本文關鍵詞：嵌入式系統(tǒng)安全引導機制的設計與硬件實現　出處：《華中科技大學》2012年碩士論文　論文類型：學位論文

  更多相關文章： 嵌入式系統(tǒng) 安全引導 完整性校驗 SHA-1算法

【摘要】：隨著社會信息化的發(fā)展，嵌入式系統(tǒng)逐漸滲透到人類日常生活的各個方面。目前的各種嵌入式產品都比較注重功能的實現，忽視安全防御機制方面的考慮；與此同時，安全計算和電子商務等應用的飛速發(fā)展又對嵌入式系統(tǒng)安全提出了更高的要求。因此，伴隨著網絡技術和嵌入式技術的不斷發(fā)展和推廣，嵌入式系統(tǒng)的各種安全問題逐漸顯露出來，并有愈演愈烈之勢�？梢灶A見，在不久的將來，，安全防御機制將會在嵌入式系統(tǒng)中得到大規(guī)模的應用。由于安全的引導過程是系統(tǒng)可信的基礎，所以保證引導過程的安全是設計安全防御機制最重要的工作之一。 本論文首先深入分析了嵌入式系統(tǒng)面臨的安全威脅以及安全引導理論，并根據前人安全引導方案的優(yōu)缺點，結合嵌入式系統(tǒng)的特點，提出了一種新的安全引導機制。該機制在采用SHA-1算法進行分層完整性校驗的基礎上，新增了身份認證，并行訪問，可配置存儲區(qū)管理等技術，使得系統(tǒng)獲得更短的引導時間和更全面的安全性。本論文詳細分析了各項新增技術的作用、原理以及資源代價，然后重點介紹該機制可能面臨的三種攻擊模型（引導劫持攻擊、時差竊取攻擊、系統(tǒng)恢復攻擊）與應對方法。 本論文采用全折疊結構來實現安全引導機制的關鍵硬件模塊——安全引導模塊(secure boot module,SBM），功能仿真和硬件平臺驗證結果表明，該安全引導模塊的功能正確，安全引導機制滿足設計要求；最后采用華宏0.35微米CMOS標準單元庫完成綜合，分析結果表明，整個設計的規(guī)模約為27K等效門，最大工作頻率約為285MHZ。
[Abstract]:With the development of social information, embedded system has gradually penetrated into every aspect of human daily life. At present, all kinds of embedded products pay more attention to the realization of function and ignore the consideration of security defense mechanism. At the same time, the rapid development of security computing and e-commerce applications has put forward higher requirements for the security of embedded systems. Therefore, with the continuous development and promotion of network technology and embedded technology. All kinds of security problems of embedded system are gradually revealed and become more and more serious. It can be predicted that in the near future. Security defense mechanism will be applied in embedded system on a large scale, because the process of security boot is the basis of system credibility. Therefore, it is one of the most important tasks to design the security defense mechanism to ensure the safety of the guiding process. Firstly, this paper deeply analyzes the security threat and the security guidance theory faced by embedded system, and combines the characteristics of embedded system according to the advantages and disadvantages of previous security boot scheme. In this paper, a new security boot mechanism is proposed. Based on the hierarchical integrity verification using SHA-1 algorithm, new technologies such as identity authentication, parallel access, configurable storage management and so on are added in this mechanism. So that the system can obtain shorter boot time and more comprehensive security. This paper analyzes the role, principle and resource cost of each new technology in detail. Then three possible attack models (lead hijack attack, jet lag attack, system recovery attack) and response methods are introduced. In this thesis, the key hardware module of the security boot mechanism, secure boot module, is implemented with a fully folded structure. The results of functional simulation and hardware platform verification show that the function of the security boot module is correct and the security boot mechanism meets the design requirements. Finally, Huahong 0.35 渭 m CMOS standard cell library is used to complete the synthesis. The analysis results show that the design scale is about 27K equivalent gate, and the maximum working frequency is about 285 MHZ.
【學位授予單位】：華中科技大學
【學位級別】：碩士
【學位授予年份】：2012
【分類號】：TP368.1

【參考文獻】

相關期刊論文 前6條

1 郭春霞,裘雪紅;嵌入式系統(tǒng)安全的研究與設計[J];電子科技;2005年08期

2 趙波;張煥國;李晶;陳璐;文松;;可信PDA計算平臺系統(tǒng)結構與安全機制[J];計算機學報;2010年01期

3 凌君;慎健;湯凱;;移動可信模塊MTM在嵌入式系統(tǒng)中的應用[J];軍事通信技術;2009年04期

4 譚良;周明天;;基于可信計算平臺的可信引導過程研究[J];計算機應用研究;2008年01期

5 胡榮群;羅杰;;嵌入式系統(tǒng)的安全分析[J];計算機與現代化;2007年02期

6 陳建民;張健;曹鵬;;手機病毒的發(fā)展趨勢與防范對策[J];信息網絡安全;2006年11期

相關博士學位論文 前1條

1 霍文捷;嵌入式處理器安全運行機制的研究與設計[D];華中科技大學;2010年

本文編號：1433732