【摘要】：智能終端在生活和工作的不同場(chǎng)景中扮演著非常重要的角色,越來(lái)越多的用戶個(gè)人隱私存儲(chǔ)其中。保障數(shù)據(jù)安全的問(wèn)題變得尤為突出,用戶往往通過(guò)設(shè)定相應(yīng)的密碼來(lái)驗(yàn)證身份來(lái)防止數(shù)據(jù)泄漏的意外發(fā)生。不過(guò)為提高密碼的安全強(qiáng)度,用戶就不得不記憶復(fù)雜的密碼和執(zhí)行頻繁的密碼輸入等諸多行為,因此大大影響了用戶的體驗(yàn)。不過(guò)伴隨生物識(shí)別技術(shù)的快速應(yīng)用推廣,其方便快捷的特性得到了廣泛的認(rèn)可。譬如,指紋識(shí)別技術(shù)正在快速的應(yīng)用于智能終端領(lǐng)域,替代傳統(tǒng)的密碼驗(yàn)證方式,采用識(shí)別比對(duì)用戶的指紋信息來(lái)安全快速的實(shí)現(xiàn)身份驗(yàn)證行為。因此,如何確保指紋識(shí)別的安全性,保證識(shí)別過(guò)程安全可靠的問(wèn)題也日益凸顯出來(lái)。目前出現(xiàn)的一個(gè)可信執(zhí)行環(huán)境(Trusted Execution Environment,TEE)的概念,旨在為可信應(yīng)用程序提供安全執(zhí)行環(huán)境。其中該安全執(zhí)行環(huán)境的概念可以從三種機(jī)制中實(shí)現(xiàn),包括Intel的TXT及AMD的SVM均可提供安全執(zhí)行環(huán)境;ARM Trust Zone安全技術(shù),直接在CPU上提供非安全區(qū)域和安全區(qū)域的隔離機(jī)制;Hypervisor/VMM虛擬化機(jī)制,提供安全應(yīng)用與非安全應(yīng)用之間的隔離。嵌入式平臺(tái)中廣泛使用的ARM處理器提供了Trust Zone的安全擴(kuò)展機(jī)制,將SOC軟硬資源劃分為操作關(guān)鍵資源的可信執(zhí)行環(huán)境和操作其它資源的普通執(zhí)行環(huán)境(Rich Execution Environment,REE),旨在從處理器硬件架構(gòu)的基礎(chǔ)上搭建安全框架,從而確保設(shè)備抵御眾多的潛在威脅。本文旨在解決智能終端領(lǐng)域所存在的諸多安全問(wèn)題,結(jié)合ARM Trust Zone安全擴(kuò)展技術(shù),并根據(jù)生物特性的指紋識(shí)別思想,提出了一種基于Trust Zone的指紋識(shí)別安全框架,為指紋識(shí)別應(yīng)用提供可信執(zhí)行環(huán)境,防止?jié)撛趷阂獬绦虻墓舸_保指紋識(shí)別過(guò)程的安全可靠,同時(shí)為了確保指紋信息的安全性,提供受Trust Zone保護(hù)的用于指紋數(shù)據(jù)及特征安全加密的密鑰,以保證其不被竊取。此外,設(shè)計(jì)實(shí)現(xiàn)了指紋數(shù)據(jù)的安全傳輸通道及其通訊協(xié)議,確保指紋傳輸過(guò)程的安全性。最后方案設(shè)計(jì)并且實(shí)現(xiàn)了一個(gè)原型系統(tǒng),借助于實(shí)驗(yàn)的方式驗(yàn)證該方案的有效性,其實(shí)驗(yàn)結(jié)果也證明了本文所提技術(shù)和方法的可行性。
[Abstract]:Intelligent terminals play a very important role in different scenes of life and work, and more users store them in their personal privacy. The problem of ensuring data security has become particularly prominent. Users often use the corresponding password to verify the identity to prevent the accidental occurrence of data leakage. However, in order to improve the security intensity of passwords, users have to remember complex passwords and execute frequent password inputs, which greatly affects the user experience. However, with the rapid application and popularization of biometric technology, its convenient and fast characteristics have been widely recognized. For example, fingerprint identification technology is rapidly applied to the field of intelligent terminals, replacing the traditional password verification method, using identification comparison to the user's fingerprint information to achieve secure and fast authentication behavior. Therefore, the problem of how to ensure the security of fingerprint recognition and ensure the safety and reliability of the recognition process is becoming more and more prominent. The concept of a trusted execution environment (Trusted Execution Environment,TEE) is designed to provide a secure execution environment for trusted applications. The concept of secure execution environment can be implemented from three mechanisms, including TXT of Intel and SVM of AMD, which can provide secure execution environment; ARM Trust Zone security technology, and provide isolation mechanism of non-secure area and secure area directly on CPU. Hypervisor/VMM virtualization mechanism, which provides isolation between secure and insecure applications. ARM processor, which is widely used in embedded platform, provides a security extension mechanism of Trust Zone, which divides SOC soft and hard resources into trusted execution environment for operating key resources and common execution environment for operating other resources (Rich Execution Environment,REE). The purpose of this paper is to build a security framework based on processor hardware architecture to ensure that devices resist many potential threats. The purpose of this paper is to solve many security problems in the field of intelligent terminal. Combined with ARM Trust Zone security extension technology, and according to the idea of fingerprint recognition based on biological characteristics, a fingerprint recognition security framework based on Trust Zone is proposed. It provides a trusted execution environment for fingerprint identification applications, prevents attacks by potential malicious programs to ensure the security of fingerprint identification process, and at the same time, in order to ensure the security of fingerprint information, Provide Trust Zone protected keys for fingerprint data and feature security encryption to ensure that they are not stolen. In addition, the secure transmission channel and communication protocol of fingerprint data are designed and implemented to ensure the security of fingerprint transmission process. Finally, a prototype system is designed and implemented, and the effectiveness of the scheme is verified by experiments. The experimental results also prove the feasibility of the proposed technology and method.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TN929.53

