嵌入式系統之儲存記憶體資料保護晶片設計

Abstract

過去在對於嵌入式系統資料安全的保護，大部分的研究致力於改善加密演算法運算位元的長度及運算速度，以增進嵌入式系統對外傳輸資料加密之安全性。此種設計架構，破解者易針對加密前後資料進行比對，或利用攔截通訊資料進行破解。因此本論文提出儲存記憶體資料保護晶片設計方法以改善嵌入式系統設計被破解的問題。 本論文利用硬體產生加密及解密鑰所需的參數，配合改良後的線性回饋位移暫存器及質數偵測演算法，進而產生隨機的RSA加密及解密鑰，改善明文經由相同加密過程後產生相同加密文而遭破解之問題。另外，利用本設計提出之資料動態化架構，結合嵌入式系統上應用軟體之授權檢查機制，建立加密硬體模組及軟體間之相依性，以解決加密硬體模組被置換或藉由擷取通訊資料進行攻擊之可能。 最後，本論文利用Altera DE2的FPGA發展版及PC平台模擬在嵌入式系統上授權檢查流程。在實驗結果中，若破解者知道本設計之運算位元數的情況下，至少需花20年的時間才能完成對此加密保護晶片的資料傳輸及解密運算。

In past years, most of the researches for data protection are focused on increasing the operation speed and bit length of cryptography. This can be used in the embedded system to improve for encryption of output data. To compare before and after data encryption, the design architecture can be easily attacked via table establishment or communication. Thus, this thesis proposes a new method for storage memory data protection to improve the attacked problem of the embedded system. In the thesis, by generating encrypted and decrypted vectors with hardware, the improved linear feedback shift register (LFSR), and prime detection algorithm, we are able to generate random encrypted text with the same encryption key. Furthermore, the proposed dynamic data encoding structure can used to prevent communication interception attack. The encryption module combines with software authorization to insure the dependency within firmware and hardware. This will be unable to make the attacker to replace the encryption module with other hardware. The proposed design is implemented on the Altera DE2 FPGA board with a GUI interface built on Borland C++ environments. As experimental results, it takes about 20 years for brutal attack to break the protection.