【摘要】：隨著三網(wǎng)融合大勢(shì)的到來,終端智能化趨勢(shì)已明朗,而基于智能操作系統(tǒng)的智能終端產(chǎn)品更成為未來發(fā)展的趨勢(shì)。陜西廣電網(wǎng)絡(luò)結(jié)合了全省數(shù)字電視網(wǎng)絡(luò)發(fā)展?fàn)顩r與日益增長(zhǎng)的用戶個(gè)性化需求,研發(fā)出了基于國家廣電總局TVOS智能操作系統(tǒng)的智能終端機(jī)頂盒,并且已通過總局的標(biāo)準(zhǔn)性測(cè)試。然而在終端智能、網(wǎng)絡(luò)互聯(lián)、業(yè)務(wù)多元、信息共享的開放環(huán)境下,安全挑戰(zhàn)日益嚴(yán)峻,在充分認(rèn)識(shí)到安全挑戰(zhàn)的強(qiáng)度與廣度,深入分析其它智能操作系統(tǒng)面臨的系統(tǒng)侵入、信息盜取等安全問題后,TVOS智能終端的安全問題被提上了日程,TVOS智能終端的安全是保障終端可靠運(yùn)行、業(yè)務(wù)有序開展、用戶安心使用的根基。本文在深入分析研究了TVOS硬件結(jié)構(gòu)和軟件架構(gòu)及其主要業(yè)務(wù)功能的實(shí)現(xiàn)機(jī)制后,主要針對(duì)系統(tǒng)刷機(jī)、違規(guī)應(yīng)用、系統(tǒng)侵入等重點(diǎn)安全問題,提出了適用于TVOS智能終端機(jī)頂盒的安全方案并詳細(xì)論述了方案的設(shè)計(jì)實(shí)現(xiàn)方法。該安全方案主要分為如下兩個(gè)方面:1.終端安全體系的設(shè)計(jì)與實(shí)現(xiàn)部分主要討論了終端在運(yùn)行過程中所涉及的各個(gè)層級(jí)的安全實(shí)現(xiàn)方案:將底層OTP安全芯片作為終端安全體系的基礎(chǔ),并采用了密碼學(xué)與軟件工程學(xué)等多種安全技術(shù)手段,向上聯(lián)通TVOS操作系統(tǒng)內(nèi)核層、組件層、執(zhí)行環(huán)境層、應(yīng)用框架層,與TVOS各功能層級(jí)有機(jī)協(xié)同,形成了相互支撐、協(xié)同聯(lián)動(dòng)的層次化安全防護(hù)機(jī)制,具備了硬件安全、軟件安全、網(wǎng)絡(luò)安全、數(shù)據(jù)安全、應(yīng)用安全等全方位的安全防護(hù)能力。2.前端安全平臺(tái)的設(shè)計(jì)與實(shí)現(xiàn)部分主要討論了數(shù)據(jù)在傳遞過程中安全信任鏈的傳遞過程,并針對(duì)數(shù)據(jù)的安全傳遞所涉及的密鑰的安全生成、安全管理和安全流轉(zhuǎn)提出了TVOS前端安全平臺(tái)實(shí)現(xiàn)方案,包括密鑰/證書的的管理實(shí)現(xiàn)、簽名管理實(shí)現(xiàn)與應(yīng)用管理的實(shí)現(xiàn):前端安全平臺(tái)通過采用B/S架構(gòu)的WEB頁面管理并生成密鑰及數(shù)字證書,完成相應(yīng)OTP芯片、TVOS操作系統(tǒng)鏡像、BootLoader、TVOS應(yīng)用的安全簽名與簽名前后文件的傳輸,并可完成TVOS終端應(yīng)用認(rèn)證管理、應(yīng)用黑白名單管理及每個(gè)TVOS應(yīng)用的權(quán)限管理。本文所設(shè)計(jì)的TVOS智能終端安全方案,涵蓋了TVOS智能終端機(jī)頂盒運(yùn)營過程中所面臨的所有安全問題。該方案首先保證了可信的TVOS執(zhí)行環(huán)境,其次為TVOS所搭載的各應(yīng)用程序提供了可信的安全環(huán)境,最后保證了可信的軟件在終端設(shè)備的可靠使用。TVOS智能終端機(jī)頂盒安全方案,不僅可充分滿足廣播電視安全管控的需求,也保障了三網(wǎng)融合業(yè)務(wù)安全開展。
[Abstract]:With the coming of the integration of three networks, the trend of terminal intelligence has become clear, and the intelligent terminal product based on intelligent operating system has become the trend of future development. According to the development of digital TV network and the increasing demand of user personalization, Shaanxi Radio and Television Network has developed an intelligent terminal set-top box based on TVOS intelligent operating system of State Administration of Radio, Film and Television, and has passed the standard test of the General Administration of Radio, Film and Television (SARFT). However, in the open environment of terminal intelligence, network interconnection, multi-business and information sharing, the security challenge is becoming more and more serious. Aware of the strength and breadth of the security challenge, we deeply analyze the system intrusion faced by other intelligent operating systems. After the security problems such as information theft and so on, the security problem of TVOS intelligent terminal has been put on the agenda. The security of TVOS intelligent terminal is the foundation to ensure the reliable operation of the terminal, the orderly development of business, and the user's peace of mind to use it. After deeply analyzing and studying the hardware structure and software architecture of TVOS and the realization mechanism of its main business functions, this paper mainly aims at the key security problems such as system brushing machine, illegal application, system intrusion and so on. This paper presents a security scheme for TVOS intelligent terminal set-top box and discusses the design and implementation of the scheme in detail. The security scheme is divided into two main areas: 1. In the part of the design and implementation of terminal security architecture, we mainly discuss the security implementation scheme of every level involved in the operation of the terminal: taking the bottom OTP security chip as the base of the terminal security system, Several security techniques, such as cryptography and software engineering, are adopted to connect the inner core layer, component layer, execution environment layer, application framework layer of TVOS operating system upward, and organically cooperate with each other to support each other at each function level of TVOS. The hierarchical security protection mechanism of collaborative linkage has the comprehensive security protection capability of hardware security, software security, network security, data security, application security and so on. The design and implementation of the front-end security platform mainly discusses the transfer process of the secure trust chain in the process of data transmission, and aims at the secure generation of the key involved in the secure transmission of the data. Security management and security flow proposed TVOS front-end security platform implementation scheme, including key / certificate management implementation, The implementation of signature management and application management: the front-end security platform completes the corresponding OTP chip, TVOS operating system mirror, BootLoader, by using the WEB page management and generating the key and digital certificate. The secure signature of the TVOS application and the transfer of the files before and after the signature, and can complete the authentication management of the TVOS terminal application, the management of the black-and-white list and the authority management of each TVOS application. The security scheme of TVOS intelligent terminal designed in this paper covers all the security problems in the operation of TVOS intelligent terminal set-top box. First, this scheme guarantees a trusted TVOS execution environment, secondly, it provides a trusted security environment for the applications on TVOS. Finally, it ensures the reliable use of trusted software in the end devices. TVOS intelligent terminal set-top box security scheme, Not only can fully meet the needs of radio and television security control, but also to ensure the security of triple play business.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TN949.197

