Patent Application
20240422009
This application is based upon and claims the benefit of priority from Japanese Patent Application No. 2023-100353, filed Jun. 19, 2023, the entire contents of which are incorporated herein by reference.
Embodiments described herein relate generally to an information processing device and an information processing method.
In recent years, technology has been increasingly software-based, and the number of information processing devices that perform various types of information processing by using software called firmware that controls hardware such as a central processing unit (CPU) is increasing.
The firmware is easily updated, and the defect can be corrected and the function can be expanded by the update. Meanwhile, the firmware is easier to tamper with than the hardware, and malicious tampering may be performed during the update of the firmware. Therefore, when updating the firmware, it is common to provide the updated firmware with a digital signature added thereto.
A digital signature is generated by using public key encryption and has higher secrecy than a message authentication code generated by using a message authentication key. Meanwhile, it is known that a quantum computer can efficiently solve a discrete logarithm problem and a prime factorization problem required for decryption, and the digital signature may be tampered with when the quantum computer is used widely.
Embodiments provide an information processing device and an information processing method that can detect tampering with firmware.
In general, according to at least one embodiment, there is provided an information processing device including a first determination unit (first determination circuit) that determines whether instruction information for issuing an instruction to switch from a first verification method of verifying validity of firmware by using a digital signature generated based on public key encryption to a second verification method of verifying the validity of the firmware by using a message authentication code generated using a message authentication key generated based on a random number has been received, a random number generator that generates the random number, a first generation unit (first generation circuit) that generates the message authentication key used to generate the message authentication code, based on the random number, when it is determined by the first determination unit that the instruction information has been received, and a second generation unit (second generation circuit) that generates the message authentication code of the firmware using the message authentication key.
Hereinafter, the present embodiment will be described with reference to the drawings.
The storage device 2 is a device that stores data. The storage device 2 is, for example, a solid-state drive (SSD), a universal serial bus (USB) memory, a universal flash storage (UFS) device, a multi media card (MMC), or an SD card.
The host device 3 is an information processing device outside the storage device 2.
The storage device 2 includes memory chips 4, a controller 5, a firmware memory unit (hereinafter, referred to as an FW memory unit) 6, a digital signature memory unit 7, an instruction information memory unit 8, a message authentication code key (MAC key) memory unit 9, and a message authentication code (MAC value) memory unit 10.
The memory chips 4 are devices that store data in a non-volatile manner. The memory chips 4 are, for example, chips including a NAND flash memory.
The controller 5 is an information processing device in the storage device 2. The controller 5 is connected to the memory chips 4 via the memory bus 12. The controller 5 has a host interface circuit (host I/F) 21, a processor (CPU) 22, a memory interface circuit (memory I/F) 23, and an error checking and correcting (ECC) circuit 24. The host I/F 21, the CPU 22, the memory I/F 23, and the ECC circuit 24 are connected to a main bus 25.
The host I/F 21 is an interface circuit that transmits and receives data to and from the outside of the storage device 2.
The CPU 22 is an arithmetic processing device. The CPU 22 executes firmware.
The memory I/F 23 is an interface circuit that transmits and receives data.
The ECC circuit 24 is a circuit that detects and corrects an error in the data read out from the memory chips 4.
The FW memory unit 6 is a non-volatile memory. The FW memory unit 6 stores firmware.
The digital signature memory unit 7 is a non-volatile memory. The digital signature memory unit 7 stores the digital signature and the public key received together with the firmware. The digital signature memory unit 7 stores the digital signature and the public key in association with the firmware. The FW memory unit 6 and the digital signature memory unit 7 may be integrated into one non-volatile memory.
The instruction information memory unit 8 is a non-volatile memory or an electronic fuse. The instruction information memory unit 8 stores the instruction information. The instruction information will be described below. The electronic fuse is a storage device that stores information in a non-volatile manner. The electronic fuse is provided for each bit of a digital signal configured with a plurality of bits. 0 or 1 is stored depending on whether the element of the electronic fuse is cut by the electric signal.
