Research On Dhke-based Security-enhanced Key In Embedded Environment

With the continuous development of information science and technology,the application of embedded systems is more and more widely,and has been involved in a number of areas.Based on the characteristics of the embedded system itself,in its design,often rarely consider its security needs,resulting in embedded systems security mechanism is very weak.Which led to the current attack on the embedded system endless situation.Embedded system security issues,how to effectively protect the security of privacy data has become the most urgent form of the current security needs.Embedded system privacy data is generally stored in the form of ciphertext in the device,its security and key security is directly related.Therefore,how to design a protection scheme for keys becomes the key to improving the security of privacy data.Currently,the keys are mostly stored in the off-chip nonvolatile memory(NVM)of the device,which is not resistant to physical attacks and has the disadvantage of insufficient security.Although many scholars have proposed a variety of new key storage,but these programs have not fundamentally solve the key storage security issues,it is not in the practical application of the promotion.In this paper,the security problem of key storage is investigated and analyzed,and a generation scheme of SEK(Security-Enhanced Key)is proposed.In the design of embedded systems,if the introduction of this program,will effectively increase the security of the key.Based on the existing embedded system architecture,this paper designs the SEK generation mechanism by introducing the USB Key device and using the Diffie-Hellman key exchange(DHKE).USB Key itself has the characteristics of low cost,simple operation and strong security.At the time of design,the design of the USB Key and the embedded system is re-designed.The authentication mechanism has platform correlation.SEK is the embedded system and USB Key using the two sides of the respective key seed DHKE to generate.The algorithm for generating the key seed is stored in the USB Key side.It is protected by the inherent security mechanism of the USB Key.It is loaded into both the memory only when necessary,and the key seed is generated.In this paper,the unique hardware feature value(Unique Value)of the embedded system is used to generate the key seed,which can prevent the key seed from being tampered with and enhance the reliability of the security enhancement key.The embedded system and the USB Key generate the respective key seed and use the key seed for SEK generation.SEK generation protocol is based on the improvement of DHKE.Any attack against both communication channels can not compromise the security of SEK.The generated SEK has the feature of "only when it is generated,destroyed after use",a key that can be dynamically generated repeatedly,and does not need to be stored on the embedded device,fundamentally improving the security of the key To a certain extent,to solve the embedded system key leak security issues.The experimental results and safety evaluation show that the security of the key is obviously enhanced after adding the scheme in the design of the embedded system,and it can resist the multiple attacks against the key.,And the additional overhead is small and does not have a significant impact on system performance.