CN119150259B - A method to prevent the internal program of MCU chip from being copied - Google Patents
A method to prevent the internal program of MCU chip from being copiedInfo
- Publication number
- CN119150259B CN119150259B CN202411183082.8A CN202411183082A CN119150259B CN 119150259 B CN119150259 B CN 119150259B CN 202411183082 A CN202411183082 A CN 202411183082A CN 119150259 B CN119150259 B CN 119150259B
- Authority
- CN
- China
- Prior art keywords
- mcu chip
- program
- burning
- information
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention relates to the field of secure encryption and discloses a method for preventing an internal program of an MCU chip from being copied. The encryption scheme is used for reducing encryption protection cost, is suitable for various scale and cost projects, especially the fields of small household appliances with sensitive cost, and aims to provide a comprehensive and efficient safety protection scheme by combining various safety technical means such as a PUF circuit, a blockchain platform and the like, and effectively resist illegal copying and tampering behaviors.
Description
Technical Field
The invention relates to the field of secure encryption, in particular to a method for preventing an internal program of an MCU chip from being copied.
Background
With the continuous development of technology, microcontrollers (MCU chips) have become core components in numerous electronic devices, and are widely used in the fields of smart home, industrial automation, and the like. However, the program code stored inside the MCU chip is often at risk of being illegally copied or tampered with, which not only infringes the developer, but also brings great economic loss to the enterprise. Particularly, after a development company delivers a sample to a customer, if the customer easily obtains a development result through low-cost means such as grinding and shoveling, the development company cannot receive due tail money, and normal operation and development enthusiasm of the enterprise are seriously affected.
There are some encryption protection schemes on the market at present, but they mostly have the following disadvantages:
High cost many encryption schemes rely on specific encryption MCU chips, which are expensive and not suitable for some cost sensitive projects. Especially in fields such as small household appliances, the use of the high-cost encryption MCU chip can obviously increase the cost of the product and reduce the market competitiveness due to the price limit of the product.
Layout limitations in some compact designs, the use of multiple MCU chip schemes may be limited by the spatial layout. For small appliances or other application scenarios where space is limited, a multi-MCU chip scheme may not be feasible.
The anti-copying plate has limited capability, and the cost of the grinding plate copying plate is lower and lower in spite of the use of the encryption MCU chip, and the technology is mature. The method of simultaneously reading out codes and burning the codes by two MCU chips can still be used for illegally acquiring the program codes. Further, with the development of technology, the cost of the grinding plate has been industrialized, so that illegal copying becomes easier and cheaper.
The present invention aims to solve the above-mentioned drawbacks of the prior art, and provides a method for preventing the internal program of the MCU chip from being copied.
Disclosure of Invention
The invention provides a method for preventing the internal program of an MCU chip from being copied, which is used for providing a better protection means for software development companies.
The first aspect of the invention provides a method for preventing an internal program of an MCU chip from being copied, which comprises embedding a PUF circuit into the MCU chip in the design stage of the MCU chip, wherein the PUF circuit generates a unique response key based on the inherent randomness of hardware when the MCU chip is electrified every time, presetting a blockchain platform for MCU chip burning verification, ensuring the safety and the non-tamper resistance of data, deploying an intelligent contract on the blockchain platform for recording the burning information of the MCU chip, the burning information comprises an MCU chip ID, a timestamp and the burning times, defining a verification rule and a locking mechanism, presetting an encryption algorithm for encrypting the program in the MCU chip, storing the encrypted program in a Flash or ROM of the MCU chip, ensuring the program to exist in a ciphertext form, applying for burning authorization, submitting the MCU chip ID and other necessary information before burning, checking whether the MCU chip ID is over-limited by inquiring the blockchain platform, then generating authorization information after checking the validity and the burning times of the MCU chip ID, transmitting the authorization information to the MCU chip by the server through inquiring the blockchain platform, triggering the decryption device after the decryption device by the decryption mechanism, and automatically triggering the decryption mechanism to perform the decryption mechanism, and triggering the non-tamper resistance according to the verification of the decryption mechanism after the decryption mechanism, for subsequent tracking and processing.
Optionally, in a first implementation manner of the first aspect of the present invention, the step of embedding a PUF circuit into the MCU chip in the MCU chip design stage, the PUF circuit generating a unique response key based on inherent randomness of hardware, includes selecting a PUF type including an SRAM PUF, ring Oscillator PUF or Delay PUF, designing the PUF circuit based on the selected PUF type, the PUF circuit being capable of capturing and utilizing the inherent randomness of hardware such as non-uniformity of transistors and small difference of resistance, integrating the PUF circuit as a security module into the MCU chip in the MCU chip design stage, collecting input data including a current time stamp, a device serial number and an ambient temperature, inputting the collected input data into the PUF circuit, generating a unique response key based on the inherent randomness of hardware, and/or designing a dynamic challenge-response mechanism, the input data further including biometric information of a user, generating a unique response key based on a new input data and a new PUF at each time of starting up the MCU chip, and preventing the unique key from being cracked and being increased by a long term risk.
Optionally, in a second implementation manner of the first aspect of the present invention, the presetting a blockchain platform for MCU chip programming verification ensures security and non-tamper-resistance of data, deploying an intelligent contract on the blockchain platform for recording programming information of the MCU chip, the programming information including MCU chip ID, timestamp, programming times, defining verification rules and locking mechanism, presetting encryption algorithm for encrypting a program inside the MCU chip, storing the encrypted program in Flash or ROM of the MCU chip, ensuring that the program exists in ciphertext form, including selecting a blockchain platform technology, selecting a blockchain platform including ethernet, supporting deployment of the intelligent contract, building a private or alliance chain network, ensuring security and performance of the network; an intelligent contract for recording the burning information of an MCU chip is deployed on a blockchain platform, the intelligent contract has the functions of recording the ID, the time stamp and the burning times of the MCU chip, in the intelligent contract, a verification rule is preset, the verification rule comprises checking the rationality of the burning times and defining a locking mechanism, when abnormal burning behaviors are detected, the locking can be automatically triggered to prevent further burning operation, dynamic burning authority management is realized based on the intelligent contract of the blockchain platform, the burning operation can be carried out only by authorized entities, each time the burning needs to be carried out through the intelligent contract, an encryption algorithm is preset, an encryption algorithm is selected, the encryption algorithm comprises AES or RSA and is used for encrypting programs in the MCU chip, after the program development of the MCU chip is finished, the encrypted programs are encrypted by using the preset encryption algorithm, and the encrypted programs are stored in Flash or ROM of the MCU chip in a ciphertext mode, even if an attacker can physically access the MCU chip, the decrypted program cannot be directly read or copied.
Optionally, in a third implementation manner of the first aspect of the present invention, the application for the recording authorization, the user applies for the authorization to the server before recording, submits the MCU chip ID and other necessary information, the server verifies whether the validity of the MCU chip ID and the recording frequency are overrun by querying the blockchain platform record, then generates the authorization information, the server transmits the authorization information to the recording device through the secure channel, and the recording device starts the recording process after verifying the authorization information, including that the user submits the recording authorization application to the server through the recording device before recording, where the application includes the MCU chip ID, the program version of the intended recording, and the recording device identification necessary information; after receiving the application, the server firstly verifies the historical programming information and validity of the MCU chip ID by inquiring the blockchain platform record, the server checks whether the programming times of the MCU chip reaches the preset upper limit, if the MCU chip ID is valid and the programming times are not out of limit, the server generates authorization information comprising a timestamp, a valid period, the MCU chip ID, a program version number and an authorization signature, and/or implements a multi-level authorization mechanism, and requires joint authorization of a plurality of administrators or departments to carry out programming, and/or implements a physical locking mechanism on the programming equipment, uses Flash or ROM to store and manage keys and authorization information, the server transmits the authorization information to the programming equipment through an HTTPS communication protocol, and/or uses TLS encryption to ensure the security of data in the transmission process, and after the programming equipment receives the authorization information, firstly verifies the validity of the authorization signature, ensures that the authorization information is not tampered, and after verification, the programming equipment checks the timestamp, the valid period, the authorization information in the authorization information can be checked, the MCU chip ID, the program version number and the authorization signature are consistent with information submitted during application, after all verification steps are successful, the burning equipment starts a burning program to the MCU chip, after the burning is completed, the burning equipment sends a confirmation message of the completion of the burning to the server so that the server updates the burning record on the blockchain platform, an early warning mechanism is set, and when an abnormal burning request or an unauthorized burning attempt is detected, an alarm is immediately triggered and related personnel are notified.
