Research On Key Issues Of Dynamic Heterogeneous Redundant Microcontroller

MCU(Microcontroller Unit,MCU)is widely used in consumer electronics,automotive electronics,industrial control and other fields.With the advent of the Internet of everything era as the core control device of intelligent terminals,it ushered in a huge development opportunity,at the same time,its security is also facing greater challenges.DHR(Dynamic Heterogeneous Redundancy,DHR)is a system architecture with endogenous security characteristics.System errors caused by device faults and external attacks are uniformly defined as "generalized disturbance",and functional safety and information security problems are unified as "generalized robustness" problems.This paper combines the system design of secure MCU with DHR architecture,constructs a DHR-MCU system architecture,and studies key issues.The main works are as follows:1)System architecture design of DHR-MCU.Firstly,Markov chain is used to model and simulate the isomorphic and heterogeneous redundant structures.The results show that properly increasing the degree of heterogeneity between heterogeneous executors can increase the failure rate difference of each executor,and then reduce the overall failure rate of the system.Secondly,the system attack resilience under common attack and association attack is modeled and simulated,and it is proved that the four-redundancy structure has better steady-state security characteristics than the three-redundancy structure.Finally,according to the typical DHR structure,a four-redundancy heterogeneous MCU system architecture is presented,which is composed of a redundant control decision system with four heterogeneous MCUs and an integrated scheduling adjudicator.Compared with the three-redundancy system architecture based on typical DHR structure,this architecture is not only more concise,clear and easy to deploy,but also can increase the steadystate security probability by up to 56.76% under the condition of associated attacks.2)Research on output consistency of heterogeneous executors in DHR-MCU.Each of heterogeneous MCU in DHR-MCU architecture needs to respond to the same input and output the results to the scheduling adjudicator respectively,which brings the problem of synchronization of output data.Following the independent working principle of DHR architecture,based on the analysis of existing distributed consensus algorithms and other related research,a fixed leader distributed consensus algorithm FLDCA(Fixed Leader Distributed Algorithm,FLDCA)is proposed.It integrates the state synchronization of heterogeneous programs based on relative time and the encrypted data synchronization mechanism based on secret source normalization,and runs in the scheduling adjudicator and heterogeneous MCUs respectively,which can coordinate the state synchronization and data consistency between heterogeneous MCUs while avoiding cascading attacks.The results of comparative experiments show that FLDCA can still maintain the process state of the program and realize encrypted login when other synchronization algorithms fail.3)The design of DHR-MCU scheduling adjudicator.The scheduling adjudicator is responsible for the processing of input / output data flows,output adjudication,fault cleaning,state recovery and running the FLDCA algorithm.Its performance directly determines the quality and security of DHR-MCU system.This paper analyzes the design methods and defects of the scheduling adjudicator(or corresponding functional components)in existing DHR implementations,and puts forward the principle of security,efficiency and flexibility in scheduling adjudicator design.Through the layer-by-layer analysis and simplification of the ideal construction scheme,an implementation scheme of scheduling adjudicator suitable for DHR-MCU architecture with software and hardware collaboration is proposed,which not only ensures the safety and reliability of the scheduling arbiter itself,but also takes into account the overall needs of a flexible and efficient DHR-MCU system.4)DHR-MCU verification environment construction and testing.Based on the DHR-MCU system architecture and hardware and software implementation mechanism,the DHR-MCU prototype verification platform and test environment are designed and developed.According to the proposed test scheme,the function,performance and security of the prototype system are tested.The feasibility,practicability and security of DHR-MCU system architecture and its key technologies are comprehensively evaluated.The test results show that when the system function is normal and the data processing time increases by 0.86%,DHR-MCU has strong steady-state recovery ability in all kinds of attack scenarios.The DHR-MCU system architecture proposed in this paper can also be used to guide the design of other endogenous security control devices and network devices.Especially the FLDCA and S-Arbitrator have been applied in the industrial Internet innovation and development projects such as "Endogenous Security Industrial switch equipment Development" and "Industrial Interconnection Mimic Edge Gateway Development".The problems of state data consistency control and system construction of the above heterogeneous redundant systems are solved.