬件平台加密设计方案相比,基于ASIC芯片平台具有集成度高、运算快等优势。通过对AES算法原理分析,文中提出了使用AES算法在eFlash控制器上对存储数据进行加密。数据传输速率是eFlash性能关键因素,AES算法采用流水线结构设计以提高数据吞吐率,吞吐率达到1.4 Gbit·s^-1,消耗9.96×10^-10 m²逻辑资源。该加密方案在消耗较少逻辑资源和加密延时的前提下加强了eFlash存储安全,可有效阻止外界攻击ASIC芯片的存储信息。

关键词: 安全存储, AES, eFlash, 控制器, ASIC, 吞吐率, 加密, 流水线结构

Abstract:

For the security requirements of ASIC(Application Specific Integrated Circuit) chip data storage, especially eFlash(embed Flash) stores security risks for sensitive data, an eFlash secure storage controller based on AES(Advanced Encryption Standard) algorithm is designed. Compared with traditional encryption designs based on software and hardware platforms, ASIC chip platform has the advantages of high integration and fast operation. By analyzing the principle of AES algorithm, it is proposed to use AES algorithm to encrypt the stored data on eFlash controller. The data transmission rate is a key factor in eflash performance, AES algorithm is implemented by pipeline structure to improve data throughput, the throughput rate can reach 1.4 Gbit·s^-1with consumption of 9.96×10^-10 m² logical resources. This encryption scheme enhances eFlash storage security while consuming less logical resources and encryption delay, effectively prevents external attacks on the storage information of ASIC chips.

Key words: secure storage, AES, eFlash, controller, ASIC, throughput rate, encrypt, pipeline architecture

中图分类号:

TN492

林宇红,肖昊. 基于AES算法的eFlash控制器安全设计[J]. 电子科技, 2023, 36(10): 62-67.

LIN Yuhong,XIAO Hao. Security Design of eFlash Controller Based on AES Algorithm[J]. Electronic Science and Technology, 2023, 36(10): 62-67.