Optionally, in a fourth implementation manner of the first aspect of the present invention, the decrypting the encrypted program according to the unique response key to obtain a decrypted program, performing multiple verification according to the decrypted program before the program is executed to ensure that the program is not tampered illegally, so as to obtain verification information, including decrypting the encrypted program stored in the MCU chip by using the response key and using the unique response key generated by the PUF circuit before decryption, multiple verification including time stamp verification and time verification, wherein after the program is decrypted, firstly extracting time stamp information in the program to obtain current time and comparing the current time with a time stamp in the program, the program includes a field for recording the time of the program, the field is incremented each time the program is burnt to the MCU chip, before the program is executed, checking whether the value of the field exceeds a preset maximum time of the burning, before the program is encrypted, calculating the hash value of the program and storing the hash value of the program in a secure area, after decryption, and comparing the hash value with the stored hash value, using the original hash value, and performing signature verification on the secure hash value, and the hash value of the hash value is calculated again, and if the hash value is not used in the secure area, and the time stamp is used for dynamically verifying the MCU chip, and if the signature is not used for verifying the time of the time stamp is adjusted.
Optionally, in a fifth implementation manner of the first aspect of the present invention, the checking result is judged according to the checking information, once illegal copying or tampering actions are found, the MCU chip will automatically trigger a locking mechanism, so that the MCU chip cannot be reused, the ID and action information of the illegal MCU chip are recorded through the blockchain platform for subsequent tracking and processing, including that after the checking information is obtained, the MCU chip compares the MCU chip ID with a preset range, whether the MCU chip ID is matched with the legal ID recorded in the case, whether the burning number exceeds a preset maximum value, the validity of the checking time stamp, the hash value or signature of the checking information is checked, once any illegal copying or tampering actions including that the MCU chip ID is not matched or the burning number exceeds the limit are found, the MCU chip will immediately trigger a built-in locking command, and/or the MCU chip will read stored data from Flash or ROM at each time, and compare the calculation result with the data read from the serial port and processed, if the data is inconsistent, the MCU chip will directly trigger the locking command, the locking command is directly triggered by the digital certificate, the digital certificate is triggered by the digital certificate, and the digital certificate is permanently triggered by the digital certificate and the digital certificate is provided by the digital certificate, and the digital certificate is not able to be provided by the digital certificate.
Optionally, in a sixth implementation manner of the first aspect of the present invention, the method further includes establishing a reputation system based on a blockchain platform, scoring and ranking each party in the supply chain, adjusting the reputation score of each party according to the performance of each party in handling illegal MCU chip problems, thereby affecting future business cooperation and trust relationships, and providing the files a and h externally, exposing only two interfaces for external use, and providing authorization and times authorization for the burning device by the server in commercial use.
The invention provides a device for preventing the internal program of the MCU chip from being copied, which comprises a circuit module, a control module and a control module, wherein the circuit module is used for generating a unique response key when the MCU chip is powered on each time by utilizing the inherent randomness of hardware, and the key is used for encrypting and decrypting the internal program of the MCU chip, so that the safety of the program is improved, and unauthorized copying or access is prevented;
the interface module is used for being responsible for communication with a preset blockchain platform, ensuring the safety and the non-tamper property of data, recording the burning information of the MCU chip through the blockchain platform, including the MCU chip ID, the time stamp and the burning times, and defining a verification rule and a locking mechanism by utilizing an intelligent contract;
The encryption module encrypts a program in the MCU chip by using a preset encryption algorithm, and decrypts by using a unique response key generated by the PUF circuit when the program needs to be executed, so that the program is ensured to always exist in a ciphertext form when stored;
The verification module is used for processing the application and verification process of the burning authorization, a user needs to apply authorization to the server through the module before burning, submit the MCU chip ID information, receive the authorization information returned by the server, and only after the authorization information is verified, the burning process is started, so that only authorized equipment can burn the program;
And the verification module is used for verifying the decrypted program before the program is executed so as to ensure that the program is not illegally tampered, and triggering a locking mechanism once illegal copying or tampering actions are found, so that the MCU chip cannot be reused, and recording the ID and action information of the illegal MCU chip through the blockchain platform, thereby facilitating subsequent tracking and processing.
The third aspect of the invention provides a device for preventing the internal program of the MCU chip from being copied, which comprises a memory and at least one processor, wherein the memory is stored with instructions, and the at least one processor calls the instructions in the memory so that the device for preventing the internal program of the MCU chip from being copied executes the method for preventing the internal program of the MCU chip from being copied.
A fourth aspect of the present invention provides a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the above-described method of preventing an internal program of an MCU chip from being copied.
In the technical scheme provided by the invention, a Physical Unclonable Function (PUF) circuit, a blockchain technology, an encryption algorithm and a strict burning verification process are combined. The method comprises the steps of embedding a PUF circuit in the design stage of the MCU chip to generate a unique response key, ensuring the safety and the non-tamper property of data by utilizing a blockchain platform, recording the burning information of the MCU chip through an intelligent contract, and defining a verification rule and a locking mechanism. Before burning, the user needs to apply authorization to the server and transmit authorization information to the burning device through the secure channel. The encryption program is subjected to multiple checks before decryption and execution, so that the program is ensured not to be illegally tampered with. Once illegal copying or tampering actions are found, the MCU chip automatically triggers a locking mechanism, and the ID and action information of the illegal MCU chip are recorded to the blockchain platform for subsequent tracking and processing.
The beneficial effects are that:
The copy-hit behavior is that a plurality of behaviors of illegally acquiring and copying the bin file by grinding and the like exist on the market. The invention greatly improves the difficulty and risk of illegal copying through strict encryption, verification and locking mechanisms, thereby effectively striking such illegal actions and protecting the safety and integrity of the original program.
The rights of the developers are protected, and a lot of development projects are input by the developers in the early stage, so that the development projects are easy to be occupied by clients at low cost. The invention protects the labor result of the developer by ensuring the safety and the irreproducibility of the program, so that the client cannot easily acquire and copy the program, thereby maintaining the legal rights and interests of the developer.
The flexible application mode is that the scheme is not only suitable for personal or enterprise self-use, but also can be safely shared to suppliers through a burning mode. All data passes through asymmetric encryption and time stamp verification, so that the legality of the data and the safety in the transmission process are ensured. The method effectively prevents repeated attempts and illegal accesses by recording and replay and the like, and provides a safe data exchange environment for the two parties of the cooperator.
The hardware scheme of the invention ensures the security through different password verification. Even if there is a risk of leakage, the manufacturer can be quickly contacted to change the file a and the password, so that the illegally acquired program cannot be used. This high degree of customizable and adaptable enables the present invention to flexibly address various security threats, ensuring continued security of the system.
In summary, the beneficial effects and benefits of the present invention are mainly reflected in striking illegal copy behavior, protecting the rights of the developer, providing flexible application modes, and high customizable and adaptable aspects. The advantages ensure the safety and the integrity of the internal program of the MCU chip and provide powerful guarantee for developers and users.
Drawings
FIG. 1 is a schematic diagram of an embodiment of a method for preventing an internal program of an MCU chip from being copied;
FIG. 2 is a schematic diagram of another embodiment of a method for preventing an internal program of an MCU chip from being copied according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an embodiment of an apparatus for preventing an internal program of an MCU chip from being copied according to an embodiment of the present invention;
Fig. 4 is a schematic diagram of an embodiment of an apparatus for preventing an internal program of an MCU chip from being copied according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a method for preventing the internal program of an MCU chip from being copied, which is used for providing a better protection means for software development companies. The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
For ease of understanding, referring to fig. 1, an embodiment of a method for preventing an internal program of an MCU chip from being copied in the embodiment of the present invention includes:
101. In the MCU chip design stage, a PUF circuit is embedded into the MCU chip, and when the MCU chip is electrified each time, the PUF circuit generates a unique response key based on the inherent randomness of hardware;
It is to be understood that the execution body of the present invention may be a device for preventing the internal program of the MCU chip from being copied, and may also be a terminal or a server, which is not limited herein. The embodiment of the invention is described by taking a server as an execution main body as an example.
It should be noted that, the PUF circuit is embedded in the MCU chip and generates a unique response key when powered up:
1. MCU chip design stage
Designing a PUF circuit:
in the MCU chip design stage, PUF (Physical Unclonable Function) circuits are designed according to the physical characteristics of the MCU chip (e.g., delay, threshold voltage change, etc.).
PUF circuits are made up of multiple identical physical elements (e.g., transistors, gates, etc.) that may have small variations due to process variations during fabrication.
Integrating PUF circuits into MCU chips:
and integrating the designed PUF circuit into the layout of the MCU chip.
The PUF circuit is ensured to be compatible with other logic circuits of the MCU chip, and normal functions of the MCU chip are not affected.
2. MCU chip power-on and key generation
Power-on initialization:
When the MCU chip is powered on, a series of initialization operations are first performed.
In this process, the PUF circuit is also activated, ready to generate a response key.
