CN113127901B - Processing method, device and chip for data encryption transmission - Google Patents

Abstract

The application discloses a processing method, a device and a chip for data encryption transmission, wherein the method comprises the following steps: under the condition that first data transmitted by a first module corresponding to a chip are received, carrying out encryption processing on the first data to obtain encrypted first data, and inputting the encrypted first data into a bus in the chip; under the condition that second data are output from the bus, decrypting the second data to obtain decrypted second data, and transmitting the decrypted second data to a second module corresponding to the chip; the first module and the second module are modules for realizing corresponding functions respectively.

Description

Processing method, device and chip for encrypted data transmission

technical field

The present application relates to the technical field of data processing, and in particular to a processing method, device and electronic equipment for encrypted data transmission.

Background technique

Probe attack is an attack method that directly obtains sensitive information of the system by detecting the bus, interface or module in the SoC System on Chip (System on Chip), and it is also the most direct and effective physical attack method. The key targets of probe attacks mainly include four parts: on-chip data transmission, on-chip data storage, external interface communication, and off-chip data storage.

Since the data transmission protocols and circuit structures of different functional modules in the SoC are different, in order to realize the data encryption protection for each module, each module must design an independent data encryption scheme.

However, such a data encryption scheme has high complexity, which leads to high complexity of data encryption transmission between modules of the SoC, and causes a defect of poor performance of data encryption transmission.

Contents of the invention

In view of this, the present application provides a data encryption transmission processing method, device and chip to solve the defect of poor data encryption transmission performance in the chip.

One aspect of the present application proposes a method for processing encrypted data transmission, the method comprising:

In the case of receiving the first data transmitted from the first module corresponding to the chip, encrypting the first data to obtain encrypted first data, and inputting the encrypted first data into the chip in the bus;

When there is second data output from the bus, decrypt the second data to obtain decrypted second data, and transmit the decrypted second data to the corresponding second chip of the chip. module;

Wherein, the first module and the second module are respectively modules for realizing corresponding functions.

In the above method, preferably, encrypting the first data to obtain encrypted first data includes:

performing XOR processing on the first data by using the target value corresponding to the first data to obtain encrypted first data;

Wherein, decrypting the second data to obtain the decrypted second data includes:

Exclusive OR processing is performed on the second data by using the target value corresponding to the second data to obtain decrypted second data.

In the above method, preferably, before receiving the first data transmitted by the first module in the chip, the method further includes:

Obtain a predicted destination address corresponding to the first data;

Obtain a target value corresponding to the first data according to the predicted destination address.

In the above method, preferably, after receiving the first data transmitted from the first module corresponding to the chip, XOR processing is performed on the first data by using the target value corresponding to the first data, so as to obtain the encrypted first data Before a data, the method also includes:

judging whether the predicted destination address corresponding to the first data is consistent with the actual destination address corresponding to the first data;

If they are consistent, perform the step of: using the target value corresponding to the first data to perform XOR processing on the first data to obtain encrypted first data;

If not, according to the actual destination address corresponding to the first data, reacquire the target value corresponding to the first data, and perform the step of: using the target value corresponding to the first data to perform an exclusive operation on the first data Or process to get encrypted first data.

In the above method, preferably, obtaining the predicted destination address corresponding to the first data includes:

Obtain the historical destination address of the historical data transmitted by the bus last time;

Processing the historical destination address according to the first prediction mode to obtain the predicted destination address corresponding to the first data;

Wherein, the first prediction method is determined based at least on the correspondence between the historical destination address of the historical data and the predicted destination address of the historical data, the second prediction method, and the type of the interrupt request in the chip, so The second prediction method is a prediction method between which the first prediction method is switched.

In the above method, preferably, the second prediction method is: a steady state incremental prediction method, a transient incremental prediction method, a steady state jump prediction method, a transient state jump prediction method, a steady state maintenance prediction method or a transient state maintenance prediction method Way;

Wherein, in the steady-state incremental prediction method, the transient incremental prediction method, the steady-state jump prediction method, and the transient jump prediction method, the addresses are incremented on the basis of the historical destination address. The prediction address is obtained on the basis of the historical destination address in the manner of maintaining the address in the steady-state maintaining prediction mode and the transient state maintaining prediction mode.

The above method, preferably:

In the case where the second prediction method is the steady-state incremental prediction method, if the historical destination address of the historical data is consistent with the predicted destination address of the historical data, the first prediction method is the same as the second prediction method. The two prediction methods are consistent; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the first prediction method and the first prediction method is the Describe the transient incremental prediction method;

When the second prediction method is the transient increment prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the interrupt request is of the first interrupt type, the The second prediction method is switched to the first prediction method and the first prediction method is the transient jump prediction method; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data And the interrupt request is the second interrupt type, the second prediction method is switched to the first prediction method and the first prediction method is the transient state hold prediction method; if the historical purpose of the historical data The address is consistent with the prediction destination address of the historical data, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state incremental prediction method;

In the case where the second prediction method is the transient jump prediction method, if the predicted destination address of the historical data is consistent with the predicted destination address of the data transmitted on the bus before the historical data, The second prediction method is switched to the first prediction method and the first prediction method is the static jump prediction method; if the prediction destination address of the historical data and the historical data are transmitted before the The prediction destination address of the data on the bus is the relationship of address increment, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient increment prediction mode; if the history The predicted destination address of the data and the predicted destination address of the data transmitted on the bus before the historical data is an address hold relationship, the second prediction method is switched to the first prediction method and the first prediction The method is the transient state maintenance prediction method;

In the case where the second prediction method is the steady-state jump prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the The first prediction method and the first prediction method is the transient jump prediction method;

In the case where the second prediction mode is the transient hold prediction mode, if the predicted destination address of the historical data and the predicted destination address of the data transmitted on the bus before the historical data are of address hold Relationship, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state maintenance prediction method; if the historical destination address of the historical data and the prediction purpose of the historical data The address is inconsistent and there is no new interrupt request, the second prediction method is switched to the first prediction method and the first prediction method is the transient increment prediction method; if the historical destination address of the historical data is the same as The prediction destination address of the historical data is inconsistent and there is a new interrupt request, the second prediction method is switched to the first prediction method and the first prediction method is the transient jump prediction method;

In the case where the second prediction method is the steady-state maintenance prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the A first prediction method and the first prediction method is the transient state-holding prediction method.

In the above method, preferably, before encrypting the first data to obtain the encrypted first data, the method further includes:

Read the preset first configuration parameter;

In the case where the first configuration parameter indicates that data encryption is required, the step is performed: encrypting the first data to obtain encrypted first data;

In the case that the first configuration parameter indicates that data encryption is not required, input the first data into the bus;

Wherein, before decrypting the second data to obtain the decrypted second data, the method further includes:

Read the preset second configuration parameter;

In the case where the second configuration parameter indicates that data decryption is required, perform the step of: decrypting the second data to obtain decrypted second data;

In a case where the second configuration parameter indicates that data decryption is not required, the second data is transmitted to a second module corresponding to the chip.

Another aspect of the present application also provides a processing device for encrypted data transmission, including at least:

The encryption unit is configured to, in the case of receiving the first data transmitted from the first module corresponding to the chip, perform encryption processing on the first data to obtain encrypted first data, and convert the encrypted first data into data input to the bus in the chip;

a decryption unit, configured to decrypt the second data when there is second data output from the bus to obtain decrypted second data, and transmit the decrypted second data to the The second module corresponding to the chip;

Wherein, the first module and the second module are respectively modules for realizing corresponding functions.

Another aspect of the present application also provides a chip, including:

bus;

The processing module is configured to: in the case of receiving the first data transmitted by the first module corresponding to the chip, encrypt the first data to obtain encrypted first data, and convert the encrypted the first data input to the bus;

The processing module is further configured to: when there is second data output from the bus, decrypt the second data to obtain decrypted second data, and convert the decrypted second data transmit to the second module corresponding to the chip;

Wherein, the first module and the second module are respectively modules for realizing corresponding functions.

It can be seen from the above technical solution that in the method, device and chip for processing encrypted data transmission disclosed in the present application, when the first data transmitted by the first module in the chip is received, the first data is encrypted. , and then transmit the encrypted first data to the bus in the chip, and when the second data is output from the bus, decrypt the second data, and then transmit the decrypted second data to the second module in the chip. It can be seen that since the data transmission and storage between all modules in the chip must rely on the bus to complete, in this application, by encrypting the data transmitted on the bus, the attacker detects the data in the chip through the probe. The obtained data is all encrypted data, and any sensitive data cannot be obtained, thereby realizing the protection of the data transmitted and stored by each module in the chip, and at the same time, there is no need to design independent encryption schemes for different modules, thereby reducing data The complexity of encrypted transmission, thereby improving the performance of encrypted data transmission while realizing encrypted data transmission in the chip.

