發(fā)布時間：2018-05-20 12:21

  本文選題：嵌入式系統(tǒng)安全 + 硬件攻擊　； 參考：《華中科技大學(xué)》2013年碩士論文

【摘要】：隨著嵌入式系統(tǒng)的廣泛應(yīng)用，嵌入式系統(tǒng)的安全問題逐漸引起人們的重視。其中，片外存儲器的安全問題是整個嵌入式系統(tǒng)安全問題中不可忽視的一部分。尤其在SOC系統(tǒng)中，攻擊者很容易通過對片外存儲器與SOC芯片之間的連線進行搭線偵聽，達到篡改或竊取片外存儲器中數(shù)據(jù)的目的，從而造成信息泄露，威脅到嵌入式系統(tǒng)的安全。目前已經(jīng)存在很多關(guān)于片外存儲安全方面的研究，這些研究一般是在片上微處理器和片外的存儲器之間增加安全防御模塊（硬件）。但是，在嵌入式系統(tǒng)中增加存儲器安全防御模塊（硬件）無疑會對整個系統(tǒng)的性能、存儲器開銷、SOC面積開銷等造成一定的負面影響。 本論文首先深入分析了嵌入式系統(tǒng)面臨的安全威脅，其中，重點分析了針對嵌入式系統(tǒng)片外存儲器的硬件攻擊模型。然后分析了保護片外存儲器的安全防御策略，即對片外存儲器進行機密性和完整性保護，并介紹了對機密性和完整性保護的措施。在此基礎(chǔ)上，提出了一種基于AES-GCM的片外存儲器加密與完整性保護的方法。本方法提出了雙層加解密機制，第一層對數(shù)據(jù)進行加解密，第二層對第一層產(chǎn)生的tag進行加解密。本方法對片外存儲器同時提供數(shù)據(jù)機密性和完整性保護，可以防御一系列典型的惡意攻擊，如欺騙攻擊、重放攻擊等。通過兩層加解密機制的配合，本方法在保證較高安全性的前提下，片內(nèi)存儲器開銷只有7.81%，而且性能損失比較小。 本論文對所提出的片外存儲器加密與完整性保護方法進行了硬件實現(xiàn)，并且將其放入LEON3系統(tǒng)中，構(gòu)建了仿真平臺。仿真結(jié)果表明，片外存儲器加密與完整性保護方法的功能正確。對針對片外存儲器的惡意攻擊，可以有效地給出報警信號，從而達到保護片外存儲器安全的目的。
[Abstract]:With the wide application of embedded system, people pay more and more attention to the security of embedded system. The security of out-of-chip memory is one of the most important problems in embedded system. Especially in SOC system, it is easy for an attacker to tamper with or steal the data in the out-of-chip memory by listening to the connection between the out-of-chip memory and the SOC chip, thus causing information disclosure. It threatens the security of embedded system. At present, there are many researches on the security of off-chip storage. These researches generally add the security defense module (hardware) between the on-chip microprocessor and the off-chip memory. However, adding memory security defense module (hardware) to embedded system will undoubtedly have a negative impact on the performance of the whole system, memory overhead and SOC area overhead. In this paper, the security threats faced by embedded system are analyzed in depth, and the hardware attack model of embedded system off-chip memory is analyzed. Then, the security defense strategy to protect the off-chip memory is analyzed, that is, the confidentiality and integrity of the off-chip memory are protected, and the measures to protect the confidentiality and integrality are introduced. On the basis of this, a method of encryption and integrity protection of off-chip memory based on AES-GCM is proposed. The method proposes a double layer encryption and decryption mechanism. The first layer encrypts and decrypts the data, and the second layer encrypts the tag generated by the first layer. The method provides both data confidentiality and integrity protection to off-chip memory and can protect against a series of typical malicious attacks such as spoofing attacks replay attacks and so on. With the cooperation of the two-layer encryption and decryption mechanism, the in-chip memory overhead is only 7.81, and the performance loss is relatively small under the premise of high security. In this paper, the proposed method of off-chip memory encryption and integrity protection is implemented in hardware, and the simulation platform is constructed by putting it into LEON3 system. The simulation results show that the functions of the encryption and integrity protection method are correct. In order to protect the security of off-chip memory, the alarm signal can be effectively given to the malicious attack against off-chip memory.
【學(xué)位授予單位】：華中科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2013
【分類號】：TP333

【參考文獻】

相關(guān)期刊論文 前8條

1 郭春霞,裘雪紅;嵌入式系統(tǒng)安全的研究與設(shè)計[J];電子科技;2005年08期

2 吳景紅;李朋;劉柳柳;;SPARC處理器啟動代碼的分析與編程[J];機電產(chǎn)品開發(fā)與創(chuàng)新;2008年06期

3 許俊賢;張祥;李童;;SPARC體系結(jié)構(gòu)[J];計算機研究與發(fā)展;1990年11期

4 侯方勇,王志英,劉真;基于Hash樹熱點窗口的存儲器完整性校驗方法[J];計算機學(xué)報;2004年11期

5 胡榮群;羅杰;;嵌入式系統(tǒng)的安全分析[J];計算機與現(xiàn)代化;2007年02期

6 李洪;毛志剛;;PLRU替換算法在嵌入式系統(tǒng)cache中的實現(xiàn)[J];微處理機;2010年01期

7 李子磊;劉政林;霍文捷;鄒雪城;;高吞吐率XTS-AES加密算法的硬件實現(xiàn)[J];微電子學(xué)與計算機;2011年04期

8 龔永紅;梅衛(wèi)平;蔣曉華;唐芳福;黃琳;顏軍;;32位嵌入式處理器S698的SPARC V8指令集[J];電子元器件應(yīng)用;2007年11期

，

本文編號：1914601