| Since data is a carrier of information,obtaining or owning more data means having more information and more value.Security problems caused by theft and destruction of data on embedded memory are becoming more and more serious.Leakage of key data and illegal tampering will cause huge losses to organizations and individuals,and even threaten national security.Embedded system resources are limited,traditional security protocols cannot be applied directly on them;moreover,many embedded devices are deployed in an open environment,attackers have enough time and ability to initiate physical attacks on them,it is difficult to prevent.Therefore,it is necessary to study the memory security policy on embedded platforms,and to achieve efficient confidentiality and integrity protection methods without affecting system performance as much as possible,effectively curb the illegal acquisition or falsification of information,and improve the security level of the system.This thesis researches and analyzes the design principles and features of the current main memory protection methods,and proposes improved memory confidentiality and integrity protection methods respectively.It optimizes computational efficiency and storage overhead on the premise of guaranteeing memory security.In terms of memory confidentiality protection,a method based on dynamic key and compression counter(CPS)is proposed.The method is improved from two aspects: seed structure and counter overflow update algorithm.First,the counter is divided into two parts,the block counter and the compression counter,which reduces the storage cost of the counter.At the same time,a dynamic mapping table structure is designed to map the block counter with compression counter and the key respectively.Because keys can be dynamically updated,improved confidentiality protection methods have higher security.Then based on this optimization structure,a counter overflow update algorithm is proposed,which solves the re-encryption problem caused by counter overflow and improves the computational efficiency.In terms of memory integrity protection,a method based on multi-granularity incremental hash tree(MIT)is proposed.This method combines the advantages of the BMT and MGT integrity protection methods,and is improved from the following three aspects: protection scope,the check tree structure,and the basic verification algorithm.Firstly,the scope of constructing the check tree is reduced from the entire memory space to the counter area.The number of leaf nodes in the check tree is reduced under the premise that it can resist active attacks.At the same time,the check tree uses the structure of a multi-granularity tree,which reduces the number of check nodes and shortens the length of the check path,and reduces the computational complexity and storage overhead.Finally,incremental updating of the nodes of the multi-granularity check tree is performed using the NH incremental hash algorithm,which reduces the computational complexity of a single check node.Finally,the proposed memory confidentiality and integrity protection methods are quantitatively evaluated using the Simple Scalar architecture simulation tool.Experimental results show that the average performance degradation rate of the confidentiality protection method CPS proposed in this thesis is 10.75%,which is obviously better than the SPLIT method and the BLK method.In terms of storage overhead,the integrity protection method MIT has a 48.72% reduction in storage overhead compared to the hash-tree method,better than the MGT method and the BMT method.In terms of computational efficiency,the performance reduction rate is 32.62%,which is also superior to the hash tree,MGT and BMT methods.The comparison results show that the memory confidentiality and integrity protection methods proposed in this thesis can effectively reduce the storage space usage and improve the algorithm efficiency under the premise of satisfying the security protection. |
PDF Full Text Request