[go: up one dir, main page]

CN107180206B - Solid state disk safety control method and device based on CDMA - Google Patents

Solid state disk safety control method and device based on CDMA Download PDF

Info

Publication number
CN107180206B
CN107180206B CN201610140250.4A CN201610140250A CN107180206B CN 107180206 B CN107180206 B CN 107180206B CN 201610140250 A CN201610140250 A CN 201610140250A CN 107180206 B CN107180206 B CN 107180206B
Authority
CN
China
Prior art keywords
security control
cdma
solid state
state disk
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610140250.4A
Other languages
Chinese (zh)
Other versions
CN107180206A (en
Inventor
徐心毅
刘科科
敖乃翔
郭静
焦栋
王辰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electronics Technology Group Corp CETC
Original Assignee
China Electronics Technology Group Corp CETC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electronics Technology Group Corp CETC filed Critical China Electronics Technology Group Corp CETC
Priority to CN201610140250.4A priority Critical patent/CN107180206B/en
Publication of CN107180206A publication Critical patent/CN107180206A/en
Application granted granted Critical
Publication of CN107180206B publication Critical patent/CN107180206B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提出了一种基于CDMA的固态硬盘安全控制方法及装置,该方法包括:对固态硬盘存储阵列分配第一安全控制编码伪随机序列;通过所述第一安全控制编码伪随机序列对观测时间窗口内的用户安全控制字节进行扩频编码;通过计算机网络信道将观测时间窗口内的用户安全控制字节的扩频编码发送到固态硬盘系统的CDMA安全控制模块;对所述CDMA安全控制模块接收到的数据流依次进行解扩处理和积分处理;对经过积分处理后的输出信号进行安全判决,以判断是否执行固态硬盘读写操作。本发明可以有效减小计算复杂度和降低电路设计成本,克服了固态硬盘数据不易被擦除及数据碎片可能被非法用户读取的安全隐患,从而增强了固态硬盘系统安全性。

The present invention provides a CDMA-based solid-state hard disk security control method and device. The method includes: assigning a first security control code pseudo-random sequence to a solid-state hard disk storage array; Perform spread spectrum coding on the user security control bytes in the window; send the spread spectrum coding of the user security control bytes in the observation time window to the CDMA security control module of the solid-state hard disk system through a computer network channel; The received data stream is subjected to despreading processing and integration processing in sequence; the output signal after integration processing is subjected to security judgment to determine whether to perform the read and write operation of the solid-state hard disk. The invention can effectively reduce the computational complexity and circuit design cost, overcome the security risks that the solid-state hard disk data is not easy to be erased and data fragments may be read by illegal users, thereby enhancing the solid-state hard disk system security.

Description

一种基于CDMA的固态硬盘安全控制方法及装置A CDMA-based solid-state hard disk security control method and device

技术领域technical field

本发明涉及网络信息安全技术领域,尤其涉及一种基于CDMA(Code DivisionMultiple Access,码分多址)的固态硬盘安全控制方法及装置。The present invention relates to the technical field of network information security, and in particular, to a method and device for security control of a solid-state hard disk based on CDMA (Code Division Multiple Access, code division multiple access).

背景技术Background technique

伴随着网络化与信息化的发展,网络空间的竞争愈演愈烈,发达国家均已开展网络靶场建设,以支撑网络空间安全技术演示验证、网络装备研制试验、大规模网络复现、网络风险评估以及攻防对抗训练。目前,国际先进水平的网络靶场能够同时支持20个大规模独立网络试验,因此对已完成的试验任务资源进行有效释放,试验结束后对非易失性存储数据进行擦除,确保重要试验数据的不被非法获得,是实现网络靶场各项功能的重要保障。With the development of networking and informatization, the competition in cyberspace has intensified, and developed countries have carried out the construction of cyber ranges to support cyberspace security technology demonstration and verification, network equipment development and testing, large-scale network reproduction, cyber risk assessment, and attack and defense. Adversarial training. At present, the internationally advanced network range can support 20 large-scale independent network tests at the same time, so the resources of the completed test tasks are effectively released, and the non-volatile storage data is erased after the test to ensure the important test data. Not being illegally obtained is an important guarantee for realizing various functions of the network shooting range.

