基于ZigBee智能家居安防系统的信息安全研究

发布时间：2018-06-18 10:51

本文选题：智能家居 + 安防系统　；参考：《杭州电子科技大学》2014年硕士论文

【摘要】：对于智能家居安防系统，最重要的就是如何保证所接收的数据包确实是对方发送的，一旦数据包被非法篡改或冒充将造成不可估量的后果。虽然目前PKI技术成熟，已经广泛应用于各个安全领域，然而随着网络容量的急剧膨胀，特别是IPv6海量网络时代的到临，基于在线密钥库的分布式密码密钥管理方法在存储能力、查找速度等上已经难以满足需要。为了更好地迎接海量网络新时代，，寻找一种新的安全体系势在必行。本文在组合公钥体制上，结合智能家居安防网路系统的应用特点，建立了一种新的应用于ZigBee智能家居系统的数据安全体系，给出了一种可行的本地认证方案。文章首先回顾了智能家居安防系统及信息安全技术的发展，分析了研究现状，举例说明现阶段的主要解决方案，并指出其优点和不足。在此基础上介绍了基于ZigBee技术的智能家居安防系统的优势，以及组合公钥体制在信息安全上的益处，并提出了一种适合家居安防系统的安全方案。此后对群、域、椭圆曲线等基础知识及运算作了介绍。文中采用了基于ECDLP安全算法，并通过FPGA得以实现；根据约减多项式项式少的特点，采用了滑动窗口的方法，此方法可以在很少硬件消耗情况下在一个时钟周期内完成模运算；在乘法运算设计上，采用混合结构，兼顾了时间和空间资源；在逆运算中，采用循环迭代方法，减少了耗时大的乘法运算次数，加速了逆运算速度；在点乘运算中，引入LD坐标系并采用了Montgomery方法，有效地避免了仿射坐标系需要大量逆运算的情况，不但更加地节约存储空间和计算时间，而且提高了抵抗能量、时间分析的攻击。在上述基础上，给出了一个可行的基于ECDSA的认证方案。本方案通过对种子矩阵进行优化，有效地避免密钥碰撞实现了不依靠第三方数据库的本地认证，以芯片级别的存储能力来支持海量节点的安全工作，大大地降低了对存储容量、通信带宽等要求，很适合智能家居安防系统的安全需要。最后，在以上研究成果基础上，本系统搭建了一个安全认证的ZigBee网络，初步实现了对网络通信消息的签名认证功能。通过分别模拟几个场景，来对方案的工作能力、抗重发、抗篡改几方面进行了实验验证。实验结果表明，本设计可以满足当前应用系统的要求。
[Abstract]:For the smart home security system, the most important thing is how to ensure that the received data packet is really sent by the other side, once the packet is illegally tampered with or impersonated will cause incalculable consequences. Although PKI technology is mature, it has been widely used in various security fields. However, with the rapid expansion of network capacity, especially the approaching of IPv6 mass network era, the distributed cryptographic key management method based on online KeyStore is in the storage capacity. Search speed and so on has been difficult to meet the needs. In order to better meet the new era of mass network, it is imperative to find a new security system. In this paper, a new data security system applied to ZigBee smart home system is established, and a feasible local authentication scheme is presented, based on the combination public key system and the application characteristics of smart home security network system. This paper first reviews the development of smart home security system and information security technology, analyzes the present research situation, illustrates the main solutions at this stage, and points out its advantages and disadvantages. On this basis, the advantages of intelligent home security system based on ZigBee technology and the advantages of combined public key system in information security are introduced, and a security scheme suitable for home security system is proposed. Then the basic knowledge and operation of group, domain and elliptic curve are introduced. The security algorithm based on ECDLP is adopted in this paper, which is implemented by FPGA, and the sliding window method is adopted according to the characteristics of reduced polynomial, which can complete the modular operation in a clock cycle with little hardware consumption. In the design of multiplication operation, a hybrid structure is adopted, which takes into account both time and space resources. In inverse operation, cyclic iteration method is used to reduce the number of times of multiplication and accelerate the speed of inverse operation. The LD coordinate system and the Montgomery method are introduced, which can effectively avoid the need of a large number of inverse operations in the affine coordinate system, which not only saves the storage space and computation time, but also increases the attack of energy and time analysis. Based on the above, a feasible authentication scheme based on ECDSA is presented. By optimizing the seed matrix, the scheme effectively avoids the key collision and realizes the local authentication without relying on the third party database. The security work of the massive nodes is supported by the storage capability at the chip level, and the storage capacity is greatly reduced. Communication bandwidth and other requirements, very suitable for smart home security system security needs. Finally, based on the above research results, a secure authentication ZigBee network is built, and the signature authentication function of the network communication message is preliminarily realized. Several scenarios were simulated to verify the performance, anti-retransmission and anti-tampering of the scheme. Experimental results show that the design can meet the requirements of the current application system.
【学位授予单位】：杭州电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TU855;TN92

【参考文献】