PUF circuit challenge-response:
the MCU chip sends a Challenge (Challenge) to the PUF circuit, which may be a random digital signal or a specific electrical signal pattern.
Upon challenge, PUF circuits produce a unique Response (Response) due to the randomness of their internal physical elements.
Example data:
We have a PUF circuit that contains 128 identical gates. Each gate will have a different delay at the same input due to manufacturing variations. After the MCU chip is powered on, a specific binary challenge signal 1010110011010011 is sent. After the PUF circuit receives the challenge, each gate circuit generates a delay output according to the input signal and its own physical characteristics. The MCU chip measures and records the delay of each gate to get a delay sequence, e.g., (in nanoseconds): [2.3,2.5,2.4,2.6, ], which is unique and slightly different for each power up due to physical randomness, but the overall pattern remains consistent. The MCU chip converts this delay sequence into a unique response key by some algorithm (e.g. a hash function), e.g. a5b3c7d9.
Key application:
This unique response key can be used for encryption, decryption, verification and other operations of the internal program of the MCU chip. Since the key generated at each power-up is unique, even if an attacker can acquire the key at a certain time point, it is impossible to predict or copy the key at other time points.
102. Presetting a blockchain platform for MCU chip burning verification, ensuring the safety and the non-tamper property of data, deploying an intelligent contract on the blockchain platform for recording the burning information of the MCU chip, wherein the burning information comprises MCU chip ID, a time stamp and burning times, defining a verification rule and a locking mechanism, presetting an encryption algorithm for encrypting a program in the MCU chip, storing the encrypted program in Flash or ROM of the MCU chip, and ensuring that the program exists in a ciphertext form;
It should be noted that, the blockchain platform is utilized to ensure the security and non-falsifiability of the information burnt by the MCU chip:
1. preset blockchain platform and smart contract deployment
Blockchain platform selection:
A mature blockchain platform, such as an Ethernet (Ethereum), is selected for building an MCU chip burn verification system. The security and the credibility of the recorded information are ensured by utilizing the non-tamper property and the decentralization property of the blockchain.
Intelligent contract deployment:
an intelligent contract named as an MCU chip burn verification contract is deployed on a blockchain platform.
The contract is used for recording the burning information of the MCU chip, including the MCU chip ID, the time stamp, the burning times and the like.
2. Recording information recording and verifying rule
Recording burning information:
when an MCU chip is burned, relevant information is recorded in the intelligent contract. For example, the MCU chip ID of a certain MCU chip is MCU chip 001, and the 1 st burning is performed at 2023-04-01-10:00:00.
Verification rules and locking mechanism:
the verification rule is defined in the intelligent contract, for example, each MCU chip can only be burnt 3 times at most. If the burning times of a certain MCU chip exceeds the limit, the contract triggers a locking mechanism to prohibit the MCU chip from being burned again.
Example data:
MCU chip ID MCU chip 001
Timestamp 2023-04-01:00:00 (1 st burn), 2023-04-05:15:30:00 (2 nd burn)
Number of times of burning 2 times (for MCU chip 001)
3. Program encryption and storage
Presetting an encryption algorithm:
a secure encryption algorithm, such as AES (advanced encryption standard), is selected for encrypting the program inside the MCU chip. A key, such as KeyABC123,123, is generated for encrypting and decrypting the program.
Program encryption:
Before the program is burnt to the MCU chip, a preset encryption algorithm and a preset secret key are used for encrypting the program. The encrypted program exists in the form of binary ciphertext, for example, 0xA5B3C7.
Ciphertext storage:
And storing the encrypted program in Flash or ROM of the MCU chip. The program is ensured to exist in the MCU chip in a ciphertext form, and the difficulty of copying and tampering is increased.
103. Applying for burning authorization, applying for authorization from a server before burning, submitting an MCU chip ID and other necessary information, checking a blockchain platform record by the server, verifying whether the validity of the MCU chip ID and the burning times are overrun or not, generating authorization information, transmitting the authorization information to a burning device by the server through a secure channel, and starting the burning process after verifying that the authorization information is correct by the burning device;
It should be noted that, in the method for preventing the internal program of the MCU chip from being copied, the process of applying for the burn authorization may be specifically implemented by the following steps:
Step one, submitting an application by a user
Before the user prepares to burn, the application needs to be submitted to the authorization server through the burning equipment or special software.
The information contained in the application is MCU chip ID (for example: UID-12345-ABC), expected burning time (for example: 2024-08-26:18:00:00), and other necessary information (for example, user name, equipment model, etc.).
Step two, server verification and processing
After receiving the application, the server first queries the record on the blockchain platform.
The server confirms that the MCU chip ID "UID-12345-ABC" has valid records on the blockchain, and the historical burning times are 2 times (the maximum allowable burning times are 5 times).
The server verifies that the number of times the MCU chip ID is burned is not exceeded, and generates an authorization message comprising a time stamp (e.g., 2024-08-26:18:05:00), a randomly generated authorization code (e.g., AUTH-98765), and the MCU chip ID.
After the server encrypts the authorization information, the authorization information is transmitted to the burning device through secure channels such as SSL/TLS and the like.
Step three, verifying and burning equipment and burning
And after receiving the encrypted authorization information, the burning device decrypts the encrypted authorization information by using a preset key.
After decryption, the burning device verifies whether the time stamp in the authorization information is within a valid time (e.g., within 5 minutes after the server transmission time) and checks the validity of the authorization code.
After all the verification is correct, the burning device starts the burning process, and the program firmware of the user is written into the MCU chip.
After the burning is completed, the burning device sends a confirmation message to the server, including a time stamp of successful burning and an MCU chip ID.
After receiving the confirmation information, the server updates the relevant records on the blockchain platform, including increasing the burning times and the like.
Step four, subsequent verification and recording
Before each burning, the server repeats the verification process, so that the burning times of each MCU chip ID are ensured not to exceed the limit.
All of these operations leave a non-tamperable record on the blockchain platform for subsequent auditing and tracking.
104. Decrypting the encrypted program according to the unique response key to obtain a decrypted program, and performing multiple verification according to the decrypted program before the program is executed to ensure that the program is not illegally tampered to obtain verification information;
it should be noted that the unique response key generated by the PUF is used to decrypt and verify the encrypted program:
1. encryption program and key generation
Encryption program:
We have an MCU chip program, which we call "raw program". Before the original program is burned into the MCU chip, the original program is encrypted by using an AES encryption algorithm and a preset Key (for example, key 001) to obtain an encrypted program.
PUF response key generation:
The MCU chip is internally integrated with a PUF circuit, and each time the power is applied, the PUF circuit generates a unique response key based on the inherent randomness of hardware. At some power up, the PUF circuit generates a response key PUFKey123,123.
2. Decryption program
Key matching and decryption:
The MCU chip decrypts the encryption program using the response key PUFKey generated by the PUF.
Setting a part of binary data of the encryption program to 10110010, decrypting using PUFKey, 123, and obtaining a part of data of the decryption program to 01011010.
3. Program verification
Generating verification information:
before the program is executed, the MCU chip can check the decrypted program so as to ensure that the program is not illegally tampered.
One common verification method is to calculate the decrypted program using a hash function (e.g., SHA-256) to obtain a hash value, i.e., verification information.
The hash value of the decrypted program is HashValueABC.
And (3) checking:
The MCU chip internally stores the correct hash value of the original program, which is OriginalHashXYZ.
The MCU chip compares the calculated hash value HashValueABC with the stored correct hash value OriginalHashXYZ.
If the two are matched, the decrypted program is not tampered, and the secure execution can be realized.
If there is no match, it is indicated that the program may be illegally tampered with, the MCU chip will refuse to execute the program and may trigger a corresponding security mechanism.
Example data:
Original program binary data (part.) 11010101.
Preset Key Key001
Encryption program binary data (part) 10110010 (after encryption)
PUF response Key PUFKey123,123
Decryption program binary data (part) 01011010 (after decryption)
Correct hash value OriginalHashXYZ
Calculating a hash value HashValueABC
With this embodiment we can see how the unique response key generated by the PUF is used to decrypt the encrypted program and by hash check ensure that the program has not been tampered with illegally. The method combines encryption, decryption and verification mechanisms, and provides powerful protection for the safety of the internal program of the MCU chip.
105. And judging a verification result according to the verification information, and once illegal copying or tampering actions are found, automatically triggering a locking mechanism by the MCU chip, so that the MCU chip cannot be reused, and recording the ID and action information of the illegal MCU chip through the blockchain platform for subsequent tracking and processing.
It should be noted that:
1. Verification information determination
And (3) checking:
the correct hash value of the original program stored in the MCU chip is set to OriginalHashXYZ. After the MCU chip is powered on and the decryption program is executed, the hash value of the decryption program, namely the verification information, is calculated and set to CalculatedHash.