The MAC key memory unit 9 is a non-volatile memory or an electronic fuse. The MAC key memory unit 9 stores a message authentication key (hereinafter, referred to as a MAC key). The MAC key is used to generate a message authentication code (hereinafter, referred to as a MAC value). The MAC key is a key unique to the storage device 2. The instruction information memory unit 8 and the MAC key memory unit 9 may be integrated into one non-volatile memory.
The MAC value memory unit 10 is a non-volatile memory. The MAC value memory unit 10 stores the MAC value in association with the firmware. The MAC value memory unit 10 and the FW memory unit 6 may be integrated into one memory unit.
The first determination unit 31 determines whether the storage device 2 receives the instruction information. The instruction information is information transmitted when issuing an instruction to the storage device 2 to switch from the first verification method to the second verification method. The instruction information is transmitted at the time of the update of the firmware or at the time irrelevant to the update of the firmware. The first verification method is a method of verifying the validity of the firmware by verifying a digital signature generated by using public key encryption (secret key) using a public key. The second verification method is a method of verifying the validity of the firmware by using a MAC key generated using a MAC value.
The random number generator 32 generates a random number. The random number generator 32 generates a random number using, for example, a hash function. The random number generated by the random number generator 32 is, for example, a pseudo random number.
The first generation unit 33 generates the MAC key by using the random number generated by the random number generator 32. The MAC key is a key unique to the controller 5. The MAC key is used to generate a MAC value.
The second generation unit 34 generates the MAC value by using the MAC key generated by the first generation unit 33. The MAC value is identification information.
The second determination unit 35 determines whether the instruction information stored the instruction is in information memory unit 8.
The first verification unit 36 verifies the firmware stored in the FW memory unit 6 by using the MAC value stored in the MAC value memory unit 10.
The second verification unit 37 verifies the firmware stored in the FW memory unit 6 by using the digital signature and the public key stored in the digital signature memory unit 7.
The error processing unit 38 performs predetermined error processing. The predetermined error processing is, for example, processing of generating log information indicating that a security risk is further increased. Alternatively, the predetermined error processing is processing of stopping predetermined information processing executed by the controller 5.
The FW storage control unit 39 stores the received firmware in the FW memory unit 6, and stores the digital signature and the public key received together with the firmware in the digital signature memory unit 7.
When updating the firmware, the first determination unit 31 determines whether the storage device 2 receives the instruction information until a predetermined period elapses (S1).
When the storage device 2 receives the instruction information until a predetermined period elapses (S1 [Yes]), the first determination unit 31 stores the instruction information received by the storage device 2 in the instruction information memory unit 8 (S2).
When the instruction information is stored in the instruction information memory unit 8, the first determination unit 31 transmits an instruction to the random number generator 32 to generate a random number (S3).
When the random number generator 32 receives the instruction to generate the random number, the random number generator 32 generates the random number (S4).
The random number generator 32 transmits the generated random number to the first generation unit 33 (S5).
When the random number is received, the first generation unit 33 generates the MAC key by using the received random number (S6).
The first generation unit 33 stores the generated MAC key in the MAC key memory unit 9 (S7).
The first generation unit 33 sends the generated MAC key to the second generation unit 34 (S8).
When the MAC key is received, the second generation unit 34 transmits a request for reading out the firmware to the FW memory unit 6 (S9). The firmware requested to be read out is the latest firmware most recently stored in the FW memory unit 6.
When the request for reading out the firmware is received, the FW memory unit 6 outputs the firmware (S10).
When the firmware is received, the second generation unit 34 generates the MAC value by using the received MAC key and the received firmware (S11).
The second generation unit 34 stores the generated MAC value in the MAC value memory unit 10 (S12).
When the storage device 2 does not receive the instruction information until the predetermined period elapses (S1 [No]), the first determination unit 31 ends the sequence of
Immediately after the power is supplied to the controller 5, the second determination unit 35 transmits a request for reading out the instruction information to the instruction information memory unit 8 (S21).
