基于FPGA和LwIP的网络打印安全体系结构研究与系统设计

发布时间：2018-06-20 17:18

本文选题：网络打印机 + 嵌入式防火墙　；参考：《西安电子科技大学》2013年硕士论文

【摘要】：随着网络的日益普及，我们已经进入到网络时代，网络成为了数据传输和信息交换的主要媒介。网络打印机以其快捷的网络接入方式和方便的操作控制，赢得了越来越多的用户青睐。但是，由于成本和利润的限制，网络打印机的安全问题并没有得到大多数打印机生产厂商的足够重视，虽有少量网络打印机嵌入式防火墙产品，也因为其本身的架构、成本等问题得不到很好的推广与应用。所以，人们在从网络打印获得方便的同时也面临着严峻的安全问题。本文在对网络打印安全的体系结构进行研究的基础上，通过分析现有四种主流嵌入式防火墙的架构，结合处理性能、扩展性、灵活性、开发难度、开发周期、开发成本以及知识产权等方面的因素，选用FPGA架构对网络打印机嵌入式防火墙进行了设计。由于FPGA架构嵌入式防火墙通常依赖Linux操作系统中的Netfilter/Iptables实现防火墙功能，一方面，增加了系统对资源的消耗；另一方面，如果Linux操作系统受到攻击，那么防火墙的功能将受到破坏。为了弥补FPGA架构嵌入式防火墙的这一缺点，本文采用最新的融合SOPC技术的FPGA嵌入式系统开发的方法，提出一种以FPGA和LwIP为核心并不依赖操作系统的网络打印机嵌入式防火墙，即快速搭建嵌入式处理器系统的硬件，在嵌入式微处理器上直接运行TCP/IP协议栈LwIP实现通信协议来进行网络数据的解析和打包，开发基于LwIP的用户应用程序实现双网卡通信，，利用定制的硬件逻辑即用户IP核实现防火墙过滤和数据解密。通过以上方式，可以在保证处理性能的前提下，增强系统的安全可靠性、扩展性、灵活性和稳定性，降低系统的资源消耗和开发成本。通过对嵌入式防火墙的测试表明，所设计的嵌入式防火墙能够很好的满足系统设计初衷。
[Abstract]:With the increasing popularity of the network, we have entered the network era, the network has become the main medium of data transmission and information exchange. Network printer has won more and more users with its quick network access and convenient operation control. However, due to the limitation of cost and profit, the security of network printer has not been paid enough attention by most printer manufacturers. Although there are a few embedded firewall products of network printer, but also because of its own structure, Cost and other problems can not be well promoted and applied. Therefore, people are faced with severe security problems while obtaining convenience from network printing. Based on the research of network printing security architecture, this paper analyzes the architecture of four mainstream embedded firewalls, combining processing performance, expansibility, flexibility, development difficulty, development cycle, etc. Based on the development cost and intellectual property, FPGA architecture is used to design the embedded firewall of network printer. Because the embedded firewall based on FPGA usually relies on Netfilter / IptabLes in Linux operating system to realize firewall function, on the one hand, it increases the system's consumption of resources; on the other hand, if the Linux operating system is attacked, Then the functionality of the firewall will be compromised. In order to make up for this shortcoming of FPGA architecture embedded firewall, this paper proposes a network printer embedded firewall based on FPGA and LwIP, which is based on FPGA and LwIP, and adopts the latest development method of FPGA embedded system which integrates SOPC technology. That is, build the hardware of embedded processor system quickly, run TCP / IP protocol stack directly on embedded microprocessor to realize the communication protocol to parse and package the network data, develop the user application program based on LwIP to realize the communication of double network card. The user IP core is used to filter the firewall and decrypt the data using the custom hardware logic. Under the premise of ensuring the processing performance, the security reliability, expansibility, flexibility and stability of the system can be enhanced, and the resource consumption and development cost of the system can be reduced. The test of embedded firewall shows that the designed embedded firewall can well meet the original intention of the system design.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP393.08

【参考文献】