Search

EP-4495812-B1 - STORAGE SYSTEM AND OPERATING METHOD THEREOF

EP4495812B1EP 4495812 B1EP4495812 B1EP 4495812B1EP-4495812-B1

Inventors

  • LEE, Dohyeong
  • LEE, MYEONGJONG
  • KIM, YOUNGMOON
  • KIM, Hyungsup
  • JO, Seongchan

Dates

Publication Date
20260513
Application Date
20240715

Claims (15)

  1. A storage system comprising: a host (10) configured to: generate (S604) a hash value for a first command, merge (S605) the hash value with a random value, and provide (S606) a signature for merged data and the first command; and a storage device (20) configured to: store the random value corresponding to the first command in a first buffer, provide (S603) the random value to the host, receive (S607) the first command and the signature from the host, store the signature in a second buffer, verify (S608) the signature, and if the verification is successfully completed, delete (S609) the random value from the first buffer and execute (S610) the first command.
  2. The storage system of claim 1, wherein the storage device is further configured to delete the signature from the second buffer in response to receiving the first command more than a reference number of times.
  3. The storage system of claim 1 or claim 2, wherein the storage device is further configured to provide the random value to the host and request the signature when the signature corresponding to the first command does not exist in the second buffer.
  4. The storage system of any preceding claim, wherein the storage device is further configured to provide the random value to the host and request a new signature for the first command when verification of the signature corresponding to the first command stored in the second buffer fails.
  5. The storage system of any preceding claim, wherein the storage device comprises: a storage submission queue configured to store a plurality of commands received from the host, the plurality of commands including the first command; and a storage completion queue configured to store information about a processed command among the plurality of commands, wherein the storage device is further configured to: delete the first command from the storage submission queue if the verification of the signature fails, and execute the first command and then store information about the first command in the storage completion queue if the verification of the signature is successful.
  6. The storage system of claim 5, wherein the random value is a first random value, wherein the host comprises a host buffer storing a plurality of random values corresponding to the plurality of commands, the plurality of random values includes the first random value; and wherein the random values are different from each other.
  7. The storage system of claim 6, wherein the host buffer is further configured to store signatures corresponding to the plurality of commands, and wherein the signatures are different from each other.
  8. The storage system of claim 7, wherein the storage device is further configured to provide a response to the host in response to execution of the first command being completed, wherein the host is configured to delete at least one of the signature and the random value for the first command from the host buffer in response to receiving the response.
  9. An operating method of a storage system, the operating method comprising: providing (S603), from a storage device, a random value stored in a first buffer to a host; generating (S606), in the host, a signature based on a first command and the random value; providing (S607), from the host, the first command and the signature to the storage device; storing, in the storage device, the signature in a second buffer; verifying (S608), in the storage device, the signature based on the random value; and executing (S610), in the storage device, the first command based on a result of the verifying.
  10. The operating method of claim 9, further comprising: deleting, in the storage device, the random value from the first buffer based on the result of the verifying.
  11. The operating method of claim 9 or claim 10, further comprising: deleting, in the storage device, the signature from the second buffer in response to receiving the first command more than a reference number of times.
  12. The operating method of any of claims 9 to 11, further comprising: providing, in the storage device, the host with a request for the random value and the signature based on whether the signature corresponding to the first command exists in the second buffer.
  13. The operating method of any of claims 9 to 12, further comprising: deleting, in the storage device, the first command from a storage submission queue storing a plurality of commands received from the host based on failure of verification of the signature.
  14. The operating method of claim 13, wherein the executing of the first command comprises: executing, in the storage device, the first command based on successful verification of the signature; and after the executing of the first command, storing information about the first command in a storage completion queue wherein information about a processed command among the plurality of commands is stored.
  15. The operating method of any of claims 9 to 14, further comprising: providing, in the storage device, a response to the host based on completion of the executing of the first command; and deleting, in the host, at least one of the signature and the random value for the first command based on the response.

Description

BACKGROUND The inventive concepts relate to storage systems, and more particularly, to storage systems capable of authenticating a command and an operating method thereof. When a host provides a command to a storage device, an attacker may steal the command by monitoring a transfer path between the host and the storage device. By providing the stolen command to the storage device, the attacker can gain access to an area of the host that the attacker wants to access, and thus, security of communication between the host and the storage device is required. Document US 2022/019356 A1 discloses a method of writing data to a protected region in response to a request from a host includes receiving a first write request including a first host message authentication code and a first random number from the host, verifying the first write request based on a write count, the first random number, and the first host message authentication code, updating the write count based on a result of verifying the first write request, generating a first device message authentication code based on the updated write count and the first random number, and providing the host with a first response including the first device message authentication code and a result of the verifying of the first write request. Document US 9 921 978 B1 discloses a storage device that features a processor and a random number generation which are communicatively coupled to a memory. The memory comprises an access control logic that is configured to (i) transmit a first message that comprises information associated with a random number generated by the random number generator and a first keying material, (ii) receive a second message in response to the first message, the second message comprises information generated using at least the random number, (iii) recover information from the second message, the recovered information comprises information generated using at least pre-stored keying material and a return value being based on the random number, (iv) compare the return value from the recovered information with the random number, and (v) alter an operating state of the storage device from a locked state to an unlocked state upon the return value matching the random number, the unlocked state allows one or more devices to control storage device including accessing stored content within the storage device. Document US 2023/186289 A1 discloses an apparatus with a solid state drive (SSD) having an internal host to control proof of space activities. The SSD has a host interface configured to receive at least read commands and write commands from an external host system. The SSD has memory cells formed on at least one integrated circuit die, and a processing device configured to control executions of the read commands to retrieve data from the memory cells and executions the write commands to store data into the memory cells. The internal host operable is to generate, independent of the external host system, commands related to proof of space, such as plot generation, and plot farming. SUMMARY The inventive concepts provide storage systems capable of generating a signature for a command and verifying the signature to authenticate the command. According to some aspects of the inventive concepts, there is provided a storage system comprising: a host configured to: generate a hash value for a first command, merge the hash value with a random value, and provide a signature for merged data and the first command; and a storage device configured to: store the random value corresponding to the first command in a first buffer, provide the random value to the host, receive the first command and the signature from the host, store the signature in a second buffer, verify the signature, and if the verification is successfully completed, delete the random value from the first buffer and execute the first command. The first command may be generated by the host. The random value may be generated by the storage device and provided to the host. The verification of the signature by the storage device may be performed using the stored random number and the received first command. The merging of the hash value with a random value may provide the merged data for which the signature is provided. The hash value may be referred to as a digest and the merged value may be referred to as a combined digest. The host may comprise at least one processor configured to perform the processing steps described herein as being performed by the host (e.g. the generating, merging, and providing steps discussed above). The host may further comprise at least one memory configured to perform storing of data described herein (e.g. storing of the signature, command, or random value). The storage device may comprise at least one processor configured to perform the processing steps described herein as being performed by the storage device (e.g. the providing, receiving, and verifying, deleting steps). The