图/表 11

图1

图2

图3

图4

图5

图6

表1

表2

图7

表3

表4

参考文献 17

[1]	宋灏龙. 公钥密码系统中底层运算的硬件加速[D]. 合肥: 合肥工业大学, 2009:1-55.
	Song Haolong. Hardwareac celeration of fundamental arithmetic in public-key cryptography[D]. Hefei: Hefei University of Technology, 2009:1-55.
[2]	代勇. 基于JFFS2的NAND Flash加密文件系统的设计[D]. 南京: 南京邮电大学, 2014:1-51.
	Dai Yong. Encrypted file system for NAND Flash based on JFFS2[D]. Nanjing: Nanjing University of Posts and Telecommunications, 2014:1-51.
[3]	蒲永材, 周加谊. 基于CPLD的FLASH加密设计[J]. 机电产品开发与创新, 2016, 29(5):62-64.
	Pu Yongcai, Zhou Jiayi. Design of FLASH encryption based on CPLD[J]. Development & Innovation of Machiery & Electrical Products, 2016, 29(5):62-64.
[4]	何卫国, 黄金金, 李军, 等. 一种Flash安全存储控制器的设计与实现[J]. 通信技术, 2020, 53(5):1300-1303.
	He Weiguo, Huang Jinjin, Li Jun, et al. Design and impl-ementation of Flash safe storage controller[J]. Communications Technology, 2020, 53(5):1300-1303.
[5]	田道坤, 彭亚雄. 在区块链中基于混合算法的数字签名技术[J]. 电子科技, 2018, 31(7):19-23.
	Tian Daokun, Peng Yaxiong. Digital signature technology based on hybrid algorithm in blockchain[J]. Electronic Science and Technology, 2018, 31(7):19-23.
[6]	Andriani R, Wijayanti S E, Wibowo F W. Comparision of AES 128,192 and 256 bit algorithm for encryption and description file[C]. Yogyakarta: The Third International Conference on Information Technology,Information System and Electrical Engineering, 2018:225-236.
[7]	张丽, 吴文玲. 基于交换等价的缩减轮AES-128的密钥恢复攻击[J]. 计算机研究与发展, 2021, 58(10):2213-2221.
	Zhang Li, Wu Wenling. Key-recovery attack on reduced-round AES-128 using the exchang-equivalence[J]. Journal of Computer Research and Development, 2021, 58(10):2213-2221.
[8]	洪泽, 陈振娇, 张猛华. 针对车联网的数据传输保护方法[J]. 信息安全研究, 2020, 6(5):463-467.
	Hong Ze, Chen Zhenjiao, Zhang Menghua. Data transmi-ssion protection method for vehicle networing[J]. Journal of Information Security Research, 2020, 6(5):463-467.
[9]	于松林, 王文工, 陈博, 等. 基于FPGA的AES硬件实现及优化[J]. 电子设计工程, 2017, 25(6):75-78,83.
	Yu Songlin, Wang Wengong, Chen Bo, et al. Implement and optimization of AES using hardware based on FPGA[J]. Electronic Design Engineering, 2017, 25(6):75-78,83.
[10]	Li H, Friggstad Z. An efficient architecture for the AESmix columns operation[C]. Kobe: IEEE International Symposium on Circuits and Systems, 2005:4637-4640.
[11]	罗柳平. 基于SHA和AES算法的AHB总线监视器设计[D]. 武汉: 华中科技大学, 2010:1-79.
	Luo Liuping. Design of AHB monitor based on SHA and AES algorithms[D]. Wuhan: Huazhong University of Science and Technology, 2010:1-79.
[12]	蒋进松. 高效的片上Flash加速控制器软硬件设计[D]. 杭州: 浙江大学, 2016:1-64.
	Jiang Jinsong. An efficient E-Flash acceleratior based on hardware and software design[D]. Hangzhou: Zhejiang University, 2016:1-64..
[13]	Chen S, Hu W, Li Z H, et al. High performance data en-cryption with AES implementation on FPGA[C]. Washington,D.C.:The Fifth IEEE International Conference on Big Data Security on Cloud, 2019:2231-2270.
[14]	Anwar H, Daneshtalab M, Ebrahimi M, et al. FPGA impl-ementation of AES-based crypto processor[C]. Abu Dh-abi: IEEE the Twentieth International Conference on Electronics,Circuits and Systems, 2013:1121-1137.
[15]	曾小波, 易志中, 焦歆. 基于51核的AES算法高速硬件设计与实现[J]. 电子科技, 2016, 29(1):36-39.
	Zeng Xiaobo, Yi Zhizhong, Jiao Xin. High-speed hardw-are design and implementation of AES algorithm based on 51 core[J]. Electronic Science and Technology, 2016, 29(1):36-39.
[16]	周洁, 慕德俊, 宋利军. IPSec加密芯片中AES加密核的设计与FPGA实现[J]. 测控技术, 2011, 30(9):60-63.
	Zhou Jie, Mu Dejun, Song Lijun. Design and FPGA implementation of AES encryption chip for IPSec[J]. Measurement & Control Technology, 2011, 30(9):60-63.
[17]	Kumar K, Ramkumar K R, Kaur A. A design implemen-tation and comparative analysis of advanced encryptionstandard(AES) algorithm on FPGA[C]. Noida: The Eighth International Conference on Reliability,Infocom Technologies and Optimization, 2020:326-337.

数据类型	数据值(128 bit)
明文	0123456789abcdeffedcba9876543210
初始密钥	31323334353637383930313233343536
密文	52317200fdbd4b71a9b1e690f0e84776

数据类型	数据值(128 bit)
密文	00112233445566778899aabbccddeeff
初始密钥	31323334353637383930313233343536
明文	ad3a9549746490d04cbd9922006b17c6

设计模式	资源消耗/m²	吞吐率/Gbit·s^-1	效率值
循环展开结构	8.78×10^-10	0.46	0.52
轮间流水线结构	9.96×10^-10	1.40	1.40

模式	读/周期	写/周期	擦除/周期
未加密	28	22 988	240 242
加密	46	23 006	240 244
Latency	18	18	2