非易失性存储资源如固态硬盘,因其具有大容量、高速度、低能耗、低成本等特点,越来越多的被企业级、军方等高端用户采用。固态硬盘主要采用NAND Flash(NotAndFlash,存储型快闪记忆体)芯片为存储介质,尽管存储型快闪记忆体为介质的固态盘有诸多优势,但也存在一些制约瓶颈,一方面,读写操作的单位是按页进行的,擦除操作的最小单位是块,擦除的单位块要大于页,这导致更新块的一部分内容需要擦除整个块,使得更新写的效率低下、同时增加了擦除操作的次数。另一方面,固态硬盘有限的擦除次数,一旦超过擦除门限,存储型快闪记忆体存储单元将损坏。更为重要的是删除数据时,只是删除逻辑块地址,而实际物理页却依然保留,这使得固态硬盘中的数据很难安全清除。同时固态硬盘并不由磁性媒介组成,数据删除时,逻辑地址和实际物理页不匹配,导致ATA(AdvancedTechnology Attachment,硬盘接口)或SCSI(Small Computer System Interface,小型计算机系统接口)的驱动器扫描出错,易产生数据碎片。Non-volatile storage resources, such as solid-state drives, are increasingly used by high-end users such as enterprises and the military because of their large capacity, high speed, low energy consumption, and low cost. Solid-state drives mainly use NAND Flash (NotAndFlash, storage-type flash memory) chips as storage media. Although storage-type flash memory-based solid-state disks have many advantages, there are also some bottlenecks. On the one hand, read and write operations The unit is performed by page, the minimum unit of the erase operation is block, and the unit block to be erased is larger than the page, which leads to the need to erase the entire block to update part of the content of the block, which makes the update and write inefficient and increases the erasure number of operations. On the other hand, solid-state drives have a limited number of erasures, and once the erasure threshold is exceeded, the storage-type flash memory storage units will be damaged. More importantly, when deleting data, only the logical block address is deleted, while the actual physical page remains, which makes it difficult to safely delete the data in the SSD. At the same time, the solid-state drive is not composed of magnetic media. When data is deleted, the logical address does not match the actual physical page, resulting in an ATA (Advanced Technology Attachment, hard disk interface) or SCSI (Small Computer System Interface, small computer system interface) drive scan error, easy to Generate data fragmentation.

发明内容SUMMARY OF THE INVENTION

本发明要解决的技术问题是,提供一种基于CDMA的固态硬盘安全控制方法及装置,以克服固态硬盘数据不易擦除、易产生数据碎片等特点带来的安全隐患,同时又能够减少对固态硬盘的写操作和擦除操作。The technical problem to be solved by the present invention is to provide a CDMA-based solid-state hard disk security control method and device, so as to overcome the potential safety hazards brought about by the characteristics of the solid-state hard disk being difficult to erase and prone to data fragmentation, etc. Hard disk write and erase operations.

本发明采用的技术方案是,所述基于CDMA的固态硬盘安全控制方法,包括:The technical solution adopted in the present invention is that the CDMA-based solid-state hard disk security control method includes:

步骤一,对固态硬盘存储阵列分配第一安全控制编码伪随机序列;Step 1: Allocate the first security control code pseudo-random sequence to the solid-state hard disk storage array;

步骤二,通过所述第一安全控制编码伪随机序列对观测时间窗口内的用户安全控制字节进行扩频编码;Step 2, performing spread spectrum coding on the user security control bytes in the observation time window through the first security control coding pseudo-random sequence;

步骤三,通过计算机网络信道将观测时间窗口内的用户安全控制字节的扩频编码发送到固态硬盘系统的CDMA安全控制模块;Step 3, send the spread spectrum code of the user safety control byte in the observation time window to the CDMA safety control module of the solid-state hard disk system through the computer network channel;

步骤四,对所述CDMA安全控制模块接收到的数据流依次进行解扩处理和积分处理;Step 4, sequentially perform despreading processing and integral processing on the data stream received by the CDMA security control module;

步骤五,对经过积分处理后的输出信号进行安全判决,以判断是否执行固态硬盘读写操作。Step 5: Make a safety judgment on the output signal after the integral processing, so as to judge whether to perform the read/write operation of the solid-state hard disk.

进一步的,所述步骤一包括:通过m序列或Gold序列对固态硬盘存储阵列分配所述第一安全控制编码伪随机序列。Further, the first step includes: assigning the first security control code pseudo-random sequence to the solid-state disk storage array by using an m sequence or a Gold sequence.

进一步的,在步骤二中,所述的扩频编码由所述用户安全控制字节对所述第一安全控制编码伪随机序列进行调制获得。Further, in step 2, the spread spectrum code is obtained by modulating the pseudo-random sequence of the first security control code by the user security control byte.

进一步的,在步骤四中,所述固态硬盘系统的CDMA安全控制模块接收到的数据流中包括安全控制字节扩频编码和计算机网络信道的高斯白噪声;Further, in step 4, the data stream received by the CDMA security control module of the solid-state hard disk system includes the security control byte spread spectrum coding and the white Gaussian noise of the computer network channel;

所述解扩处理是通过第二安全控制编码伪随机序列与所述CDMA安全控制模块接收到的数据流相乘,获得解扩后的数据流;The despreading process is to multiply the data stream received by the CDMA security control module through the second security control code pseudo-random sequence to obtain the despread data stream;

所述第二安全控制编码伪随机序列与发送端安全控制编码序列完全相同并且准确同步。The second security control coding pseudo-random sequence is exactly the same as the transmitting end security control coding sequence and is precisely synchronized.

进一步的,步骤五,具体包括:Further, step 5 specifically includes:

若所述输出信号与安全控制字节一致,则执行用户请求的固态硬盘读写操作;If the output signal is consistent with the security control byte, execute the solid-state hard disk read and write operation requested by the user;

若所述输出信号与安全控制字节不一致,则不执行用户请求的固态硬盘读写操作,同时触发报警信号。If the output signal is inconsistent with the security control byte, the user-requested read/write operation of the solid-state hard disk is not performed, and an alarm signal is triggered at the same time.

