BRIEF DECRYPTION OF THE DRAWINGS
FIG. 1 is a block diagram of a firmware security system according to an embodiment of the present invention.
FIG. 2 is a flowchart of a method employed by the firmware security system for securing the firmware distribution according to a first embodiment of the present invention.
FIG. 3 is a diagram illustrating the first embodiment of the present invention.
FIG. 4 is a flowchart of a method employed by the firmware security system for securing the firmware distribution according to a second embodiment of the present invention.
FIG. 5 is a diagram illustrating the second embodiment of the present invention.
FIG. 6 is a flowchart of a method employed by the firmware security system for securing the firmware distribution according to a third embodiment of the present invention.
FIG. 7 is a diagram illustrating the third embodiment of the present invention.
FIG. 8 is a flowchart of a method employed by the firmware security system for securing the firmware distribution according to a fourth embodiment of the present invention.
FIG. 9 is a diagram illustrating the fourth embodiment of the present invention.
DETAILED DECRYPTION
Please refer to FIG. 1. FIG. 1 is a block diagram of a firmware security system 10 according to an embodiment of the present invention. The firmware security system 10 includes an encryption apparatus 20, a first host 30 and a computer system 40. As shown in FIG. 1, the encryption apparatus 20 includes an encryption key provider 21, an encryption unit 22 and an authentication code provider 23. Please note that the encryption key provider 21 is capable of providing an encryption key specified for securing the firmware image or an encryption key for securing the distribution of the firmware image, where the encryption key for securing the firmware image is for a simple encryption algorithm, such as a Data Encryption Standard (DES). The encryption key specified for securing the distribution of the firmware image is for a complex encryption algorithm, such as an Advanced Encryption Standard (AES). The encryption unit 22 is coupled to the encryption key provider 21 for encrypting at least the firmware image utilizing a corresponding encryption key according to the encryption mode, DES or AES. The authentication code provider 23 is coupled to the encryption unit 22 and provides an authentication code used for validating decryption of the encrypted firmware image. In this embodiment, the authentication code provider 23 generates the authentication code according to a digest algorithm or a hash algorithm. However, the present invention is not limited to above-mentioned authentication code generating algorithms. Any available algorithm capable of generating a desired authentication code, like all various kinds of HMAC for hash-function-based or CMAC for cipher-based Message Authentication Code algorithms, can be implemented by the present invention.
Please note that for different products the encryption apparatus 20 makes use of different secret key sets and authentication codes to encrypt firmware applicable to these different products. For example, products of different manufacturers do not share the same secret key set, i.e. each product has a unique secret key set. As shown in FIG. 1, the first host 30 is coupled to the encryption apparatus 20, and stores a plurality of predetermined encrypted data each having a specific encrypted firmware image generated from a firmware image encrypted utilizing a specific encryption key specified for securing a distribution of the firmware image.
In this embodiment, the computer system 40 is coupled to the first host 30 via the Internet, and is capable of downloading a target encrypted data from the first host 30 via the Internet. Please note that the present invention is not limited to an Internet connection linking the first host 30 and the computer system 40. The computer system 40 includes a second host 50 and a device 60 (e.g. an optical disc drive). After establishing connection to the first host 30, the second host 50 selects a specific encrypted data associated with a target secret key set to be the target encrypted data needed by the connected device 60, and then downloads the target encrypted data from the first host 30 via the Internet. As shown in FIG. 1, the device 60 includes a decryption apparatus 70, storage unit 80 and microprocessor 90. As mentioned above, each product has a unique secret key set according to the present invention. In this embodiment, the storage unit 80 stores a plurality of secret key sets each having at least a decryption key, and the microprocessor 90, during boot-up process, can select one of the stored secret key sets to be the target decryption key set of the device 60 according to hardware configuration. The hardware configuration here is defined by settings of a plurality of input pins which can be changed via exterior circuit design, or fused or laser-cut which directly adjust the integrated circuit, or NVRAM like embedded FLASH ROM. In other words, the microprocessor 90 checks statuses of the registers to make the secret key selection. The combination of the microprocessor 90 and the storage unit 80 acts as a decryption key provider for providing a decryption key set of the device 60 through selecting one key set from candidate key sets.
