基于片上网络架构的安全存储系统研究
发布时间:2018-10-05 12:02
【摘要】:随着工艺技术的发展,一个芯片上可以集成的知识产权核的数目变得越来越多,基于传统的共享总线的片上系统在知识产权核的数目变多之后核间的通信效率变得低下。在芯片集成度不断增加的趋势下,片上系统的集成也面临着一些显著的挑战。由于基于包交换的片上互联网络具有可靠性好、伸缩性好以及核间通信效率高等优点成为替代全局互连线的解决方案。但是,片上网络也存在安全挑战如拒绝服务,对关键信息的提取与篡改。片上网络的潜在的安全威胁以及相应的解决措施并没有得到应有地关注。 本论文主要集中研究基于片上网络架构的安全存储系统,目的是解决片上网络领域的安全威胁并保证敏感数据保密性与完整性。该解决方案的最大优点是能够以较小的硬件开销保证安全。为了保证敏感数据的保密性与完整性,本文在精简指令集处理器(RISC)中集成了能够支持高级加密标准(AES)以及SHA-3候选算法Grostl的协处理器来加速算法的运算。通过支持数据包交换与电路交换相结合的交换技术来预防拒绝服务攻击里的带宽攻击。网络接口是处理单元,存储器与片上网络交换数据包的关键模块,为了解决基于片上网络系统处理单元访问内存或内存映射外围器件的安全性问题,本文在网络接口中集成了数据保护控制器执行访问权限控制规则用来确定发起数据传输请求的处理单元是否具有访问特定地址的共享数据的权限。对于安全级别要求较高的应用,采用RSA算法进行身份认证,保证具有管理权限的处理单元才能够完成对访问权限的配置。 为了验证本论文提出的解决方案,支持AES与Grostl运算的协处理器已经集成到了嵌入式系统SoC中,并使用SMIC0.13um CMOS工艺进行流片。为了验证集成了协处理器的NoC平台以及关键模块的功能,采用FPGA进行验证,并采用了synopsys公司的Design Compiler进行逻辑综合。综合结果表明,具有32KB高速数据缓存,16KB私有指令存储器,在精简指令指中集成了协处理器的网络节点的面积为525.2K等效与非门,协处理器的硬件开销占节点面积的3.9%,安全网络接口的硬件开销占1.1%,所需的硬件开销较小。对AES-128,Grostl-256算法的性能分别能够达到365Mbps,205.3Mbps,所设计的协处理器和安全网络接口达到了预期的指标,能够应用到基于片上网络架构的系统中。
[Abstract]:With the development of process technology, the number of IP cores that can be integrated on a chip becomes more and more, and the communication efficiency between IP cores becomes low when the number of IP cores increases in the on-chip system based on traditional shared bus. With the increasing of chip integration, on-chip system integration is also facing some significant challenges. Due to the advantages of high reliability, scalability and high efficiency of inter-core communication, packet switching based on-chip Internet becomes a solution to replace the global interconnection. However, there are also security challenges such as denial of service, extraction and tampering of critical information. The potential security threats and corresponding solutions of the on-chip network have not received due attention. This thesis focuses on the research of secure storage system based on on-chip network architecture. The purpose of this paper is to solve the security threat in the field of on-chip network and to ensure the confidentiality and integrity of sensitive data. The biggest advantage of this solution is that it can guarantee security with less hardware overhead. In order to ensure the confidentiality and integrity of sensitive data, a coprocessor, which can support the advanced encryption standard (AES) and the SHA-3 candidate algorithm Grostl, is integrated in the RISC (RISC) to accelerate the computation of the algorithm. Bandwidth attacks in denial-of-service attacks are prevented by supporting switching techniques that combine packet switching and circuit switching. The network interface is the processing unit, the key module of the memory and the on-chip network exchange data packet. In order to solve the security problem of accessing the memory or memory mapping peripheral device based on the on-chip network system processing unit, In this paper, the data protection controller is integrated into the network interface to implement access control rules to determine whether the processing unit that initiated the data transmission request has the right to access shared data at a specific address. For the application with high security level, RSA algorithm is used to authenticate the identity, which ensures that the processing unit with administrative authority can complete the configuration of access rights. In order to verify the solution proposed in this paper, the coprocessor which supports AES and Grostl operations has been integrated into embedded system SoC, and the SMIC0.13um CMOS process is used for streaming. In order to verify and integrate the functions of the NoC platform and the key modules of the coprocessor, FPGA is used to verify and the Design Compiler of synopsys Company is used for logic synthesis. The results show that the area of network nodes with 32KB cache and 16KB private instruction memory integrated with coprocessor is 525.2k equivalent and non-gate. The hardware cost of the coprocessor is 3.9% of the node area, the hardware cost of the secure network interface is 1.1%, and the hardware cost of the security network interface is small. The performance of the AES-128,Grostl-256 algorithm can reach 365 Mbpss205.3 Mbpss respectively. The designed coprocessor and secure network interface reach the expected target and can be applied to the system based on the on-chip network architecture.
