安全USB设备控制器设计与实现

发布时间：2018-02-24 02:12

本文关键词： 安全USB设备控制器 USBIP核认证密钥协商协议串空间　出处：《解放军信息工程大学》2013年硕士论文　论文类型：学位论文

【摘要】：随着信息化社会的进一步深入，USB移动存储设备以其诸多优点，在各种数据存储和信息交换场合得到了广泛应用。然而，由于其安全机制的缺失，带来了层出不穷的数据安全问题。现有安全USB移动存储解决方案不是安全机制不够完善，就是安全功能缺乏硬件支持，本文从USB设备的底层硬件出发，对USB设备的数据安全问题进行了探索。针对USB设备的安全威胁，本文总结了USB设备的安全需求，结合各类安全机制的实现特点，将USB系统的安全功能在各层次进行合理分配，基于此，建立了USB设备控制器安全模型，明确了USB设备控制器应实现的安全功能及其为上层提供的安全服务类型，同时，设计了安全USB设备控制器总体架构，为安全方案的设计及原型系统的实现提供理论依据。依据安全USB设备控制器总体架构，遵循USB2.0协议规范，本文对安全USB设备控制器的基础通信模块和安全模块进行了设计实现，为安全方案的实现提供硬件支持。针对现有USB认证方案存在的安全缺陷，本文首先设计了适用于USB通信的认证密钥协商协议，并用串空间模型的方法对协议的认证性和机密性进行了证明，然后，对协议进行了分析。分析结果表明，本协议不仅能对用户、主机和设备进行认证，用协商出的密钥保证USB总线数据的安全传输，而且能够抵抗旁路攻击、假冒攻击、重放攻击和总线监听等攻击，，具有较高的安全性和较小的运算开销。基于以上工作，本文实现了原型系统，并对安全USB设备控制器的各部分功能进行了测试。测试结果表明：本文所设计的安全USB设备控制器工作正常，达到了预期的设计目标。本文设计了一款安全USB设备控制器，能为上层提供透明的、高强度的安全服务，对于提高USB设备的安全水平、推动USB技术在高安全领域的应用具有重要意义。
[Abstract]:With the further development of the information society, USB mobile storage equipment for its many advantages, has been widely used in various occasions of data storage and exchange of information. However, due to the lack of security mechanism, bring the problem of data security. The existing security emerge in an endless stream of USB mobile storage solutions is not a security mechanism is not perfect, is the lack of hardware security features this paper from the underlying hardware support, USB equipment, the data security problem of the USB device is studied.
According to the security threats of USB equipment, this paper summarizes the security requirements of USB equipment, combined with the characteristics of all kinds of security mechanism, the security function of USB system at all levels of reasonable allocation, based on this, a USB device controller, security model, security service type, clear security function of USB equipment control can be achieved and for the upper offers at the same time, design the overall architecture for secure USB device controller, and provide a theoretical basis for the design and implementation of security scheme and prototype system.
According to the overall architecture of the security USB device controller and following the USB2.0 protocol specification, this paper designs and implements the basic communication module and the security module of the USB device controller, providing hardware support for the realization of the security plan.
Aiming at the defects of the existing USB security authentication scheme, this paper design the authenticated key agreement protocol for USB communication, and authentication and confidentiality of the agreement by the method of strand space model are proved. Then, the protocol is analyzed. Analysis results show that this protocol can not only to the user, host and equipment certification, with the negotiation of a key to ensure the safety of data transmission of USB bus, but also can resist the attacks, impersonation attacks, replay attacks and bus snooping attacks, has high safety and less computation overhead.
Based on the above work, this paper implements a prototype system, and the security of USB device controller, the function of each part is tested. The test results show that the safety of USB device controller is designed in this paper, the design achieves the desired goals. This paper introduces the design of a secure USB device controller, can provide transparent security for the upper layer. The service of the high strength, to improve the safety level of USB equipment, has important significance to promote the application of USB technology in high security areas.

【学位授予单位】：解放军信息工程大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP333

【参考文献】