嵌入式加密卡设计
摘要
随着互联网与通讯技术的飞速发展,数据安全问题已成为当今世界关注的热点,而加密技术是实现数据安全的一种非常重要的手段。加密技术可分为软件加密和硬件加密两大类。软件加密最大的优势在于它的成本低,工艺难度小。但需要CPU全程参与,会消耗大量的系统资源,而且加密的速度较慢,尤其是对一些海量数据进行处理时,会造成硬盘读写的瓶颈。硬件加密不但解决了软件加密速度慢和耗费CPU大量资源的缺点,而且还具有加密强度大、可靠性高等优点。加密卡是实现硬件加密的主要方式,加密卡不存在的情况下,被加密软件的功能是不完整的,从根本上防止了软件被破解。因此,研制硬件加密卡对于维护系统的安全具有及其重大的意义。
本课题研制的加密卡源自泳池监控系统,采用嵌入式技术和PCI总线技术相结合,利用“代码移植”的加密原理,即PC端应用软件的关键代码和数据“消失”了,被安全地移植到加密卡的硬件中保护起来。在需要使用时,PC端的应用软件可以通过功能调用指令运行硬件中的关键代码和数据,并返回结果,从而实现了对软件系统的加密。本论文主要分五部分:第一部分介绍了数据加密方面的一些基本概念、相关技术背景以及本课题设计的来源;第二部分介绍本课题所设计的加密卡的原理背景;第三部分介绍了基于友善公司的Nano2410A的PCI加密卡硬件电路设计。详细的介绍了PCI模块电路设计、ARM模块电路设计、以及Nano2410A与PCI的接口模块电路的设计;第四部分介绍了加密卡的软件系统的设计。详细的介绍了Windriver环境下的PCI加密卡WDM驱动程序的编写、ADTIDE环境下的ARM模块上的加密程序的设计以及PC机上VC6.0环境下的应用程序的设计;最后一部分总结了本设计所做的工作以及其中的不足和对未来的展望。
With the rapid development of the internet and communication technology,data security has become the focus of attention in today's world,and encryption is a very important tool of data security.Encryption technology can be broadly divided into two major categories of software encryption and hardware encryption.Software encryption's greatest strength lies in its extremely low cost;and technical does not very difficulty.However,software encryption needs the CPU of computer in full participation,it will consume a large amount of system resources and the speed of encryption is slow.In particular,processing a number of massive data will be the bottleneck caused by the hard disk read and write.Compared with the case of software encryption,hardware encryption not only resolved the problem of the slow speed of and a lot of resources that software encryption cost,but also has stronger encryptionand higher reliability.Encryption card is the main form of hardware encryption,if encryption card does not exist;the functions of the software encrypted were incomplete and prevent fundamentally the software to be break.Therefore,the designing of the hardware encryption card play an important role in the maintenance of system security.
The encryption card which the subject studied,adopting embedded technology and PCI bus technology,using the encryption principle of "code transplant",that is,the key code and data of PC-side application software disappear,they have been safely transplanted to encryption cards and protected by hardware.When it's in use,PC-side application software can run the code and data through the call of function,and return a result,and realize the encryption of software systems.This paper is divided into five main parts:the first part describes information security concepts,some of the related technology background and the source of this issue.The second part of this paper introduces encryption card's the background of the design principles.The third part discusses the design of the PCI encryption card based on the Nano2410A of friendly company.And discribes the designs of the PCI module,ARM module circuit,as well as the interface module circuit of Navo2410A and PCI in detail.The fourth section describes the design of encryption card's software system.And discribes the WDM driver of the PCI encryption card in Windriver,the design of encryption program of ARM module in ADTIDE,as well as the design of PC application program in VC6.0.S the last part of the paper summed up the work done by the design,the shortcomings and the vision for the future
本课题研制的加密卡源自泳池监控系统,采用嵌入式技术和PCI总线技术相结合,利用“代码移植”的加密原理,即PC端应用软件的关键代码和数据“消失”了,被安全地移植到加密卡的硬件中保护起来。在需要使用时,PC端的应用软件可以通过功能调用指令运行硬件中的关键代码和数据,并返回结果,从而实现了对软件系统的加密。本论文主要分五部分:第一部分介绍了数据加密方面的一些基本概念、相关技术背景以及本课题设计的来源;第二部分介绍本课题所设计的加密卡的原理背景;第三部分介绍了基于友善公司的Nano2410A的PCI加密卡硬件电路设计。详细的介绍了PCI模块电路设计、ARM模块电路设计、以及Nano2410A与PCI的接口模块电路的设计;第四部分介绍了加密卡的软件系统的设计。详细的介绍了Windriver环境下的PCI加密卡WDM驱动程序的编写、ADTIDE环境下的ARM模块上的加密程序的设计以及PC机上VC6.0环境下的应用程序的设计;最后一部分总结了本设计所做的工作以及其中的不足和对未来的展望。
