Chapter 1 Universal Application of Encryption Chips
In recent years, computers and Internet applications have been popularized and developed in China, and have penetrated into every corner of society. The government, economy, military, society, culture and people's lives are increasingly dependent on computers and networks. E-government, Paperless office, MIS, ERP, OA and other systems are also widely used in enterprises and institutions. In the fiercely competitive electronic and information technology product industry, many companies have painstakingly developed products that are cracked by competitors shortly after they are put on the market. The time and cost of product cracking are getting lower and lower. In many industries, there are more imitations than The phenomenon of products with self-owned property rights has seriously damaged the rights and interests of product developers.
At present, the most effective way to protect software and hardware products is to bind the encryption chip, which can effectively prevent unauthorized access or copying of the program in the chip, and also prevent unauthorized use of abnormal means to copy the PCB and completely copy the product's PCB.
Chapter 2 Status Quo of Encryption Chips
Common Encryption Chip Types
The principles of encryption chips are usually divided into the following categories:
1) Put the data inside the chip, and compare whether the data is the same
Disadvantage: easy to be simulated
2) The board and the encryption chip are embedded with the key at the same time (can be the same, or the same after special data calculation), and at the same time encrypt the random number (will not be reused), and judge whether it is a legal chip according to the result
Advantage: will not be simulated
Disadvantage: If the board program is broken, the encryption chip will fail
3) Part of the program on the board is transplanted into the encryption chip, and the function of the encryption chip is called when necessary
Advantages: It will not be simulated; the board program is broken but the encryption chip is not broken, which will not affect the program security
Disadvantages: high cost, increased user workload, users need to develop security chip programs, and a download program environment needs to be built during mass production.
remaining problems
Although the encryption chip can reduce the risk of PCB being copied to a certain extent, low performance, slow speed, and small storage space are big problems, and core modules such as AI algorithms cannot be protected. It is impossible to put all the business logic codes into the encryption chip to run.
Chapter 3 CBS Encryption Chip Enhancement Module
1. CBS Encryption Chip Enhancement Module Summary
Sangxinda CBS encryption chip enhancement module is to use the ID, key and algorithm of the encryption chip, with the help of the computing power of the business system CPU, through the container technology, to amplify the processing capacity of the encryption chip, so that all the logic codes of the business program and its algorithm All run in a protected security container to realize the security of the algorithm, its code, and the executable module. It is not only anti-copy board, but also prevents decompilation and cracking, and also prevents tampering and hacker attacks.
The CBS encryption chip enhancement module is to amplify the processing capability of the encryption chip. The core functions include: encryption container, trusted system, scene white list, data protection, and key management of the original encryption chip.
2. Main functions of CBS encryption chip enhancement module
The CBS-S encryption chip enhancement module uses container technology to generate a unique, encrypted container in the system using the key of the encryption chip product, allowing the business system to run in the container, and the data is stored in the container. The container is isolated from the outside and can be accessed internally. Letter and data encryption to ensure system security and prevent copying and reverse analysis.
1) Encrypted container
When the system starts, the key of the encrypted chip is encrypted to generate a container, and the business program is run in the container. The business data is stored in the container, and the container is isolated from the outside world. The outside world cannot access the program files and data files in the container. Without access to the executable file entity, it is naturally impossible to reverse the analysis. The container key comes from the encrypted chip and cannot be copied or copied.
2) Trusted system
Through the kernel-level signature CA verification technology in the container, the system application in the container is signed and authenticated, so that unsigned processes or processes with inconsistent signatures (forged processes) cannot run, and the operation of viruses and Trojan horses is eliminated to ensure the security of the OS layer.
3) Scene whitelist
Through the whitelist setting in the container, a whitelist scene of program and file association is formed. Operations outside the scene are all prohibited from running, even if the system administrator has the same strict restrictions.
4) File protection
Designed according to the principle of minimum authority, strict encryption and authentication are carried out for reading, writing, modifying, and storing data in the container, and only specified business applications are allowed to read/write specified files to ensure file security.
5. High-efficiency encryption algorithm
The high-efficiency encryption algorithm based on the encryption chip is provided in the container, and the encryption algorithm operation is completely performed by the main CPU of the system, which is efficient and instant.
3. Benefits of Using CBS Encryption Chip Enhancement Module
The container generation of the CBS-S encryption chip enhancement module depends on the key generation of the encryption chip, which has the characteristics of non-copyability and has the following advantages:
1) The uniqueness of the encrypted container
The container is generated by the encrypted chip key, which is unique and cannot be copied.
2) All business programs run in encrypted containers
A container is an externally isolated, secure and confidential computing environment, and all business logic codes of business programs can run in the container.
3) No need to modify the business logic code
After the development of the business program is completed, there is no need to modify the code, no transplantation, no additional development, just put it into the container directly.
4) Speed and efficiency
Since the program in the container is processed with the help of the computing power of the main CPU, the speed is very efficient.
5) Overall anti-reverse engineering
Since the business logic and algorithm programs are all in the container, the container is isolated from the outside, and the business program entity files and business data cannot be accessed from the outside, so reverse analysis cannot be performed.