本发明还提供一种基于CDMA的固态硬盘安全控制装置,包括:The present invention also provides a CDMA-based solid-state hard disk security control device, comprising:

分配模块,用于对固态硬盘存储阵列分配第一安全控制编码伪随机序列;an allocation module, used for allocating the first security control code pseudo-random sequence to the solid-state hard disk storage array;

扩频模块,用于通过所述第一安全控制编码伪随机序列对观测时间窗口内的用户安全控制字节进行扩频,得到扩频编码;a spread spectrum module, configured to spread the user security control bytes in the observation time window by using the first security control code pseudo-random sequence to obtain a spread spectrum code;

传输模块,用于将所述扩频编码发送到固态硬盘系统的CDMA安全控制模块;a transmission module for sending the spread spectrum code to the CDMA security control module of the solid-state hard disk system;

CDMA安全控制模块,用于对所述CDMA安全控制模块接收到的数据流依次进行解扩处理和积分处理,对经过积分处理后的输出信号进行安全判决,以判断是否执行固态硬盘读写操作。The CDMA security control module is used to sequentially perform despreading and integration processing on the data stream received by the CDMA security control module, and make a security judgment on the output signal after integration processing, so as to determine whether to perform the solid-state hard disk read and write operations.

进一步的,所述固态硬盘系统CDMA安全控制模块包括:Further, the CDMA security control module of the SSD system includes:

解扩模块,用于对固态硬盘系统CDMA安全控制模块接收到的数据流进行解扩处理;The despreading module is used to despread the data stream received by the CDMA security control module of the solid-state hard disk system;

积分模块,用于对解扩后的数据流进行积分处理;The integration module is used to integrate the despread data stream;

判断模块,用于对积分模块的输出信号进行安全判决,以判断是否执行固态硬盘的读/写操作。The judgment module is used to make a safety judgment on the output signal of the integration module, so as to judge whether to execute the read/write operation of the solid-state hard disk.

进一步的,所述解扩模块,具体用于:通过第二安全控制编码伪随机序列与所述CDMA安全控制模块接收端接收到的数据流相乘,获得解扩后的数据流;Further, the despreading module is specifically configured to: multiply the data stream received by the receiving end of the CDMA security control module by multiplying the second security control code pseudorandom sequence to obtain the despread data stream;

所述第二安全控制编码伪随机序列与发送端安全控制编码序列完全相同并且准确同步。The second security control coding pseudo-random sequence is exactly the same as the transmitting end security control coding sequence and is precisely synchronized.

进一步的,所述判断模块,用于当积分模块输出信号与所述用户安全控制字节一致时,执行固态硬盘读写操作;Further, the judging module is configured to perform a solid-state hard disk read and write operation when the output signal of the integration module is consistent with the user safety control byte;

当积分模块的输出信号与所述用户安全控制字节不一致时,不执行固态硬盘读写操作,同时触发报警信号。When the output signal of the integration module is inconsistent with the user security control byte, the solid-state hard disk read and write operations are not performed, and an alarm signal is triggered at the same time.

采用上述技术方案,本发明至少具有下列优点:Adopting the above-mentioned technical scheme, the present invention has at least the following advantages:

本发明所述基于CDMA的固态硬盘安全控制方法通过在固态硬盘系统中设计了固态硬盘系统CDMA安全控制模块,为固态硬盘中的各个存储芯片设置一个安全控制信号,确保只有访问用户的验证字节被正确解码后,才可以对固态硬盘进行读写操作。可以有效减小计算复杂度和降低电路设计成本,克服了固态硬盘数据不易被擦除及数据碎片可能被非法用户读取的安全隐患,从而增强了固态硬盘系统安全性。The CDMA-based solid-state hard disk security control method of the present invention designs a solid-state hard disk system CDMA security control module in the solid-state hard disk system, and sets a security control signal for each memory chip in the solid-state hard disk to ensure that only the verification bytes of the access user are accessed. After being decoded correctly, the SSD can be read and written. It can effectively reduce the computational complexity and circuit design cost, overcome the security risks that the solid-state hard disk data is not easy to be erased and data fragments may be read by illegal users, thereby enhancing the security of the solid-state hard disk system.

附图说明Description of drawings

图1为本发明第一实施例的基于CDMA的固态硬盘安全控制方法流程图;FIG. 1 is a flowchart of a CDMA-based solid-state hard disk security control method according to the first embodiment of the present invention;

图2为本发明第二实施例的基于CDMA的固态硬盘安全控制装置组成结构示意图;FIG. 2 is a schematic structural diagram of the composition of a CDMA-based solid-state hard disk security control device according to a second embodiment of the present invention;

图3为本发明第三实施例基于CDMA的固态硬盘安全控制具体流程示意图。FIG. 3 is a schematic diagram of a specific flow of the CDMA-based solid-state hard disk security control according to the third embodiment of the present invention.

具体实施方式Detailed ways

为更进一步阐述本发明为达成预定目的所采取的技术手段及功效,以下结合附图及较佳实施例,对本发明进行详细说明如后。In order to further illustrate the technical means and effects adopted by the present invention to achieve the predetermined purpose, the present invention will be described in detail below with reference to the accompanying drawings and preferred embodiments.