The decryption apparatus 70 utilizes the selected decryption key set for decrypting data (encrypted firmware image) encrypted by the encryption apparatus 20 utilizing a target encryption key set. The decryption apparatus 70 includes a decryption unit 72 and a validation unit 73. The decryption unit 72 utilizes the selected decryption key set to decrypt data downloaded from the first host 30 according to the Advanced Encryption Standard (AES) or Data Encryption Standard (DES) in a Cipher Block Chaining (CBC) mode to obtain the firmware image. The validation unit 73 then checks an authentication code included in the encrypted data to validate decryption of the encrypted firmware image. The encryption and decryption operations performed by the firmware security system 10 are detailed as follows.
Please refer to FIG. 2. FIG. 2 is a flowchart of a method employed by the firmware security system 10 for securing the firmware distribution according to a first embodiment of the present invention. The method of securing the firmware distribution includes the following steps:
Step 100: Start.
Step 110: Provide Encryption Key. The encryption key provider 21 is capable of generating an encryption key K2 specified for securing the distribution of the firmware image for the device 60.
Step 120: Perform Encryption. The encryption unit 22 receives the encryption key K2 from the encryption key provider 21, and then encrypts the raw firmware image utilizing the encryption key K2. In this embodiment, the encryption unit 22 encrypts the raw firmware image for providing a stronger protection according to an Advanced Encryption Standard (AES) encryption in a Cipher Block Chaining (CBC) mode.
Step 130: Provide Authentication Code. The authentication code provider 23 provides an authentication code CA used for validating the encrypted data and adds the authentication code to the encrypted data. In this embodiment, the authentication code provider 23 inserts a fixed pattern, such as “MediaTek”, into some known location of the before-encrypted data as the authentication code CA or performs a predetermined algorithm, such as a digest algorithm or a hash algorithm, to determine the authentication code CA.
Step 140: Provide Decryption Key. The decryption key provider, implemented by the microprocessor 90 and the storage unit 80, is capable of providing a decryption key K2 specified for decrypting the encrypted data. In this embodiment, the decryption key and the encryption key are the same. However, for other embodiments of the present invention utilizing other encryption/decryption algorithms, the decryption key is allowed to be different from the encryption key.
Step 150: Download. The second host 50 downloads a target encrypted data from a first host 30 via the Internet, where the target encrypted data is encrypted according to the encryption key K2.
Step 160: Receive Encrypted Data. The device 60 of the computer system 40 receives encrypted data from the second host 50 through IDE or other interface, like SATA, and stores the received encrypted data in a volatile memory (e.g., DRAM) for following decryption and authentication operations.
Step 170: Perform Authentication. The validation unit 73 utilizes an authentication code transmitted by the encrypted data to validate the encrypted firmware image. If the validation is passed, go to step 180; otherwise, go to step 184.
Step 180: Perform Decryption. The decryption unit 72 decrypts the encrypted firmware image in the encrypted data utilizing the decryption key K2 to obtain the firmware image. In this embodiment, the decryption can also be performed in parallel with receiving the encrypted data from the second host 50 (step 160).
Step 182: Store Decrypted Firmware Image. The decryption unit 72 stores the firmware image into a non-volatile memory (e.g. flash memory) or the microprocessor 90 directly loads and executes the firmware image from the volatile memory. Then go to step 190.
Step 184: Abandon Received Encrypted data. The decryption unit 72 abandons the received encrypted data and informs the second host 50 of the validation failure.
Step 190: Finish.
Please refer to FIGS. 1 and 3. FIG. 3 is a diagram illustrating the first embodiment of the present invention. The firmware image is protected by an encryption associated with the encryption key K2. Then, the authentication code CA is attached to the encrypted firmware image. The target encrypted data is distributed and downloaded. The validation unit 73 verifies the target decrypted data does contain the pre-determined code. Any modification to the encrypted firmware image would result to trashed final output due to the nature of Chained cipher operation. If the authentication code CA transmitted by the encrypted data matches a predetermined pattern, the decryption unit 72 decrypts the encrypted firmware image using K2 during downloading through IDE/SATA to obtain the desired firmware image. Then, the firmware image is stored and executed in DRAM. Please note that the device 60 is not limited to starting the authentication of the encrypted data after the whole encrypted data containing the authentication information and encrypted firmware image are received. Segments of the encrypted data can be downloaded and authenticated separately, as long as the relationship between segments is kept unmodified. It is also possible to interrupt the download sequence as long as the authentication status is able to be maintained across the download sequence.
