Design And Implementation Of Tamper-proof Technology For Private Storage Devices And Clients

As the mobile internet technology develops,mobile phones have witnessed rapid development.In such context,demands for data storage keep growing with the expanding storage space required by images and videos.The storage capacity of mobile phones alone could hardly meet the demands of users.To resolve such problem,this paper analyzed the storage devices existing in the market.Here are the findings:traditional mobile storage devices like USB flash drive and portable storage device have poor portability,is easy to loss and do not support remote access of data;mainstream cloud disks like Baidu Netdisk has limited transmission speed and brings the risk of data leakage for files are stored in public cloud disk space;private cloud device is relatively expansive with complex configuration,high power consumption risks that may exist during data transmission.In response to these problems,this paper proposed a gigabit router solution with MT7621 being the control core.In the solution,OpenWRT operating system and FTP server are deployed.Besides,Nginx is used to encrypt a layer of authentication interface to protect private cloud storage devices and ensure that data are only accessible for specific mobile phone terminals.To safeguard the security of data in the transmission channel,this paper encrypted transmission channel through SSL encryption method,and realized extranet access with intranet penetration technology to realize the accessibility of private clouds storage device anytime and anywhere.Meanwhile,Airkiss was used to realize one-click network distribution and thereby lower the barriers for networking,and MQTT was applied to realize one-lick awake(which means the main chip power supply would be disconnected when no file is being transmitted to save power and ensure security).The results of experiments indicate that the average download speed of the private cloud storage device designed in this paper is faster than that of the traditional MT76X8 by 4.7 times,while the average upload speed is faster by 2.6 times.When there is no encryption,the device support a transmission speed of over 100MB/s,and could provide customized solutions for different users.The design proposed in this paper requires specific mobile phone client-ends to access private cloud storage device.Since software of mobile phone client ends is located in insecure white-box environment,it is extremely easy for reverse engineers to recompile software code or set backdoors.In order to protect the security of information on specialized client-ends,this paper combined white-box SM4 algorithm and watermarking technology,and applied the result on mobile phone client-ends.To improve security and ensure efficient operation,this paper optimized the affine transformation and iteration of white-box SM3 algorithm properly,and combined the algorithm with the key technology of watermarking algorithm to detect whether a code is tampered.If so,the response code would be executed immediately to invalidate the procedure by changing its entry function.If not,normal and efficient operation could be maintained.Under the precondition of meeting the requirements for encryption software application,the computational complexity could be reduced to around 1/2 by optimizing the algorithm,while the time efficiency can be improved by nearly 4 times.The white-box algorithm proposed in this paper could meet diverse requirements and defend BGE attacks through data computing.We applied it in mobile phone client-ends,finding that optimized white-box SM4 algorithm and watermarking technology could effectively ensure the security of mobile phone client-ends and the operation efficiency has been improved.The private cloud storage device designed in this paper is a safe and swift solution that could be easily applied and save power.The research work conducted in this study include:(1)To tackle with insufficient storage capacity of mobile phones,OpenWRT operating system and FTP server were deployed with MT7621 being the control core.Intranet penetration service was applied for the data storage device,and Nginx technology was used to build an authentication interface to allow users to access the private cloud storage device with specialized client-ends.In this way,files could be stored conveniently at a transmission speed of 3.6MB/s.When there is no encryption,the reading speed can reach 100MB/s or so.(2)To resolve problems related to security,configuration,power saving and hard protection,ESP07 module was used as the slave device to realize Airkiss one-click network distribution and MOTT one-click awake.One-click network distribution could realize swift network distribution,while one-click awake could awake the device and stop the operation of the device when it is not being used,so as to save power,protect hard disk and prevent hacking.(3)In response to such threats as reverse cracking of mobile phone client-ends,information from the client-ends being debugged or analyzed and the cracked client-ends beings repacked,or Trojan dropping,the study optimized white-box SM4 algorithm,combined it with watermarking technology,and applied it in mobile phone client-ends for private clouds storage device,with the purpose of preventing reverse cracking of encrypted APPs on terminals.