Description of drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following will briefly introduce the drawings that need to be used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. Those of ordinary skill in the art can also obtain other drawings based on these drawings without making creative efforts.

FIG. 1 is a flow chart of a method for processing encrypted data transmission provided in Embodiment 1 of the present application;

Fig. 2 is the structural representation of SoC chip;

Fig. 3 is the example figure that this application is applicable to SoC chip to carry out data encryption transmission;

Figures 4-6 are respectively another flow chart of a processing method for encrypted data transmission provided by Embodiment 1 of the present application;

FIG. 7 is a partial flowchart of a processing method for encrypted data transmission provided by Embodiment 1 of the present application;

FIG. 8 is a schematic diagram of switching the address prediction mode in the embodiment of the present application;

FIG. 9 is another flow chart of a method for processing encrypted data transmission according to Embodiment 1 of the present application;

FIG. 10 is a schematic structural diagram of a data encryption transmission processing device provided in Embodiment 2 of the present application;

11-13 are schematic diagrams of another structure of a data encryption transmission processing device provided in Embodiment 2 of the present application;

FIG. 14 is a schematic structural diagram of a chip provided in Embodiment 3 of the present application;

Fig. 15 is a schematic diagram of the data encryption pipeline when the application is applicable to the SoC chip to realize data encryption transmission;

FIG. 16 is a schematic diagram of the state transition of the branch predictor when the application is applicable to the SoC chip to realize encrypted data transmission;

FIG. 17 is a schematic diagram of the bus architecture when the application is applicable to SoC chips for encrypted data transmission;

FIG. 18 is a schematic flow diagram of an algorithm for bus write transmission when the SoC chip implements encrypted data transmission in this application.

Detailed ways

The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

Referring to FIG. 1 , it is a flow chart of implementing a data encryption transmission processing method provided in Embodiment 1 of the present application. This method can be applied to chips that require probe attack protection, such as SoC chips, etc., to realize on-chip data protection.

Specifically, the method in this embodiment may include the following steps:

Step 101: Receive first data transmitted from a first module corresponding to the chip.

In a possible situation, the first module may be a module used to implement corresponding functions in the chip, such as a central processing unit CPU (central processing unit) module in an SoC chip, a direct memory access DMA (DirectMemory Access) module, a static Random access memory SRAM (Static Random-Access Memory) module or Eflash (embedded Flash) module, etc., as shown in Figure 2;

In another possible situation, the first module may be a module connected to the chip, capable of realizing corresponding functions, such as an external device or an off-chip storage module connected to the SoC chip, as shown in FIG. 2 .

Wherein, the first data can be the data to be transmitted by the first module, which can be represented by Ψ, such as the data that needs to be written into the SRAM module in the CPU module, and another example, the data that needs to be transmitted to the external device in the SRAM module, and for another example, Data that needs to be transmitted to the CPU module in the off-chip storage, and so on.

In a specific implementation, step 101 is to receive the first data transmitted from the first module when the first module needs to transmit the first data.

Step 102: Encrypt the first data to obtain encrypted first data.

Specifically, in this embodiment, the configured encryption algorithm may be used to encrypt the first data, so as to obtain encrypted first data.

Wherein, the encryption algorithm here may be a sequence cipher algorithm, a block cipher algorithm, or a public key cryptography algorithm. Based on this, the encrypted first data can be obtained, which can be represented by D.

Step 103: Input the encrypted first data into the bus in the chip, so that the first data is transmitted on the bus.

Wherein, in this embodiment, the encrypted first data is input at the input end of the bus, where the input end may be the end of the bus connected to the first module, as shown in FIG. 3 .

Step 104: When there is second data output from the bus, decrypt the second data to obtain decrypted second data.

Wherein, the second data output from the bus may be the encrypted first data itself, or the second data output from the bus may be data transmitted on the bus before or after the encrypted first data.

In one case, the second data output from the bus may be encrypted and then transmitted to the bus. Based on this, in this embodiment, when the second data is output from the bus, the second data is decrypted, Specifically, the decryption algorithm corresponding to the encryption algorithm when the second data is encrypted may be used to decrypt the second data, thereby obtaining decrypted second data, which may be represented by Γ.

Step 105: Transmitting the decrypted second data to a second module corresponding to the chip.

In a possible situation, the second module may be a module in the chip for realizing corresponding functions. Such as CPU module, DMA module, SRAM module or Eflash module in SoC chip;

In another possible situation, the second module may be a module connected to the chip and capable of realizing corresponding functions, such as modules such as external devices or off-chip storage connected to the SoC chip.

Among them, the second data is the data that the second module needs to receive, such as the data transmitted by the CPU module that the SRAM module needs to receive, the data transmitted by the SRAM module that the external device needs to receive, and the off-chip storage that the CPU module needs to receive the transmitted data, etc.

In addition, in this embodiment, receiving the second data is realized at the output end of the bus, where the output end can be one end of the bus connected to the second module, as shown in Figure 3, thus receiving the output second data from the bus After being decrypted, it can be directly transmitted to the second module. It can be seen that the data transmitted on the bus is encrypted data, which is not easy to be attacked.

It can be seen from the above technical solution that in the method for processing encrypted data transmission provided by Embodiment 1 of the present application, when the first data transmitted by the first module in the chip is received, the first data is encrypted, The encrypted first data is then transmitted to the bus in the chip, and when the second data is output from the bus, the second data is decrypted, and then the decrypted second data is transmitted to the second module in the chip. It can be seen that since the data transmission and storage between all modules in the chip must rely on the bus to complete, in this embodiment, by encrypting the data transmitted on the bus, the attacker detects the data in the chip through the probe. The obtained data is all encrypted data, and any sensitive data cannot be obtained, thereby realizing the protection of the data transmitted and stored by each module in the chip, and at the same time, there is no need to design independent encryption schemes for different modules, thereby reducing The complexity of encrypted data transmission improves the performance of encrypted data transmission while realizing encrypted data transmission in the chip.

It should be noted that in this embodiment, multiple data to be transmitted on the bus can be processed sequentially according to different time slots through the above encryption and decryption processing methods, so as to further improve the processing efficiency of data encryption transmission through the data encryption pipeline.

Based on the above implementation solutions, in order to further speed up the processing efficiency of encrypted data transmission, this embodiment implements by improving encryption and decryption algorithms. Specifically, in step 102, when encrypting the first data, it may specifically be implemented through the following steps, as shown in FIG. 4:

Step 121: Execute XOR processing on the first data by using the target value corresponding to the first data to obtain encrypted first data.

Wherein, the target value corresponding to the first data can be obtained based on the target value obtained by processing the destination address corresponding to the first data. Based on this, the target value of the first data can be obtained by processing the first data without Storing in the chip can also realize the decryption process when the encrypted first data is output from the bus. At the same time, the processing complexity of performing XOR processing on the first data by using the target value to realize the encryption of the first data is obviously lower, and the processing efficiency of data encryption can be accelerated.

On this basis, when decrypting the second data in step 104, it can be realized through the following steps:

Step 141: Execute XOR processing on the second data by using the target value corresponding to the second data to obtain decrypted second data.

Wherein, the target value corresponding to the second data may be based on the target value obtained by processing the destination address corresponding to the second data. Based on this, the target value of the second data may be obtained before receiving the second data or after receiving the second data Decryption of the second data can also be achieved by processing the second data without storing the target value corresponding to the second data in the chip in advance. At the same time, the processing complexity of performing XOR processing on the second data by using the target value to realize the decryption of the second data is obviously lower, and the processing efficiency of data decryption can be accelerated.

Based on the above implementation solution, the target value corresponding to the first data can be obtained before receiving the first data, thereby further saving the time consumed by data encryption processing, thereby improving processing efficiency. Specifically, before step 101, the method in this embodiment may also include the following steps, as shown in FIG. 5:

Step 106: Obtain a predicted destination address corresponding to the first data.

Wherein, the predicted destination address corresponding to the first data refers to the destination address of the upcoming first data predicted before receiving the first data, such as predicting the destination address of the first data transmitted from the CPU module to the SRAM module, A predicted destination address corresponding to the first data is obtained, which may be represented by R.

Step 107: Obtain the target value corresponding to the first data according to the predicted destination address.

Specifically, in this embodiment, a preset key input, such as key K, can be used to encrypt the predicted destination address, so as to obtain the target value corresponding to the first data, which can be represented by E _K (R).

Based on this, after the first data is received in step 101, the target value corresponding to the first data can be directly used to perform XOR processing on the first data, so as to obtain the encrypted first data without waiting for the first data to be received After that, the target value corresponding to the first data is obtained according to the destination address corresponding to the first data, thereby saving the encryption processing time and improving processing efficiency.

Similarly, when XOR processing is performed on the second data in step 141 to obtain the decrypted second data, the target value corresponding to the second data can be obtained before the second data is transmitted from the bus, specifically as follows step:

Step 108: Obtain the predicted destination address corresponding to the second data, and obtain the target value corresponding to the second data according to the predicted destination address corresponding to the second data.

Based on this, after the second data is output from the bus, the target value corresponding to the second data can be directly used to perform XOR processing on the second data, so as to obtain the decrypted second data without waiting for the second data to be output from the bus Afterwards, the target value corresponding to the second data is obtained, thereby saving the decryption processing time and improving processing efficiency.

Based on this, in order to improve the accuracy of data encrypted transmission, in this embodiment, it is necessary to judge whether the predicted destination address corresponding to the first data is accurate before encrypting the first data, and it is also necessary to determine whether the predicted destination address corresponding to the first data is accurate before decrypting the second data. Whether the predicted destination address corresponding to the second data is accurate is judged. Based on this, in this embodiment, after step 101 and before step 121, the following steps may also be performed, as shown in FIG. 6:

Step 109: Determine whether the predicted destination address corresponding to the first data is consistent with the actual destination address corresponding to the first data, if they are consistent, perform step 121, if not, perform step 110.

Wherein, the actual destination address corresponding to the first data is an accurate destination address. Specifically, after receiving the first data, the actual destination address corresponding to the first data can be read from the first data, which can be represented by A.

Based on this, before executing step 121, compare the predicted destination address corresponding to the first data with the actual destination address corresponding to the first data to determine whether the two are consistent. If they are consistent, it indicates that the predicted destination address corresponding to the first data The destination address is accurate. At this time, step 121 is directly executed, and the first data is XORed directly using the target value corresponding to the first data, so as to obtain the encrypted first data, which is the encrypted first data accurately. If If not, it means that the predicted destination address corresponding to the first data is inaccurate, and step 110 is performed at this time.

Step 110: According to the actual destination address corresponding to the first data, reacquire the target value corresponding to the first data, and then perform step 121.

That is to say, when the predicted destination address corresponding to the first data is inaccurate, it is necessary to use an accurate actual destination address to obtain an accurate target value again. Specifically, in this embodiment, a preset key input, such as key K, can be used to encrypt the actual destination address, so as to obtain the target value corresponding to the first data, which can be represented by E _K (A). Afterwards, step 121 is executed again, whereby the reacquired accurate target value is used to perform XOR processing on the first data, so as to obtain encrypted first data, and the encrypted first data is accurate.

Similarly, before performing XOR processing on the second data in step 141 to obtain the decrypted second data, the following steps may also be performed:

Step 111: Determine whether the predicted destination address corresponding to the second data is consistent with the actual destination address corresponding to the second data, if they are consistent, perform step 141, and if not, perform step 112.

Wherein, the actual destination address corresponding to the second data is an accurate destination address, specifically, the actual destination address corresponding to the second data may be read from the second data after the second data is output from the bus.

Based on this, before executing step 141, compare the predicted destination address corresponding to the second data with the actual destination address corresponding to the second data to determine whether the two are consistent. If they are consistent, it indicates the predicted destination corresponding to the second data. The address is accurate, at this time, directly execute step 141, directly use the target value corresponding to the second data to perform XOR processing on the second data, so as to obtain the decrypted second data, and the decrypted accurate second data, if inconsistent , it means that the predicted destination address corresponding to the second data is inaccurate, and step 112 is executed at this time.

Step 112: According to the actual destination address corresponding to the second data, reacquire the target value corresponding to the second data, and then perform step 141.

That is to say, if the predicted destination address corresponding to the second data is inaccurate, it is necessary to use an accurate actual destination address to obtain an accurate target value again. Specifically, in this embodiment, a preset key input, such as key K, may be used to encrypt the actual destination address, so as to obtain the target value corresponding to the second data. Afterwards, step 141 is executed again, whereby the reacquired accurate target value is used to perform XOR processing on the second data, so as to obtain the decrypted second data, which is the decrypted accurate second data.

In a specific implementation solution, the predicted destination address may be predicted on the basis of historical destination addresses. The predicted destination address corresponding to the first data is similar to the predicted destination address corresponding to the second data. Here, the predicted destination address corresponding to the first data is taken as an example to describe the method of obtaining the predicted destination address in detail:

Specifically, when obtaining the predicted destination address corresponding to the first data in step 106, it may be implemented in the following manner, as shown in FIG. 7:

Step 161: Obtain the historical destination address of the latest historical data transmitted by the bus.

Wherein, the historical destination address is the actual destination address of the historical data, which can be read specifically from the historical data.

Step 162: According to the first prediction method, process the historical destination address to obtain the predicted destination address corresponding to the first data.

Wherein, the first prediction method is determined based at least on the correspondence between the historical destination address of the historical data and the predicted destination address of the historical data, the second prediction method, and the type of the interrupt request in the chip, where the second prediction method is the first A prediction mode before it was switched.

Wherein, the predicted destination address of the historical data is the destination address predicted by using the second prediction method. That is to say, in this embodiment, the prediction mode is switched based on the corresponding relationship between the historical destination address of the historical data and the predicted destination address of the historical data and the type of the interrupt request, and then the prediction mode after switching is the first prediction mode By processing the historical destination addresses, the predicted destination address corresponding to the first data can be predicted.

It should be noted that different prediction methods process historical destination addresses in different ways, and correspondingly, the corresponding relationship between the predicted destination address corresponding to the obtained first data and the historical destination address corresponding to the historical data is also different. Contains a variety of different correspondences such as increment, jump, and hold.

Based on this, the second prediction method can be a steady state incremental prediction method, a transient incremental prediction method, a steady state jump prediction method, a transient state jump prediction method, a steady state maintenance prediction method or a transient state maintenance prediction method; the second prediction After the method is switched to the first prediction method, the first prediction method can be the same as the second prediction method, or it can be different. Therefore, the first measurement method can be a steady state incremental prediction method, a transient state incremental prediction method, a steady state jump transfer prediction mode, transient jump prediction mode, steady state hold prediction mode or transient state hold prediction mode.

It should be noted that the various prediction methods described in this embodiment above can also be understood as prediction states for predicting destination addresses. In different prediction states, historical destination addresses are predicted in corresponding prediction methods.

Among them, in the steady state incremental prediction method, the transient state incremental prediction method, the steady state jump prediction method and the transient state jump prediction method, the predicted address is obtained on the basis of the historical destination address in the manner of address increment respectively, that is to say, in In the four prediction methods of steady-state incremental prediction, transient incremental prediction, steady-state jump prediction and transient jump prediction, by incrementally processing the historical destination address of historical data, we can get The predicted destination address corresponding to the first data.

In the steady state hold prediction mode and the transient state hold prediction mode, the predicted address is obtained on the basis of the historical destination address by means of holding the address. That is to say, in the two forecasting modes of the steady-state keeping prediction mode and the transient-state keeping prediction mode, the predicted destination address corresponding to the first data can be obtained by keeping the historical destination address of the historical data unchanged.

The following examples illustrate several situations in which the second prediction method is switched to the first prediction method, as shown in Figure 8:

In the case that the second prediction method is a steady-state incremental prediction method, if the historical destination address of the historical data is consistent with the predicted destination address of the historical data, it means that the prediction is correct, and at this time the first prediction method is consistent with the second prediction method; If the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, it means that the prediction is wrong. At this time, the second prediction method is switched to the first prediction method and the first prediction method is the transient incremental prediction method;

In the transient increment prediction method at this time, the destination address is still predicted by the address increment processing method;

In the case where the second prediction method is the transient incremental prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the interrupt request is the first interrupt type, it means that the interrupt request of the first interrupt type occurs lead to prediction errors, at this time the second prediction method is switched to the first prediction method and the first prediction method is a transient jump prediction method; if the historical destination address of historical data is inconsistent with the predicted destination address of historical data and the interrupt request is the first Two interrupt types, indicating that the prediction error is caused by the occurrence of the interrupt request of the second interrupt type. At this time, the second prediction method is switched to the first prediction method and the first prediction method is the transient hold prediction method; if the historical destination address of the historical data It is consistent with the prediction destination address of historical data, indicating that the prediction is correct. At this time, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state incremental prediction method;

Wherein, in the transient jump prediction mode, the destination address is predicted by address incrementing, and in the transient hold prediction mode, the destination address is predicted by address holding.

In the case where the second prediction method is the transient jump prediction method, if the prediction destination address of the historical data is consistent with the prediction destination address of the data transmitted on the bus before the historical data, it means that the prediction is correct. At this time, the second prediction The mode is switched to the first prediction mode and the first prediction mode is the steady-state jump prediction mode; if the historical destination address of the historical data is inconsistent with the historical data’s predicted destination address and the historical data’s predicted destination address and historical data are transmitted on the bus before The predicted destination address of the data above is the relationship that the address is incremented, then it means that the prediction is wrong and the address is incremented. At this time, the second prediction method is switched to the first prediction method and the first prediction method is a transient incremental prediction method; However, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, and the historical destination address of the historical data and the historical destination address of the previous historical data are in an address-holding relationship, it means that the prediction is wrong and the address is held , at this time, the second prediction method is switched to the first prediction method and the first prediction method is the transient state-holding prediction method;

Among them, in the steady state jump prediction method, the destination address is predicted by address increment processing.

In the case where the second prediction method is a steady-state jump prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, it indicates that the processing of the interrupt request of the first interrupt type is completed, and at this time the second prediction The method is switched to the first prediction method and the first prediction method is a transient jump prediction method;

In the case where the second mode is the transient hold prediction mode, if the predicted destination address of the historical data and the predicted destination address of the data transmitted on the bus before the historical data are address-holding relationships, it means that the prediction is correct, and at this time the second prediction The mode is switched to the first prediction mode and the first prediction mode is the steady-state hold prediction mode; if the historical destination address of the historical data is inconsistent with the historical data prediction destination address and there is no new interrupt request, the second prediction mode is switched to the first A prediction method and the first prediction method is a transient incremental prediction method; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and there is a new interrupt request, a new interrupt process is executed at this time, and the second prediction The method is switched to the first prediction method and the first prediction method is a transient jump prediction method;

Among them, in the steady-state hold prediction method, the destination address is predicted in the address hold processing method.

In the case that the second prediction method is the steady-state hold prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, it indicates that the interrupt request processing of the second interrupt type is completed. At this time, the second prediction The mode is switched to the first prediction mode and the first prediction mode is the transient hold prediction mode.

Therefore, according to the switching principle of the above prediction method, the prediction method adopted in this embodiment is switched, and the three-level dynamic branch prediction covers all data transmission situations in the chip, thereby improving the accuracy of destination address prediction.

Based on the above implementation scheme, in order to realize configurable encrypted data transmission processing, in this embodiment, the configuration interface and the configuration interface can be set by the user to pre-set configuration parameters to determine whether encrypted data transmission is required. For example, in the configuration interface, the configuration control is provided for the user, and the user selects the configuration control. If the user selects the control that needs to be encrypted and transmitted, the first configuration parameter representing the need for data encryption and the first configuration parameter representing the need for data decryption will be generated. Two configuration parameters, if the user selects a control that does not require encrypted transmission, generate a first configuration parameter that indicates that data encryption is not required and a second configuration parameter that indicates that data decryption is not required.

Based on this, before step 102 in the present embodiment, first perform the following steps, as shown in Figure 9:

Step 113: Read a preset first configuration parameter.

Wherein, the first configuration parameter can be read from the location where the configuration parameter is stored in the chip.

Step 114: Determine whether the first configuration parameter indicates that data encryption is required, and if the first configuration parameter indicates that data encryption is required, perform step 102, and then perform step 103; if the first configuration parameter indicates that data encryption is not required In this case, step 102 is not performed, but step 103 is directly performed, that is, the first data to be transmitted in the first module is directly transmitted to the bus.

Similarly, in this embodiment, before decrypting the second data in step 104, the following steps are first performed:

Step 115: Read preset second configuration parameters.

Wherein, the second configuration parameter can be read from the location where the configuration parameter is stored in the chip.

Step 116: Determine whether the second configuration parameter indicates that data decryption is required, and if the second configuration parameter indicates that data decryption is required, perform step 104 to decrypt the second data to obtain decrypted second data, and then Execute step 105; and in the case that the second configuration parameter representation does not require data encryption, no longer perform the decryption process on the second data in step 104, but directly execute step 105, that is, directly transmit the first data from the bus The second data is transmitted to the second module.

Therefore, by providing a configuration interface and realizing the configurability of encrypted data transmission through the configuration interface, convenience is provided for users.

Referring to FIG. 10 , it is a schematic structural diagram of a processing device for encrypted data transmission provided in Embodiment 2 of the present application. The device can be configured in a chip that needs to be protected against probe attacks, such as a SoC chip, etc., to realize on-chip data protection.

Specifically, the device in this embodiment may include the following units:

The encryption unit 1001 is configured to, in the case of receiving the first data transmitted by the first module corresponding to the chip, encrypt the first data to obtain encrypted first data, and convert the encrypted first data to a data input bus in the chip;

Decryption unit 1002, configured to decrypt the second data when the second data is output from the bus to obtain decrypted second data, and transmit the decrypted second data to the The second module corresponding to the chip;

Wherein, the first module and the second module are respectively modules for realizing corresponding functions.

It can be seen from the above technical solution that in the processing device for encrypted data transmission provided in Embodiment 2 of the present application, when the first data transmitted by the first module in the chip is received, the first data is encrypted, The encrypted first data is then transmitted to the bus in the chip, and when the second data is output from the bus, the second data is decrypted, and then the decrypted second data is transmitted to the second module in the chip. It can be seen that since the data transmission and storage between all modules in the chip must rely on the bus to complete, in this embodiment, by encrypting the data transmitted on the bus, the attacker detects the data in the chip through the probe. The obtained data is all encrypted data, and any sensitive data cannot be obtained, thereby realizing the protection of the data transmitted and stored by each module in the chip, and at the same time, there is no need to design independent encryption schemes for different modules, thereby reducing The complexity of encrypted data transmission improves the performance of encrypted data transmission while realizing encrypted data transmission in the chip.

In an implementation manner, the encryption unit 1001 is specifically configured to: use the target value corresponding to the first data to perform XOR processing on the first data to obtain encrypted first data;

Wherein, the decryption unit 1002 is specifically configured to: use the target value corresponding to the second data to perform XOR processing on the second data to obtain decrypted second data.

Based on this, the device in this embodiment may also include the following units, as shown in Figure 11:

The address processing unit 1003 is configured to obtain the predicted destination address corresponding to the first data before the encryption unit 1001 receives the first data transmitted by the first module in the chip; according to the predicted destination address, obtain the first data A target value corresponding to data.

Further, the device in this embodiment may also include the following units, as shown in Figure 12:

The address arbitration unit 1004 is configured to, after the encryption unit 1001 receives the first data transmitted from the first module corresponding to the chip, use the target value corresponding to the first data to XOR the first data in the encryption unit 1001 Before processing to obtain the encrypted first data, it is judged whether the predicted destination address corresponding to the first data is consistent with the actual destination address corresponding to the first data; if they are consistent, the encryption unit 1001 is triggered to use the first The target value corresponding to the data performs XOR processing on the first data to obtain the encrypted first data; if they are inconsistent, the trigger address processing unit 1003 reacquires the first data according to the actual destination address corresponding to the first data. The target value corresponding to the data, and then trigger the encryption unit 1001 to perform XOR processing on the first data by using the target value corresponding to the first data, so as to obtain encrypted first data.

Specifically, when the address processing unit 1003 obtains the predicted destination address corresponding to the first data, it is specifically used to: obtain the historical destination address of the historical data transmitted by the bus last time; The destination address is processed to obtain the predicted destination address corresponding to the first data;

Wherein, the first prediction method is determined based at least on the correspondence between the historical destination address of the historical data and the predicted destination address of the historical data, the second prediction method, and the type of the interrupt request in the chip, so The second prediction method is a prediction method between which the first prediction method is switched.