【相似文獻(xiàn)】

相關(guān)期刊論文 前3條

1 溫研;劉波;王懷民;;基于本地虛擬化技術(shù)的安全虛擬執(zhí)行環(huán)境[J];計(jì)算機(jī)工程與科學(xué);2008年04期

2 敬軍;郝福珍;徐東華;;國(guó)產(chǎn)自主平臺(tái)下可信執(zhí)行環(huán)境的設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)工程與設(shè)計(jì);2012年10期

3 ;[J];;年期

相關(guān)會(huì)議論文 前1條

1 李亞;康健;李習(xí)彬;;政策實(shí)驗(yàn)室:政策執(zhí)行環(huán)境的模擬系統(tǒng)[A];西部開(kāi)發(fā)與系統(tǒng)工程——中國(guó)系統(tǒng)工程學(xué)會(huì)第12屆年會(huì)論文集[C];2002年

相關(guān)重要報(bào)紙文章 前10條

1 本報(bào)記者 李旭陽(yáng);構(gòu)建移動(dòng)終端可信執(zhí)行環(huán)境[N];計(jì)算機(jī)世界;2014年

2 山東省東營(yíng)市中級(jí)人民法院 李貫英 山東省東營(yíng)市東營(yíng)區(qū)人民法院 王麗;依法協(xié)助執(zhí)行 優(yōu)化執(zhí)行環(huán)境[N];人民法院報(bào);2013年

3 ;金華法院執(zhí)行環(huán)境專項(xiàng)整治出成效[N];人民法院報(bào);2003年

4 岳躍國(guó);執(zhí)行環(huán)境標(biāo)準(zhǔn)豈容玩貓膩？[N];中國(guó)環(huán)境報(bào);2014年

5 記者 黃獻(xiàn)安;浙江不斷優(yōu)化執(zhí)行環(huán)境[N];人民法院報(bào);2004年

6 記者　 張寬明 通訊員　 晏祥龍;榮辱觀教育優(yōu)化宿遷執(zhí)行環(huán)境[N];人民法院報(bào);2006年

7 本報(bào)記者　 張羽馨;淮安：外抓執(zhí)行環(huán)境 內(nèi)抓規(guī)范管理[N];江蘇法制報(bào);2006年

8 記者 趙向南 通訊員 金俊賢;俺村街道不比城里差[N];山西日?qǐng)?bào);2003年

9 住房和城鄉(xiāng)建設(shè)部副部長(zhǎng) 齊驥;健全制度 加強(qiáng)配合 創(chuàng)造良好執(zhí)行環(huán)境[N];人民法院報(bào);2008年

10 記者 黃獻(xiàn)安 通訊員 余建華;浙江提出提高六個(gè)方面能力[N];人民法院報(bào);2005年

相關(guān)碩士學(xué)位論文 前6條

1 張亞飛;基于可信執(zhí)行環(huán)境的智能密碼鑰匙設(shè)計(jì)與實(shí)現(xiàn)[D];西安電子科技大學(xué);2014年

2 劉志偉;基于TrustZone的智能手機(jī)安全技術(shù)研究與實(shí)現(xiàn)[D];電子科技大學(xué);2016年

3 黃澤群;面向融合的業(yè)務(wù)平臺(tái)中業(yè)務(wù)執(zhí)行環(huán)境的優(yōu)化設(shè)計(jì)與實(shí)現(xiàn)[D];北京郵電大學(xué);2008年

4 王熙友;ARM TrustZone安全隔離技術(shù)研究與應(yīng)用[D];電子科技大學(xué);2013年

5 龔濤;基于SOA的泛在多節(jié)點(diǎn)業(yè)務(wù)協(xié)同執(zhí)行環(huán)境的研究與實(shí)現(xiàn)[D];北京郵電大學(xué);2013年

6 肖漢波;CPU/GPU異構(gòu)多核虛擬執(zhí)行環(huán)境框架的設(shè)計(jì)與實(shí)現(xiàn)[D];上海交通大學(xué);2010年

，

本文編號(hào)：2478423