本发明第一实施例,一种基于CDMA的固态硬盘安全控制方法,如图1所示,包括以下具体步骤:The first embodiment of the present invention, a CDMA-based solid-state hard disk security control method, as shown in FIG. 1 , includes the following specific steps:

步骤S101,对固态硬盘存储阵列分配第一安全控制编码伪随机序列。Step S101 , assigning a first security control code pseudo-random sequence to the solid-state disk storage array.

具体的,步骤S101包括:通过m序列或Gold序列对固态硬盘存储阵列生成第一安全控制编码伪随机序列PN;m序列是指最长线性移位寄存器序列。Specifically, step S101 includes: generating a first security control code pseudo-random sequence PN for the solid-state hard disk storage array through an m sequence or a Gold sequence; the m sequence refers to the longest linear shift register sequence.

步骤S102,对观测时间窗口T内的用户安全控制字节进行扩频编码。Step S102, spread spectrum coding is performed on the user security control bytes in the observation time window T.

具体的,步骤S102包括:对观测时间窗口T内请求访问固态硬盘NAND FLASH芯片的请求指令中的安全控制字节b(t)进行扩频编码,生成扩频编码C(t);Specifically, step S102 includes: performing spread-spectrum coding on the security control byte b(t) in the request instruction for requesting access to the NAND FLASH chip of the solid-state hard disk within the observation time window T, to generate the spread-spectrum code C(t);

C(t)=b(t)×PN;C(t)=b(t)×PN;

时间变量t∈(0,T)。Time variable t∈(0, T).

步骤S103,通过计算机网络信道将观测时间窗口T内的安全控制字节扩频编码发送到固态硬盘系统CDMA安全控制模块。In step S103, the spread spectrum code of the security control byte in the observation time window T is sent to the CDMA security control module of the solid-state hard disk system through the computer network channel.

具体的,步骤S103包括:通过计算机网络信道将观测时间窗口T内安全控制字节扩频编码C(t)发送至固态硬盘系统CDMA安全控制模块,固态硬盘系统CDMA安全控制模块接收到的数据流为Y(t);Specifically, step S103 includes: sending the security control byte spread spectrum code C(t) in the observation time window T to the CDMA security control module of the solid-state hard disk system through a computer network channel, and the data stream received by the CDMA security control module of the solid-state hard disk system is Y(t);

Y(t)=C(t)+n(t);Y(t)=C(t)+n(t);

其中,n(t)为计算机网络信道的高斯白噪声。Among them, n(t) is the Gaussian white noise of the computer network channel.

步骤S104,对固态硬盘系统CDMA安全控制模块接收到的数据流进行解扩处理。Step S104, performing despreading processing on the data stream received by the CDMA security control module of the solid-state hard disk system.

具体的,步骤S104包括,通过第二安全控制编码伪随机序列PN’对固态硬盘系统CDMA安全控制模块接收到的数据流Y(t)进行解扩,获得解扩后的信号V(t);Specifically, step S104 includes, despreading the data stream Y(t) received by the CDMA security control module of the solid-state hard disk system through the second security control code pseudo-random sequence PN', to obtain the despread signal V(t);

V(t)=Y(t)×PN’;V(t)=Y(t)×PN';

第二安全控制编码PN’序列与第一安全控制编码PN序列完全相同;The second safety control code PN' sequence is exactly the same as the first safety control code PN sequence;

第二安全控制编码PN’序列与第一安全控制编码PN序列准确同步。The second security control code PN' sequence is exactly synchronized with the first security control code PN sequence.

步骤S105,对解扩后的信号进行积分处理。Step S105, performing integration processing on the despread signal.

具体的,步骤S105包括,对解扩后的信号V(t)进行积分处理得到输出信号b’(t)。Specifically, step S105 includes integrating the despread signal V(t) to obtain an output signal b'(t).

步骤S106,对积分器输出信号进行安全判决,以判断是否执行固态硬盘读写操作。In step S106, a safety judgment is performed on the output signal of the integrator to determine whether to perform a read and write operation of the solid state disk.

若积分器输出信号b’(t)与安全控制字节b(t)一致,则执行用户请求的固态硬盘读写操作;If the output signal b'(t) of the integrator is consistent with the security control byte b(t), the user-requested read and write operation of the SSD is executed;

若积分器输出信号b’(t)与安全控制字节b(t)不一致,则不执行用户请求的固态硬盘读写操作,同时触发报警信号。If the output signal b'(t) of the integrator is inconsistent with the security control byte b(t), the user-requested read/write operation of the SSD will not be performed, and an alarm signal will be triggered at the same time.

本发明第二实施例,与第一实施例对应,本实施例介绍一种基于CDMA的固态硬盘安全控制装置,如图2所示,包括以下组成部分:The second embodiment of the present invention, corresponding to the first embodiment, introduces a CDMA-based solid-state hard disk security control device, as shown in FIG. 2 , which includes the following components:

1)分配模块100,用于对固态硬盘存储阵列分配第一安全控制编码伪随机序列。1) The allocation module 100 is configured to allocate the first security control code pseudo-random sequence to the solid state disk storage array.

具体的,分配模块100通过m序列或Gold序列对固态硬盘存储阵列生成第一安全控制编码伪随机序列PN。Specifically, the allocation module 100 generates the first security control code pseudo-random sequence PN for the solid-state disk storage array through the m sequence or the Gold sequence.