In a specific implementation, the second prediction method is: a steady state incremental prediction method, a transient state incremental prediction method, a steady state jump prediction method, a transient state jump prediction method, a steady state maintenance prediction method or a transient state maintenance prediction method;

Wherein, in the steady-state incremental prediction method, the transient incremental prediction method, the steady-state jump prediction method, and the transient jump prediction method, the addresses are incremented on the basis of the historical destination address. The prediction address is obtained on the basis of the historical destination address in the manner of maintaining the address in the steady-state maintaining prediction mode and the transient state maintaining prediction mode.

Based on this, when the second prediction method is the steady-state incremental prediction method, if the historical destination address of the historical data is consistent with the predicted destination address of the historical data, the first prediction method and The second prediction method remains consistent; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the first prediction method and the first prediction The method is the transient incremental prediction method;

When the second prediction method is the transient increment prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the interrupt request is of the first interrupt type, the The second prediction method is switched to the first prediction method and the first prediction method is the transient jump prediction method; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data And the interrupt request is the second interrupt type, the second prediction method is switched to the first prediction method and the first prediction method is the transient state hold prediction method; if the historical purpose of the historical data The address is consistent with the prediction destination address of the historical data, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state incremental prediction method;

In the case where the second prediction method is the transient jump prediction method, if the predicted destination address of the historical data is consistent with the predicted destination address of the data transmitted on the bus before the historical data, The second prediction method is switched to the first prediction method and the first prediction method is the static jump prediction method; if the prediction destination address of the historical data and the historical data are transmitted before the The prediction destination address of the data on the bus is the relationship of address increment, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient increment prediction mode; if the history The predicted destination address of the data and the predicted destination address of the data transmitted on the bus before the historical data is an address hold relationship, the second prediction method is switched to the first prediction method and the first prediction The method is the transient state maintenance prediction method;

In the case where the second prediction method is the steady-state jump prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the The first prediction method and the first prediction method is the transient jump prediction method;

In the case where the second prediction mode is the transient hold prediction mode, if the predicted destination address of the historical data and the predicted destination address of the data transmitted on the bus before the historical data are of address hold Relationship, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state maintenance prediction method; if the historical destination address of the historical data and the prediction purpose of the historical data The address is inconsistent and there is no new interrupt request, the second prediction method is switched to the first prediction method and the first prediction method is the transient increment prediction method; if the historical destination address of the historical data is the same as The prediction destination address of the historical data is inconsistent and there is a new interrupt request, the second prediction method is switched to the first prediction method and the first prediction method is the transient jump prediction method;

In the case where the second prediction method is the steady-state maintenance prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the A first prediction method and the first prediction method is the transient state-holding prediction method.

In an implementation manner, the device in this embodiment may further include the following units, as shown in Figure 13:

The encryption judging unit 1005 is configured to read the preset first configuration parameter before the encryption unit 1001 encrypts the first data to obtain the encrypted first data; In the case of data encryption, the trigger encryption unit 1001 encrypts the first data to obtain encrypted first data; when the first configuration parameter indicates that data encryption is not required, the trigger encryption unit 1001 will the first data is input to the bus;

The decryption judging unit 1006 is configured to read a preset second configuration parameter before the decryption unit 1002 decrypts the second data to obtain the decrypted second data; In the case of data decryption, trigger the decryption unit 1002 to decrypt the second data to obtain decrypted second data; The second data is transmitted to a second module corresponding to the chip.

It should be noted that, for the specific implementation of each unit in this embodiment, reference may be made to the corresponding contents above, and details are not described here again.

Referring to FIG. 14 , it is a schematic structural diagram of a chip provided by Embodiment 3 of the present application. The chip may be a chip that needs to be protected against probe attacks, such as a SoC chip, to realize data protection on the chip.

Specifically, the chip in this embodiment may include the following modules:

The bus 1401 is used to implement data transmission between the modules corresponding to the chip. The modules here can be functional modules included in the chip, such as CPU modules or DMA modules, etc.; or, the modules here can also be connected to the chip. External modules, such as external devices or off-chip storage, etc.

The processing module 1402 is configured to: in the case of receiving the first data transmitted by the first module 1403 corresponding to the chip, encrypt the first data to obtain encrypted first data, and convert the inputting the encrypted first data into the bus 1401;

The processing module 1402 is further configured to: when there is second data output from the bus 1401, decrypt the second data to obtain decrypted second data, and convert the decrypted first The second data is transmitted to the second module 1404 corresponding to the chip;

Wherein, the first module 1403 and the second module 1404 are respectively modules for realizing corresponding functions.

It can be seen from the above technical solution that in the chip provided by Embodiment 3 of the present application, when the first data transmitted by the first module in the chip is received, the first data is encrypted, and then the encrypted second data is encrypted. One piece of data is transmitted to the bus in the chip, and when the second data is output from the bus, the second data is decrypted, and then the decrypted second data is transmitted to the second module in the chip. It can be seen that since the data transmission and storage between all modules in the chip must rely on the bus to complete, in this embodiment, by encrypting the data transmitted on the bus, the attacker detects the data in the chip through the probe. The obtained data is all encrypted data, and any sensitive data cannot be obtained, thereby realizing the protection of the data transmitted and stored by each module in the chip, and at the same time, there is no need to design independent encryption schemes for different modules, thereby reducing The complexity of encrypted data transmission improves the performance of encrypted data transmission while realizing encrypted data transmission in the chip.

In a specific implementation, the processing module 1402 may implement corresponding functions by configuring functional units such as an encryption unit, a decryption unit, and an address arbitration unit.

It should be noted that, for the specific implementation of the processing module 1402 in this embodiment, reference may be made to the corresponding contents above, and details are not described here again.

Taking the chip as an SoC chip as an example, in order to realize the probe attack protection of the SoC chip, in this embodiment, the processing scheme for data encryption transmission in the SoC chip is improved. The improvement process and the improved technical solution are described in detail below:

The inventors of this application found in the process of researching the probe attack that the key targets of the probe attack mainly include four parts: on-chip data transmission, on-chip data storage, external interface communication and off-chip data storage. Due to the different data transmission protocols and circuit structures of different functional modules, if the data of each target is individually encrypted and protected, an independent data encryption module must be designed for each module. On the one hand, the implementation process of this data protection method is complicated, and on the other hand, it will inevitably cause a large hardware area overhead.

In view of this, the inventor of the present application proposes a technical solution for encrypting data through the bus after further research. Among them, the system bus is used as a "bridge" for the connection and communication of various functional modules in the SoC chip, and the data transmission and storage between all functional modules must rely on the system bus to complete. Therefore, by encrypting the data transmitted on the system bus, the encrypted protection of the data transmitted and stored by each module can be realized. The attacker detects the above four key targets through the probe, and all the encrypted random numbers are obtained. Unable to obtain any valid information. Therefore, the bus data encryption proposed in this application can protect the security of data transmission and storage between functional modules.

At the same time, because bus data encryption will inevitably cause a certain bus data transmission performance loss, therefore, the inventors of the present application further study how to reduce the bus data transmission performance loss as much as possible while ensuring the security of data encryption, so as to ensure that the entire SoC The overall computing performance of the chip.

In view of this, the inventor of the present application proposes to use a block cipher algorithm to realize the encrypted transmission of bus data in view of the current situation that bus data transmission is affected by actual user application programs and has great uncertainty. Among them, the block cipher algorithm can achieve the balance of encryption security, hardware overhead and encryption performance, and there is no key stream synchronization problem, and can be applied to bus data encryption. There are many modes for block cipher algorithm to encrypt data, including counter mode. In the counter mode, the encryption algorithm is used to encrypt the count value of the counter in advance to obtain a set of random numbers, and XOR operation with the current data to obtain the ciphertext. For the counter mode, most of the encryption operations can be completed in advance, and the operation involving the current data is only the XOR operation, which is the fastest encryption mode among all encryption modes. In this application, the processing method of using the counter encryption in the block cipher algorithm can improve the efficiency of data encryption.

However, in the SoC chip, when using the counter encryption processing method to encrypt bus data, the count value of the counter needs to be stored in advance, and when decrypting, the current encrypted count value needs to be used for decryption. If the SoC chip has a lot of sensitive data and the encryption task is large, the counter value needs to be stored in a huge space, which brings a huge burden to the SoC chip.

In view of this, the inventor of the present application has made further research and proposed to use the data address instead of the count value in the process of bus data encrypted transmission, so that there is no need to store a large number of count values, thereby saving space and reducing the burden on the SoC chip. Specifically, in the bus data transmission process, the data corresponds to the address one by one, and the counting value of the counter is replaced by the address of the data, thereby reducing the demand for on-chip storage resources. It can be seen that in this application, the processing method of counter encryption is used to encrypt data, and the bus address is encrypted in advance to obtain a set of random numbers, and the data and random numbers are XORed to obtain ciphertext and transmit it. The transmitted ciphertext can effectively ensure the security of data , and the counter value alternative based on the data address can effectively solve the key stream synchronization problem and reduce the burden on the chip.

