本文關(guān)鍵詞：嵌入式系統(tǒng)安全引導(dǎo)機(jī)制的設(shè)計與硬件實現(xiàn)　出處：《華中科技大學(xué)》2012年碩士論文　論文類型：學(xué)位論文

  更多相關(guān)文章： 嵌入式系統(tǒng) 安全引導(dǎo) 完整性校驗 SHA-1算法

【摘要】：隨著社會信息化的發(fā)展，嵌入式系統(tǒng)逐漸滲透到人類日常生活的各個方面。目前的各種嵌入式產(chǎn)品都比較注重功能的實現(xiàn)，忽視安全防御機(jī)制方面的考慮；與此同時，安全計算和電子商務(wù)等應(yīng)用的飛速發(fā)展又對嵌入式系統(tǒng)安全提出了更高的要求。因此，伴隨著網(wǎng)絡(luò)技術(shù)和嵌入式技術(shù)的不斷發(fā)展和推廣，嵌入式系統(tǒng)的各種安全問題逐漸顯露出來，并有愈演愈烈之勢。可以預(yù)見，在不久的將來，，安全防御機(jī)制將會在嵌入式系統(tǒng)中得到大規(guī)模的應(yīng)用。由于安全的引導(dǎo)過程是系統(tǒng)可信的基礎(chǔ)，所以保證引導(dǎo)過程的安全是設(shè)計安全防御機(jī)制最重要的工作之一。 本論文首先深入分析了嵌入式系統(tǒng)面臨的安全威脅以及安全引導(dǎo)理論，并根據(jù)前人安全引導(dǎo)方案的優(yōu)缺點，結(jié)合嵌入式系統(tǒng)的特點，提出了一種新的安全引導(dǎo)機(jī)制。該機(jī)制在采用SHA-1算法進(jìn)行分層完整性校驗的基礎(chǔ)上，新增了身份認(rèn)證，并行訪問，可配置存儲區(qū)管理等技術(shù)，使得系統(tǒng)獲得更短的引導(dǎo)時間和更全面的安全性。本論文詳細(xì)分析了各項新增技術(shù)的作用、原理以及資源代價，然后重點介紹該機(jī)制可能面臨的三種攻擊模型（引導(dǎo)劫持攻擊、時差竊取攻擊、系統(tǒng)恢復(fù)攻擊）與應(yīng)對方法。 本論文采用全折疊結(jié)構(gòu)來實現(xiàn)安全引導(dǎo)機(jī)制的關(guān)鍵硬件模塊——安全引導(dǎo)模塊(secure boot module,SBM），功能仿真和硬件平臺驗證結(jié)果表明，該安全引導(dǎo)模塊的功能正確，安全引導(dǎo)機(jī)制滿足設(shè)計要求；最后采用華宏0.35微米CMOS標(biāo)準(zhǔn)單元庫完成綜合，分析結(jié)果表明，整個設(shè)計的規(guī)模約為27K等效門，最大工作頻率約為285MHZ。
[Abstract]:With the development of social information, embedded system has gradually penetrated into every aspect of human daily life. At present, all kinds of embedded products pay more attention to the realization of function and ignore the consideration of security defense mechanism. At the same time, the rapid development of security computing and e-commerce applications has put forward higher requirements for the security of embedded systems. Therefore, with the continuous development and promotion of network technology and embedded technology. All kinds of security problems of embedded system are gradually revealed and become more and more serious. It can be predicted that in the near future. Security defense mechanism will be applied in embedded system on a large scale, because the process of security boot is the basis of system credibility. Therefore, it is one of the most important tasks to design the security defense mechanism to ensure the safety of the guiding process. Firstly, this paper deeply analyzes the security threat and the security guidance theory faced by embedded system, and combines the characteristics of embedded system according to the advantages and disadvantages of previous security boot scheme. In this paper, a new security boot mechanism is proposed. Based on the hierarchical integrity verification using SHA-1 algorithm, new technologies such as identity authentication, parallel access, configurable storage management and so on are added in this mechanism. So that the system can obtain shorter boot time and more comprehensive security. This paper analyzes the role, principle and resource cost of each new technology in detail. Then three possible attack models (lead hijack attack, jet lag attack, system recovery attack) and response methods are introduced. In this thesis, the key hardware module of the security boot mechanism, secure boot module, is implemented with a fully folded structure. The results of functional simulation and hardware platform verification show that the function of the security boot module is correct and the security boot mechanism meets the design requirements. Finally, Huahong 0.35 渭 m CMOS standard cell library is used to complete the synthesis. The analysis results show that the design scale is about 27K equivalent gate, and the maximum working frequency is about 285 MHZ.
【學(xué)位授予單位】：華中科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2012
【分類號】：TP368.1

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 郭春霞,裘雪紅;嵌入式系統(tǒng)安全的研究與設(shè)計[J];電子科技;2005年08期

2 趙波;張煥國;李晶;陳璐;文松;;可信PDA計算平臺系統(tǒng)結(jié)構(gòu)與安全機(jī)制[J];計算機(jī)學(xué)報;2010年01期

3 凌君;慎健;湯凱;;移動可信模塊MTM在嵌入式系統(tǒng)中的應(yīng)用[J];軍事通信技術(shù);2009年04期

4 譚良;周明天;;基于可信計算平臺的可信引導(dǎo)過程研究[J];計算機(jī)應(yīng)用研究;2008年01期

5 胡榮群;羅杰;;嵌入式系統(tǒng)的安全分析[J];計算機(jī)與現(xiàn)代化;2007年02期

6 陳建民;張健;曹鵬;;手機(jī)病毒的發(fā)展趨勢與防范對策[J];信息網(wǎng)絡(luò)安全;2006年11期

相關(guān)博士學(xué)位論文 前1條

1 霍文捷;嵌入式處理器安全運行機(jī)制的研究與設(shè)計[D];華中科技大學(xué);2010年

本文編號：1433732