Solid state disk and input/output method
Disclosed is a solid state disk including a storage unit configured to store data, and a control part configured to control enciphering and writing operation for the data using a key value and an initialization vector. The initialization vector is generated by processing an address corresponding to the data.
Latest Samsung Electronics Patents:
This U.S. non-provisional patent application claims priority under 35 U.S.C §119 to Korean Patent Application No. 10-2008-0049774 filed on May 28, 2008, the subject matter of which is hereby incorporated by reference.
BACKGROUNDThe present invention relates to a solid state disk. More particularly, the present invention relates to a device and method capable of ciphering and deciphering all large-volume data associated with a solid state disk.
As contemporary electronic devices are increasingly mobile and smaller in size, some design trends have moved away from the use of conventional Hard Disk Drive (HDD) units as bulk data storage components. In many instances, the flash memory-based Solid State Disk (SSD) has replaced the HDD and other magnetic disk devices. When compared to conventional HDDs, the SSD is relatively disadvantageous in its overall storage capacity and cost. But it is also relatively advantageous in its data access speed, overall size, and resistance to mechanical impact. Ongoing development efforts related to fabrication processes for and design adaptations of the SSD can be expected to increase data storage capacity and decrease cost. Hence, it is expected that in the near future, the magnetic disk device may be replaced by the SSD in many applications.
As the SSD is increasingly incorporated in electronic devices (e.g., laptop computers, portable audio/video systems) as a bulk data storage device, its control unit is an essential interface between the constituent flash memory and the others components forming the device. In essence, the control unit administers data exchange according to a defined protocol. Many conventional computer systems use the so-called “Advanced Technology Attachment or ATA” to exchange data with conventional HDDs. The ATA is essentially a data transfer standard promulgated by IBM corporation defining an exchange of data between a host device and conventional HDDs. Any bulk data storage interface, such as those associated with a SSD, must competently implement the ATA in order to be backwards compatible with legacy software and existing data exchange protocols. Yet, SSD controllers must establish an interface with a flash memory, not some type of magnetic disk. A device for controlling the overall data transfer between a SSD and a corresponding host device will hereafter be referred to as a SSD controller.
SUMMARY OF THE INVENTIONEmbodiments of the invention are directed to a device and method capable of ciphering and deciphering bulk data communicated to/from a solid state disk (SSD) without excessively burdening a host device processor.
One embodiment of the invention provides a solid state disk comprising; a storage unit configured to store data, and a control part configured to control an enciphering and writing operation associated with the data using a key value and an initialization vector, wherein the initialization vector is generated by processing an address corresponding to the data.
In another embodiment, the invention provides an input/output method adapted for use with a solid state disk the method comprising; receiving externally provided data and a corresponding address, scrambling the data and an initialization vector, and enciphering the scrambled data using a key value, wherein the initialization vector is generated by processing the address.
In another embodiment, the invention provides a host system comprising; a central processing unit (CPU), and a non-volatile bulk data storage device storing data provided by the CPU, wherein the non-volatile bulk data storage device comprises; a storage unit configured to store the data, and a control part configured to scramble the data and an initialization vector, encipher the scrambled data using a key value, and store the enciphered data in the storage unit, wherein the control part is further configured to decipher the enciphered data retrieved from the storage unit using the key value, scramble the deciphered data and the initialization vector, and read the scrambled data, and the initialization vector is generated by processing an address corresponding to the data.
Non-limiting and non-exhaustive embodiments will be described with reference to the following figures, wherein like reference numerals refer to like or similar elements. In the figures:
Conventionally, in many types of electronic devices when important data was stored in a bulk data storage device such as a hard disk (HD) or a Solid State Disk (SSD), it was not enciphered. If the data storage device or host system were breached during an unauthorized access (i.e., “hacked”), it was impossible to ensure the reliability of the stored data within subsequent system operations. Accordingly, it has become necessary to encipher all or at least a significant portion of the data stored in a bulk storage device.
An exemplary host device (e.g., a computer system) is illustrated in the block diagrams of
The computer system 100 is configured to store data transferred from by a system bus (not shown) at a first data transfer rate (e.g., 1.5 Gpbs or 3.0 Gbps) using a conventional S-ATA1 or S-ATA2 interface. Such externally provided data may be placed in the buffer 20 before being stored in storage unit 30 by means of bus 40. In the illustrated embodiment, data stored in the storage unit 30 is defined in relation to a plurality of sectors. Storage unit 30 is further assumed to be implemented using a plurality flash memory devices, but any competent form of solid-state non-volatile memory may be used.