Please refer to FIG. 4. FIG. 4 is a flowchart of a method employed by the firmware security system 10 for securing the firmware distribution according to a second embodiment of the present invention. The differences between this embodiment and the first embodiment are that: the sequence of providing authentication code and performing encryption is transposed, provide authentication code (Step 220) first, and then perform encryption (Step 230); and the step of performing decryption (Step 270) is brought forward and inserted between the step of receiving encrypted data (Step 260) and the step of performing authentication (Step 280). Then, after validation is passed, only store decrypted firmware image (Step 282) in this embodiment.
Please refer to FIGS. 1 and 5. FIG. 5 is a diagram illustrating the second embodiment of the present invention. The differences between the present embodiment and the first embodiment are that both the firmware image and the authentication code CA are protected by an encryption associated with the encryption key K2; the decryption unit 72 firstly decrypts the target encrypted data using K2 during downloading; and then the validation unit 73 verifies the decrypted data does contain the pre-determined code after the target encrypted data is received and decrypted. If the authentication code CA decrypted from the encrypted data matches a predetermined pattern, the concurrently decrypted firmware image is stored and executed in DRAM.
Please refer to FIG. 6. FIG. 6 is a flowchart of a method employed by the firmware security system 10 for securing the firmware distribution according to a third embodiment of the present invention. The method of securing the firmware distribution includes the following steps:
Step 300: Start.
Step 310: Provide Encryption Keys. The encryption key provider 21 is capable of generating an encryption key K1 specified for securing the firmware image for the device 60 and an encryption key K2 specified for securing the distribution of the firmware image for the device 60. Please note that K1 appears here and the following may be different from K2.
Step 315: Perform Layer 1 Encryption. The encryption unit 22 receives the encryption key K1 from the encryption key provider 21, and then encrypts the raw firmware image to generate a first encrypted data utilizing the encryption key K1. In this embodiment, the encryption unit 22 encrypts the raw firmware image for providing a simple protection according to a Data Encryption Standard (DES) encryption.
Step 320: Perform Layer 2 Encryption. The encryption unit 22 receives the encryption key K2 from the encryption key provider 21, and then encrypts the first encrypted data to generate a second encrypted data utilizing the encryption key K2. In this embodiment, the encryption unit 22 encrypts the raw firmware image for providing a stronger protection according to an Advanced Encryption Standard (AES) encryption in a Cipher Block Chaining (CBC) mode.
Step 330: Provide Authentication Code. The authentication code provider 23 provides an authentication code CA used for validating the second encrypted data and adds the authentication code to the second encrypted data. In this embodiment, the authentication code provider 23 inserts a fixed pattern, such as “MediaTek”, into some known location of the before-encryption data as the authentication code CA or performs a predetermined algorithm, such as a digest algorithm or a hash algorithm, to determine the authentication code CA.
Step 340: Provide Decryption Keys. The decryption key provider, implemented by the microprocessor 90 and the storage unit, is capable of providing a decryption key K1 specified for decrypting the first encrypted data and a decryption key K2 specified for decrypting the second encrypted data. In this embodiment, the decryption keys and the corresponding encryption keys are the same. However, for other embodiments of the present invention utilizing other encryption/decryption algorithms, the decryption keys are allowed to be different from the corresponding encryption keys.
Step 350: Download. The second host 50 downloads a target encrypted data from a first host 30 via the Internet, where the target encrypted data is encrypted according to the encryption keys K1 and K2.
Step 360: Receive Encrypted Data. The device 60 of the computer system 40 receives encrypted data from the second host 50 through IDE or other interface, like SATA, and stores the received encrypted data in a volatile memory (e.g., DRAM) for following decryption and authentication operations.
Step 370: Perform Authentication. The validation unit 73 utilizes an authentication code transmitted by the target encrypted data to validate the second encrypted data. If the validation is passed, go to step 380; otherwise, go to step 386.
Step 380: Perform Layer 2 Decryption. The decryption unit 72 decrypts the second encrypted data utilizing the decryption key K2 to obtain the first encrypted data. In this embodiment, the decryption (step 380) can also be performed in parallel with receiving the encrypted data from the second host 50 (step 360).