And (3) judging results:
The MCU chip will CalculatedHash and OriginalHashXYZ compare. If the two are consistent, the program is not tampered, and the MCU chip continues to normally execute the program. If not, the specification program may have been illegally copied or tampered with.
2. Illegal action handling
Triggering a locking mechanism:
Once the verification information is found to be unmatched, the MCU chip automatically triggers a built-in locking mechanism. Locking mechanisms involve blowing internal circuitry, erasing critical data, or putting the MCU chip into a permanently inoperable state.
In this example, the deadlock mechanism is implemented by erasing the internally stored critical configuration information and permanently locking the write function.
Illegal behaviour was recorded:
when the locking mechanism is triggered, the MCU chip can send a record request containing illegal MCU chip ID and behavior information to the blockchain platform through an internal communication module (such as Wi-Fi, bluetooth or a wired interface).
The ID of the illegal MCU chip is set as ChipID456, and the behavior information includes a time stamp 2023-11-01:15:30:00 of verification failure, a hash value CalculatedHash of the decryption program, and an original hash value OriginalHashXYZ.
Blockchain platform records:
after the blockchain platform receives the record request sent by the MCU chip, the information is recorded on the blockchain as a transaction.
This transaction contains the MCU chip ID, behavior information, a time stamp and a hash pointer to the previous block, ensuring the non-tamper and traceability of the record.
Example data:
original program correct hash value OriginalHashXYZ
The decryption program calculates the hash value CalculatedHash123,123
Illegal MCU chip ID ChipID456
Verification failure timestamp 2023-11-01:15:30:00
In the embodiment of the invention, a comprehensive method is provided for preventing the internal program of the MCU chip from being copied. The method combines a Physical Unclonable Function (PUF) circuit, a blockchain technology, an encryption algorithm and a verification mechanism, and ensures the safety and the unclonability of MCU chip programs. First, a PUF circuit is embedded in the MCU chip design stage, and a unique response key is generated each time power is applied. And secondly, recording the burning information of the MCU chip by using a blockchain platform, and defining a verification rule and a locking mechanism by using an intelligent contract. Before burning, a user needs to apply for burning authorization to a server, and the server verifies the validity of the MCU chip ID and the burning times and generates authorization information. The program is stored in the MCU chip after being encrypted, decrypted by using a response key generated by the PUF after being electrified, and verification is performed to ensure that the program is not tampered. Once illegal actions are found, the MCU chip triggers a locking mechanism and records related information through the blockchain platform. The unique response key generated by the PUF circuit ensures the uniqueness of the key when the power is on each time, thereby greatly improving the safety of the program. Even if an attacker can obtain keys at a certain time point, it is impossible to predict or copy keys at other time points. The non-tamper property of the block chain platform is utilized to ensure the authenticity and credibility of the recorded information and illegal action records. This helps in subsequent tracking and handling of illegal actions. The verification rule and the locking mechanism defined by the intelligent contract limit the burning times of each MCU chip and prevent program leakage risks possibly caused by excessive burning. In the verification process, once the program is found to be illegally copied or tampered, the MCU chip can immediately trigger a locking mechanism, so that the MCU chip cannot be used again, and illegal actions are prevented in time. All related operations leave a non-tamperable record on the blockchain platform, which greatly facilitates subsequent tracking and auditing operations. The method combines a plurality of security mechanisms such as a physical layer, data encryption, a blockchain and the like, and provides omnibearing protection for the internal program of the MCU chip. In summary, the technology provides strong safety protection for the internal program of the MCU chip by combining the PUF circuit, the blockchain, the encryption algorithm and the verification mechanism, effectively prevents the risk of copying and tampering the program, and improves the traceability of illegal actions.
Referring to fig. 2, another embodiment of a method for preventing an internal program of an MCU chip from being copied according to an embodiment of the present invention includes:
201. In the MCU chip design stage, a PUF circuit is embedded into the MCU chip, and when the MCU chip is electrified each time, the PUF circuit generates a unique response key based on the inherent randomness of hardware;
Specifically, a PUF type is selected, wherein the PUF type comprises an SRAM PUF, ring Oscillator PUF or Delay PUF, and based on the selected PUF type, a PUF circuit is designed, wherein the PUF circuit can capture and utilize the inherent randomness of hardware, such as the non-uniformity of a transistor and the tiny difference of resistance, and the inherent randomness comprises the non-uniformity of the transistor and the tiny difference of resistance, and the PUF circuit is integrated into an MCU chip as a security module in the design stage of the MCU chip; collecting input data, namely collecting the input data when the MCU chip is started, wherein the input data comprises a current time stamp, a device serial number and an ambient temperature, inputting the collected input data into a PUF circuit, and generating a unique response key by utilizing the inherent randomness of hardware; and/or designing a dynamic challenge-response mechanism, wherein the input data also comprises the biological characteristic information of the user, generating a new unique response key based on the new input data and the PUF circuit every time the MCU chip is started, preventing the key from being used for a long time to increase the risk of being cracked;
It should be noted that, in the embodiment, a certain MCU chip manufacturer wants to design a security module for its product to prevent the internal program from being illegally copied. For this, they have chosen SRAM PUFs as their core security component.
Step 1, designing SRAM PUF circuit
In the design stage of the MCU chip, an SRAM PUF circuit is designed. The circuit is capable of capturing and utilizing small differences in transistor non-uniformity and resistance. Specifically, when the SRAM cells are initialized at power up, each SRAM cell will have a different initial state (0 or 1) due to small differences in hardware fabrication. This randomness of the initial state may serve as a unique fingerprint for the device.
Step 2, integrating the PUF circuit into the MCU chip
After the design of the SRAM PUF circuit is completed, engineers integrate it as a security module into the MCU chip.
Step 3, collecting input data
When the MCU chip is started, the system can collect the following input data:
current timestamp: e.g. 2023-10-27:10:30:15
Device serial number, e.g., SN123456789
Ambient temperature, e.g. 25 °c
Biometric information of the user, such as fingerprint data, may also be collected. But this part is not included in this example for simplicity of illustration.
Step 4, generating response key
The collected data is input into the SRAM PUF circuit, and a unique response key is generated by utilizing the inherent randomness of hardware. For example, setting our SRAM PUF to have 128 bits, then the generated response key is as follows:
1010110010101100101011001010110010101100101011001010110010101100
step 5 dynamic challenge-response mechanism
Each time the MCU chip is started, a new unique response key is generated based on the new input data and the SRAM PUF circuit. This ensures that the key is not used for a long period of time, thereby reducing the risk of hacking.
For example, if the data collected by the MCU chip at the next start-up is:
current timestamp 2023-10-28:11:45:30
SN123456789 (device sequence number unchanged)
Ambient temperature of 27 DEG C
Then, based on these data and the new SRAM PUF readings, a new, unique response key will be generated.
202. Presetting a blockchain platform for MCU chip burning verification, ensuring the safety and the non-tamper property of data, deploying an intelligent contract on the blockchain platform for recording the burning information of the MCU chip, wherein the burning information comprises MCU chip ID, a time stamp and burning times, defining a verification rule and a locking mechanism, presetting an encryption algorithm for encrypting a program in the MCU chip, storing the encrypted program in Flash or ROM of the MCU chip, and ensuring that the program exists in a ciphertext form;
specifically, a blockchain platform technology is selected, a blockchain platform is selected, the blockchain platform comprises an Ethernet, deployment of intelligent contracts is supported, a private or alliance chain network is built, and safety and performance of the network are ensured; an intelligent contract for recording the burning information of the MCU chip is deployed on the blockchain platform, the intelligent contract has the functions of recording the ID, the time stamp and the burning times of the MCU chip, in the intelligent contract, a verification rule is preset, the verification rule comprises checking the rationality of the burning times and defining a locking mechanism, and when abnormal burning behaviors are detected, locking can be automatically triggered to prevent further burning operations; the intelligent contract based on the blockchain platform realizes dynamic burning authority management, only authorized entities can perform burning operation, and each burning process needs to pass through the intelligent contract to perform authority verification; presetting an encryption algorithm, namely selecting the encryption algorithm, wherein the encryption algorithm comprises AES or RSA, is used for encrypting a program in the MCU chip, and after the program development of the MCU chip is completed, the program is encrypted by using the preset encryption algorithm;
it should be noted that:
Step 1, building a block chain network
The manufacturer first builds a private ethernet network. They have chosen several trusted nodes, such as servers of research and development departments, production departments and quality detection departments, to compose this private network.
Step 2, deploying the intelligent contract
On the ethernet platform, they deploy an intelligent contract named "MCU chip_ BurnInfo". The main functions of this contract are:
recording the MCU chip ID, the time stamp and the burning times.
