智慧家庭中多网络融合终端安全关键技术研究

发布时间：2018-07-03 17:30

本文选题：传感器网络 + WLAN-3G　；参考：《西安电子科技大学》2015年博士论文

【摘要】：智慧家庭中的终端设备通过网络实现家庭内部各种家用电子电器产品之间及其与外部设备的互联互通,能够便捷地实现互动娱乐、信息服务与智能控制,为家庭成员提供更加丰富的服务。随着网络技术和信息技术的发展,承载了多种网络和多类业务的融合终端产品也越来越多。在各种网络之间的信息交换,由于各网络的目的、速率、覆盖范围、服务能力、应用对象、运营管理、安全方案等多个方面常常不一致。这些终端在进行互联互通的时候,除了面临原网络的安全问题还引入了网络融合时的安全问题。本论文的主要研究解决传感网络与互联网进行融合时的用户认证问题,无线局域网与移动互联网的融合时的用户认证问题,剖析了具有代表性的多网络融合终端产品智能电视终端的安全问题,并提出了相应的解决方案。为了系统的分析和解决在智慧家庭中多网络融合终端所面临的安全问题,研究对象选取了智慧家庭的三大核心网络(传感器网络、移动通信网、WLAN)及相应的终端产品。本文中研究的主要内容包括:传感器网络自身的安全问题;传感器网络与互联网在融合时的安全;移动通信网与WLAN融合的安全问题及终端在应用中的安全问题。其中传感器网络是智慧家庭中最核心的数据采集网络,传感器网络的应用是智慧家庭的最重要特征,它的安全对于智慧家庭安全非常重要。传感器网络采集的数据需要同互联网进行交换处理,这就需要对他们融合时的安全问题进行研究。随着智能终端的大量应用,移动通信网如何同WLAN进行无缝、安全的融合也变得非常重要。主要的研究方法是通过分析研究国内外已有的主流协议或方法,分析其原理、特点和优劣势,在其基础上进行改进,并通过分析和仿真对改进的协议和方法进行验证。研究工作受到了国家自然科学基金-广东联合基金(U0835004):“数字家庭无线网络体系结构及兼容性理论与技术研究”;国家高技术研究发展计划(863计划):“新一代数字电视关键技术研究及验证(2012AA011706)”的资助。论文主要包括四个部分的内容:第一部分的研究主要针对现有传感器网络的网络体系结构、主要威胁模型、常见的传感器网络访问控制方式进行研究。研究了传统的访问控制机制,分析了国内外主流的访问控制方式的特点,了解了其开销大,终端节点容易被捕获、易受拒绝攻击和信息重放的缺陷,同时为了增加用户数量、访问能力的可扩展性以及抵制用户捕获攻击,研究了访问控制方式和用户访问能力撤销方式,相关机制在开销不变的情况下提高了相关的安全能力,具有更加丰富的应用场景。第二部分研究主要针对传感器网络与互联网融合的安全问题。分析了他们在融合时的主要安全问题,针对其中动态用户认证协议的安全问题进行了深入研究,在分析国内外主流的动态用户认证协议的基础上。设计了一种新的动态用户认证协议,进行了改进。改进的协议在保持协议轻量、高效特点的同时,增强了防御伪装网关重放攻击,拒绝服务攻击的能力,而且口令的更新更加方便。第三部分研究主要针对移动通信网络同WLAN融合中出现的问题。针对该问题,选取3G作为移动通信的代表技术。对目前已有的融合方案:第三代合作伙伴计划(3GPP)组织针对移动通信与WLAN网络融合提出的互联方案和三种互联结构及可扩展认证和秘钥协商协议(EAP-AKA)方案进行分析。针对EAP-AKA协议存在的问题,引入了我国自主知识产权WAPI-移动通信网的互联结构模型,并在其基础上设计了认证协议EAP-WAPI。针对其统一接入认证问题,文中对该方案进行改进。分析和仿真结果表明,相比于原有的WAPI认证协议WAPI-XG1,EAP-WAPI协议改进了认证交互过程,提高了执行效率。第四部分研究主要针对传统家电设备日益网络、智能化、融合化所面临的安全问题进行分析,选取了家庭中研究较少,比较有代表性的产品--智能电视进行了研究。指出了智能电视所面临的安全威胁和安全系统架构。并设计了一套身份认证管理系统的架构和流程。智能电视安全问题和威胁分析的部分内容被吸纳进我国智能电视行业标准中,安全系统的设计也为标准的研制提供了有效的素材。同时对研究内容转化为标准也进行了有益的探索和尝试。
[Abstract]:The terminal equipment in the intelligent family realizes intercommunication between various household electronic and electrical products within the family and its external equipment through the network. It can conveniently realize interactive entertainment, information service and intelligent control, and provide more rich services for family members. With the development of network and information technology, it carries a variety of networks. There are more and more terminal products of collaterals and multi class services. The exchange of information between various networks is often inconsistent with the goals, rates, coverage, service capabilities, application objects, operation management, and security schemes of each network. These terminals are confronted with the security problems of the original network when they are interconnected. The main research of this paper is to solve the user authentication problem of the fusion of the sensor network and the Internet, the problem of user authentication when the wireless LAN and the mobile Internet are fused, and analyze the security problems of the representative multi network fusion terminal product intelligent TV terminal. In order to systematically analyze and solve the security problems faced by the multi network fusion terminal in the intelligent family, the research object selected three core networks of the intelligent family (sensor network, mobile communication network, WLAN) and the corresponding terminal products. The main contents of this paper include: the sensor network itself Security issues; the security of the fusion of sensor networks and the Internet, the security problems of the fusion of mobile communication networks and the WLAN and the security of the terminal in the application. The sensor network is the most important data collection network in the intelligent family, and the application of the sensor network is the most important feature of the Hui's house, and its security is to the intelligent Hui's home The security of the network is very important. The data collected by the sensor network needs to be exchanged with the Internet. This needs to study the security problems of their fusion. With the large application of the intelligent terminal, it is not very important how the mobile communication network can be seamless and secure with the WLAN. The main research method is through the analysis and research. Study the principles, characteristics and advantages and disadvantages of the existing mainstream protocols and methods at home and abroad. On the basis of their improvement, the improved protocols and methods are verified by analysis and simulation. The research is subject to the National Natural Science Foundation of Guangdong (U0835004): "digital home wireless network architecture and compatibility theory." Research and technology research "; national high technology research and development plan (863 plan):" the new generation of digital television key technology research and verification (2012AA011706) ". The paper mainly includes four parts: the first part of the research is mainly aimed at the network architecture of the existing sensor networks, the main threat models, the common sensors The traditional access control mode is studied. The traditional access control mechanism is studied, and the characteristics of the mainstream access control methods at home and abroad are analyzed. It is understood that its overhead is large, the terminal nodes are easily captured, the denial of attack and the replay of information are easy to be captured, and the scalability of the user's number, the accessibility of the access and the resistance to the users are also discussed. Capture attack, study access control mode and user access ability revocation mode, the related mechanism improves the relevant security ability and has a more rich application scene in the case of constant overhead. The second part mainly focuses on the security problem of the fusion of sensor networks and the Internet. The main security of their fusion is analyzed. On the basis of analyzing the mainstream dynamic user authentication protocol, a new dynamic user authentication protocol is designed and improved. The improved protocol enhances the replay of the defense camouflage gateway while maintaining the lightweight and high efficiency of the protocol. Attack, the ability to reject the service attack, and the update of the password is more convenient. The third part of the study mainly focuses on the problems arising from the fusion of mobile communication network and WLAN. In view of this problem, 3G is selected as the representative technology of mobile communication. The existing fusion scheme: the third generation partnership plan (3GPP) organization for mobile communication and W The interconnection scheme proposed by LAN network and the three interconnection structures and the extensible authentication and secret key negotiation protocol (EAP-AKA) are analyzed. In view of the problems existing in the EAP-AKA protocol, the interconnection structure model of the autonomous intellectual property WAPI- mobile communication network is introduced, and the authentication protocol EAP-WAPI. is designed on the basis of its unification. The analysis and simulation results show that, compared to the original WAPI authentication protocol WAPI-XG1, the EAP-WAPI protocol improves the authentication interaction process and improves the execution efficiency. The fourth part of the study mainly focuses on the security problems faced by the increasingly network, intelligence and fusion of traditional household appliances. Analysis, select the less research and more representative products in the family, smart TV. The security threat and security system architecture of smart TV are pointed out. The architecture and process of a set of identity authentication management system are designed. Some contents of smart TV security and threat analysis are absorbed into our country's intelligence. In the TV industry standard, the design of the security system also provides effective material for the development of standard. Meanwhile, it also makes useful exploration and try on the transformation of the research content into the standard.
【学位授予单位】：西安电子科技大学
【学位级别】：博士
【学位授予年份】：2015
【分类号】：TP212;TP393.08

【相似文献】