With the rapid development of the internet and communication technology,data security has become the focus of attention in today's world,and encryption is a very important tool of data security.Encryption technology can be broadly divided into two major categories of software encryption and hardware encryption.Software encryption's greatest strength lies in its extremely low cost;and technical does not very difficulty.However,software encryption needs the CPU of computer in full participation,it will consume a large amount of system resources and the speed of encryption is slow.In particular,processing a number of massive data will be the bottleneck caused by the hard disk read and write.Compared with the case of software encryption,hardware encryption not only resolved the problem of the slow speed of and a lot of resources that software encryption cost,but also has stronger encryptionand higher reliability.Encryption card is the main form of hardware encryption,if encryption card does not exist;the functions of the software encrypted were incomplete and prevent fundamentally the software to be break.Therefore,the designing of the hardware encryption card play an important role in the maintenance of system security.
The encryption card which the subject studied,adopting embedded technology and PCI bus technology,using the encryption principle of "code transplant",that is,the key code and data of PC-side application software disappear,they have been safely transplanted to encryption cards and protected by hardware.When it's in use,PC-side application software can run the code and data through the call of function,and return a result,and realize the encryption of software systems.This paper is divided into five main parts:the first part describes information security concepts,some of the related technology background and the source of this issue.The second part of this paper introduces encryption card's the background of the design principles.The third part discusses the design of the PCI encryption card based on the Nano2410A of friendly company.And discribes the designs of the PCI module,ARM module circuit,as well as the interface module circuit of Navo2410A and PCI in detail.The fourth section describes the design of encryption card's software system.And discribes the WDM driver of the PCI encryption card in Windriver,the design of encryption program of ARM module in ADTIDE,as well as the design of PC application program in VC6.0.S the last part of the paper summed up the work done by the design,the shortcomings and the vision for the future
引文
[1][EB/OL].http://www.net130.com/CMS/Pub/softlevel/softlevel_networkengineer/2007_02_25_50950.Html.
[2]张玉秀.浅谈数据加密技术的发展.电脑学习.2008.NO.2.
[3]冯登国等.密码学导引.北京:科学出版社,2001.
[4]BurceShcneeir著.吴世忠等译.应用密码学——协议、算法与C程序.北京:机械工业出版社.2003.,成都,1988.
[5]吴世忠.中国信息安全产业的现状主与前景展望.信息安全与通信保密.2002.NO.10.
[6]沈昌祥.当今时代的重大课题——息安全保密.信息安全与通信保密.2001.NO.8.
[7]冯登国.国内外信息安全研究现状及其发展趋势.网络安全技术与应用.2001.NO.1.
[8]Diffie W and Hellman M E.New Directions in Cryptography.IEEE Transon Information Theory.1977.IT-22(6):74-84.
[9]川何大可等著.保密学——基础与应用.西安西安电子科技大学出版社.1990.
[10]赖溪松等.计算机密码学及其应用.北京:国防工业出版社.2001.
[11]杨明芳,周永培.软件加密与解密技术及其应用实例专辑.中国科学院成都计算机应用研究所情报室.
[12]StveeBurnett等著.冯登国等译.密码学工程实践指南.北京:清华大学出版社.2001.
[13]Gan,Woon-Seng.Embedded signal processing with the Micro Signal Architecture.Chile.Wiley-Interscience:IEEE Press,2007.
