The application field of CPS is as safe and sensitive as food hygiene in Otawa, and the technology and products of CPS need to undergo strict safety supervision and certification by the government.
CPS technology and products must become highly reliable and behavior-determined products, which requires a reliable and certain embedded system.
Embedded system not only provides convenience and brings value-added benefits, but also opens the system to the outside world, thus increasing the risk of external attacks.
These risks are real and growing day by day, and enterprises urgently need countermeasures to prevent the loss of intellectual property rights and malicious code tampering.
What is the security protection of embedded system? From the perspective of embedded system security protection, it can be divided into integrity protection, confidentiality protection and identifiability protection.
What is integrity protection? "Integrity protection" includes various security measures, that is, protecting information such as system resources, program codes and data contents, and preventing illegal tampering and unauthorized identity.
Ensure the integrity of data, even if it is not fully realized, ensure that the whole system enters a safe mode and stops performing any functions.
The best integrity protection solution is based on encryption technology, such as digital signature, message authentication and other related security mechanisms.
What is confidentiality protection? "Security protection" refers to the establishment of an integral encryption system to protect the code security and data privacy of embedded systems.
Prevent the whole machine or equipment from being illegally forged, and protect the proprietary algorithms or methods independently developed by enterprises by preventing reverse engineering; Through data protection, production data can be guaranteed not to be illegally tampered with and production safety can be guaranteed.
What is authentication protection? "Identity authentication protection" should build a complete trust system to ensure the integrity of all behaviors, sources and data.
Before interacting with the secure embedded system, users must verify their identity through the authentication process.
Authentication schemes can include various combinations of passwords, physiological features (such as fingerprints) or security settings (such as smart cards or keys).
CodeMeter is an encryption solution developed by Weibu Company in Germany. It adopts powerful encryption algorithm and safe embedded hardware components (smart card security chip), which can be used for integrity protection, software copyright protection, data protection and identity authentication protection.
Let's take a look at the integrity encryption process: using AxProtector encryption tool, the original unencrypted program needs to be designed and encrypted according to the following steps: 1.
Calculating the hash value in the original program; 2
The developer's private key is used to sign the hash value; three
Encrypt the original program by using the key generated by the seed code of the original program, the developer's private key and other public parameters; four
Loads the public key portion of the certificate used to encrypt software signatures.
CodeMeter integrity check process: the check includes the following steps: when the program is loaded, follow the following steps.
Load applications that execute at the same time.
At this time, we need to use the system integration tool-AXEngine, the encryption and decryption engine of Weibu information system.
1
If the currently valid license is verified, the encrypted software is decrypted 2.
The public root key verifies the certificate in the authorization process and certificate chain 3.
A hash value of the decrypted original software 4 is calculated.
Verifying hash signature with public key
The software copyright and data encryption scheme of CodeMeter embedded system is based on CodeMeter technology, and the following functions can be fully realized automatically without any code development: 1.
Encrypt program code to prevent static code analysis and reverse engineering II.
Signature program code, including application and operating system image 3.
Store the private key for decryption 4
Store the vendor's signature private key 5
Signature and hash verification during system loading and operation are used for anti-counterfeiting 6.
The advanced ECC and RSA asymmetric algorithm are used to realize the code table product with identity authentication function, and the security key is stored and managed based on the large-capacity secure smart card chip.
Provide effective protection measures for embedded systems to avoid malicious attacks and protect sensitive data and keys.
CodeMeter hardware products can provide USB, CF card, SD card, TF card and other industrial interface forms to meet different industrial applications.
CodeMeter soft authorization products can adopt the way of binding hardware fingerprints of hardware devices, which provides more choices for encryption and authorization of embedded systems.
CodeMeter supports operating systems such as Windows, MacOSX, Linux and Unix, and PLCs such as WindowsEmbedded, Linux, VxWorks and CODESYS.
CodeMeter software protection solution uses advanced symmetric and asymmetric encryption algorithms (AES, RSA, ECC), hash function (SHA-256), elliptic curve digital signature scheme (ECDSA) and random number generator.
CodeMeter relies on the above encryption method to prevent piracy, reverse engineering and illegal invasion, and effectively protect professional intellectual property rights from infringement; But also can effectively prevent code tampering and illegal identity login, and ensure the safe startup and operation of embedded operating systems and applications.