To sum up, this application proposes a configurable and efficient bus data encryption method against probe attacks. Its core mainly includes the following three aspects: bus data encryption pipeline, three-level dynamic branch predictor and secure system bus architecture. These three cooperate with each other to effectively solve the problem of key stream synchronization and minimize the performance loss of bus data transmission caused by data encryption under the premise of encrypting and protecting sensitive data transmitted on the bus. details as follows:

1. Bus data encryption pipeline

This application proposes a data encryption pipeline, which reduces time consumption and improves efficiency by adding a pre-encryption process.

The operation process of the entire data encryption pipeline is shown in Figure 15. It mainly consists of address pre-fetching AF (Address Fetching), address pre-encryption APE (Address Pre-Encryption), predicted address arbitration PAA (Predicted Address Arbitration) and data encryption DE (Data Encryption) It consists of four stages. Based on this, each data packet undergoes the above four stages of processing, and adjacent data packets are sequentially processed on adjacent time slots to realize the data encryption pipeline, as shown in Figure 15, when time slot T1 expires Slot T7 handles one data packet respectively, and each slot handles one stage. Take the processing of a data packet as an example, as follows:

AF obtains the predicted address R of sensitive data. The sensitive data here can be understood as the first data mentioned above, that is, the data that needs to be transmitted. The predicted address R here is the prediction purpose corresponding to the first data mentioned above. address, while APE encrypts R with key K. The ciphertext P obtained by encrypting R with the key K can be expressed as formula (1).

PAA verifies whether the predicted address R is equal to the actual address A, where the actual address is the actual destination address corresponding to the first data in the previous text, as shown in formula (2), if R is equal to A, then DE is in the ciphertext Execute XOR operation between P and Ψ to get encrypted sensitive data D. If R is not equal to A, APE encrypts the actual address A, and then uses Ψ and the ciphertext obtained by encrypting A to perform XOR operation.

Among them, the operation and data transmission of AF and APE are completed independently, so they should be executed before data transmission to improve data encryption efficiency.

2. Three-level dynamic branch predictor

In the SoC chip, the bus data transmission can be divided into three types according to the characteristics of the address: the address does not change, the address increases and the address jumps. In this embodiment, in order to cover the data transmission situation in the SoC chip, a three-level dynamic branch predictor is proposed, and its state transition diagram is shown in FIG. 16 . Among them, 100 and 101 respectively represent the prediction method of the steady-state prediction increment address and the prediction method of the transient state prediction increment address, that is, the steady-state increment prediction method and the transient state increment prediction method in the above text; 010 and 011 respectively represent the steady-state prediction jump The prediction method of the jump address and the prediction method of the jump address in the transient state, that is, the steady state jump prediction method and the transient state jump prediction method in the previous article; 000 and 001 respectively represent the prediction method and transient state of the current address in the steady state prediction The prediction method of predicting the current address, that is, the steady-state hold prediction method and the transient state hold prediction method mentioned above.

Among them, taking the CPU continuously writing data into the SRAM space as an example, the state transfer process of the three-level dynamic branch predictor, that is, the switching process of the prediction mode is introduced.

First of all, when the branch predictor is in the state of steady-state prediction increment address, that is, the current state is 100, when the interface, timer or program abnormality and other factors generate an interrupt request, the CPU suspends the operation of writing data to the SRAM and jumps to the interrupt processing The program executes the interrupt operation, the data transmission address of the bus changes, the branch predictor detects that the actual transmission address of the bus is inconsistent with the predicted address, the state of the branch predictor jumps to 101, enters the state of transient prediction increment address, and performs an increment prediction Operation, when the predicted address is consistent with the actual transfer address, the prediction is correct, and the state of the branch predictor jumps to 100.

When the branch predictor is in the state of transiently predicting the increment address, if there is a higher-level interrupt request, the CPU executes a higher-level interrupt request, and the predicted address is inconsistent with the actual transfer address, the prediction error occurs, and the branch predictor The state jumps to 011, enters the state of the transient prediction jump address, and performs an incremental prediction operation. When the next predicted address is consistent with the current address, the state jumps to 010, enters the state of steady-state predicted jump address, and executes the predicted address increment operation until the execution of the high-level interrupt is completed, the predicted address of the predictor is wrong, and the branch predictor The status jumps to 011.

When the branch predictor is in the state of transiently predicting the jump address, if the next predicted address is inconsistent with the current address and the next predicted address remains unchanged from the previous actual address, the state of the branch predictor will jump To 001, enter the state of transiently predicting the current address, and if the next predicted address is inconsistent with the current address and the relationship between the next predicted address and the last actual address is incremental, then the state of the branch predictor jumps to 101 , enter the state where the transient prediction increments the address.

When the branch predictor is in the state of transiently predicting the increment address, if the low-level interrupt needs to read and write the interface, the state of the branch predictor jumps from 101 to 001, enters the state of transiently predicting the current address, and executes the current Forecast operations. When the next address prediction address is consistent with the current address, the state of the branch predictor jumps to 000 and enters the state of continuously predicting the current address. When the data read and write operation is completed, the processor performs the pre-interrupt operation, that is, the SRAM write operation, the address predicted by the branch predictor is inconsistent with the actual address, the state of the branch predictor jumps to 001, and enters the state of transiently predicting the current address. Executes the current forecast operation once. The address predicted by the branch predictor is inconsistent with the execution address before the interrupt. If there is no interrupt request, the branch predictor state jumps to 101, otherwise, jumps to 011.

3. Security system bus architecture

Based on the configurable bus data encryption scheme proposed above, this application proposes a set of secure system bus architecture, which is configured in the SoC chip, as shown in FIG. 17 . The entire configurable security system bus architecture is mainly composed of configurable encryption management module CEMM (Configurable Encryption Management Module), address encryption engine AEE (Address Encryption Engine), branch predictor BP (Branch Predictor), data encryption controller DEC (DataEncryption Controller), It is composed of address arbitrator AA (Address Arbiter,), data encryption unit DEE (Data Encryption Engine,) and data decryption unit DDE (Data Decryption Engine).

Take the data writing process as an example. The user writes encryption/decryption parameters γ={γ _WS , γ _WM , γ _RS , γ _RM } into the CEMM to control data encryption/decryption flow. Among them, γ _WS and γ _WM are the configuration parameters when the sensitive data is transmitted from the Master to the Slave through the bus when the Master writes to the Slave, and γ _RS and γ _RM are the sensitive data when the Master performs a read operation on the Slave from the Slave to the Master through the bus Configuration parameters at transfer time. Wherein, when γ _WS and γ _RM are 1, data decryption is required for characterization, and when γ _WM and γ _RS are 1, data encryption is required for characterization.

Among them, in the process of data writing, BP predicts the next address of data transmission and sends it to AEE, and AEE encrypts the address R predicted by BP. DEC selects whether DEE performs encryption operation and whether DDE performs decryption operation according to the configuration parameters given by CEMM. Both the encryption operation and the decryption operation here are XOR operations on the random number P obtained after encrypting the predicted address R and the sensitive data Ψ.

Specifically, AA judges whether the predicted address R is consistent with the actual address A. If R is consistent with A, then after executing DEE, the encrypted write data D is obtained, and then the encrypted write data D is transmitted to the bus; otherwise, it can be determined that R is wrongly predicted, and at this time, the actual address A is determined by AEE Encrypt with K to get P, and then DEE uses P to perform XOR operation on the sensitive data Ψ to get encrypted write data D, and then the encrypted write data D is transmitted to the bus.

When the bus transfers D to Slave, first use AA to judge whether the predicted address R is consistent with the actual address A. If they are consistent, DDE will use P to perform an XOR operation on D to obtain the decrypted data Γ. If they are inconsistent, AEE will The actual address A is encrypted with K to obtain P, and then DDE uses P to perform XOR operation on D to obtain the decrypted data Γ.

Similar to the process in the data reading process, BP predicts the next address of data transmission and sends it to AEE, and AEE encrypts the address R` predicted by BP. DEC selects whether DEE performs encryption operation and whether DDE performs decryption operation according to the configuration parameters given by CEMM. The encryption operation and decryption operation here are XOR operation of the random number P` obtained after encrypting the predicted address R` and the sensitive data Ψ`.

Specifically, the AA judges whether the predicted address R' is consistent with the actual address A'. If R` is consistent with A`, after executing DEE, the encrypted read data D` is obtained, and then the encrypted read data D` is transmitted to the bus; otherwise, it can be determined that R` is wrong in prediction, at this time, by AEE encrypts the actual address A` with K to obtain P`, and then DEE uses P` to perform XOR operation on the sensitive data Ψ` to obtain encrypted read data D`, and then the encrypted read data D` is transmitted to the bus.

When the bus transmits D` to the Master, first judge whether the predicted address R` is consistent with the actual address A` through AA, and if they are consistent, DDE will use P` to perform an XOR operation on D` to obtain the decrypted data Γ`, If not, AEE encrypts the actual address A` with K to obtain P`, and then DDE uses P` to perform XOR operation on D` to obtain the decrypted data Γ`.

Based on the above security system bus architecture, this application proposes a system bus write transmission algorithm as shown in Algorithm 1 in Figure 18:

Among them, the configuration parameter γ={γ _WS , γ _WM , γ _RS , γ _RM } is written by the user, the value of the parameter is 1, which means data encryption/decryption, and the parameter value is 0, which means no data encryption/decryption.

When the host needs to write data transmission, it first judges whether γ _WM is "1". If γ _WM is 1, it means that the data Ψ sent by the host needs to be encrypted and then written to the system bus. At this time, if the predicted address R is equal to the actual address A, it means that the prediction is correct, and the actual content D transmitted on the system bus is the XOR result of the encrypted random number E _K (R) of the predicted address and the plaintext data Ψ;

On the contrary, it means that the prediction is wrong. It is necessary to first encrypt the actual address A to obtain the random number E _K (A), and then XOR the random number E _K (A) with the plaintext data Ψ to obtain the transmission content D of the system bus. If γ _WM ≠1, the content D transmitted on the bus does not need to be encrypted, and is directly the plaintext data Ψ sent by the host.

When the slave receives data, it first judges whether γ _WS is "1". If γ _WS is 1, it means that the slave needs to decrypt the data before receiving it. At this time, if the predicted address R is equal to the actual address A (the address on the slave side is the bus address, that is, the address sent by the master), it means that the prediction is correct, and the actual content Γ received by the slave is the random number E _K encrypted by the predicted address (R) XOR result with bus data D;

On the contrary, it means that the prediction is wrong. It is necessary to first encrypt the actual address A to obtain the random number E _K (A), and then XOR the random number E _K (A) with the bus data D to obtain the content Γ received by the slave. If γ _WS is not 1, the content Γ received by the slave does not need to be decrypted, and it is the bus data D directly.

Similarly, the data read and transfer process is similar to the above write process, and will not be repeated here.

To sum up, this application proposes a configurable bus data encryption/decryption method for the problem of sensitive information leakage caused by probe attacks, and adaptively encrypts or decrypts data based on configuration information, reducing the workload and waiting delay of bus data encryption. The bus data encryption pipeline and three-level dynamic branch predictor are designed to prefetch the data transmission address, which improves the encryption/decryption execution efficiency of the bus transmission data, ensures the data transmission efficiency of the SoC chip and the overall computing performance, and finally forms a configurable and efficient The bus data encryption model realizes the encryption protection of data transmission/storage in the SoC chip, and effectively improves the anti-probe attack capability of the SoC chip.

Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for relevant details, please refer to the description of the method part.

Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

The above description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the application. Therefore, the present application will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (6)