[14]Dave Jaggar著.ARM Architectural Refernce Manual,1996
[15]陈绩主编.ARM嵌入式技术实践教程.北京:北京航空航天大学出版社,2005.2.
[16]Shanley,Tom.PCI-X system architecture.Beijing:Pub.House of Tsing Hua,2002.
[17]李贵山.PCI局部总线及其应用.西安:西安电子科技大学出版社,2003
[18]李贵山等.PCI局部总线开发者指南.西安:西安电子科技大学出版社,1997.
[19]Marwedel,Peter.Embedded system design.China:Science Press,2007.
[20]马忠梅,李善平.ARM&Linux嵌入式系统教程.北京:北京航空航天出版社,2004.
[21][美]Andrew N.Sloss,Dominic Symes,Chris Wright著.沈建华译.ARM嵌入式系统开发-软件设计与优化.北京:北京航空航天大学出版社,2005.
[22]赵斌.PCI9052及其应用.电子技术应用,2004,30(10):67-68.
[23]翁斌.PCI总线接口芯片PCI9052及其应刚.电子元器件应用,2006,8(7):118-120.
[24]杨将军,王水波,郑辉.基于S3C2410的嵌入式串口通信实现.现代电子技术,2007,30(18):40-41,44.
[25][EB/OL].http://www.Zlieseareh.eom/searchPd/fother/PCI9052.Pdf.
[26]华清远见嵌入式培训中心 李佳著 ARM系列处理器应用技术完全手册.北京:人民邮电出版社,2000.
[27]叶涛.JTAG调试系统的设计.科技信息:学术版,2007,25:75-76.
[28]胡婧,杨景常.基于JTAG协议的ARM调试接口设计.西华大学学报:自然科学版,2007,26(2):38-40.
[29]刘建中,李清宝.基于PCI总线加密卡硬件设计.电子技术应用,2004,30(1):7-9.
[30]方粮,尹佳斌,黄克勋.PCI总线卡设计与实现的几个关键问题.计算机工程与科学.NO.2.
[31]Solari,Edward.PCI&PCI-X hardware and software.Xi'an:Electronics Industry.Press,2003.
[32][EB/OL].http://www.21iesearch.com/searchPd/fmierochiP/21173e.Pdf.
[33]史有建,包孔伟.基于双口RAM的DSP与PCI总线通信的研究与实现.自动化技术与应用,2007,26(8):111-112,99.
[34][EB/OL].http://hi.baidu.com/zsw_davy/blog/item/92d5c988c9bela94a5c27275.html
[35]刘巍.一种快速开发PCI桥设备驱动程序的方法.现代雷达,2002.
[36]黄讯孙政顺.利用wniDriver开发PCI设备驱动程序.计算机应用.2001,NO.3.
[37][EB/OL].http://www.driverdevelop.com.
[38]张杰,马庭强.PCI设备配置空间的访问及实现.重庆邮电学院学报.2000.VOI.12.No.3.
[39]JungoLtd.WindriverV6.00User'5Guide.2003.
[40]刘英杰,岳浩.Linux操作系统教程.北京:机械工业出版社,2005.
[41][EB/OL].http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.18.tar.bz2.
[42]Robbins,Arnold.Linux programming by example.China:China Machine Press,2005.
[43]黄天戍,王坚,孙东.Wnidows下PCI设备驱动程序的设计.现代计算机.2002.NO.1.
[2]张玉秀.浅谈数据加密技术的发展.电脑学习.2008.NO.2.
[3]冯登国等.密码学导引.北京:科学出版社,2001.
[4]BurceShcneeir著.吴世忠等译.应用密码学——协议、算法与C程序.北京:机械工业出版社.2003.,成都,1988.
[5]吴世忠.中国信息安全产业的现状主与前景展望.信息安全与通信保密.2002.NO.10.
[6]沈昌祥.当今时代的重大课题——息安全保密.信息安全与通信保密.2001.NO.8.
[7]冯登国.国内外信息安全研究现状及其发展趋势.网络安全技术与应用.2001.NO.1.