And verifying the rationality of the burning times. For example, if a certain MCU chip is burned frequently in a short time, the contract will be considered abnormal.
A locking mechanism is defined. When abnormal burning behaviors (such as burning times exceeding a preset threshold) are detected, locking is automatically triggered.
Example data:
MCU chip ID 0x1A2B3C
Timestamp 2023-10-27 15:30:00
Number of times of burning 3
Step3, realizing dynamic burning authority management
Only authorized entities, such as research and development departments and production departments, can obtain the burning rights. Before each burning, authority verification is required to be carried out through an MCU chip BurnInfo contract.
Step4, presetting an encryption algorithm and encrypting a program
The manufacturer selects the AES-256 encryption algorithm. After the MCU chip program development is completed, they encrypt the program using this algorithm.
Pre-encryption program example:
c
void main(){
The// MCU chip initializes the code.
}
Post-encryption program (ciphertext form, specific values depending on encryption key and algorithm implementation):
3a7b593475da4e37a0128921c93b8f5e...
step 5, storing the encryption program
And storing the encrypted program in a Flash memory of the MCU chip in a ciphertext mode.
Through the above embodiments, the MCU chip manufacturer successfully protects its core using blockchain technology and encryption algorithms. Even if an attacker can physically access the MCU chip and attempt to read the contents of the Flash memory, they can only get the encrypted program, but cannot directly acquire or copy the decrypted original program.
203. Applying for burning authorization, applying for authorization from a server before burning, submitting an MCU chip ID and other necessary information, checking a blockchain platform record by the server, verifying whether the validity of the MCU chip ID and the burning times are overrun or not, generating authorization information, transmitting the authorization information to a burning device by the server through a secure channel, and starting the burning process after verifying that the authorization information is correct by the burning device;
The method comprises the steps of firstly checking historical programming information and validity of an MCU chip ID through inquiring a blockchain platform record after the server receives the application, checking whether the programming times of the MCU chip reaches a preset upper limit or not by the server, generating an authorization information comprising a time stamp, a validity period, the MCU chip ID, a program version number and an authorization signature by the server if the MCU chip ID is valid and the programming times are not out of limit, and/or implementing a multi-stage authorization mechanism, wherein the programming can be carried out only by joint authorization of a plurality of managers or departments, and/or implementing a physical locking mechanism on the programming device, storing and managing keys and the authorization information by using Flash or ROM, transmitting the authorization information to the programming device through an HTTPS (high speed protocol) communication protocol, and/or encrypting and ensuring the safety of data by using TLS (TLS) after the programming device receives the authorization information, firstly checking the validity of the MCU chip ID and not out of limit, checking whether the authorization signature is valid or not, and updating the authorization information in the program version number is required to be completed when the programming is verified by the MCU chip, attempting to complete the programming with the latest when the programming is finished, and the latest when the programming is verified by the latest, the latest in the program version number is verified by the MCU module, the programming device is verified by the latest, and the latest when the program version is verified by the latest when the verification device is required to be verified, triggering an alarm immediately and notifying the relevant personnel;
it should be noted that:
Step1, a user submits a burning authorization application
Before burning, a user submits a burning authorization application to a server through burning equipment. The following information is included in the application:
MCU chip ID CID001
Program version of the expected burn-in V1.2.0
BD001
Step 2, server verification and authorization
After receiving the application, the server queries the blockchain platform record, and finds that the historical burning times of the MCU chip ID CID001 are 2 times and do not reach the preset 5 times upper limit. Thus, the server generates authorization information:
Timestamp 2023-11-01 10:30:00
Expiration date 2023-11-01:11:00:00
MCU chip ID CID001
Program version number v1.2.0
Authorization signature SIG_XYZ (signing with private key of server)
Step 3, the server transmits the authorization information
The server transmits the authorization information to the burning device BD001 through the HTTPS communication protocol, and ensures the security of the data using TLS encryption.
Step 4, the burning equipment verifies the authorization information
After the burning device receives the authorization information, the public key of the server is used for verifying the validity of the authorization signature SIG_XYZ. After verification is passed, checking whether each item of data in the authorization information is consistent with the information submitted at the time of application.
Step5, programming the program into the MCU chip
After all verification steps are successful, the programming equipment starts to program the program with the version of V1.2.0 into the MCU chip with the MCU chip ID of CID 001.
Step6, confirming the completion of burning and updating the recording
After the burning is completed, the burning device sends a confirmation message of the completion of the burning to the server. After the server receives the confirmation, the burning record on the blockchain platform is updated, and the burning times of the MCU chip ID CID001 are increased by 1 and changed into 3 times.
Step 7, triggering and notifying the early warning mechanism
During the process, if the server detects an abnormal burning request (such as the number of times of burning exceeding the upper limit) or an unauthorized burning attempt, an alarm is immediately triggered, and related personnel are notified through an email. For example, if an unauthorized device tries to burn, the server sends an alert mail to the administrator, the mail content containing information such as the device identification of the attempted person, a time stamp, etc.
204. Decrypting the encrypted program according to the unique response key to obtain a decrypted program, and performing multiple verification according to the decrypted program before the program is executed to ensure that the program is not illegally tampered to obtain verification information;
The method comprises the steps of decrypting a response key, decrypting an encrypted program stored in an MCU chip by using a unique response key generated by a PUF circuit before the decryption of the response key, repeatedly checking the encrypted program, namely, after the decryption of the program, firstly extracting time stamp information in the program, acquiring the current time, and comparing the current time with the time stamp in the program, wherein the program comprises a field for recording the burning times, the field is increased each time the program is burnt to the MCU chip, checking whether the value of the field exceeds the preset maximum burning times before the program is executed, calculating the hash value of the program and storing the hash value in a safe area before the encryption of the program, re-calculating the hash value of the program after the decryption, comparing the hash value with the stored hash value, signing an original program by using a private key, storing signature information in the safe area, and verifying the validity of the signature by using a public key before the program is executed;
it should be noted that the following is a specific embodiment, which illustrates how to use the response key decryption procedure and perform multiple verification.
Step 1, decrypting by using response key
The unique response key previously generated by the PUF circuit is 0x1A2B3C4D. The encryption program stored in the MCU chip Flash is encrypted by using an AES-256 algorithm, and the ciphertext is in the form of:
Encryption program ciphertext 0xE345A0B1C2D3.
The encrypted program is decrypted using the response key 0x1A2B3C4D, resulting in a decrypted program.
Step 2, time stamp verification
The time stamp information extracted from the decrypted program is 2023-10-01-12:00:00.
The current time is 2023-10-02, 10:00:00.
The preset time stamp checking threshold value is 24 hours, and the time stamp checking is passed because the difference between the current time and the time stamp in the program is less than 24 hours.
Step 3, checking the burning times
The number of burning times field value recorded in the program is 3.
The preset maximum burning frequency is 5.
Since the number of times of burning does not exceed the maximum number of times of burning, the verification of the number of times of burning is passed.
Step4, hash value verification
The hash value calculated before the program encryption is 0x12345678 (stored in the secure area).
The recalculated hash value after decryption is 0x12345678.
Since the two hash values are identical, the hash value check passes.
Step 5, signature verification
The original program is signed by using a private key, and the obtained signature information is SIG_ABC (stored in a safe area). The validity of the signature sig_abc is verified using the public key before the program is executed. The verification result is valid.
Step 6, dynamically adjusting the check threshold value
Considering that the MCU chip may be unused for a long time, if the MCU chip is detected to be unused in the last month, the threshold value of the relaxed timestamp check is 48 hours. In this example, the MCU chip has a usage record in the last week, thus keeping the original threshold value unchanged for 24 hours.
205. And judging a verification result according to the verification information, and once illegal copying or tampering actions are found, automatically triggering a locking mechanism by the MCU chip, so that the MCU chip cannot be reused, and recording the ID and action information of the illegal MCU chip through the blockchain platform for subsequent tracking and processing.
The MCU chip is used for comparing whether the ID of the MCU chip is matched with legal ID recorded in a case or not after obtaining verification information, checking whether the burning times exceeds the preset maximum value, verifying the validity of the verification information by a time stamp, a hash value or a signature, and generating a digital certificate containing the ID of the illegal MCU chip, behavior information and verification failure once any illegal copying or tampering actions including the mismatching of the ID of the MCU chip or the overdrawing of the burning times are found, and/or reading stored data from Flash or ROM and carrying out encryption calculation when the MCU chip is started up each time, comparing a calculation result with the data read from a serial port and processed, and if the data is inconsistent, directly triggering the locking command by the MCU chip;
It should be noted that, the verification and locking mechanism in the MCU chip internal program copy prevention method:
Step1, the MCU chip obtains the verification information
After the MCU chip decrypts the program and executes multiple verification, the following verification information is obtained:
MCU chip ID CID001
Number of times of burning 4
Timestamp 2023-11-01:15:30:00
Hash value 0xAABBCCDDEEFF
Signature verification result is valid
Step 2, comparing with a preset range
The MCU chip compares the verification information with a preset range:
And checking whether the MCU chip ID CID001 is matched with the legal ID recorded in the record, wherein the matching is successful.
