| With the development of information technology and micro-electronics technology,cryptography technology has evolved into the construction of cryptographic engineering systemas the foundation of information security, from the research of cryptography coding andalgorithm theory for practical application. The implementation of cryptographic services, whichhas attributes of universality, flexibleness and security, is one of the development target andresearch directions of cryptographic engineering system.Comparing with the traditional integrate circuit, System on Chip (SoC), which has moreadvantages on structure, function and architecture, is more suitable for the development of thecurrent information security. However, it can be seen from research status that our nation hasgathered lots of fruits in the design domain of cryptographic chip, and has accumulated a greatmany chip products and algorithm IP cores, but from the perspective of systematism, relatedresearch is still running after internationally advanced technology. By now, there are two mainresearch gaps in China. On the one hand, too many attentions are paid on the design of hardwarefunction and algorithm diversification, but there is a lack of research on the secure architectureof cryptographic services which is constructed based on chip operating system. On the otherhand, because the common “resist existing security threats” method is employed to analyzedesign’s security, there is no security reasoning for more plentiful meaning, and there is a lack ofsecurity model, theory and technique to prove security.Based on the project of “Research on the security modeling and validation method ofcryptographic SoC” supported by the National Natural Science Foundation of China, and theproject of “Research on the security technology and its model of cryptographic chip” supportedby the Cryptology Foundation of China, the main purpose of the paper is to quest for a newtechnique and method of security modeling and implementation of cryptographic services basedon SoC, and make the chip possess the ability to provide a series of universally, flexibly andsecurely cryptographic services. In short, the main innovations of the paper in engineering andtheory can be summarized as follows.1. A design scheme of block cipher algorithms against DPA attack is proposed.After attacking two claimed DPA-resisted algorithms, it is shown that the power traces ofintermediate transform links and intermediate registers can still be used to make DPA attack.Therefore, a masking scheme for reconfigurable S-box is proposed, and an improvedDPA-resisted DES algorithm is proposed based on the S-box. Comparing with the existingscheme, the paper’s scheme not only costs less hardware, but also has more universality to thedesign of block cipher algorithms against DPA attack.2. A design scheme of the secure connection policy of cryptographic SoC and its interfacemodel is proposed.Aiming at security problems of the traditional USB, a secure connection policy ofcryptographic SoC is proposed. Based on standalone terminal and intranet terminal, two USBsecure connection schemes is proposed, and the corresponding authentication and key agreementprotocol is designed respectively. Comparing with existing protocols, the paper’s protocols havea few increases in communication, but have a great reduction on the computing cost. Afterimplementing the traditional USB device controller, according to the secure connection scheme based on standalone terminal, the design scheme of a secure USB interface along with its driveris given. Validation results show that the interface satisfies expected security requirements, andcan provide physical connection protection for cryptographic SoC.3. A design scheme of cryptographic service system in agreement with ISO/IEC7816-8isproposed.According to the software architecture of cryptographic service on chip, and combiningwith security related interindustry commands defined by ISO/IEC7816-8, a design scheme ofcryptographic service system is proposed based on orient object and message drive. Athree-level-relating architecture of cryptographic service system, which consists of securityenvironment component, functional algorithm structure, and cryptography algorithmenvironment, is designed. Moreover, following rules of C language, each related operatinginterface and flow is designed. As a result, the ability of providing cryptographic service of thechip is enhanced in terms of universality, flexibleness and security.4. A new seven-element joint sparse form for ECDSA is proposed.In order to improve the computing efficiency of n0P+n1Q in ECDSA, a new seven-elementjoint sparse form is proposed. For any pair of integers, the definition and calculating algorithm ofthe new seven-element joint sparse form is given, and the uniqueness of the new seven-elementjoint sparse form is proven. Besides, it is also proven that the average joint Hamming density ofthe new seven-element joint sparse form is0.3023. When computing n0P+n1Q, the newseven-element joint sparse form improves13.18%efficiency comparing with the optimalthree-element joint sparse form, and improves2.33%efficiency comparing with an existingfive-element joint sparse form, and improves2.92%efficiency comparing with another existingseven-element joint sparse form.5. A security analysis method for cryptographic SoC based on UC theory is proposed.After researching the analysis method of cryptographic protocols and cryptographic SoC, athought of security analysis for cryptographic SoC based on UC theory is proposed. Relying onhybrid models constructed as security foundations, the equivalence between the security designand the corresponding ideal function is proven. The attack information in ideal functions is eitherrandom numbers in any length, or math-problem-based transformation of sensitive data, orinsensitive data. Under the current science and technology circumstances, the security of idealfunctions is obvious. Therefore, the security of the cryptographic SoC design is proven uponhybrid models. |
PDF Full Text Request