【摘要】：隨著工藝技術(shù)的發(fā)展,一個芯片上可以集成的知識產(chǎn)權(quán)核的數(shù)目變得越來越多,基于傳統(tǒng)的共享總線的片上系統(tǒng)在知識產(chǎn)權(quán)核的數(shù)目變多之后核間的通信效率變得低下。在芯片集成度不斷增加的趨勢下,片上系統(tǒng)的集成也面臨著一些顯著的挑戰(zhàn)。由于基于包交換的片上互聯(lián)網(wǎng)絡(luò)具有可靠性好、伸縮性好以及核間通信效率高等優(yōu)點成為替代全局互連線的解決方案。但是,片上網(wǎng)絡(luò)也存在安全挑戰(zhàn)如拒絕服務(wù),對關(guān)鍵信息的提取與篡改。片上網(wǎng)絡(luò)的潛在的安全威脅以及相應(yīng)的解決措施并沒有得到應(yīng)有地關(guān)注。 本論文主要集中研究基于片上網(wǎng)絡(luò)架構(gòu)的安全存儲系統(tǒng),目的是解決片上網(wǎng)絡(luò)領(lǐng)域的安全威脅并保證敏感數(shù)據(jù)保密性與完整性。該解決方案的最大優(yōu)點是能夠以較小的硬件開銷保證安全。為了保證敏感數(shù)據(jù)的保密性與完整性,本文在精簡指令集處理器(RISC)中集成了能夠支持高級加密標準(AES)以及SHA-3候選算法Grostl的協(xié)處理器來加速算法的運算。通過支持數(shù)據(jù)包交換與電路交換相結(jié)合的交換技術(shù)來預(yù)防拒絕服務(wù)攻擊里的帶寬攻擊。網(wǎng)絡(luò)接口是處理單元,存儲器與片上網(wǎng)絡(luò)交換數(shù)據(jù)包的關(guān)鍵模塊,為了解決基于片上網(wǎng)絡(luò)系統(tǒng)處理單元訪問內(nèi)存或內(nèi)存映射外圍器件的安全性問題,本文在網(wǎng)絡(luò)接口中集成了數(shù)據(jù)保護控制器執(zhí)行訪問權(quán)限控制規(guī)則用來確定發(fā)起數(shù)據(jù)傳輸請求的處理單元是否具有訪問特定地址的共享數(shù)據(jù)的權(quán)限。對于安全級別要求較高的應(yīng)用,采用RSA算法進行身份認證,保證具有管理權(quán)限的處理單元才能夠完成對訪問權(quán)限的配置。 為了驗證本論文提出的解決方案,支持AES與Grostl運算的協(xié)處理器已經(jīng)集成到了嵌入式系統(tǒng)SoC中,并使用SMIC0.13um CMOS工藝進行流片。為了驗證集成了協(xié)處理器的NoC平臺以及關(guān)鍵模塊的功能,采用FPGA進行驗證,并采用了synopsys公司的Design Compiler進行邏輯綜合。綜合結(jié)果表明,具有32KB高速數(shù)據(jù)緩存,16KB私有指令存儲器,在精簡指令指中集成了協(xié)處理器的網(wǎng)絡(luò)節(jié)點的面積為525.2K等效與非門,協(xié)處理器的硬件開銷占節(jié)點面積的3.9%,安全網(wǎng)絡(luò)接口的硬件開銷占1.1%,所需的硬件開銷較小。對AES-128,Grostl-256算法的性能分別能夠達到365Mbps,205.3Mbps,所設(shè)計的協(xié)處理器和安全網(wǎng)絡(luò)接口達到了預(yù)期的指標,能夠應(yīng)用到基于片上網(wǎng)絡(luò)架構(gòu)的系統(tǒng)中。
[Abstract]:With the development of process technology, the number of IP cores that can be integrated on a chip becomes more and more, and the communication efficiency between IP cores becomes low when the number of IP cores increases in the on-chip system based on traditional shared bus. With the increasing of chip integration, on-chip system integration is also facing some significant challenges. Due to the advantages of high reliability, scalability and high efficiency of inter-core communication, packet switching based on-chip Internet becomes a solution to replace the global interconnection. However, there are also security challenges such as denial of service, extraction and tampering of critical information. The potential security threats and corresponding solutions of the on-chip network have not received due attention. This thesis focuses on the research of secure storage system based on on-chip network architecture. The purpose of this paper is to solve the security threat in the field of on-chip network and to ensure the confidentiality and integrity of sensitive data. The biggest advantage of this solution is that it can guarantee security with less hardware overhead. In order to ensure the confidentiality and integrity of sensitive data, a coprocessor, which can support the advanced encryption standard (AES) and the SHA-3 candidate algorithm Grostl, is integrated in the RISC (RISC) to accelerate the computation of the algorithm. Bandwidth attacks in denial-of-service attacks are prevented by supporting switching techniques that combine packet switching and circuit switching. The network interface is the processing unit, the key module of the memory and the on-chip network exchange data packet. In order to solve the security problem of accessing the memory or memory mapping peripheral device based on the on-chip network system processing unit, In this paper, the data protection controller is integrated into the network interface to implement access control rules to determine whether the processing unit that initiated the data transmission request has the right to access shared data at a specific address. For the application with high security level, RSA algorithm is used to authenticate the identity, which ensures that the processing unit with administrative authority can complete the configuration of access rights. In order to verify the solution proposed in this paper, the coprocessor which supports AES and Grostl operations has been integrated into embedded system SoC, and the SMIC0.13um CMOS process is used for streaming. In order to verify and integrate the functions of the NoC platform and the key modules of the coprocessor, FPGA is used to verify and the Design Compiler of synopsys Company is used for logic synthesis. The results show that the area of network nodes with 32KB cache and 16KB private instruction memory integrated with coprocessor is 525.2k equivalent and non-gate. The hardware cost of the coprocessor is 3.9% of the node area, the hardware cost of the secure network interface is 1.1%, and the hardware cost of the security network interface is small. The performance of the AES-128,Grostl-256 algorithm can reach 365 Mbpss205.3 Mbpss respectively. The designed coprocessor and secure network interface reach the expected target and can be applied to the system based on the on-chip network architecture.
【學(xué)位授予單位】：復(fù)旦大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2012
【分類號】：TP333

【共引文獻】

相關(guān)期刊論文 前2條

1 張媛媛;孫光;蘇厲;金德鵬;曾烈光;;片上網(wǎng)絡(luò)中低延時可擴展的路由器結(jié)構(gòu)設(shè)計[J];傳感器與微系統(tǒng);2012年08期

2 姚放吾;李曉輝;;基于二維torus片上網(wǎng)絡(luò)的間隙式流量控制及路由算法的研究[J];微電子學(xué)與計算機;2010年10期

相關(guān)會議論文 前2條

1 葛寶珊;劉鋒;李旭杰;;積木式多DSP并行處理系統(tǒng)路由算法研究[A];現(xiàn)代振動與噪聲技術(shù)（第九卷）[C];2011年

2 葛寶珊;劉峰;李旭杰;;積木式多DSP并行處理系統(tǒng)路由算法研究[A];全國第五屆信號和智能信息處理與應(yīng)用學(xué)術(shù)會議�？�(第一冊)[C];2011年

相關(guān)博士學(xué)位論文 前3條

1 張勇;嵌入式系統(tǒng)中互連網(wǎng)絡(luò)流量控制及優(yōu)化[D];北京郵電大學(xué);2011年

2 董強;幾類規(guī)則互連網(wǎng)絡(luò)的嵌入與容錯嵌入研究[D];重慶大學(xué);2010年

3 于t，

本文編號：2253300