【学位授予单位】:复旦大学
【学位级别】:硕士
【学位授予年份】:2012
【分类号】:TP333
[Abstract]:With the development of process technology, the number of IP cores that can be integrated on a chip becomes more and more, and the communication efficiency between IP cores becomes low when the number of IP cores increases in the on-chip system based on traditional shared bus. With the increasing of chip integration, on-chip system integration is also facing some significant challenges. Due to the advantages of high reliability, scalability and high efficiency of inter-core communication, packet switching based on-chip Internet becomes a solution to replace the global interconnection. However, there are also security challenges such as denial of service, extraction and tampering of critical information. The potential security threats and corresponding solutions of the on-chip network have not received due attention. This thesis focuses on the research of secure storage system based on on-chip network architecture. The purpose of this paper is to solve the security threat in the field of on-chip network and to ensure the confidentiality and integrity of sensitive data. The biggest advantage of this solution is that it can guarantee security with less hardware overhead. In order to ensure the confidentiality and integrity of sensitive data, a coprocessor, which can support the advanced encryption standard (AES) and the SHA-3 candidate algorithm Grostl, is integrated in the RISC (RISC) to accelerate the computation of the algorithm. Bandwidth attacks in denial-of-service attacks are prevented by supporting switching techniques that combine packet switching and circuit switching. The network interface is the processing unit, the key module of the memory and the on-chip network exchange data packet. In order to solve the security problem of accessing the memory or memory mapping peripheral device based on the on-chip network system processing unit, In this paper, the data protection controller is integrated into the network interface to implement access control rules to determine whether the processing unit that initiated the data transmission request has the right to access shared data at a specific address. For the application with high security level, RSA algorithm is used to authenticate the identity, which ensures that the processing unit with administrative authority can complete the configuration of access rights. In order to verify the solution proposed in this paper, the coprocessor which supports AES and Grostl operations has been integrated into embedded system SoC, and the SMIC0.13um CMOS process is used for streaming. In order to verify and integrate the functions of the NoC platform and the key modules of the coprocessor, FPGA is used to verify and the Design Compiler of synopsys Company is used for logic synthesis. The results show that the area of network nodes with 32KB cache and 16KB private instruction memory integrated with coprocessor is 525.2k equivalent and non-gate. The hardware cost of the coprocessor is 3.9% of the node area, the hardware cost of the secure network interface is 1.1%, and the hardware cost of the security network interface is small. The performance of the AES-128,Grostl-256 algorithm can reach 365 Mbpss205.3 Mbpss respectively. The designed coprocessor and secure network interface reach the expected target and can be applied to the system based on the on-chip network architecture.
【学位授予单位】:复旦大学
【学位级别】:硕士
【学位授予年份】:2012
【分类号】:TP333
【共引文献】
相关期刊论文 前2条
1 张媛媛;孙光;苏厉;金德鹏;曾烈光;;片上网络中低延时可扩展的路由器结构设计[J];传感器与微系统;2012年08期
2 姚放吾;李晓辉;;基于二维torus片上网络的间隙式流量控制及路由算法的研究[J];微电子学与计算机;2010年10期
相关会议论文 前2条
1 葛宝珊;刘锋;李旭杰;;积木式多DSP并行处理系统路由算法研究[A];现代振动与噪声技术(第九卷)[C];2011年
2 葛宝珊;刘峰;李旭杰;;积木式多DSP并行处理系统路由算法研究[A];全国第五届信号和智能信息处理与应用学术会议专刊(第一册)[C];2011年
相关博士学位论文 前3条
1 张勇;嵌入式系统中互连网络流量控制及优化[D];北京邮电大学;2011年
2 董强;几类规则互连网络的嵌入与容错嵌入研究[D];重庆大学;2010年
3 于t,
本文编号:2253300
本文链接:https://www.wllwen.com/kejilunwen/jisuanjikexuelunwen/2253300.html