1. A processing method for encrypted data transmission, characterized in that the method comprises: In the case of receiving the first data transmitted from the first module corresponding to the chip, encrypting the first data to obtain encrypted first data, and inputting the encrypted first data into the chip in the bus; When there is second data output from the bus, decrypt the second data to obtain decrypted second data, and transmit the decrypted second data to the corresponding second chip of the chip. module; The encrypting the first data to obtain the encrypted first data includes: performing XOR processing on the first data by using the target value corresponding to the first data to obtain encrypted first data; Before receiving the first data transmitted by the first module in the chip, the method further includes: Obtain a predicted destination address corresponding to the first data; Obtaining a target value corresponding to the first data according to the predicted destination address; Wherein, the obtaining the predicted destination address corresponding to the first data includes: Obtain the historical destination address of the historical data transmitted by the bus last time; Processing the historical destination address according to the first prediction mode to obtain the predicted destination address corresponding to the first data; Wherein, the first prediction method is determined based at least on the correspondence between the historical destination address of the historical data and the predicted destination address of the historical data, the second prediction method, and the type of the interrupt request in the chip, so The second prediction method is the prediction method before the first prediction method is switched, and the second prediction method is: a steady state incremental prediction method, a transient incremental prediction method, a steady state jump prediction method, and a transient state jump prediction method. Prediction mode, steady state maintenance prediction mode or transient state maintenance prediction mode; Wherein, in the steady-state incremental prediction method, the transient incremental prediction method, the steady-state jump prediction method, and the transient jump prediction method, the addresses are incremented on the basis of the historical destination address. Obtain the predicted address on the basis of the historical destination address in the manner of maintaining the address in the steady-state maintenance prediction mode and the transient-state maintenance prediction mode; In the case where the second prediction method is the steady-state incremental prediction method, if the historical destination address of the historical data is consistent with the predicted destination address of the historical data, the first prediction method is the same as the second prediction method. The two prediction methods are consistent; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the first prediction method and the first prediction method is the Describe the transient incremental prediction method; When the second prediction method is the transient increment prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the interrupt request is of the first interrupt type, the The second prediction method is switched to the first prediction method and the first prediction method is the transient jump prediction method; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data And the interrupt request is the second interrupt type, the second prediction method is switched to the first prediction method and the first prediction method is the transient state hold prediction method; if the historical purpose of the historical data The address is consistent with the prediction destination address of the historical data, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state incremental prediction method; In the case where the second prediction method is the transient jump prediction method, if the predicted destination address of the historical data is consistent with the predicted destination address of the data transmitted on the bus before the historical data, The second prediction method is switched to the first prediction method and the first prediction method is the static jump prediction method; if the prediction destination address of the historical data and the historical data are transmitted before the The prediction destination address of the data on the bus is the relationship of address increment, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient increment prediction mode; if the history The predicted destination address of the data and the predicted destination address of the data transmitted on the bus before the historical data is an address hold relationship, the second prediction method is switched to the first prediction method and the first prediction The method is the transient state maintenance prediction method; In the case where the second prediction method is the steady-state jump prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the The first prediction method and the first prediction method is the transient jump prediction method; In the case where the second prediction mode is the transient hold prediction mode, if the predicted destination address of the historical data and the predicted destination address of the data transmitted on the bus before the historical data are of address hold Relationship, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state maintenance prediction method; if the historical destination address of the historical data and the prediction purpose of the historical data The address is inconsistent and there is no new interrupt request, the second prediction method is switched to the first prediction method and the first prediction method is the transient increment prediction method; if the historical destination address of the historical data is the same as The prediction destination address of the historical data is inconsistent and there is a new interrupt request, the second prediction method is switched to the first prediction method and the first prediction method is the transient jump prediction method; In the case where the second prediction method is the steady-state maintenance prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the a first prediction method and the first prediction method is the transient hold prediction method; Wherein, the first module and the second module are respectively modules for realizing corresponding functions. 2. The method according to claim 1, wherein the decryption process is performed on the second data to obtain the decrypted second data, comprising: Exclusive OR processing is performed on the second data by using the target value corresponding to the second data to obtain decrypted second data. 3. The method according to claim 1, characterized in that, after receiving the first data transmitted by the first module corresponding to the chip, the first data is processed using the target value corresponding to the first data Before the XOR processing to obtain the encrypted first data, the method further includes: judging whether the predicted destination address corresponding to the first data is consistent with the actual destination address corresponding to the first data; If they are consistent, perform the step of: using the target value corresponding to the first data to perform XOR processing on the first data to obtain encrypted first data; If not, according to the actual destination address corresponding to the first data, reacquire the target value corresponding to the first data, and perform the step of: using the target value corresponding to the first data to perform an exclusive operation on the first data Or process to get encrypted first data. 4. The method according to claim 1 or 2, wherein, before encrypting the first data to obtain the encrypted first data, the method further comprises: Read the preset first configuration parameter; In the case where the first configuration parameter indicates that data encryption is required, the step is performed: encrypting the first data to obtain encrypted first data; In the case that the first configuration parameter indicates that data encryption is not required, input the first data into the bus; Wherein, before decrypting the second data to obtain the decrypted second data, the method further includes: Read the preset second configuration parameter; In the case where the second configuration parameter indicates that data decryption is required, perform the step of: decrypting the second data to obtain decrypted second data; In a case where the second configuration parameter indicates that data decryption is not required, the second data is transmitted to a second module corresponding to the chip. 5. A processing device for encrypted data transmission, characterized in that it at least includes: The encryption unit is configured to, in the case of receiving the first data transmitted from the first module corresponding to the chip, perform encryption processing on the first data to obtain encrypted first data, and convert the encrypted first data into data input to the bus in the chip; a decryption unit, configured to decrypt the second data when there is second data output from the bus to obtain decrypted second data, and transmit the decrypted second data to the The second module corresponding to the chip; The encryption unit is specifically configured to use the target value corresponding to the first data to perform XOR processing on the first data to obtain encrypted first data; The processing device also includes: An address processing unit, configured to obtain a predicted destination address corresponding to the first data before the encryption unit receives the first data transmitted by the first module in the chip; obtain the first data according to the predicted destination address The corresponding target value; When the address processing unit obtains the predicted destination address corresponding to the first data, it is specifically used to: obtain the historical destination address of the historical data transmitted by the bus last time; performing processing to obtain a predicted destination address corresponding to the first data; Wherein, the first prediction method is determined based at least on the correspondence between the historical destination address of the historical data and the predicted destination address of the historical data, the second prediction method, and the type of the interrupt request in the chip, so The second prediction method is the prediction method before the first prediction method is switched, and the second prediction method is: a steady state incremental prediction method, a transient incremental prediction method, a steady state jump prediction method, and a transient state jump prediction method. Prediction mode, steady state maintenance prediction mode or transient state maintenance prediction mode; Wherein, in the steady-state incremental prediction method, the transient incremental prediction method, the steady-state jump prediction method, and the transient jump prediction method, the addresses are incremented on the basis of the historical destination address. Obtain the predicted address on the basis of the historical destination address in the manner of maintaining the address in the steady-state maintenance prediction mode and the transient-state maintenance prediction mode; In the case where the second prediction method is the steady-state incremental prediction method, if the historical destination address of the historical data is consistent with the predicted destination address of the historical data, the first prediction method is the same as the second prediction method. The two prediction methods are consistent; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the first prediction method and the first prediction method is the Describe the transient incremental prediction method; When the second prediction method is the transient increment prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the interrupt request is of the first interrupt type, the The second prediction method is switched to the first prediction method and the first prediction method is the transient jump prediction method; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data And the interrupt request is the second interrupt type, the second prediction method is switched to the first prediction method and the first prediction method is the transient state hold prediction method; if the historical purpose of the historical data The address is consistent with the prediction destination address of the historical data, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state incremental prediction method; In the case where the second prediction method is the transient jump prediction method, if the predicted destination address of the historical data is consistent with the predicted destination address of the data transmitted on the bus before the historical data, The second prediction method is switched to the first prediction method and the first prediction method is the static jump prediction method; if the prediction destination address of the historical data and the historical data are transmitted before the The prediction destination address of the data on the bus is the relationship of address increment, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient increment prediction mode; if the history The predicted destination address of the data and the predicted destination address of the data transmitted on the bus before the historical data is an address hold relationship, the second prediction method is switched to the first prediction method and the first prediction The method is the transient state maintenance prediction method; In the case where the second prediction method is the steady-state jump prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the The first prediction method and the first prediction method is the transient jump prediction method; In the case where the second prediction mode is the transient hold prediction mode, if the predicted destination address of the historical data and the predicted destination address of the data transmitted on the bus before the historical data are of address hold relationship, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state maintenance prediction method; if the historical destination address of the historical data and the prediction purpose of the historical data The address is inconsistent and there is no new interrupt request, the second prediction method is switched to the first prediction method and the first prediction method is the transient increment prediction method; if the historical destination address of the historical data is the same as The prediction destination address of the historical data is inconsistent and there is a new interrupt request, the second prediction method is switched to the first prediction method and the first prediction method is the transient jump prediction method; In the case where the second prediction method is the steady-state maintenance prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the a first prediction method and the first prediction method is the transient hold prediction method; Wherein, the first module and the second module are respectively modules for realizing corresponding functions. 6. A chip, characterized in that, comprising: bus; The processing module is configured to: in the case of receiving the first data transmitted by the first module corresponding to the chip, encrypt the first data to obtain encrypted first data, and convert the encrypted the first data input to the bus; The processing module is further configured to: when there is second data output from the bus, decrypt the second data to obtain decrypted second data, and convert the decrypted second data transmit to the second module corresponding to the chip; When the processing module encrypts the first data, it is specifically configured to: use the target value corresponding to the first data to perform XOR processing on the first data to obtain encrypted first data; The processing module is further configured to: before the encryption unit receives the first data transmitted by the first module in the chip, obtain a predicted destination address corresponding to the first data; according to the predicted destination address, obtain the The target value corresponding to the first data; When the processing module obtains the predicted destination address corresponding to the first data, it is specifically used to: obtain the historical destination address of the historical data transmitted by the bus last time; processing to obtain a predicted destination address corresponding to the first data; Wherein, the first prediction method is determined based at least on the correspondence between the historical destination address of the historical data and the predicted destination address of the historical data, the second prediction method, and the type of the interrupt request in the chip, so The second prediction method is the prediction method before the first prediction method is switched, and the second prediction method is: a steady state incremental prediction method, a transient incremental prediction method, a steady state jump prediction method, and a transient state jump prediction method. Prediction mode, steady state maintenance prediction mode or transient state maintenance prediction mode; Wherein, in the steady-state incremental prediction method, the transient incremental prediction method, the steady-state jump prediction method, and the transient jump prediction method, the addresses are incremented on the basis of the historical destination address. Obtain the predicted address on the basis of the historical destination address in the manner of maintaining the address in the steady-state maintenance prediction mode and the transient-state maintenance prediction mode; In the case where the second prediction method is the steady-state incremental prediction method, if the historical destination address of the historical data is consistent with the predicted destination address of the historical data, the first prediction method is the same as the second prediction method. The two prediction methods are consistent; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the first prediction method and the first prediction method is the Describe the transient incremental prediction method; When the second prediction method is the transient increment prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data and the interrupt request is of the first interrupt type, the The second prediction method is switched to the first prediction method and the first prediction method is the transient jump prediction method; if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data And the interrupt request is the second interrupt type, the second prediction method is switched to the first prediction method and the first prediction method is the transient state hold prediction method; if the historical purpose of the historical data The address is consistent with the prediction destination address of the historical data, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state incremental prediction method; In the case where the second prediction method is the transient jump prediction method, if the predicted destination address of the historical data is consistent with the predicted destination address of the data transmitted on the bus before the historical data, The second prediction method is switched to the first prediction method and the first prediction method is the static jump prediction method; if the prediction destination address of the historical data and the historical data are transmitted before the The prediction destination address of the data on the bus is the relationship of address increment, the second prediction mode is switched to the first prediction mode and the first prediction mode is the transient increment prediction mode; if the history The predicted destination address of the data and the predicted destination address of the data transmitted on the bus before the historical data is an address hold relationship, the second prediction method is switched to the first prediction method and the first prediction The method is the transient state maintenance prediction method; In the case where the second prediction method is the steady-state jump prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the The first prediction method and the first prediction method is the transient jump prediction method; In the case where the second prediction mode is the transient hold prediction mode, if the predicted destination address of the historical data and the predicted destination address of the data transmitted on the bus before the historical data are of address hold Relationship, the second prediction method is switched to the first prediction method and the first prediction method is the steady-state maintenance prediction method; if the historical destination address of the historical data and the prediction purpose of the historical data The address is inconsistent and there is no new interrupt request, the second prediction method is switched to the first prediction method and the first prediction method is the transient increment prediction method; if the historical destination address of the historical data is the same as The prediction destination address of the historical data is inconsistent and there is a new interrupt request, the second prediction method is switched to the first prediction method and the first prediction method is the transient jump prediction method; In the case where the second prediction method is the steady-state maintenance prediction method, if the historical destination address of the historical data is inconsistent with the predicted destination address of the historical data, the second prediction method is switched to the a first prediction method and the first prediction method is the transient hold prediction method; Wherein, the first module and the second module are respectively modules for realizing corresponding functions.

Images