摘要
针对嵌入式设备固件更新的安全问题,文中提出了一种基于哈希、对称、非对称加密算法的多重校验固件安全更新方案。通过主密钥对、临时密钥对、共享密钥以及哈希链等设计,从身份认证、数据加密、完整性校验等多个方面对固件更新进行安全防护,可以有效预防非法用户、固件篡改、固件数据泄露、重放攻击、固件回滚等攻击。文中对此安全更新方案进行了具体实现,实验结果显示该方案相较于无任何安全防护的ISP(In System Programming)和IAP(In Application Pragramming)技术,在时间成本方面分别增加约7%和11%的情况下实现了对固件更新的全流程安全防护,为嵌入式设备的固件更新提供了一种安全、可靠的更新方法。
In view of the security problem of embedded device firmware update,this study proposes a multi-check firmware security update scheme based on hash,symmetric and asymmetric encryption algorithms.In this study,the master key pairs,temporary key pairs,shared key and hash chain are designed to protect firmware update from identity authentication,data encryption,integrity check and other aspects,which can effectively prevent illegal users,firmware tampering,firmware data leakage,replay attack,firmware rollback and other attacks.In this study,the concrete implementation of the security update scheme is carried out.The experiment results show that compared with the ISP(In System Programming)and IAP(In Application Pragramming)technologies without any security protection,the scheme achieves the security protection of the whole process of firmware update at the time cost of about 7%and 11%,it provides a safe and reliable update method for embedded device firmware update.
作者
曾祥义
刘伟
肖昊
ZENG Xiangyi;LIU Wei;XIAO Hao(School of Microelectronics,Hefei University of Technology,Hefei 230009,China)
出处
《电子科技》
2023年第8期14-18,64,共6页
Electronic Science and Technology
基金
国家自然科学基金(61974039)
航空科学基金(2018ZCP4003)。
关键词
固件更新
固件安全
嵌入式系统
身份认证
数字签名
哈希链
完整性校验
对称加密
firmware update
firmware security
embedded system
identity authentication
digital signature
Hash chain
integrity checking
symmetric encryption