CPU 11 generally controls the operation of ROM 12, PRNG 13, storage unit controller 14, buffer manager 15, SATA interface 16, and AES 17. ROM 12 will typically store BIOS information used to boot the host computer system 100. However, in other embodiments, BIOS information may be stored in the storage unit 30.
PRNG 13 is used to generate key values under the control of CPU 11. In the illustrated embodiment, PRNG 13 is assumed to generate a key value differently whenever the computer system 100 is booted, and the key value is then stored in storage unit 30. If a key value erase command is executed by CPU 11, the key value stored in the storage unit 30 is erased. Once an existing key value is erased, it is impossible to restore data in the storage unit 30 using said key value.
The storage unit controller 14 controls the operation of storage unit 30, and the buffer manager 15 generally controls the buffer 20 of
AES block 17 enciphers data received from the SATA interface 16 based on the provided key value and an initialization vector. Further, the AES block 17 deciphers enciphered data stored in the storage unit 30 using the key value and the initialization vector. The initialization vector may be generated by processing the address of a sector in accordance with a command received from the SATA interface 16.
For example, it is assumed that the host device 100 includes a video image capability (e.g., a digital camera) capable of obtaining an image and generating corresponding image data. An exemplary original image (i.e., a penguin image) is shown in
The ECB mode is a mode wherein an image is enciphered by use of only a key value. Referring to
Thus, it is necessary to scramble and encipher data by use of an initialization vector, which is accomplished by the CBC mode encryption. Referring to
An encryption process according to one embodiment will be described with reference to
Referring to
Within a first stage, the block cipher encryption part 17a converts a plain text into a cipher text. The exclusive-OR gate 17d scrambles the plain text and an initialization vector. That is, in the illustrated embodiment, the scramble operation is assumed to use the logical operation of the exclusive-OR gate 17d.
The exclusive-OR gate 17d scrambles the first plain text with the initialization vector, and the scrambled result is sent to the block cipher encryption part 17a. The block cipher encryption part 17a converts the scrambled result into the first cipher text by using a key value.
Within a subsequent second stage, the exclusive-OR gate 17d scrambles the second plain text and the first cipher text, and the scrambled result is sent to the block cipher encryption part 17a. The block cipher encryption part 17a converts the scramble result into the second cipher text using a key value.
Within a third stage, the exclusive-OR gate 17d scrambles the third plain text and the second cipher text, and the scrambled result is sent to the block cipher encryption part 17a. The block cipher encryption part 17a converts the scramble result into the third cipher text using a key value.
For convenience of description, three block cipher encryption parts 17a and three exclusive-OR gates 17d are illustrated in
Within a first stage, the block cipher decryption part 17e deciphers the first cipher text using a key value. The exclusive-OR gate 17f descrambles the deciphered result and the initialization vector to generate the first plain text.
Within a second stage, the block cipher decryption part 17e deciphers the second cipher text using a key value. The exclusive-OR gate 17f descrambles the deciphered result and the first cipher text to generate the second plain text.
Within a third stage, the block cipher decryption part 17e deciphers the third cipher text using a key value. The exclusive-OR gate 17f descrambles the deciphered result and the second cipher text to generate the third plain text.
For convenience of description, three block cipher decryption parts 17e and three exclusive-OR gates 17f are illustrated in
The performance of the computer system according to exemplary embodiments of the invention is controlled, at least in part, according to how an initialization vector is generated and how the initialization vector is allotted. An initialization vector allotting method according to an exemplary embodiment of the invention will be described with reference to
The adder 17c receives a sector address corresponding to a Logical Block Addressing (LBA) requested by the host system. If a command requested by host system is a burst command, the adder 17c further receives count information for the identified sector.
For example, if a command requested by the host system is not a burst command, then adder 17c provides only an address for the identified sector. However, if the command requested by the host system is a burst command, adder 17c provides a sector address and count information. That is, a count value is increased whenever a sector address is accessed.