Checking whether the number of burning times 4 exceeds a preset maximum value 5, and not exceeding.
Verify if the timestamp 2023-11-01 15:30:00 is within the valid range: valid (set the current time to 2023-11-01 16:00:00 and the timestamp check threshold to 1 hour).
Verifying whether hash value 0xAABBCCDDEEFF is consistent with the stored secure hash value.
The signature verification result has been shown to be valid.
Step 3, finding illegal action and triggering locking command
In this embodiment, we deliberately modify the number of burns to 6 (exceeding the preset maximum of 5) to simulate illegal copying or tampering behavior.
The MCU chip detects that the burning times exceeds a preset maximum value, and judges that the burning times are illegal actions.
The MCU chip immediately triggers a built-in locking command. This is a hardware-level fusing mechanism that permanently disables certain critical functions of the MCU chip (e.g., inhibits program execution or data writing) by physical means.
Step4, generating and uploading digital certificate
When the MCU chip triggers a locking command:
a digital certificate containing an illegal MCU chip ID (CID 001), behavior information (the number of times of burning exceeds the limit) and the cause of verification failure (the number of times of burning exceeds the preset maximum value) is generated.
The digital certificate is encrypted and signed, ensuring integrity and authenticity.
The MCU chip (if still capable of communicating) or a server connected thereto uploads the encrypted digital certificate to the blockchain platform.
Step 5, the block chain platform stores and verifies the certificate
The blockchain platform provides a non-tamperable recording system for storing these encrypted and signed digital certificates. Any authorized entity can verify the authenticity and content of these certificates to confirm the illegal act and take further action (e.g., legal prosecution or security audit).
206. Establishing a reputation system based on a blockchain platform, scoring and ranking all parties in a supply chain, and adjusting reputation scores of all the parties according to the performances of all the parties on the problem of processing illegal MCU chips so as to influence the future business cooperation and trust relationship;
The method comprises the steps that a file, a file h file and a server are provided, wherein the file a and the file h are provided externally, only two interfaces are exposed for external use, and during business, the server can provide authorization and times of authorization for burning equipment;
it should be noted that:
Step 1, establishing a reputation system based on a block chain
The reputation system is initialized by creating an intelligent contract on the blockchain platform for recording reputation scores and rankings for the parties in the supply chain.
Scoring rules:
illegal MCU chip behavior is found and reported in time, reputation score +10.
Illegal MCU chip circulation is successfully prevented, and reputation is scored by +20.
If it is found that the illegal MCU chip transaction or copy procedure is involved, reputation score-50.
Ranking update-blockchain intelligence contracts rank in real-time according to reputation scores of parties.
Data example:
Supplier a, initial reputation score 100, the reputation score increases to 110 as illegal MCU chip behavior is discovered and reported together in time.
Vendor B, initial reputation score 100, falls to 50 as it was found to relate to an illegal transaction.
Step 2, interface authorization mechanism
Interface files are provided-company provides externally. A (static library file) and. H (header file), exposing only two interfaces for external use-InitializeMCU chip () and ProgramMCU chip ().
Server authorization:
when a customer needs to burn the MCU chip, the server firstly verifies the identity and the burning requirement of the customer.
The server generates an authorization token containing authorization information and the burning frequency limit and transmits the authorization token to the burning device through HTTPS.
And (3) verifying and burning by using burning equipment:
after receiving the authorization token, the burning device verifies the validity of the authorization token.
And performing burning operation in the authorized range. If the number of times of burning is exceeded, the burning device refuses the operation.
Data example:
The client C requests to burn 100 MCU chips, and after the verification of the server is passed, an authorization token is generated, which contains information such as ID of the client C, authorization time, burning frequency limit (100 times) and the like.
And after the burning device receives the authorization token, successfully verifying and starting burning. When the 101 th MCU chip is burnt, the burning device prompts that the burning times are over-limit, and requests authorization again.
Step 3, linkage of reputation system and authorization mechanism
And (3) motivating and punishing, namely adjusting reputation scores of the supply chain according to the performances of all the parties of the supply chain on preventing illegal MCU chip problems. A high reputation scored provider or customer may enjoy a faster audit process and more preferential authorization charges when applying for authorization.
Transparent and traceable-all reputation score changes and authorization records are stored on the blockchain, ensuring transparency and non-tamper-ability of the data.
With this embodiment we demonstrate how to combine the blockchain reputation system and the interface authorization mechanism to effectively prevent the MCU chip internal programs from being duplicated while at the same time motivating supply chain parties to actively participate in maintaining the security of the system.
In the embodiment of the invention, a multi-level security protection system is constructed by using a Physical Unclonable Function (PUF), a blockchain technology, an encryption algorithm and an authorization mechanism, and aims to prevent the internal program of the MCU chip from being copied. Firstly, a unique response key is generated by using a PUF circuit, so that a new security key can be obtained each time the MCU chip is started, and the cracking difficulty is increased. And secondly, recording the burning information and implementing dynamic burning authority management through a blockchain platform, so that the safety and traceability of the burning process are ensured. Furthermore, the encryption algorithm is utilized to encrypt the program, and the program is ensured not to be illegally tampered through a multiple verification mechanism. Finally, by establishing a blockchain-based reputation system, parties in the supply chain are scored and ranked to encourage the parties to actively participate in maintaining system security, and to limit illegal access and copying through an interface authorization mechanism. The security of the internal program of the MCU chip is ensured through the unique response key and the encryption algorithm generated by the PUF circuit, and even if an attacker can physically access the MCU chip, the decrypted program cannot be directly read or copied. The use of the blockchain platform enables all burning information and authorization records to be traceable and non-tamperable, and is convenient for follow-up tracking and illegal actions processing. By dynamic burning authority management and times authorization, it is ensured that only authorized entities can perform burning operation, and illegal copying is effectively prevented. The reputation system based on the blockchain stimulates all parties of the supply chain to actively participate in maintaining the security of the system through a scoring and ranking mechanism, so that good business cooperation and trust relationship are formed. Flexible interface authorization mechanisms are provided, only necessary interfaces are exposed for external use, and the risk of being attacked is reduced. In summary, by comprehensively applying various security mechanisms, the technical scheme effectively prevents the risk of copying the programs in the MCU chip, improves the security and traceability of the system, and simultaneously stimulates the active participation and cooperation of all parties of the supply chain.
The method for preventing the internal program of the MCU chip from being copied in the embodiment of the present invention is described above, and the device for preventing the internal program of the MCU chip from being copied in the embodiment of the present invention is described below, referring to fig. 3, one embodiment of the device for preventing the internal program of the MCU chip from being copied in the embodiment of the present invention includes a circuit module 301 for generating a unique response key at each power-on of the MCU chip by using the inherent randomness of hardware, the key being used for encrypting and decrypting the internal program of the MCU chip, increasing the security of the program and preventing unauthorized copying or access; the interface module 302 is used for communicating with a preset blockchain platform to ensure the security and the non-tamper property of data, recording the burning information of the MCU chip through the blockchain platform, including the MCU chip ID, the timestamp and the burning times, defining the verification rule and the locking mechanism by using an intelligent contract, the encryption module 303 is used for encrypting the program in the MCU chip by using a preset encryption algorithm and decrypting the unique response key generated by using a PUF circuit when the program needs to be executed to ensure that the program always exists in a ciphertext form when being stored, the verification module 304 is used for processing the application and the verification process of burning authorization, the user needs to apply authorization to a server through the module before burning, submit the MCU chip ID information, receive the authorization information returned by the server, start the burning process only after the authorization information is verified, ensure that the authorized equipment can burn the program only, the verification module 305 is used for verifying the decrypted program before the program is executed to ensure that the program is not tampered with once illegal copy or falsified, the locking mechanism can be triggered, so that the MCU chip cannot be reused, and the ID and behavior information of the illegal MCU chip are recorded through the blockchain platform, so that the follow-up tracking and processing are facilitated.