2)扩频模块200,用于对观测时间窗口T内对请求访问固态硬盘NAND FLASH芯片的安全控制字节进行扩频处理,生成扩频编码;2) a spread spectrum module 200, for performing spread spectrum processing on the security control bytes requesting access to the solid-state hard disk NAND FLASH chip within the observation time window T, to generate a spread spectrum code;

具体的,扩频模块200对观测时间窗口T内对请求访问固态硬盘NAND FLASH芯片的安全控制字节b(t)进行扩频处理,生成扩频编码C(t);Specifically, the spread spectrum module 200 performs spread spectrum processing on the security control byte b(t) requesting access to the NAND FLASH chip of the solid-state disk within the observation time window T, and generates a spread spectrum code C(t);

C(t)=b(t)×PN。C(t)=b(t)×PN.

3)传输模块300,用于通过计算机网络信道将观测时间窗口T内的安全控制字节扩频编码发送到固态硬盘系统CDMA安全控制模块400。3) The transmission module 300 is configured to send the spread spectrum code of the security control bytes in the observation time window T to the CDMA security control module 400 of the solid-state hard disk system through a computer network channel.

具体的,传输模块300通过计算机网络信道将观测时间窗口T内安全控制字节扩频编码C(t)发送至固态硬盘系统CDMA安全控制模块400,固态硬盘系统CDMA安全控制模块400接收到的数据流为Y(t);Specifically, the transmission module 300 sends the security control byte spread spectrum code C(t) within the observation time window T to the CDMA security control module 400 of the solid-state hard disk system through the computer network channel, and the data received by the CDMA security control module 400 of the solid-state hard disk system stream is Y(t);

Y(t)=C(t)+n(t);Y(t)=C(t)+n(t);

其中,n(t)为计算机网络信道的高斯白噪声。Among them, n(t) is the Gaussian white noise of the computer network channel.

4)CDMA安全控制模块400由解扩模块401、积分模块402与判断模块403三部分组成。4) The CDMA security control module 400 is composed of three parts: a despreading module 401 , an integrating module 402 and a judging module 403 .

具体的,CDMA安全控制模块400,用于对接收到的数据流Y(t)进行信号处理,并对处理后的信号b’(t)进行安全判决,以判断是否执行固态硬盘读写操作。Specifically, the CDMA security control module 400 is configured to perform signal processing on the received data stream Y(t), and perform security judgment on the processed signal b'(t) to determine whether to perform a solid-state hard disk read and write operation.

A.解扩模块401,用于对固态硬盘系统CDMA安全控制模块400接收到的数据流进行解扩处理;A. The despreading module 401 is used to despread the data stream received by the CDMA security control module 400 of the solid state disk system;

具体的,解扩模块401通过第二安全控制编码伪随机序列PN’对固态硬盘系统接收端接收到的数据流Y(t)进行解扩,获得解扩后的信号V(t);Specifically, the despreading module 401 despreads the data stream Y(t) received by the receiving end of the solid-state hard disk system through the second security control code pseudo-random sequence PN', and obtains the despread signal V(t);

V(t)=Y(t)×PN’;V(t)=Y(t)×PN';

第二安全控制编码PN’序列与第一安全控制编码PN序列完全相同;The second safety control code PN' sequence is exactly the same as the first safety control code PN sequence;

第二安全控制编码PN’序列与第一安全控制编码PN序列准确同步。The second security control code PN' sequence is exactly synchronized with the first security control code PN sequence.

B.积分模块402,用于对解扩后的信号进行积分处理。B. The integration module 402 is configured to perform integration processing on the despread signal.

具体的,数据流积分模块402对解扩后的数据流V(t)进行积分处理得到输出信号b’(t)。Specifically, the data stream integration module 402 performs integration processing on the despread data stream V(t) to obtain the output signal b'(t).

C.判断模块403,用于对积分器输出信号进行安全判决,以判断是否执行读写操作。C. The judging module 403 is used to make a safety judgment on the output signal of the integrator to judge whether to perform a read-write operation.

具体的,判断模块403将积分器输出信号b’(t)与安全控制字节b(t)进行比较判决;Specifically, the judgment module 403 compares the output signal b'(t) of the integrator with the safety control byte b(t) for judgment;

若积分器输出信号b’(t)与安全控制字节b(t)一致,则执行用户请求的固态硬盘读写操作;If the output signal b'(t) of the integrator is consistent with the security control byte b(t), the user-requested read and write operation of the SSD is executed;

若积分器输出信号b’(t)与安全控制字节b(t)不一致,则不执行用户请求的固态硬盘读写操作,并触发报警信号。If the output signal b'(t) of the integrator is inconsistent with the security control byte b(t), the user-requested read/write operation of the SSD will not be performed, and an alarm signal will be triggered.

本发明第三实施例,本实施例是在上述实施例的基础上,以基于CDMA的固态硬盘安全控制方法为例,结合附图3介绍一个本发明的应用实例。The third embodiment of the present invention, on the basis of the above-mentioned embodiments, takes a CDMA-based solid-state hard disk security control method as an example, and introduces an application example of the present invention with reference to FIG. 3 .

步骤一,对固态硬盘存储阵列分配第一安全控制编码伪随机序列。Step 1: Allocate the first security control code pseudo-random sequence to the solid-state disk storage array.