The flip-flop 17b temporarily stores an output of the adder 17c and outputs it to the block cipher encryption part 17a. That is, the flip-flop 17b stores a unique address corresponding to each sector.
The block cipher encryption part 17a receives the unique address corresponding to each sector to convert it to an initialization vector. For example, if an address for a corresponding sector is a 48-bit address, since an initialization vector is 16-byte (128 bits), 80 dummy bits are added to front and rear parts of the address. Thus, a computer system according to the exemplary embodiments may have different initialization vectors with respect to all sectors.
Referring to
An address requested by the host system is sent to AES block 17 via SATA interface 16. AES block 17 receives the sector address from SATA interface 16 to generate an initialization vector using the received address.
AES block 17 may encipher requested data using the initialization vector and a key value by operation of pseudo-random number generator 13 to write the enciphered data. Or, AES block 17 may decipher requested data using the initialization vector and a key value by operation of pseudo-random number generator 13 to read the deciphered data. Thus, the computational burden enciphering and deciphering may be removed from CPU 11. Further, enciphering and writing of data via AES 17 or deciphering and reading of data via AES 17 is conducted during a time when data for each sector is transmitted and received via SATA interface 16.
Referring to
Since CPU 11 performs operations for generating and transferring an initialization vector before enciphering/deciphering, the peak resource load associated with performance of full disk encryption is reduced. However, in practice, it is impossible to realize an operation of setting firmware needed to generate and transfer an initialization vector via CPU 11 after stopping a link whenever each sector is accessed.
A SSD, such as those described with reference to
CPU 230 accesses HDD 200 via SATA interface 210 connected with bus 240. RAM 220 is used as the host system memory. HDD 200 enciphers and stores data provided by CPU 230, and deciphers and reads data requested by CPU 230.
ODD 300 may be an optical disk drive capable of being written to using an SATA1 or SATA2 interface. For example, ODD 300 may be one of CD-RW, DVD-RW, DVD+RW, DVD-RAM, and Blu-RaY.
CPU 330 accesses ODD 300 via SATA interface 310 connected with bus 340. RAM 320 is used as the host system memory. ODD 300 enciphers and stores data provided by CPU 330, and deciphers and reads data requested by CPU 330.
A host system, such as a computer system, according to an embodiment of the invention may be configured to encipher and write (or decipher and read) data without forcing the related computational burdens onto the host system CPU by using an address requested by the host system as an initialization vector. Further, since an initialization vector is generated using a unique sector address, the host system does not need to store initialization vectors for a plurality of sectors.
The above-disclosed subject matter is to be considered illustrative, and not restrictive, and the appended claims are intended to cover all such modifications, enhancements, and other embodiments, which fall within the scope of the invention. Thus, to the maximum extent allowed by law, the scope of the exemplary embodiments is to be determined by the broadest permissible interpretation of the following claims and their equivalents, and shall not be restricted or limited by the foregoing detailed description.
Claims
1. A solid state disk (SSD) that stores data received from a host in accordance with a sector address provided by the host, the SSD comprising:
- a storage unit; and
- a SSD controller comprising an input/output interface that receives the sector address, and scrambling hardware logic that receives the sector address from the input/output interface and converts a logical block address (LBA) corresponding to the sector address into an initialization vector, the SSD controller scrambling the data with the initialization vector, encrypting the scrambled data with a key value, and storing the encrypted data in the storage unit.
2. The solid state disk of claim 1, further comprising:
- a buffer configured to temporarily store the data.
3. The solid state disk of claim 2, wherein the buffer is one selected from a group consisting of; a SDRAM, DDR SDRAM, DDR2 SDRAM, and DDR3 SDRAM.
4. The solid state disk of claim 1, wherein the SSD controller comprises a pseudo-random number generator configured to generate the key value.
5. The solid state disk of claim 1, wherein the LBA is converted into the initialization vector by adding dummy bits to the LBA.
6. The solid state disk of claim 1, wherein the storage unit is configured to store data in response to a request by the host according to a plurality of sectors, wherein each one of the plurality of sectors has a unique sector address.
7. The solid state disk of claim 1, wherein the storage unit is implemented using a plurality of flash memory devices.
8. The solid state disk of claim 1, wherein the storage unit stores the key value.
9. A method of writing data received from a host in a storage unit of a solid state disk (SSD), and reading data stored in the storage unit, the method comprising:
- receiving, at an input/output interface of an SSD controller, the data and a sector address associated with the data from the host and temporarily storing the data in a buffer;
- transmitting the sector address from the input/output interface to scrambling hardware logic disposed in the SSD controller;
- converting, by the scrambling hardware logic, a logical block address (LBA) corresponding to the sector address into an initialization vector;
- scrambling the data with the initialization vector to generate a scrambled result;
- encrypting the scrambled result using a key value to generate encrypted data; and
- writing the encrypted data in the storage unit.
10. The method of claim 9, wherein the storage unit comprises a plurality of flash memory devices.
11. The method of claim 10, further comprising: retrieving the encrypted data from the storage unit and decrypting the encrypted data using the key value to generate a scrambled result; and descrambling the scrambled result to generate the data and the initialization vector.
12. The method of claim 11, wherein the initialization vector and the data are descrambled using an exclusive-OR logic operation.
13. A host system comprising:
- a central processing unit (CPU) that provides data and a sector address associated with the data; and
- a solid state disk (SSD) comprising:
- non-volatile bulk data storage operating as a storage unit, wherein the storage unit is configured to store data according to a plurality of sectors each having a unique sector address; and
- a SSD controller comprising an input/output interface that receives the sector address, and scrambling hardware logic that receives the sector address from the input/output interface and converts a logical block address (LBA) corresponding to the sector address into the initialization vector, the SSD controller scrambling the data with the initialization vector, encrypting the scrambled data with a key value, and storing the encrypted data in the storage unit.
14. The host system of claim 13, wherein the non-volatile bulk data storage device is one of a solid state disk, a hard disk, and an optical disk.
15. The host system of claim 14, wherein the non-volatile bulk data storage is the optical disk and the optical disk is one selected from a group consisting of; a CD-RW disk, DVD-RW disk, DVD+RW disk, DVD-RAM disk, and Blue-Ray disk.
5023854 | June 11, 1991 | Satoh et al. |
5377264 | December 27, 1994 | Lee et al. |
5396609 | March 7, 1995 | Schmidt et al. |
5428685 | June 27, 1995 | Kadooka et al. |
5483596 | January 9, 1996 | Rosenow et al. |
5559883 | September 24, 1996 | Williams |
6018717 | January 25, 2000 | Lee et al. |
6115792 | September 5, 2000 | Tran |
6345359 | February 5, 2002 | Bianco |
6631359 | October 7, 2003 | Braitberg et al. |
6834333 | December 21, 2004 | Yoshino et al. |
6986050 | January 10, 2006 | Hypponen |
6988250 | January 17, 2006 | Proudler |
7451288 | November 11, 2008 | Goettfert et al. |
8171309 | May 1, 2012 | Poo |
8352750 | January 8, 2013 | Haines et al. |
8522352 | August 27, 2013 | Lu |
8526605 | September 3, 2013 | Matthews, Jr. |
20020083282 | June 27, 2002 | Yoshino et al. |
20020116206 | August 22, 2002 | Chatani |
20030115282 | June 19, 2003 | Rose |
20030196101 | October 16, 2003 | Abe et al. |
20060129848 | June 15, 2006 | Paksoy et al. |
20070071205 | March 29, 2007 | Loudermilk et al. |
20070121943 | May 31, 2007 | Dellow et al. |
20080065905 | March 13, 2008 | Salessi |
20080114994 | May 15, 2008 | Iyer |
08248879 | September 1996 | JP |
2007086704 | April 2007 | JP |
1020030083100 | October 2003 | KR |
9819420 | May 1998 | WO |
- Logical Block Addresing (LBA) Defined; Microsoft Corporation; 2 Pages.
Type: Grant
Filed: May 13, 2009
Date of Patent: Feb 23, 2016
Patent Publication Number: 20090300372
Assignee: Samsung Electronics Co., Ltd. (Suwon-si, Gyeonggi-do)
Inventors: Woo-Hyun Lee (Seoul), Ji-Soo Kim (Yongin-si), Bum-Seok Yu (Suwon-si)
Primary Examiner: Tamara T Kyle
Assistant Examiner: Anthony Fabbri
Application Number: 12/464,914
International Classification: G06F 15/16 (20060101); H04L 9/06 (20060101); G06F 21/79 (20130101);