In the embodiment of the invention, the unique response key is generated, and the key is used for encryption and decryption when the MCU chip is electrified, so that the high security of the internal program of the MCU chip is ensured. This dynamic key approach makes cracking more difficult. The block chain technology is utilized to record the burning information of the MCU chip, so that not only is the non-tamper property of data ensured, but also a reliable audit trail is provided, and the follow-up monitoring and verification of the use condition of the MCU chip are facilitated. By defining the verification rules and the locking mechanism through the intelligent contract, automation and transparency are increased, and only devices meeting specific conditions can be authorized to burn. The authentication module ensures that only authorized devices can perform program burn-in, which greatly reduces the risk of unauthorized copying or access. The verification module performs verification before program execution, so that the program is effectively prevented from being illegally tampered, any illegal actions are dealt with by triggering a locking mechanism, and the integrity of the program and the safety of the MCU chip are protected. Any illegal copying or tampering actions can be recorded by the blockchain platform, so that the ID and action information of an illegal MCU chip can be tracked later, and the safety of the system is further enhanced. In summary, the technology provides omnibearing protection for the internal program of the MCU chip by comprehensively utilizing the encryption technology, the blockchain technology and the intelligent contract, effectively prevents the program from being illegally copied or tampered, and ensures the safety of data and the reliability of a system.
The apparatus for preventing the internal program of the MCU chip in the embodiment of the present invention from being copied is described in detail from the point of view of the modularized functional entity in fig. 3 above, and the device for preventing the internal program of the MCU chip in the embodiment of the present invention from being copied is described in detail from the point of view of the hardware processing below.
Fig. 4 is a schematic structural diagram of an apparatus for preventing an internal program of an MCU chip from being copied, where the apparatus 400 for preventing an internal program of an MCU chip from being copied may have a relatively large difference due to different configurations or performances, and may include one or more processors (central processing units, CPU) 410 (e.g., one or more processors) and a memory 420, one or more storage mediums 430 (e.g., one or more mass storage devices) storing an application 433 or data 432. Wherein memory 420 and storage medium 430 may be transitory or persistent storage. The program stored in the storage medium 430 may include one or more modules (not shown), each of which may include a series of instruction operations in the apparatus 400 for preventing the internal program of the MCU chip from being copied. Still further, the processor 410 may be configured to communicate with the storage medium 430 to execute a series of instruction operations in the storage medium 430 on the device 400 that prevents the MCU chip internal program from being copied.
The device 400 that prevents the MCU chip internal programs from being copied may also include one or more power supplies 440, one or more wired or wireless network interfaces 450, one or more input output interfaces 460, and/or one or more operating systems 431, such as Windows Serve, mac OS X, unix, linux, freeBSD, etc. It will be appreciated by those skilled in the art that the device structure shown in fig. 4 for preventing the internal program of the MCU chip from being copied does not constitute a limitation of the device for preventing the internal program of the MCU chip from being copied, and may include more or less components than those shown, or may combine some components, or may be a different arrangement of components.
The present invention also provides an apparatus for preventing an internal program of an MCU chip from being copied, the apparatus for preventing an internal program of an MCU chip from being copied including a memory and a processor, the memory storing computer readable instructions which, when executed by the processor, cause the processor to perform the steps of the method for preventing an internal program of an MCU chip from being copied in the above embodiments.
The present invention also provides a computer readable storage medium, which may be a non-volatile computer readable storage medium, and may also be a volatile computer readable storage medium, where instructions are stored in the computer readable storage medium, when the instructions are executed on a computer, cause the computer to perform the steps of the method for preventing an internal program of an MCU chip from being copied.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. The storage medium includes a U disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
While the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that the foregoing embodiments may be modified or equivalents may be substituted for some of the features thereof, and that the modifications or substitutions do not depart from the spirit and scope of the embodiments of the invention.
Claims (10)
1. A method for preventing an internal program of an MCU chip from being copied, comprising:
In the MCU chip design stage, a PUF circuit is embedded into the MCU chip, and when the MCU chip is electrified each time, the PUF circuit generates a unique response key based on the inherent randomness of hardware;
Presetting a blockchain platform for MCU chip burning verification, ensuring the safety and the non-tamper property of data, deploying an intelligent contract on the blockchain platform for recording the burning information of the MCU chip, wherein the burning information comprises MCU chip ID, a time stamp and burning times, defining a verification rule and a locking mechanism, presetting an encryption algorithm for encrypting a program in the MCU chip, storing the encrypted program in Flash or ROM of the MCU chip, and ensuring that the program exists in a ciphertext form;
applying for burning authorization, applying for authorization from a server before burning, submitting an MCU chip ID and other necessary information, checking a blockchain platform record by the server, verifying whether the validity of the MCU chip ID and the burning times are overrun or not, generating authorization information, transmitting the authorization information to a burning device by the server through a secure channel, and starting the burning process after verifying that the authorization information is correct by the burning device;
Decrypting the encrypted program according to the unique response key to obtain a decrypted program, and performing multiple checks according to the decrypted program before the program is executed to ensure that the program is not illegally tampered to obtain check information, wherein the multiple checks comprise time stamp check and burning times check;
And judging a verification result according to the verification information, and once illegal copying or tampering actions are found, automatically triggering a locking mechanism by the MCU chip, so that the MCU chip cannot be reused, and recording the ID and action information of the illegal MCU chip through the blockchain platform for subsequent tracking and processing.
2. The method of claim 1, wherein the embedding PUF circuitry in the MCU chip during the MCU chip design phase, the PUF circuitry generating a unique response key based on the inherent randomness of the hardware, comprises:
selecting a PUF type comprising an SRAM PUF, ring Oscillator PUF or Delay PUF, designing a PUF circuit based on the selected PUF type, the circuit being capable of capturing and exploiting hardware inherent randomness including non-uniformity of transistors and small differences in resistance, integrating the PUF circuit as a security module into the MCU chip during the design phase of the MCU chip;
When the MCU chip is started, collecting input data, wherein the input data comprises a current time stamp, an equipment serial number and an ambient temperature, inputting the collected input data into a PUF circuit, and generating a unique response key by utilizing the inherent randomness of hardware;
and/or designing a dynamic challenge-response mechanism, the input data further comprising biometric information of the user;
Each time the MCU chip is started, a new unique response key is generated based on new input data and the PUF circuit, so that the key is prevented from being used for a long time and the risk of being cracked is increased.
3. The method for preventing the internal program of the MCU chip from being copied according to claim 1, wherein a blockchain platform for the programming verification of the MCU chip is preset, the security and the non-tamper ability of data are ensured, an intelligent contract is deployed on the blockchain platform for recording programming information of the MCU chip, the programming information comprises an ID, a time stamp and the number of times of programming of the MCU chip, a verification rule and a locking mechanism are defined, an encryption algorithm is preset for encrypting the internal program of the MCU chip, the encrypted program is stored in Flash or ROM of the MCU chip, and the program is ensured to exist in a ciphertext form, and the method comprises:
Selecting a blockchain platform technology, selecting a blockchain platform, wherein the blockchain platform comprises an Ethernet, supports the deployment of intelligent contracts, builds a private or alliance chain network, and ensures the security and performance of the network;
An intelligent contract for recording the burning information of the MCU chip is deployed on the blockchain platform, the intelligent contract has the function of recording the ID, the time stamp and the burning times of the MCU chip, in the intelligent contract, a verification rule is preset, the verification rule comprises checking the rationality of the burning times and defining a locking mechanism, and when abnormal burning behaviors are detected, locking can be automatically triggered to prevent further burning operations;
The intelligent contract based on the blockchain platform realizes dynamic burning authority management, only authorized entities can perform burning operation, and each burning process needs to pass through the intelligent contract to perform authority verification;
selecting an encryption algorithm, wherein the encryption algorithm comprises AES or RSA and is used for encrypting a program in the MCU chip, and after the program development of the MCU chip is completed, the encryption algorithm is used for encrypting the program;
the encrypted program is stored in the Flash or ROM of the MCU chip in a ciphertext mode, so that even if an attacker can physically access the MCU chip, the decrypted program cannot be directly read or copied.
4. The method for preventing the copying of the internal program of the MCU chip according to claim 1, wherein the application of the writing authorization, the user applying for the authorization to the server before writing, submitting the MCU chip ID and other necessary information, the server verifying whether the validity of the MCU chip ID and the number of times of writing are overrun by querying the blockchain platform record, and then generating the authorization information, the server transmitting the authorization information to the writing device through the secure channel, the writing device starting the writing process after verifying that the authorization information is correct, comprises:
Before burning, a user submits a burning authorization application to a server through burning equipment, wherein the application comprises MCU chip ID, a program version of expected burning and necessary information of burning equipment identification;
After receiving the application, the server firstly verifies the historical burning information and the validity of the MCU chip ID by inquiring the blockchain platform record, and checks whether the burning times of the MCU chip reaches a preset upper limit or not, if the MCU chip ID is valid and the burning times are not out of limit, the server generates authorization information comprising a time stamp, a validity period, the MCU chip ID, a program version number and an authorization signature;
and/or implement a multi-level authorization mechanism, requiring joint authorization of multiple administrators or departments to perform the burning;
and/or implementing a physical locking mechanism on the burning device, storing and managing the key and the authorization information by using Flash or ROM;
The server transmits the authorization information to the burning device through an HTTPS communication protocol, and/or in the transmission process, TLS encryption is used for ensuring the security of data;
after receiving the authorization information, the burning device firstly verifies the validity of the authorization signature to ensure that the authorization information is not tampered, and after verification, the burning device can check whether the time stamp, the validity period, the MCU chip ID, the program version number and the authorization signature in the authorization information are consistent with the information submitted in the application;
After all verification steps are successful, the programming equipment starts programming programs into the MCU chip;
after the programming is completed, the programming equipment sends a confirmation message of the completion of the programming to the server so that the server updates the programming record on the blockchain platform;
An early warning mechanism is arranged, and when an abnormal burning request or an unauthorized burning attempt is detected, an alarm is immediately triggered and related personnel are notified.
