The Design And Application Of Hardware Security Modules

With the rapid development of information technology,data communication is more and more frequent,and the problem of information security need to be solved immediately.Communication data is mainly protected by data encryption technology,however,the data encryption algorithm is not strictly confidential,so the key protection has become the key to ensure data security.And now widely used Open SSL software can only provide software encryption,of which the encryption and decryption speed and can not meet the growing data processing requests.Therefore,it is crucial to use a hardware encryption device which has faster data encryption and decryption ability and key security management ability.In order to solve the defects and enhance the system performance,such as security of the system,the data processing efficiency and the convenience of system,this paper designed a Hardware Secure Module(HSM)based on Linux system by analyzing the existing cipher machine design scheme,for clipper chip,key management system,authentication and log system were improved,which provides efficient data encryption processing and security key management service for enterprise or personal data communication.Among them,the clipper chip selects S686 with multi-channel technology chip as the master enhanced data parallel processing efficiency.The key management system adds database tamper-resistant technology,data overwrite technology and low-level formatting technology,which ensures the security of key storage and key destruction.And this system also adds the whitelist system and the log system,respectively,for server authentication and log detailed system log information to ensure the system security and provide system error tracking capabilities.Firstly,this paper studies the TCP/IP protocol,epoll and thread pool model,producer and consumer model,double buffer technology,key management technology after analyzing the system requirements,and proposes a solution.Then,the frame is designed according to the functional requirements.The system is divided into network communication module,data processing module,encryption card module and device management module.After that,this paper introduces the principle and process of each module,and each module is implemented in terms of performance and security.Finally,function test,performance test and reliability test of each module of the hardware security module based on the testing tools such as SAR and UVM verification platform under the Linux system are performed.The results show that the speed of SM4 encryption reaches 640M/S,the average response time is much lower than the expected performance of 0.5s.The system is operating normally,reliable performance such as key management mechanism and log management system.It proves that the hardware security modules designed in this paper meets the requirements of high concurrency,low latency and key security protection,which has certain practical value.