本文關(guān)鍵詞： 安全USB設(shè)備控制器 USBIP核 認(rèn)證密鑰協(xié)商協(xié)議 串空間　出處：《解放軍信息工程大學(xué)》2013年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著信息化社會(huì)的進(jìn)一步深入，USB移動(dòng)存儲(chǔ)設(shè)備以其諸多優(yōu)點(diǎn)，在各種數(shù)據(jù)存儲(chǔ)和信息交換場(chǎng)合得到了廣泛應(yīng)用。然而，由于其安全機(jī)制的缺失，帶來(lái)了層出不窮的數(shù)據(jù)安全問(wèn)題�，F(xiàn)有安全USB移動(dòng)存儲(chǔ)解決方案不是安全機(jī)制不夠完善，就是安全功能缺乏硬件支持，本文從USB設(shè)備的底層硬件出發(fā)，對(duì)USB設(shè)備的數(shù)據(jù)安全問(wèn)題進(jìn)行了探索。 針對(duì)USB設(shè)備的安全威脅，本文總結(jié)了USB設(shè)備的安全需求，結(jié)合各類安全機(jī)制的實(shí)現(xiàn)特點(diǎn)，將USB系統(tǒng)的安全功能在各層次進(jìn)行合理分配，基于此，建立了USB設(shè)備控制器安全模型，明確了USB設(shè)備控制器應(yīng)實(shí)現(xiàn)的安全功能及其為上層提供的安全服務(wù)類型，同時(shí)，設(shè)計(jì)了安全USB設(shè)備控制器總體架構(gòu)，為安全方案的設(shè)計(jì)及原型系統(tǒng)的實(shí)現(xiàn)提供理論依據(jù)。 依據(jù)安全USB設(shè)備控制器總體架構(gòu)，遵循USB2.0協(xié)議規(guī)范，本文對(duì)安全USB設(shè)備控制器的基礎(chǔ)通信模塊和安全模塊進(jìn)行了設(shè)計(jì)實(shí)現(xiàn)，為安全方案的實(shí)現(xiàn)提供硬件支持。 針對(duì)現(xiàn)有USB認(rèn)證方案存在的安全缺陷，本文首先設(shè)計(jì)了適用于USB通信的認(rèn)證密鑰協(xié)商協(xié)議，并用串空間模型的方法對(duì)協(xié)議的認(rèn)證性和機(jī)密性進(jìn)行了證明，然后，對(duì)協(xié)議進(jìn)行了分析。分析結(jié)果表明，本協(xié)議不僅能對(duì)用戶、主機(jī)和設(shè)備進(jìn)行認(rèn)證，用協(xié)商出的密鑰保證USB總線數(shù)據(jù)的安全傳輸，而且能夠抵抗旁路攻擊、假冒攻擊、重放攻擊和總線監(jiān)聽等攻擊，，具有較高的安全性和較小的運(yùn)算開銷。 基于以上工作，本文實(shí)現(xiàn)了原型系統(tǒng)，并對(duì)安全USB設(shè)備控制器的各部分功能進(jìn)行了測(cè)試。測(cè)試結(jié)果表明：本文所設(shè)計(jì)的安全USB設(shè)備控制器工作正常，達(dá)到了預(yù)期的設(shè)計(jì)目標(biāo)。本文設(shè)計(jì)了一款安全USB設(shè)備控制器，能為上層提供透明的、高強(qiáng)度的安全服務(wù)，對(duì)于提高USB設(shè)備的安全水平、推動(dòng)USB技術(shù)在高安全領(lǐng)域的應(yīng)用具有重要意義。
[Abstract]:With the further development of the information society, USB mobile storage equipment for its many advantages, has been widely used in various occasions of data storage and exchange of information. However, due to the lack of security mechanism, bring the problem of data security. The existing security emerge in an endless stream of USB mobile storage solutions is not a security mechanism is not perfect, is the lack of hardware security features this paper from the underlying hardware support, USB equipment, the data security problem of the USB device is studied.
According to the security threats of USB equipment, this paper summarizes the security requirements of USB equipment, combined with the characteristics of all kinds of security mechanism, the security function of USB system at all levels of reasonable allocation, based on this, a USB device controller, security model, security service type, clear security function of USB equipment control can be achieved and for the upper offers at the same time, design the overall architecture for secure USB device controller, and provide a theoretical basis for the design and implementation of security scheme and prototype system.
According to the overall architecture of the security USB device controller and following the USB2.0 protocol specification, this paper designs and implements the basic communication module and the security module of the USB device controller, providing hardware support for the realization of the security plan.
Aiming at the defects of the existing USB security authentication scheme, this paper design the authenticated key agreement protocol for USB communication, and authentication and confidentiality of the agreement by the method of strand space model are proved. Then, the protocol is analyzed. Analysis results show that this protocol can not only to the user, host and equipment certification, with the negotiation of a key to ensure the safety of data transmission of USB bus, but also can resist the attacks, impersonation attacks, replay attacks and bus snooping attacks, has high safety and less computation overhead.
Based on the above work, this paper implements a prototype system, and the security of USB device controller, the function of each part is tested. The test results show that the safety of USB device controller is designed in this paper, the design achieves the desired goals. This paper introduces the design of a secure USB device controller, can provide transparent security for the upper layer. The service of the high strength, to improve the safety level of USB equipment, has important significance to promote the application of USB technology in high security areas.

【學(xué)位授予單位】：解放軍信息工程大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2013
【分類號(hào)】：TP333

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 易青松;蘇錦海;岳云天;戴紫彬;;基于CY7C68013安全U盤的硬件設(shè)計(jì)[J];計(jì)算機(jī)工程與設(shè)計(jì);2007年06期

2 楊先文;李崢;王安;張宇;;USB1.1設(shè)備控制器IP核的設(shè)計(jì)與實(shí)現(xiàn)[J];小型微型計(jì)算機(jī)系統(tǒng);2010年11期

相關(guān)碩士學(xué)位論文 前1條

1 尹文浩;安全U盤設(shè)計(jì)及其在多密級(jí)文件管理中的應(yīng)用[D];解放軍信息工程大學(xué);2011年

本文編號(hào)：1528480