When the request for reading out the instruction information is received, the instruction information memory unit 8 outputs the stored information (S22).
When the information is received, the second determination unit 35 determines whether the received information is the instruction information (S23).
When the received information is the instruction information (S23 [Yes]), the second determination unit 35 transmits an instruction to the first verification unit 36 to verify the MAC value (S24).
When the first verification unit 36 receives the instruction to verify the MAC value, the first verification unit 36 transmits the request for reading out the MAC key to the MAC key memory unit 9 (S25).
When the request for reading out the MAC key is received, the MAC key memory unit 9 outputs the MAC key to the first verification unit 36 (S26).
When the MAC key is received, the first verification unit 36 transmits a request for reading out the firmware to the FW memory unit 6 (S27). The firmware requested to be read out is the latest firmware most recently stored in the FW memory unit 6.
When the request for reading out the firmware is received, the FW memory unit 6 outputs the firmware to the first verification unit 36 (S28).
When the firmware is received, the first verification unit 36 generates the MAC value by using the received MAC key and the received firmware (S29).
When the first verification unit 36 generates the MAC value, the first verification unit 36 transmits a request for reading out the MAC value to the MAC value memory unit 10 (S30).
When the request for reading out the MAC value is received, the MAC value memory unit 10 outputs the MAC value to the first verification unit 36 (S31).
When the MAC value is received, the first verification unit 36 compares the received MAC value with the generated MAC value (S32).
When the received MAC value does not match the generated MAC value (S32 [MISMATCH]), the first verification unit 36 causes the error processing unit 38 to perform predetermined error processing (S33).
When the received MAC value matches the generated MAC value (S32 [MATCH]), the first verification unit 36 ends the sequence of
When the received information is not the instruction (S23 [No]), the second determination unit 35 information transmits an instruction to the second verification unit 37 to verify the digital signature (S35).
When the second verification unit 37 receives the instruction verify the digital signature, the second verification unit 37 transmits the request for reading out the digital signature and the public key to the digital signature memory unit 7 (S36).
When the request for reading out the digital signature and the public key is received, the digital signature memory unit 7 outputs the digital signature and the public key to the second verification unit 37 (S37).
When the digital signature and the public key are received, the second verification unit 37 transmits a request for reading out the firmware to the FW memory unit 6 (S38).
When the request for reading out the firmware is received, the FW memory unit 6 outputs the firmware to the second verification unit 37 (S39).
When the firmware is received, the second verification unit 37 calculates the hash value by using the received firmware (S40).
The second verification unit 37 decrypts the received digital signature by using the received public key and extracts the hash value (S41).
The second verification unit 37 compares the calculated hash value with the extracted hash value (S42).
When the calculated hash value does not match the extracted hash value (S42 [MISMATCH]), the second verification unit 37 causes the error processing unit 38 to perform predetermined error processing (S43).
When the calculated hash value matches the extracted hash value (S42 [MATCH]), the second verification unit 37 ends the sequence of
According to the present embodiment, it is possible to verify whether the firmware is tampered with without impairing the secrecy using methods other than digital signatures.
According to the present embodiment, since the MAC key generated using the random number is not disclosed and is difficult to specify even by using the quantum computer, the verification method using the MAC key can be switched. As a result, it is possible to detect tampering with the firmware.
An information processing device including
The information processing device according to Item 1, including
The information processing device according to Item 2,
The information processing device according to Item 2 or 3, including
The information processing device according to Item 4,
The information processing device according to Item 4 or 5,
The information processing device according to Item 6,
The information processing device according to any one of Items 4 to 7, including
The information processing device according to Item 8,
The information processing device according to Item 8,
The information processing device according to any one of Items 1 to 10,
The information processing device according to any one of Items 2 to 10,
The information processing device according to Item 12,
An information processing method including
While certain embodiments have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the disclosure. Indeed, the novel embodiments described herein may be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the embodiments described herein may be made without departing from the spirit of the disclosure. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the disclosure.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2023-100353 | Jun 2023 | JP | national |