Step 382: Perform Layer 1 Decryption. The decryption unit 72 decrypts the first encrypted data utilizing the decryption key K1 to obtain the desired firmware image.
Step 384: Store Decrypted Firmware Image. The decryption unit 72 stores the firmware image into a non-volatile memory (e.g. flash memory) or the microprocessor 90 directly loads and executes the firmware image from the volatile memory. Go to step 190.
Step 386: Abandon Received Encrypted Data. The decryption unit 72 abandons the received encrypted data and informs the second host 50 of the validation failure.
Step 390: Finish.
Please refer to FIG. 7. FIG. 7 is a diagram illustrating the third embodiment of the present invention. The firmware image is protected by encryptions associated with the encryption keys K1 and K2, respectively. Then, the authentication code CA is attached to the second encrypted data containing the encrypted firmware image. The target encrypted data is distributed and downloaded. After the target encrypted data is received and decrypted, the validation unit 73 verifies the decrypted data does contain the pre-determined code. Any modification to the encrypted image would result to trashed final output due to the nature of Chained cipher operation. If the authentication code CA transmitted by the encrypted data matches a predetermined pattern, the decryption unit 72 decrypt the target encrypted data using K2 during downloading through IDE/SATA to obtain the first encrypted data. Then, the first encrypted data is stored and executed in DRAM. Please note that the device 60 is not limited to starting the authentication of the second encrypted data after the whole encrypted data containing the authentication information and second encrypted data are received. Segments of the encrypted data can be downloaded and authenticated separately, as long as the relationship between segments is kept unmodified. It is also possible to interrupt the download sequence as long as the authentication status is able to be maintained across the download sequence.
Please refer to FIG. 8. FIG. 8 is a flowchart of a method employed by the firmware security system 10 for securing the firmware distribution according to a fourth embodiment of the present invention. The differences between the fourth embodiment and the third embodiment are that: the sequence of providing authentication code and the sequence of performing layer 2 decryption are changed. In this embodiment the step of providing authentication code (Step 420) is inserted between the step of performing layer 1 encryption (Step 415) and the step of performing layer 2 encryption (Step 430). And the step of performing layer 2 decryption (Step 470) is brought forward and inserted between the step of receiving encrypted data (Step 460) and the step of performing authentication (Step 480). Then when performing authentication, only utilizing the authentication code to validate the first encrypted data rather than validate the second encrypted data in the third embodiment.
Please refer to FIG. 9. FIG. 9 is a diagram illustrating the fourth embodiment of the present invention. Referring to FIG. 7 together, the differences between this embodiment and the third embodiment are that: both the authentication code CA and the first encrypted data, which contains the firmware image protected by an encryption associated with the encryption key K1, are protected by an encryption associated with the encryption key K2 in this embodiment; and do not perform authentication until the target encrypted data is received and decrypted.
Please note that in the above embodiments, DES or AES encryption/decryption is applied. However, the above-mentioned encryption/decryption scheme is only meant to be taken as examples, and is not meant to be limitations of the present invention.
Compared with the related art, an embodiment of the present invention can utilize a fixed pattern (e.g., “MediaTek”) to act as the authentication code. Therefore, no extra computation is required to calculate the authentication code besides decryption of some small amount of data. Other cipher-based Message Authentication Code algorithms (CMACs) also hold similar property. The integrity verification scheme of the present invention is applicable to devices without much computing power. In addition, the present invention adopts multiple protections for securing the firmware image from being leaked out. That is, in addition to a layer 1 encryption given by a simple encryption algorithm, the present invention includes a layer 2 encryption corresponding to a complex encryption algorithm to give a robust protection to distribution of the firmware image. Furthermore, the aforementioned storage unit 80 shown in FIG. 1 stores a plurality of decryption key sets, and a target decryption key set for a specific product is adjustable even after the chip is manufactured. Assume that the microprocessor 90, the storage unit 80, and the decryption apparatus 70 are integrated in a single chip. The same chips can be applied to products of different manufacturers. However, because the target decryption keys set to these products could be chosen by manufacturers, products of different manufacturers do not share the same secret key set anymore. The related art secret key leakage problem is solved accordingly.
Those skilled in the art will readily observe that numerous modifications and alterations of the device and method may be made while retaining the teachings of the invention. Accordingly, the above disclosure should be construed as limited only by the metes and bounds of the appended claims.