具体的,步骤一包括:通过m序列或Gold序列对固态硬盘存储阵列生成第一安全控制编码伪随机序列PNiSpecifically, the first step includes: generating a first security control code pseudo-random sequence PN i for the solid-state hard disk storage array by using the m sequence or the Gold sequence;

以m序列为例,对于有m个NAND FLASH芯片的固态硬盘系统,设置一个r级m序列,其中,2r-1>m;该r级m序列中包含2r-1个伪随机码,从该r级m序列中的2r-1个伪随机码中任意选取m个伪随机码作为固态硬盘存储阵列的第一安全控制编码伪随机序列PNiTaking the m sequence as an example, for a solid-state hard disk system with m NAND FLASH chips, set an r-level m-sequence, where 2 r -1>m; the r-level m sequence contains 2 r -1 pseudo-random codes, M pseudo-random codes are arbitrarily selected from the 2 r -1 pseudo-random codes in the r-level m sequence as the first security control code pseudo-random sequence PN i of the solid-state hard disk storage array.

i∈(1,m);i∈(1,m);

m为固态硬盘的NAND FLASH芯片数量;m is the number of NAND FLASH chips of the SSD;

m=n×k;m=n×k;

n为固态硬盘的NAND FLASH芯片数据通道数量;n is the number of data channels of the NAND FLASH chip of the SSD;

k为固态硬盘的NAND FLASH芯片数据每一通道中的NAND FLASH芯片数量。k is the number of NAND FLASH chips in each channel of the NAND FLASH chip data of the SSD.

步骤二,对观测时间窗口T内的所有访问用户的安全控制字节进行扩频编码。In step 2, spread spectrum coding is performed on the security control bytes of all visiting users within the observation time window T.

具体的,步骤二包括:对观测时间窗口T内对请求访问固态硬盘第i块NAND FLASH芯片的安全控制字节进行扩频编码,生成扩频编码Ci(t);Specifically, step 2 includes: performing spread-spectrum coding on the security control byte requesting access to the i-th NAND FLASH chip of the solid-state drive within the observation time window T, to generate a spread-spectrum code C i (t);

例如:在观测时间窗口T内请求访问固态硬盘第i块NAND FLASH芯片数据ai(t)的请求指令中的第一个字节bi(t)为安全控制字节,采用bi(t)对安全控制码伪随机序列PNi进行调制,生成扩频编码Ci(t)。For example: within the observation time window T, the first byte b i (t) in the request command to request access to the data a i (t) of the i-th NAND FLASH chip of the solid-state drive is the security control byte, using b i (t ) modulates the pseudo-random sequence PN i of the security control code to generate a spread spectrum code C i (t).

Ci(t)=bi(t)×PNiC i (t)= bi (t)×PN i ;

i∈(1,m)。i∈(1,m).

步骤三,通过计算机网络信道将观测时间窗口T内的安全控制字节扩频编码发送至固态硬盘系统CDMA安全控制模块。In step 3, the spread spectrum code of the security control byte in the observation time window T is sent to the CDMA security control module of the solid-state hard disk system through the computer network channel.

具体的,步骤三包括:通过计算机网络信道将观测时间窗口T内的安全控制字节扩频编码Ci(t)发送至固态硬盘系统CDMA安全控制模块,固态硬盘系统CDMA安全控制模块接收到的数据流为Y(t);Specifically, step 3 includes: sending the security control byte spread spectrum code C i (t) in the observation time window T to the CDMA security control module of the solid-state hard disk system through a computer network channel, and the CDMA security control module of the solid-state hard disk system receives the The data flow is Y(t);

Figure GDA0002148677390000081
Figure GDA0002148677390000081

所述n(t)为计算机网络信道的高斯白噪声。The n(t) is the Gaussian white noise of the computer network channel.

步骤四,对固态硬盘系统CDMA安全控制模块接收到的数据流进行解扩。Step 4, despread the data stream received by the CDMA security control module of the solid-state hard disk system.

具体的,步骤四包括:通过第二安全控制编码伪随机序列PN对固态硬盘系统CDMA安全控制模块接收到的数据流Y(t)进行解扩,获得解扩后的信号V(t);Specifically, step 4 includes: despreading the data stream Y(t) received by the CDMA security control module of the solid-state hard disk system through the second security control code pseudo-random sequence PN to obtain the despread signal V(t);

例如,以第i路为例,接收到的数据流Y(t)中包括了访问第i块存储芯片的数据bi(t)和访问其它j块存储芯片的数据bj(t),以及信道高斯白噪声n(t);For example, taking the i-th channel as an example, the received data stream Y(t) includes the data bi(t) accessing the i-th memory chip and the data bj (t) accessing other j memory chips, and the channel Gaussian white noise n(t);

j≠i;j≠i;

j∈(1,m)。j∈(1,m).