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 孫庭;姚輝軍;莊];;基于廣電網(wǎng)絡(luò)的智能終端安全解決方案[J];電視技術(shù);2014年06期

2 胡穎;;公開密鑰加密體系和數(shù)字簽名技術(shù)的研究[J];計(jì)算機(jī)光盤軟件與應(yīng)用;2013年11期

3 劉璞;于璐;徐志德;;智能終端操作系統(tǒng)比較分析與應(yīng)用研究[J];移動(dòng)通信;2013年05期

4 姚一楠;于璐;何桂立;;Android平臺(tái)的安全挑戰(zhàn)及應(yīng)對(duì)措施[J];現(xiàn)代電信科技;2012年09期

5 雷靈光;張中文;王躍武;王雷;;Android系統(tǒng)代碼簽名驗(yàn)證機(jī)制的實(shí)現(xiàn)及安全性分析[J];信息網(wǎng)絡(luò)安全;2012年08期

6 張中文;雷靈光;王躍武;;Android Permission機(jī)制的實(shí)現(xiàn)與安全分析[J];信息網(wǎng)絡(luò)安全;2012年08期

7 陳佳聞;;Linux進(jìn)程調(diào)度策略的分析[J];山東農(nóng)業(yè)大學(xué)學(xué)報(bào)(自然科學(xué)版);2012年02期

8 符易陽;周丹平;;Android安全機(jī)制分析[J];信息網(wǎng)絡(luò)安全;2011年09期

9 周藝瓊;梁聲灼;;基于加密和信息隱藏技術(shù)的數(shù)據(jù)安全傳輸[J];微計(jì)算機(jī)信息;2009年24期

10 劉克勝;王忠壽;;API Hook關(guān)鍵技術(shù)解析[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2006年11期

，

本文編號(hào)：2458991