基于嵌入式Linux网络安全文件秒传系统的设计
发布时间:2018-10-31 10:00
【摘要】:随着计算机时代和信息化时代的高速发展,网络技术凭借着信息实时性和传输高速性等优势与工业系统控制和智能化家电等技术的结合日趋紧密,网络时代为嵌入式系统的发展带来了全新的机遇和巨大的挑战。黑客可以通过破解用户密码或者使用木马攻击等方式在一个对传输的数据不做任何加密处理的网络文件传输系统中窃取用户的重要信息,这样的网络文件传输系统对数据的保密性极低,无法保障文件传输的安全性。对嵌入式环境下网络文件传输系统的安全性研究必须尽早提上日程,这不仅仅是国防安全的需要,也是商业、工业和个人信息安全的迫切需要。本课题在分析众多嵌入式操作系统的种类和架构的基础上,挑选出最适合系统开发的Linux操作系统。选择OK6410开发板作为硬件开发平台,设计了系统的软件架构、功能框架以及系统基本工作流程。使用交叉开发工具链arm-linux-gcc构建了系统的交叉开发环境。本论文从系统软件需求角度展开,重点研究了以下几部分内容:(1)Linux操作系统移植。配置了U-Boot并将U-Boot移植到OK6410开发板中。采用基于文本模式的菜单型配置方法编译了内核;将内核映像文件移植到开发板中;使用Busybox配置工具构建了根文件系统,并将最小根文件系统采用NFS方式挂载到系统内核中。(2)基于OpenSSL加密传输协议设计。分别基于TCP网络通信协议设计了客户端和服务器端的通信模型,实现了客户端和服务器端的文件互传。在客户端和服务器端通信模型的基础上,加入了基于OpenSSL的加密传输协议,保障系统文件传输的安全性。(3)线程池优化与MD5码设计。在服务器端设计了线程池优化技术,设置了五个线程处理客户端的连接请求,提高了系统的资源利用率。设计了账号密码验证功能,用户密码验证成功后才可以使用客户端的有效功能。加入MD5码的设计,通过重复下载server文件验证了系统文件的秒传功能。本课题对客户端和服务器端的功能测试结果表明,本系统的基本功能已经完善。线程池中5个线程的工作优化了系统的资源利用率,通过多次下载server文件验证了系统文件秒传功能的有效性。
[Abstract]:With the rapid development of the computer era and the information age, the combination of network technology with industrial system control and intelligent household appliances is becoming more and more close by virtue of the advantages of real-time and high-speed transmission of information. Network era brings new opportunities and great challenges to the development of embedded system. Hackers can steal important user information in a network file transfer system that does not do any encryption of the transmitted data by cracking the user's password or using Trojan horse attacks. This kind of network file transfer system can not guarantee the security of file transfer because of its low data confidentiality. The research on the security of network file transfer system in embedded environment must be put on the agenda as soon as possible, which is not only the need of national defense security, but also the urgent need of commercial, industrial and personal information security. On the basis of analyzing the kinds and architectures of many embedded operating systems, this paper selects the most suitable Linux operating system for system development. The OK6410 development board is selected as the hardware development platform, and the software architecture, functional framework and basic workflow of the system are designed. The cross-development environment is constructed by using cross-development tool chain (arm-linux-gcc). This thesis focuses on the following parts from the point of view of system software requirements: (1) porting Linux operating system. U-Boot is configured and U-Boot is ported to the OK6410 development board. The kernel is compiled by the menu configuration method based on text mode, and the kernel image file is transplanted to the development board. The root file system is constructed by using Busybox configuration tool, and the smallest root file system is mounted to the kernel of the system by NFS. (2) Design of encryption transfer protocol based on OpenSSL. The communication models of client and server are designed based on TCP network communication protocol, and the file transfer between client and server is realized. On the basis of the communication model between the client and the server, the encryption transfer protocol based on OpenSSL is added to ensure the security of file transfer in the system. (3) Thread pool optimization and MD5 code design. The thread pool optimization technology is designed on the server side, and five threads are set up to handle the connection request of the client, which improves the resource utilization of the system. The account password verification function is designed, and the effective function of the client can only be used after the user password verification is successful. Add the design of MD5 code, and verify the function of second transmission of system files by downloading server file repeatedly. The test results of client and server show that the basic function of the system has been improved. The work of five threads in the thread pool optimizes the resource utilization of the system, and the effectiveness of the second transmission function of the system file is verified by downloading the server files several times.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP316.81;TP393.0