[8]Diffie W and Hellman M E.New Directions in Cryptography.IEEE Transon Information Theory.1977.IT-22(6):74-84.
[9]川何大可等著.保密学——基础与应用.西安西安电子科技大学出版社.1990.
[10]赖溪松等.计算机密码学及其应用.北京:国防工业出版社.2001.
[11]杨明芳,周永培.软件加密与解密技术及其应用实例专辑.中国科学院成都计算机应用研究所情报室.
[12]StveeBurnett等著.冯登国等译.密码学工程实践指南.北京:清华大学出版社.2001.
[13]Gan,Woon-Seng.Embedded signal processing with the Micro Signal Architecture.Chile.Wiley-Interscience:IEEE Press,2007.
[14]Dave Jaggar著.ARM Architectural Refernce Manual,1996
[15]陈绩主编.ARM嵌入式技术实践教程.北京:北京航空航天大学出版社,2005.2.
[16]Shanley,Tom.PCI-X system architecture.Beijing:Pub.House of Tsing Hua,2002.
[17]李贵山.PCI局部总线及其应用.西安:西安电子科技大学出版社,2003
[18]李贵山等.PCI局部总线开发者指南.西安:西安电子科技大学出版社,1997.
[19]Marwedel,Peter.Embedded system design.China:Science Press,2007.
[20]马忠梅,李善平.ARM&Linux嵌入式系统教程.北京:北京航空航天出版社,2004.
[21][美]Andrew N.Sloss,Dominic Symes,Chris Wright著.沈建华译.ARM嵌入式系统开发-软件设计与优化.北京:北京航空航天大学出版社,2005.
[22]赵斌.PCI9052及其应用.电子技术应用,2004,30(10):67-68.
[23]翁斌.PCI总线接口芯片PCI9052及其应刚.电子元器件应用,2006,8(7):118-120.
[24]杨将军,王水波,郑辉.基于S3C2410的嵌入式串口通信实现.现代电子技术,2007,30(18):40-41,44.
[25][EB/OL].http://www.Zlieseareh.eom/searchPd/fother/PCI9052.Pdf.
[26]华清远见嵌入式培训中心 李佳著 ARM系列处理器应用技术完全手册.北京:人民邮电出版社,2000.
[27]叶涛.JTAG调试系统的设计.科技信息:学术版,2007,25:75-76.
[28]胡婧,杨景常.基于JTAG协议的ARM调试接口设计.西华大学学报:自然科学版,2007,26(2):38-40.
[29]刘建中,李清宝.基于PCI总线加密卡硬件设计.电子技术应用,2004,30(1):7-9.
[30]方粮,尹佳斌,黄克勋.PCI总线卡设计与实现的几个关键问题.计算机工程与科学.NO.2.
[31]Solari,Edward.PCI&PCI-X hardware and software.Xi'an:Electronics Industry.Press,2003.
[32][EB/OL].http://www.21iesearch.com/searchPd/fmierochiP/21173e.Pdf.
[33]史有建,包孔伟.基于双口RAM的DSP与PCI总线通信的研究与实现.自动化技术与应用,2007,26(8):111-112,99.
[34][EB/OL].http://hi.baidu.com/zsw_davy/blog/item/92d5c988c9bela94a5c27275.html
[35]刘巍.一种快速开发PCI桥设备驱动程序的方法.现代雷达,2002.
[36]黄讯孙政顺.利用wniDriver开发PCI设备驱动程序.计算机应用.2001,NO.3.
[37][EB/OL].http://www.driverdevelop.com.
[38]张杰,马庭强.PCI设备配置空间的访问及实现.重庆邮电学院学报.2000.VOI.12.No.3.
[39]JungoLtd.WindriverV6.00User'5Guide.2003.
[40]刘英杰,岳浩.Linux操作系统教程.北京:机械工业出版社,2005.
[41][EB/OL].http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.18.tar.bz2.
[42]Robbins,Arnold.Linux programming by example.China:China Machine Press,2005.
[43]黄天戍,王坚,孙东.Wnidows下PCI设备驱动程序的设计.现代计算机.2002.NO.1.