Research On Confidentiality And Integrity Scheme For The Shared Memory Of Embedded Multi-core System

Embedded multi-core shared memory systems have quickly replaced traditional embedded single-processor systems with their high performance,high concurrency,and low power consumption.In the embedded multi-core shared memory structure,although there is data sharing between processor elements(PEs),each processor element independently carries different computing tasks,and the processor elements are an untrusted relationship and must ensure data confidentiality and integrity when sharing information with each other.In the currently embedded multi-core shared memory security protection mechanism,the processor element needs to share secret constants,and the integrity verification tree is constructed by the entire counter domain.The application of these methods in untrusted scenarios can lead to non-shared data leakage and integrity verification are too expensive,so the security requirements and performance requirements of data sharing in the untrusted scenario cannot be satisfied.Therefore,it is necessary to study the security protection mechanism in this scenario without affecting system performance as much as possible.This article protects data from both confidentiality and integrity.(1)In terms of confidentiality,this paper proposes a ciphertext sharing confidentiality protection method based on certificateless proxy re-encryption.The method utilizes the memory controller as a semi-trusted mechanism to assist the entire system to generate common parameters and partial public and private keys,and then the PE constructs a full public and private key and a re-encryption key according to the common parameters.The original data is encrypted by using these keys so that the receiving PE can decrypt the data to obtain the original plaintext by using its own private key.Therefore,the security problem that the shared secret constants need to be shared between the processor elements leads to the leakage of non-shared data is solved.Thus the method satisfies the need for confidentiality protection.(2)In terms of integrity,this paper proposes an integrity protection method based on multi-granularity elastic hash tree.Based on the BMT tree,the method optimizes and improves the whole tree from three aspects: tree structure,dynamic window,and tree elasticity to apply to mutually untrusted scenarios.The method replaces the traditional binary tree with a multi-granularity binary tree and divides the verification space into the frequent region and infrequent region.Different regions verify to different root nodes,thereby effectively reducing the tree height and the total number of nodes,thereby reducing the average verification path length and improving the verification efficiency.In addition,the method also uses an elastic tree algorithm to clean up invalid nodes in time to reduce the size of the verification tree and reduce the time spent on the entire verification.Finally,the RSIM multi-core simulation simulator is used to evaluate the performance of the proposed algorithm and compare it with the related algorithm.In terms of confidentiality protection,the proposed confidentiality algorithm is optimized by the Montgomery algorithm,the processor pipeline structure and the cache mechanism.In the case of satisfying confidentiality security requirements,performance was reduced by an average of 17.3% compared to the original insecure system.In terms of integrity protection,the performance is reduced by 12.89% on average compared with the original insecure system,and the performance is better than the BMT,MGT,and MIT integrity protection methods.Therefore,the proposed algorithm can satisfy the confidentiality and integrity protection requirements of data sharing between processor elements in mutually untrusted scenarios,and has little impact on the performance of the original system.