5. The method for preventing an internal program of an MCU chip from being copied according to claim 1, wherein decrypting the encrypted program according to the unique response key to obtain a decrypted program, performing multiple verification according to the decrypted program before the program is executed to ensure that the program is not illegally tampered with, and obtaining verification information includes:
Decrypting the encryption program stored in the MCU chip by using the response key and the unique response key generated by the PUF circuit before;
After the program is decrypted, firstly extracting time stamp information in the program, acquiring current time, and comparing the current time with a time stamp in the program;
The program comprises a field for recording the burning times, the field is increased gradually when the program is burnt to the MCU chip each time, and before the program is executed, whether the value of the field exceeds the preset maximum burning times is checked;
Before the program is encrypted, calculating the hash value of the program and storing the hash value in a safe area, and after decryption, recalculating the hash value of the program and comparing the hash value with the stored hash value;
Signing the original program by using a private key, storing signature information in a safe area, and verifying the validity of the signature by using a public key before the program is executed;
Dynamically adjusting the threshold value of the time stamp verification and the burning frequency verification according to the use condition and the environment of the MCU chip, and if the MCU chip is not used for a long time, relaxing the threshold value of the time stamp verification;
And obtaining verification information.
6. The method for preventing the internal program of the MCU chip from being copied according to claim 1, wherein the determining of the verification result according to the verification information, once the illegal copy or tampering is found, the MCU chip will automatically trigger the locking mechanism to make the MCU chip unusable again, and record the ID and the behavior information of the illegal MCU chip through the blockchain platform for subsequent tracking and processing, includes:
After the MCU chip obtains the verification information, comparing the verification information with a preset range, checking whether the ID of the MCU chip is matched with the legal ID recorded in the record, checking whether the burning times exceed the preset maximum value, and verifying the validity of the time stamp, the hash value or the signature;
once any illegal copying or tampering actions are found, including mismatching of the ID of the MCU chip or overrun of the burning times, the MCU chip immediately triggers a built-in locking command;
And/or the MCU chip reads the stored data from the Flash or ROM when being started each time, performs encryption calculation, compares the calculation result with the data read from the serial port and processed, and if the data is inconsistent, the MCU chip directly triggers a locking command;
the locking command is a fusing mechanism of a hardware level, and the key function of the MCU chip is permanently disabled in a physical mode, so that the MCU chip cannot be reused;
when the MCU chip triggers the locking command, a digital certificate containing an illegal MCU chip ID, behavior information and verification failure causes is generated, the digital certificate is encrypted and signed, the MCU chip or a server in communication with the MCU chip uploads the encrypted digital certificate to a blockchain platform, and the blockchain platform provides a recording system for storing and verifying the certificates.
7. The method of preventing an internal program of an MCU chip from being copied according to claim 1, further comprising:
And establishing a reputation system based on a blockchain platform, scoring and ranking all the parties in a supply chain, and adjusting the reputation score according to the performance of all the parties on the problem of processing illegal MCU chips.
8. An apparatus for preventing an internal program of an MCU chip from being copied, the apparatus comprising:
the circuit module is used for generating a unique response key when the MCU chip is electrified each time by utilizing the inherent randomness of hardware, and the key is used for encrypting and decrypting programs in the MCU chip, so that the safety of the programs is improved, and unauthorized copying or access is prevented;
the interface module is used for being responsible for communication with a preset blockchain platform, ensuring the safety and the non-tamper property of data, recording the burning information of the MCU chip through the blockchain platform, including the MCU chip ID, the time stamp and the burning times, and defining a verification rule and a locking mechanism by utilizing an intelligent contract;
The encryption module encrypts a program in the MCU chip by using a preset encryption algorithm, and decrypts by using a unique response key generated by the PUF circuit when the program needs to be executed, so that the program is ensured to always exist in a ciphertext form when stored;
The verification module is used for processing the application and verification process of the burning authorization, a user needs to apply authorization to the server through the module before burning, submit the MCU chip ID information, receive the authorization information returned by the server, and only after the authorization information is verified, the burning process is started, so that only authorized equipment can burn the program;
and the verification module is used for carrying out multiple verification on the decrypted program before the program is executed, wherein the multiple verification comprises time stamp verification and burning times verification so as to ensure that the program is not illegally tampered, and once illegal copying or tampering actions are found, the verification module triggers a locking mechanism so that the MCU chip cannot be reused, and records ID and action information of the illegal MCU chip through a blockchain platform, thereby facilitating subsequent tracking and processing.
9. An apparatus for preventing an internal program of an MCU chip from being copied, comprising a memory and at least one processor, wherein the memory stores instructions;
The at least one processor invoking the instructions in the memory to cause the device that prevents the MCU chip internal program from being copied to perform the method of preventing the MCU chip internal program from being copied as recited in any one of claims 1-7.
10. A computer readable storage medium having instructions stored thereon, which when executed by a processor, implement a method of preventing duplication of an internal program of an MCU chip as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411183082.8A CN119150259B (en) | 2024-08-27 | A method to prevent the internal program of MCU chip from being copied |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411183082.8A CN119150259B (en) | 2024-08-27 | A method to prevent the internal program of MCU chip from being copied |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN119150259A CN119150259A (en) | 2024-12-17 |
| CN119150259B true CN119150259B (en) | 2025-10-10 |
Family
ID=
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111082925A (en) * | 2019-10-23 | 2020-04-28 | 中山大学 | Embedded system encryption protection device and method based on AES algorithm and PUF technology |
| CN117874840A (en) * | 2023-12-06 | 2024-04-12 | 北京普安信科技有限公司 | Program anti-cracking method based on PUF |
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111082925A (en) * | 2019-10-23 | 2020-04-28 | 中山大学 | Embedded system encryption protection device and method based on AES algorithm and PUF technology |
| CN117874840A (en) * | 2023-12-06 | 2024-04-12 | 北京普安信科技有限公司 | Program anti-cracking method based on PUF |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102345379B1 (en) | Crypto ASIC with self-verifying internal identifier | |
| US11036869B2 (en) | Data security with a security module | |
| US10211977B1 (en) | Secure management of information using a security module | |
| CN101176125B (en) | Implementation of an integrity-protected secure storage | |
| JP4912879B2 (en) | Security protection method for access to protected resources of processor | |
| JP6275653B2 (en) | Data protection method and system | |
| US9195806B1 (en) | Security server for configuring and programming secure microprocessors | |
| US9094205B2 (en) | Secure provisioning in an untrusted environment | |
| JP6509197B2 (en) | Generating working security key based on security parameters | |
| US10771467B1 (en) | External accessibility for computing devices | |
| US20150242614A1 (en) | Provisioning of security credentials | |
| US20130086385A1 (en) | System and Method for Providing Hardware-Based Security | |
| US20140025944A1 (en) | Secure Storage and Signature | |
| CN110795126A (en) | A firmware security upgrade system | |
| CN104782076A (en) | Use of puf for checking authentication, in particular for protecting against unauthorized access to function of ic or control device | |
| CN101488856A (en) | System and method for digital signatures and authentication | |
| US11615207B2 (en) | Security processor configured to authenticate user and authorize user for user data and computing system including the same | |
| JP2004295271A (en) | Card and pass code generator | |
| CN119150259B (en) | A method to prevent the internal program of MCU chip from being copied | |
| TW202347147A (en) | Anti-cloning architecture for device identity provisioning | |
| CN119150259A (en) | Method for preventing MCU internal program from being copied | |
| EP2575068A1 (en) | System and method for providing hardware-based security | |
| Tremlet | The IEC 62443 Series of Standards: How to Defend Against Infrastructure Cyberattacks | |
| TW202441919A (en) | Anti-cloning of device cryptographic keys for counterfeit prevention | |
| Palmer et al. | Ownership and Control of Firmware in Open Compute Project Devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |