CN103336920A - Security system for wireless sensor network SOC - Google Patents
Security system for wireless sensor network SOC Download PDFInfo
- Publication number
- CN103336920A CN103336920A CN2013102048890A CN201310204889A CN103336920A CN 103336920 A CN103336920 A CN 103336920A CN 2013102048890 A CN2013102048890 A CN 2013102048890A CN 201310204889 A CN201310204889 A CN 201310204889A CN 103336920 A CN103336920 A CN 103336920A
- Authority
- CN
- China
- Prior art keywords
- unit
- register
- encryption
- security system
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a security system for a wireless sensor network SOC (System On Chip), which comprises a register management unit, a state machine unit and an encryption and decryption unit, wherein the register management unit configures a register block of a security encryption module, reads and writes a control command register, a state register, and a register for encrypting and decrypting required information data according to an AHB (Advanced High-performance Bus) slave interface signal, and realizes control of the security system; the encryption and decryption unit comprises a data encryption unit, a data decryption unit and a key expansion unit; and the state machine unit comprises a data read-write unit, a key management unit and a data flow processing unit, and reads and writes AHB address date according to an AHB host interface signal and control commands written by the registers. The security system relocates, encrypts, decrypts and stores a data flow in a hardware circuit manner, and shortens the time required for encrypting and decrypting the data flow, and a guarantee is provided for higher-efficiency operation of the system.
Description
Technical field
The present invention relates to technical field of wireless, be specifically related to a kind of security system for radio sensing network SOC chip.
Background technology
For wireless sensor network, safe guidance can be described as most important, the most complicated, and be the most challenging content, because wireless sensor network faces resource-constrained constraint, make traditional safety guide method not directly apply in the wireless sensor network.And security maintenance is mainly studied the key updating in the communication, and the safety that the network change causes changes.Communication security comprises: group key is maintained secrecy, and the back is to maintaining secrecy, forward secrecy, and key is independent, and implicit key authentication shows key authentication, improves forward secrecy, opposing known-key attacks etc.The problems referred to above all should fully be studied and be paid attention at all levels, and just emphasis separately is not quite identical.Physical layer is mainly considered the safe coding aspect; What the confidentiality of link layer and network layer was considered is the encryption and decryption technology of Frame and routing iinformation; Application layer then stresses at the management of key and exchange process, for the encryption and decryption of lower floor provides safe support.
Summary of the invention
The object of the invention is to provide a kind of security system for radio sensing network SOC chip, and it can provide systematized safeguard protection for the SOC chip in the radio sensing network, half drunk defencive functions such as data encrypting and deciphering, Data Stream Processing and key management.
In order to solve these problems of the prior art, technical scheme provided by the invention is:
A kind of security system for radio sensing network SOC chip, the security system carry is on the ahb bus of radio sensing network, security system receive AHB host interface signal and AHB slave interface signal and finish and ahb bus between control command and the transmission of data, described security system comprises register management unit, state machine unit and encryption/decryption element, wherein:
The register management unit disposes the register group of safety encipher module and reads and writes information needed data registers such as control command register, status register and encryption and decryption according to AHB slave interface signal, realizes the control to security system;
Encryption/decryption element comprises DEU data encryption unit, data decryption unit and three parts of key expansion unit;
State machine unit comprises date read-write cell, cipher key management unit and Data Stream Processing unit, and the control command that state machine unit writes according to AHB host interface signal and register realizes the read-write to the ahb bus address date.
As optimization, described security system also comprises the authentication unit, and the identity information in the described authentication unit is sent to the register management unit, realizes authentication.
With respect to scheme of the prior art, advantage of the present invention is:
The security system that is used for radio sensing network SOC chip described in the invention, the mode that adopts hardware circuit to data stream move, encryption and decryption and storage, shortened the required time of data stream encryption and decryption, provide safeguard for system moves more efficiently.
Description of drawings
Below in conjunction with drawings and Examples the present invention is further described:
Fig. 1 is the framework synoptic diagram of security system in the embodiment of the invention;
Fig. 2 is the working state figure of encryption/decryption element in the embodiment of the invention;
Fig. 3 is the cipher key spreading process synoptic diagram of encryption/decryption element in the embodiment of the invention;
Fig. 4 is the ciphering process synoptic diagram of encryption/decryption element in the embodiment of the invention;
Fig. 5 is the decrypting process synoptic diagram of encryption/decryption element in the embodiment of the invention;
Fig. 6 is RC5 grouping algorithm cryptographic structure synoptic diagram in the embodiment of the invention;
Fig. 7 is RC5 packet deciphering cryptographic structure synoptic diagram in the embodiment of the invention;
Fig. 8 is the interface signal synoptic diagram of encryption/decryption element in the embodiment of the invention;
Embodiment
Below in conjunction with specific embodiment such scheme is described further.Should be understood that these embodiment are not limited to limit the scope of the invention for explanation the present invention.The implementation condition that adopts among the embodiment can be done further adjustment according to the condition of concrete producer, and not marked implementation condition is generally the condition in the normal experiment.
Embodiment:
Present embodiment has been described a kind of security system for radio sensing network SOC chip, its structure as shown in Figure 1, the security system carry is on the ahb bus of radio sensing network, security system receive AHB host interface signal and AHB slave interface signal and finish and ahb bus between control command and the transmission of data, described security system comprises register management unit, state machine unit and encryption/decryption element, wherein:
The register management unit disposes the register group of safety encipher module and reads and writes information needed data registers such as control command register, status register and encryption and decryption according to AHB slave interface signal, realizes the control to security system;
Encryption/decryption element comprises DEU data encryption unit, data decryption unit and three parts of key expansion unit;
State machine unit comprises date read-write cell, cipher key management unit and Data Stream Processing unit, and the control command that state machine unit writes according to AHB host interface signal and register realizes the read-write to the ahb bus address date.
Described security system also comprises the authentication unit, and the identity information in the described authentication unit is sent to the register management unit, realizes authentication.
Encryption/decryption element is as the corn module of safety encipher module, and the RC5-32/12/16 algorithm has been adopted in design, can realize cipher key spreading, data encryption and data deciphering.
The interface signal of encryption/decryption element designs that signal is following listed, specific as follows as shown in Figure 8:
Clk, the rst signal: the clock input signal of encryption/decryption element and reset signal, synchronous with global clock signal and the reset signal of whole module;
The Wr signal: encryption/decryption element is write enable signal;
Order[7:0]: during the single data encryption, be used for writing the encryption and decryption control command;
AHB_order[7:0], AHB_on: signal is used for the data stream encryption and decryption, and wherein the AHB_order signal is used for writing data stream encryption and decryption control signal; AHB_on is used for the expression encryption/decryption element and is in the data stream duty;
Key[31:0]: the key input signal;
Addr_k[1:0]: the cipher key address output signal, according to this signal deciding Key[31:0] input of signal;
Pt0[31:0], pt1[31:0]: data input signal;
Free: encryption/decryption element idle signal;
Intr: encryption and decryption look-at-me;
Ct0[31:0], ct1[31:0]: data output signal.
Encryption/decryption element can be divided into 5 duties as shown in Figure 2:
Cipher key spreading: when order=1, encryption/decryption element is in the cipher key spreading state.Each key all will carry out cipher key spreading and handle with after new.If adopt fixing key, as long as then carry out cipher key spreading once, skip this state afterwards, the to be encrypted or decrypted data of circulation input;
The data input: when order=0, encryption/decryption element is in the data input state.The data of pt0 and two 32 bits of pt1 signal end input are as to be encrypted or decrypted data;
Encrypt: when order=2, encryption/decryption element is in the data encryption state;
Deciphering: when order=3, encryption/decryption element is in the data decrypted state;
Data output: after the encryption or decrypted state of data, encryption/decryption element enters the data output state, and the result data of encryption and decryption is outputed to ct0 and ct1 signal end.
Employing is by the block encryption algorithm RC5 of the changeable parameters of RSA company design, be because the RC5 algorithm has only adopted common elementary calculating operation (XOR, addition, subtraction, ring shift), on the one hand, its hardware of being convenient to is very realized, on the other hand, because algorithm is simple, its arithmetic speed is very fast.
Cipher key spreading design: according to the RC5 cryptographic algorithm, defined register array L[] and S[] be used for the extended arithmetic of key.The cipher key spreading process as shown in Figure 3, S, L expansion through t=2r+2=2*12+2=26 circulation after, S[], L[] array is the key array of the use after expanding.S[] be used for the initialization of sub-key, be that a size is 32 bit array of t=26.Go out S[according to RC5 algorithm cycle calculations] value.L[] be used for transition key, be that a size is 32 bit array of c=b*8/w=16*8/32=4.According to the cipher key address addr_k of encryption/decryption element output, state machine unit can be returned the key of 32 bits to the key input end Key[31:0 of encryption/decryption element].By after writing a key, increasing progressively addr_k numerical value at every turn, thus the key K ey[31:0 that will newly import] write key register group L[], finish L[] initialization.Mix register data L[] and S[] value, thereby finish the expansion of key.
Encrypt design: according to the RC5 algorithm, defined 32 bit register A and B, the ephemeral data when being used for storage encryption.Ciphering process as shown in Figure 4, the update algorithm of register A and register B value provides in RC5 algorithm for encryption process, can finish the renewal of the value of register A or register B in each clock period.Through r=12 circulation, the value among register A and the register B is exactly to encrypt the encrypt data of gained.RC5 grouping algorithm cryptographic structure as shown in Figure 6.
Deciphering design: equally according to the decrypting process of RC5 algorithm design, use register A and register B to deposit register as ephemeral data in the decrypting process.Decrypting process as shown in Figure 5, this moment, the saving in the RC5 algorithm decrypting process at 4.2.1 with new algorithm and provide of register A and register B value can be finished the renewal of the value of register A or register B in each clock period.Through r=12 circulation, the value among register A and the register B is exactly the clear data of deciphering gained.RC5 grouping algorithm deciphering structure as shown in Figure 7.
Above-mentioned example only is explanation technical conceive of the present invention and characteristics, and its purpose is to allow the people who is familiar with this technology can understand content of the present invention and enforcement according to this, can not limit protection scope of the present invention with this.All spirit essence is done according to the present invention equivalent transformation or modification all should be encompassed within protection scope of the present invention.
Claims (2)
1. security system that is used for radio sensing network SOC chip, it is characterized in that, the security system carry is on the ahb bus of radio sensing network, security system receive AHB host interface signal and AHB slave interface signal and finish and ahb bus between control command and the transmission of data, described security system comprises register management unit, state machine unit and encryption/decryption element, wherein:
The register management unit disposes the register group of safety encipher module and reads and writes information needed data registers such as control command register, status register and encryption and decryption according to AHB slave interface signal, realizes the control to security system;
Encryption/decryption element comprises DEU data encryption unit, data decryption unit and three parts of key expansion unit;
State machine unit comprises date read-write cell, cipher key management unit and Data Stream Processing unit, and the control command that state machine unit writes according to AHB host interface signal and register realizes the read-write to the ahb bus address date.
2. the security system for radio sensing network SOC chip according to claim 1, it is characterized in that, described security system also comprises the authentication unit, and the identity information in the described authentication unit is sent to the register management unit, realizes authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310204889.0A CN103336920B (en) | 2013-05-29 | 2013-05-29 | Security system for wireless sensor network SOC chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310204889.0A CN103336920B (en) | 2013-05-29 | 2013-05-29 | Security system for wireless sensor network SOC chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103336920A true CN103336920A (en) | 2013-10-02 |
| CN103336920B CN103336920B (en) | 2019-01-08 |
Family
ID=49245083
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310204889.0A Active CN103336920B (en) | 2013-05-29 | 2013-05-29 | Security system for wireless sensor network SOC chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103336920B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746796B (en) * | 2014-01-20 | 2017-01-04 | 深圳华视微电子有限公司 | A kind of coprocessor realizing smart card SM4 cryptographic algorithm |
| CN106789078A (en) * | 2016-12-29 | 2017-05-31 | 记忆科技(深圳)有限公司 | A kind of digital signature identification system based on ahb bus |
| EP3322119A1 (en) * | 2016-11-15 | 2018-05-16 | Huawei Technologies Co., Ltd. | Data processing method and apparatus |
| CN112329038A (en) * | 2020-11-15 | 2021-02-05 | 珠海市一微半导体有限公司 | Data encryption control system and chip based on USB interface |
| CN112416823A (en) * | 2020-11-15 | 2021-02-26 | 珠海市一微半导体有限公司 | Sensor data read-write control method, system and chip in burst mode |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101159544A (en) * | 2007-11-19 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | Packet cipher algorithm based encryption processing arrangement |
| CN101201811A (en) * | 2006-12-11 | 2008-06-18 | 边立剑 | Encryption-decryption coprocessor for SOC, implementing method and programming model thereof |
| CN101944077A (en) * | 2010-09-02 | 2011-01-12 | 东莞市泰斗微电子科技有限公司 | Communication interface between primary processor and coprocessor and control method thereof |
| CN102663326A (en) * | 2012-03-12 | 2012-09-12 | 东南大学 | SoC-used data security encryption module |
| CN102722943A (en) * | 2012-06-13 | 2012-10-10 | 福建睿矽微电子科技有限公司 | Security chip of telephone POS (point of sale) |
-
2013
- 2013-05-29 CN CN201310204889.0A patent/CN103336920B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101201811A (en) * | 2006-12-11 | 2008-06-18 | 边立剑 | Encryption-decryption coprocessor for SOC, implementing method and programming model thereof |
| CN101159544A (en) * | 2007-11-19 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | Packet cipher algorithm based encryption processing arrangement |
| CN101944077A (en) * | 2010-09-02 | 2011-01-12 | 东莞市泰斗微电子科技有限公司 | Communication interface between primary processor and coprocessor and control method thereof |
| CN102663326A (en) * | 2012-03-12 | 2012-09-12 | 东南大学 | SoC-used data security encryption module |
| CN102722943A (en) * | 2012-06-13 | 2012-10-10 | 福建睿矽微电子科技有限公司 | Security chip of telephone POS (point of sale) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746796B (en) * | 2014-01-20 | 2017-01-04 | 深圳华视微电子有限公司 | A kind of coprocessor realizing smart card SM4 cryptographic algorithm |
| EP3322119A1 (en) * | 2016-11-15 | 2018-05-16 | Huawei Technologies Co., Ltd. | Data processing method and apparatus |
| US10659216B2 (en) | 2016-11-15 | 2020-05-19 | Huawei Technologies Co., Ltd. | Data processing method and apparatus |
| CN106789078A (en) * | 2016-12-29 | 2017-05-31 | 记忆科技(深圳)有限公司 | A kind of digital signature identification system based on ahb bus |
| CN112329038A (en) * | 2020-11-15 | 2021-02-05 | 珠海市一微半导体有限公司 | Data encryption control system and chip based on USB interface |
| CN112416823A (en) * | 2020-11-15 | 2021-02-26 | 珠海市一微半导体有限公司 | Sensor data read-write control method, system and chip in burst mode |
| CN112416823B (en) * | 2020-11-15 | 2024-05-03 | 珠海一微半导体股份有限公司 | Sensor data read-write control method, system and chip in burst mode |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103336920B (en) | 2019-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105490802B (en) | The parallel encryption and decryption communication means of improvement SM4 based on GPU | |
| CN102710415B (en) | Method and table look-up device for encrypting and decrypting data by using symmetric cryptographic algorithm | |
| CN103597456B (en) | Method and apparatus for implementing memory segment access control in a distributed memory environment | |
| US20140164793A1 (en) | Cryptographic information association to memory regions | |
| CN101478392B (en) | Apparatus for implementing 128 bit cipher key length AES algorithm by VLSI | |
| CN105324956A (en) | Method and apparatus to encrypt plaintext data | |
| CN102663326B (en) | SoC-used data security encryption module | |
| EP3803672B1 (en) | Memory-efficient hardware cryptographic engine | |
| CN103336920A (en) | Security system for wireless sensor network SOC | |
| CN105357218A (en) | Router with hardware encryption and decryption function and encryption and decryption method of router | |
| CN106034021B (en) | Lightweight dual-mode compatible AES encryption and decryption module and method thereof | |
| CN102737270A (en) | Security co-processor of bank smart card chip based on domestic algorithms | |
| CN103780608A (en) | SM4-algorithm control method based on programmable gate array chip | |
| CN103346878B (en) | A kind of secret communication method based on FPGA high-speed serial I/O | |
| CN102411683B (en) | Cache-based AES (Advanced Encryption Standard) accelerator suitable for embedded system | |
| CN102932135A (en) | 3DES (triple data encrypt standard) encryption method | |
| CN102377563A (en) | Method for data stream encryption | |
| CN103077362B (en) | There is the GPIO IP kernel of security mechanism | |
| CN104081712A (en) | Repeatable application-specific encryption key derivation using a hidden root key | |
| CN113177210A (en) | Chip structure and operation method thereof | |
| CN105721139B (en) | A kind of the AES encipher-decipher method and circuit of the FPGA suitable for limited I/O resource | |
| US20120321079A1 (en) | System and method for generating round keys | |
| CN102780557B (en) | Method and device for AES (advanced encryption standard) encryption/decryption with selection gate optimization | |
| CN204967864U (en) | Encryption type network system based on field programmable gate array | |
| CN108763982B (en) | DES encryption and decryption device suitable for RFID reader |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |