嵌入式系统安全引导机制的设计与硬件实现

发布时间：2018-01-16 15:33

本文关键词：嵌入式系统安全引导机制的设计与硬件实现　出处：《华中科技大学》2012年硕士论文　论文类型：学位论文

【摘要】：随着社会信息化的发展，嵌入式系统逐渐渗透到人类日常生活的各个方面。目前的各种嵌入式产品都比较注重功能的实现，忽视安全防御机制方面的考虑；与此同时，安全计算和电子商务等应用的飞速发展又对嵌入式系统安全提出了更高的要求。因此，伴随着网络技术和嵌入式技术的不断发展和推广，嵌入式系统的各种安全问题逐渐显露出来，并有愈演愈烈之势。可以预见，在不久的将来，，安全防御机制将会在嵌入式系统中得到大规模的应用。由于安全的引导过程是系统可信的基础，所以保证引导过程的安全是设计安全防御机制最重要的工作之一。本论文首先深入分析了嵌入式系统面临的安全威胁以及安全引导理论，并根据前人安全引导方案的优缺点，结合嵌入式系统的特点，提出了一种新的安全引导机制。该机制在采用SHA-1算法进行分层完整性校验的基础上，新增了身份认证，并行访问，可配置存储区管理等技术，使得系统获得更短的引导时间和更全面的安全性。本论文详细分析了各项新增技术的作用、原理以及资源代价，然后重点介绍该机制可能面临的三种攻击模型（引导劫持攻击、时差窃取攻击、系统恢复攻击）与应对方法。本论文采用全折叠结构来实现安全引导机制的关键硬件模块——安全引导模块(secure boot module,SBM），功能仿真和硬件平台验证结果表明，该安全引导模块的功能正确，安全引导机制满足设计要求；最后采用华宏0.35微米CMOS标准单元库完成综合，分析结果表明，整个设计的规模约为27K等效门，最大工作频率约为285MHZ。
[Abstract]:With the development of social information, embedded system has gradually penetrated into every aspect of human daily life. At present, all kinds of embedded products pay more attention to the realization of function and ignore the consideration of security defense mechanism. At the same time, the rapid development of security computing and e-commerce applications has put forward higher requirements for the security of embedded systems. Therefore, with the continuous development and promotion of network technology and embedded technology. All kinds of security problems of embedded system are gradually revealed and become more and more serious. It can be predicted that in the near future. Security defense mechanism will be applied in embedded system on a large scale, because the process of security boot is the basis of system credibility. Therefore, it is one of the most important tasks to design the security defense mechanism to ensure the safety of the guiding process. Firstly, this paper deeply analyzes the security threat and the security guidance theory faced by embedded system, and combines the characteristics of embedded system according to the advantages and disadvantages of previous security boot scheme. In this paper, a new security boot mechanism is proposed. Based on the hierarchical integrity verification using SHA-1 algorithm, new technologies such as identity authentication, parallel access, configurable storage management and so on are added in this mechanism. So that the system can obtain shorter boot time and more comprehensive security. This paper analyzes the role, principle and resource cost of each new technology in detail. Then three possible attack models (lead hijack attack, jet lag attack, system recovery attack) and response methods are introduced. In this thesis, the key hardware module of the security boot mechanism, secure boot module, is implemented with a fully folded structure. The results of functional simulation and hardware platform verification show that the function of the security boot module is correct and the security boot mechanism meets the design requirements. Finally, Huahong 0.35 渭 m CMOS standard cell library is used to complete the synthesis. The analysis results show that the design scale is about 27K equivalent gate, and the maximum working frequency is about 285 MHZ.
【学位授予单位】：华中科技大学
【学位级别】：硕士
【学位授予年份】：2012
【分类号】：TP368.1

【参考文献】