解扩后的数据流V(t)通过数据流Y(t)与第二安全控制编码PN序列相乘进行解扩处理获得;The despread data stream V(t) is obtained by multiplying the data stream Y(t) with the second security control code PN sequence and performing despreading processing;

V(t)=Y(t)×PN;V(t)=Y(t)×PN;

第二安全控制编码PN序列与第一安全控制编码PNi序列完全相同;The second safety control code PN sequence is exactly the same as the first safety control code PN i sequence;

第二安全控制编码PN序列与第一安全控制编码PNi序列准确同步;The second safety control code PN sequence is accurately synchronized with the first safety control code PN i sequence;

所述PNi×PNi=1;the PN i ×PN i =1;

例如,第i路接收到的数据流Yi(t)解扩后的数据流Vi(t)为:For example, the despread data stream Vi(t) of the i-th received data stream Yi(t) is:

Figure GDA0002148677390000091
Figure GDA0002148677390000091

其中,

Figure GDA0002148677390000092
in,
Figure GDA0002148677390000092

若PNi与PN不相关,则PNi×PN=0。If PN i and PN are not correlated, then PN i ×PN=0.

若PNi与PN相关,则PNi×PN=1。If PN i is related to PN, then PN i ×PN=1.

步骤五,对解扩后的数据流进行积分处理。Step 5: Integrate the despread data stream.

具体的,步骤五包括:对解扩后的数据流V(t)进行积分处理得到输出信号b’(t);Specifically, step 5 includes: integrating the despread data stream V(t) to obtain an output signal b'(t);

当计算机网络信道噪声n(t)足够低时,则积分器输出信号为:When the computer network channel noise n(t) is low enough, the integrator output signal is:

b’i(t)=0或1。b'i(t)=0 or 1.

步骤六,对积分器输出信号进行安全判决,以判断是否执行读写等操作。In step 6, a safety judgment is performed on the output signal of the integrator to determine whether to perform operations such as reading and writing.

具体的,步骤六包括:Specifically, step six includes:

当积分器输出信号b’(t)与安全控制字节b(t)一致时,则执行用户请求的固态硬盘读写操作;When the integrator output signal b'(t) is consistent with the security control byte b(t), the user-requested solid-state disk read and write operations are performed;

当积分器输出信号b’(t)与安全控制字节b(t)不一致时,则不执行用户请求的固态硬盘读写操作,同时触发报警信号。When the integrator output signal b'(t) is inconsistent with the security control byte b(t), the user-requested solid-state hard disk read and write operations are not performed, and an alarm signal is triggered at the same time.

通过具体实施方式的说明,应当可对本发明为达成预定目的所采取的技术手段及功效得以更加深入且具体的了解,然而所附图示仅是提供参考与说明之用,并非用来对本发明加以限制。Through the description of the specific embodiments, it should be possible to have a more in-depth and specific understanding of the technical means and effects adopted by the present invention to achieve the predetermined purpose. However, the accompanying drawings are only for reference and description, not for the present invention. limit.

Claims (9)

1. A solid state disk safety control method based on code division multiple access CDMA is characterized by comprising the following steps:
distributing a first safety control coding pseudorandom sequence to a solid state disk storage array;
secondly, carrying out spread spectrum coding on the user safety control bytes in the observation time window through the first safety control coding pseudorandom sequence;
step three, the spread spectrum code of the user safety control byte in the observation time window is sent to a CDMA safety control module of the solid state disk system through a computer network channel;
step four, the data stream received by the CDMA safety control module is subjected to de-spread processing and integral processing in sequence;
and fifthly, performing safety judgment on the output signal subjected to the integration processing to judge whether to execute the read-write operation of the solid state disk.
2. The method for controlling the security of the solid state disk based on the CDMA according to claim 1, wherein the first step comprises: and allocating the first security control coding pseudo-random sequence to the solid state disk storage array through an m sequence or a Gold sequence.
3. The method according to claim 1, wherein in step two, the spread spectrum code is obtained by modulating the first security control code pseudo-random sequence by the user security control byte.
4. The method according to claim 1, wherein in step four, the data stream received by the CDMA security control module of the solid state disk system includes a spread spectrum code of a user security control byte and white gaussian noise of a computer network channel;
the de-spreading processing is to multiply the data stream received by the CDMA security control module by a second security control coding pseudorandom sequence to obtain a de-spread data stream;
the second safety control coding pseudo-random sequence is completely the same as the first safety control coding pseudo-random sequence of the sending end and is accurately synchronous.
5. The CDMA-based solid state disk security control method according to claim 1, wherein step five specifically includes:
if the output signal is consistent with the safety control byte, executing the solid state disk read-write operation requested by the user;
and if the output signal is inconsistent with the safety control byte, not executing the solid state disk read-write operation requested by the user, and triggering an alarm signal.
6. A solid state disk safety control device based on CDMA is characterized by comprising:
the allocation module is used for allocating a first safety control coding pseudorandom sequence to the solid state disk storage array;
the spread spectrum module is used for spreading the user safety control bytes in the observation time window through the first safety control code pseudorandom sequence to obtain spread spectrum codes;
the transmission module is used for transmitting the spread spectrum codes to a CDMA security control module of the solid state disk system;
and the CDMA safety control module is used for sequentially carrying out de-spreading processing and integral processing on the data stream received by the CDMA safety control module, and carrying out safety judgment on the output signal subjected to the integral processing so as to judge whether to execute the read-write operation of the solid state disk.
7. The CDMA-based solid state disk security control device of claim 6, wherein the CDMA security control module of the solid state disk system comprises:
the de-spreading module is used for de-spreading the data stream received by the CDMA security control module of the solid state disk system;
the integration module is used for carrying out integration processing on the despread data stream;
and the judging module is used for carrying out safety judgment on the output signal of the integrating module so as to judge whether to execute the read/write operation of the solid state disk.
8. The CDMA-based solid state disk security control device of claim 7, wherein the despreading module is specifically configured to: multiplying the data stream received by the receiving end of the CDMA security control module by a second security control coding pseudorandom sequence to obtain a despread data stream;
the second safety control coding pseudo-random sequence is completely the same as the first safety control coding pseudo-random sequence of the sending end and is accurately synchronous.
9. The CDMA-based solid state disk security control device of claim 7, wherein the determining module is configured to perform a solid state disk read-write operation when the output signal of the integrating module is consistent with the user security control byte;
and when the output signal of the integration module is inconsistent with the user safety control byte, the read-write operation of the solid state disk is not executed, and an alarm signal is triggered at the same time.
CN201610140250.4A 2016-03-11 2016-03-11 Solid state disk safety control method and device based on CDMA Active CN107180206B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610140250.4A CN107180206B (en) 2016-03-11 2016-03-11 Solid state disk safety control method and device based on CDMA

