發(fā)布時間：2018-02-24 02:12

  本文關鍵詞： 安全USB設備控制器 USBIP核 認證密鑰協商協議 串空間　出處：《解放軍信息工程大學》2013年碩士論文　論文類型：學位論文

【摘要】：隨著信息化社會的進一步深入，USB移動存儲設備以其諸多優(yōu)點，在各種數據存儲和信息交換場合得到了廣泛應用。然而，由于其安全機制的缺失，帶來了層出不窮的數據安全問題�，F有安全USB移動存儲解決方案不是安全機制不夠完善，就是安全功能缺乏硬件支持，本文從USB設備的底層硬件出發(fā)，對USB設備的數據安全問題進行了探索。 針對USB設備的安全威脅，本文總結了USB設備的安全需求，結合各類安全機制的實現特點，將USB系統(tǒng)的安全功能在各層次進行合理分配，基于此，建立了USB設備控制器安全模型，明確了USB設備控制器應實現的安全功能及其為上層提供的安全服務類型，同時，設計了安全USB設備控制器總體架構，為安全方案的設計及原型系統(tǒng)的實現提供理論依據。 依據安全USB設備控制器總體架構，遵循USB2.0協議規(guī)范，本文對安全USB設備控制器的基礎通信模塊和安全模塊進行了設計實現，為安全方案的實現提供硬件支持。 針對現有USB認證方案存在的安全缺陷，本文首先設計了適用于USB通信的認證密鑰協商協議，并用串空間模型的方法對協議的認證性和機密性進行了證明，然后，對協議進行了分析。分析結果表明，本協議不僅能對用戶、主機和設備進行認證，用協商出的密鑰保證USB總線數據的安全傳輸，而且能夠抵抗旁路攻擊、假冒攻擊、重放攻擊和總線監(jiān)聽等攻擊，，具有較高的安全性和較小的運算開銷。 基于以上工作，本文實現了原型系統(tǒng)，并對安全USB設備控制器的各部分功能進行了測試。測試結果表明：本文所設計的安全USB設備控制器工作正常，達到了預期的設計目標。本文設計了一款安全USB設備控制器，能為上層提供透明的、高強度的安全服務，對于提高USB設備的安全水平、推動USB技術在高安全領域的應用具有重要意義。
[Abstract]:With the further development of the information society, USB mobile storage equipment for its many advantages, has been widely used in various occasions of data storage and exchange of information. However, due to the lack of security mechanism, bring the problem of data security. The existing security emerge in an endless stream of USB mobile storage solutions is not a security mechanism is not perfect, is the lack of hardware security features this paper from the underlying hardware support, USB equipment, the data security problem of the USB device is studied.
According to the security threats of USB equipment, this paper summarizes the security requirements of USB equipment, combined with the characteristics of all kinds of security mechanism, the security function of USB system at all levels of reasonable allocation, based on this, a USB device controller, security model, security service type, clear security function of USB equipment control can be achieved and for the upper offers at the same time, design the overall architecture for secure USB device controller, and provide a theoretical basis for the design and implementation of security scheme and prototype system.
According to the overall architecture of the security USB device controller and following the USB2.0 protocol specification, this paper designs and implements the basic communication module and the security module of the USB device controller, providing hardware support for the realization of the security plan.
Aiming at the defects of the existing USB security authentication scheme, this paper design the authenticated key agreement protocol for USB communication, and authentication and confidentiality of the agreement by the method of strand space model are proved. Then, the protocol is analyzed. Analysis results show that this protocol can not only to the user, host and equipment certification, with the negotiation of a key to ensure the safety of data transmission of USB bus, but also can resist the attacks, impersonation attacks, replay attacks and bus snooping attacks, has high safety and less computation overhead.
Based on the above work, this paper implements a prototype system, and the security of USB device controller, the function of each part is tested. The test results show that the safety of USB device controller is designed in this paper, the design achieves the desired goals. This paper introduces the design of a secure USB device controller, can provide transparent security for the upper layer. The service of the high strength, to improve the safety level of USB equipment, has important significance to promote the application of USB technology in high security areas.

【學位授予單位】：解放軍信息工程大學
【學位級別】：碩士
【學位授予年份】：2013
【分類號】：TP333

【參考文獻】

相關期刊論文 前2條

1 易青松;蘇錦海;岳云天;戴紫彬;;基于CY7C68013安全U盤的硬件設計[J];計算機工程與設計;2007年06期

2 楊先文;李崢;王安;張宇;;USB1.1設備控制器IP核的設計與實現[J];小型微型計算機系統(tǒng);2010年11期

相關碩士學位論文 前1條

1 尹文浩;安全U盤設計及其在多密級文件管理中的應用[D];解放軍信息工程大學;2011年

本文編號：1528480