本文编号:2301760
[Abstract]:With the rapid development of the computer era and the information age, the combination of network technology with industrial system control and intelligent household appliances is becoming more and more close by virtue of the advantages of real-time and high-speed transmission of information. Network era brings new opportunities and great challenges to the development of embedded system. Hackers can steal important user information in a network file transfer system that does not do any encryption of the transmitted data by cracking the user's password or using Trojan horse attacks. This kind of network file transfer system can not guarantee the security of file transfer because of its low data confidentiality. The research on the security of network file transfer system in embedded environment must be put on the agenda as soon as possible, which is not only the need of national defense security, but also the urgent need of commercial, industrial and personal information security. On the basis of analyzing the kinds and architectures of many embedded operating systems, this paper selects the most suitable Linux operating system for system development. The OK6410 development board is selected as the hardware development platform, and the software architecture, functional framework and basic workflow of the system are designed. The cross-development environment is constructed by using cross-development tool chain (arm-linux-gcc). This thesis focuses on the following parts from the point of view of system software requirements: (1) porting Linux operating system. U-Boot is configured and U-Boot is ported to the OK6410 development board. The kernel is compiled by the menu configuration method based on text mode, and the kernel image file is transplanted to the development board. The root file system is constructed by using Busybox configuration tool, and the smallest root file system is mounted to the kernel of the system by NFS. (2) Design of encryption transfer protocol based on OpenSSL. The communication models of client and server are designed based on TCP network communication protocol, and the file transfer between client and server is realized. On the basis of the communication model between the client and the server, the encryption transfer protocol based on OpenSSL is added to ensure the security of file transfer in the system. (3) Thread pool optimization and MD5 code design. The thread pool optimization technology is designed on the server side, and five threads are set up to handle the connection request of the client, which improves the resource utilization of the system. The account password verification function is designed, and the effective function of the client can only be used after the user password verification is successful. Add the design of MD5 code, and verify the function of second transmission of system files by downloading server file repeatedly. The test results of client and server show that the basic function of the system has been improved. The work of five threads in the thread pool optimizes the resource utilization of the system, and the effectiveness of the second transmission function of the system file is verified by downloading the server files several times.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP316.81;TP393.0
【参考文献】
相关期刊论文 前10条
1 彭玉峰;赵越;张淑丽;金龙;林思宏;;基于ARM11的嵌入式Linux NAND FLASH模拟U盘挂载分析与实现[J];现代电子技术;2012年16期
2 陈兰香;;一种基于同态Hash的数据持有性证明方法[J];电子与信息学报;2011年09期
3 孙维国;李浩然;;MD5算法在数据安全中的应用及安全性分析[J];微计算机应用;2010年10期
4 李宗海;陈蜀宇;李海伟;;嵌入式Linux系统在ARM平台上的构建[J];计算机系统应用;2010年10期
5 韦峰;卢再奇;刘伟;;YAFFS2在嵌入式系统中的实现[J];现代电子技术;2010年08期
6 唐浩波;方兵;侯克斌;周建斌;;基于ARM的安全文件传输系统设计[J];中国科技信息;2010年04期
7 袁磊;朱怡安;兰婧;;嵌入式系统BootLoader设计与实现[J];计算机测量与控制;2009年02期
8 刘松;钟子发;;基于对等模式的Socket网络通信[J];微处理机;2008年05期
9 庞启宁;;一种基于注册码的软件加密算法[J];通信与广播电视;2008年02期
10 胡维;张方樱;;构建嵌入式Linux的根文件系统的busybox方法[J];广州大学学报(自然科学版);2008年03期
相关硕士学位论文 前1条
1 杨超;Linux多协议多线程下载技术的研究与实现[D];大连海事大学;2011年
,本文编号:2301760
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2301760.html