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610140250.4A CN107180206B (en) 2016-03-11 2016-03-11 Solid state disk safety control method and device based on CDMA

Publications (2)

Publication Number Publication Date
CN107180206A CN107180206A (en) 2017-09-19
CN107180206B true CN107180206B (en) 2020-01-14

Family

ID=59829755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610140250.4A Active CN107180206B (en) 2016-03-11 2016-03-11 Solid state disk safety control method and device based on CDMA

Country Status (1)

Country Link
CN (1) CN107180206B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115168921B (en) * 2022-09-08 2022-11-18 中国电子科技集团公司第十五研究所 Lossless deletion management device suitable for multi-solid-state hard disk system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6160734A (en) * 1998-06-04 2000-12-12 Texas Instruments Incorporated Method for ensuring security of program data in one-time programmable memory
CN1359197A (en) * 2001-06-21 2002-07-17 张红雨 Random extending code selection method reaching shannon limit
CN1428021A (en) * 2000-01-31 2003-07-02 高通股份有限公司 PN generator for spread spectrum communications systems
CN101359512A (en) * 2008-09-02 2009-02-04 中兴通讯股份有限公司 Detector method and apparatus for external memory
CN104063641A (en) * 2014-06-23 2014-09-24 华为技术有限公司 Hard-disk safety-access control method and hard disk

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6160734A (en) * 1998-06-04 2000-12-12 Texas Instruments Incorporated Method for ensuring security of program data in one-time programmable memory
CN1428021A (en) * 2000-01-31 2003-07-02 高通股份有限公司 PN generator for spread spectrum communications systems
CN1359197A (en) * 2001-06-21 2002-07-17 张红雨 Random extending code selection method reaching shannon limit
CN101359512A (en) * 2008-09-02 2009-02-04 中兴通讯股份有限公司 Detector method and apparatus for external memory
CN104063641A (en) * 2014-06-23 2014-09-24 华为技术有限公司 Hard-disk safety-access control method and hard disk

Also Published As

Publication number Publication date
CN107180206A (en) 2017-09-19

Similar Documents

Publication Publication Date Title
US9152559B2 (en) Metadata storage associated with wear-level operation requests
KR101993704B1 (en) Storage device based on a flash memory and method for allocatting write memory block of memory controller controlling a flash memory
US11216206B2 (en) Method of operating data storage device
KR20170053278A (en) Data storage device and operating method thereof
US9223696B2 (en) Data storage device for holding erasure of victim block having valid page copied to merge block and method of operating the same
Jia et al. Nfps: Adding undetectable secure deletion to flash translation layer
JP2008198206A (en) Data processing system and operation method thereof, data processing device, and operation method of data storage device
JP2008198208A (en) Method of operating host data processing device, host data processing device, and data storage device
US10175915B2 (en) Data randomization for flash memory
CN106527992A (en) Method and device for destroying data in storage equipment
Hasan et al. Data recovery from {“Scrubbed”}{NAND} flash storage: Need for analog sanitization
US8656085B2 (en) Flash memory device and method for programming flash memory device
Ahn et al. Forensics and anti-forensics of a NAND flash memory: From a copy-back program perspective
KR102595233B1 (en) Data processing system and operating method thereof
CN102136296B (en) Method for identifying metadata format of NANDFlash memory chip
CN105975878A (en) Safe storage method and system based on Nand Flash flash-memory
Chen et al. Hiflash: A history independent flash device
Ahn et al. Forensic issues and techniques to improve security in SSD with flex capacity feature
KR20150006613A (en) Data storage device and operating method thereof
TW201044406A (en) Method for protecting sensitive data on a storage device having wear leveling
CN107180206B (en) Solid state disk safety control method and device based on CDMA
US20240037233A1 (en) Ransomware and malicious software protection in ssd/ufs by nvme instructions log analysis based on machine-learning
CN115113827B (en) Data destruction method and device, computer equipment and storage medium
KR20150020384A (en) Data storage device and operating method thereof
US10866903B2 (en) Apparatus and method and computer program product for generating a storage mapping table

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant