基于可信执行环境的智能密码钥匙设计与实现

发布时间：2018-06-25 05:11

本文选题：可信执行环境 + TrustZone　；参考：《西安电子科技大学》2014年硕士论文

【摘要】：随着移动网络技术和移动终端的发展,人们获取信息和处理事务的方式也渐渐由PC端转移到移动终端。近年来,平板电脑、智能手机等的迅速普及使得这些设备越来越多的接触到用户的敏感信息,而这些移动设备操作系统的开放性却无法保证设备的安全,网站账户被盗,银行卡内资金丢失的状况时有发生。可信执行环境TEE(Trusted Execution Environment)——采用硬件支持的隔离执行技术,由独立于智能移动终端操作系统的、隔离的、可扩展的执行环境来负责安全应用的执行。通过在智能终端操作系统中保留一部分进程,随时对操作进行监控,并为可信执行环境中安全程序的开发提供统一的接口,从硬件层次上保证移动终端运行的安全。在手机被ROOT的情况下,TEE环境也不会被破坏,保证了内部敏感数据的安全。本文主要利用TEE的相关技术,在智能移动终端上完成了一个具有数字签名功能的智能密码钥匙,通过结合我们平时使用智能密码钥匙进行签名交易的应用场景详细分析了基于TEE的智能密码钥匙在提高支付系统安全性方面所起的作用。本文首先介绍了支持TEE的ARM TrustZone硬件技术和Global Platform发布的TEE软件结构框架,并详细阐述了TEE中的几项关键技术及其实现函数;其次,利用TEE设计了一个智能密码钥匙,并对其中的智能密码钥匙API、维护工具及智能密码钥匙服务端三部分进行了设计与实现,通过将所有关于密码运算、关键数据存储及可信输入输出功能的实现放入TEE内,保证了数据处理过程的安全;再次,通过结合基于智能密码钥匙安全支付系统详细描述了基于TEE的智能密码钥匙在系统中的工作流程和作用。最后,利用Open Virtualization开源项目实现了基于TEE的智能密码钥匙,并对其进行了功能测试。结果表明该系统具有一定的现实意义。
[Abstract]:With the development of mobile network technology and mobile terminal, the way that people obtain information and deal with affairs is gradually transferred from PC to mobile terminal. In recent years, with the rapid popularity of tablets and smartphones, these devices are increasingly exposed to sensitive information from users. However, the openness of the operating system of these mobile devices cannot guarantee the security of devices, and website accounts are stolen. The loss of funds in the bank card occurs from time to time. Trust execution Environment (tee), a hardware-supported isolated execution technology, is implemented by an isolated, extensible execution environment independent of the intelligent mobile terminal operating system. By keeping a part of the process in the intelligent terminal operating system, monitoring the operation at any time, and providing a unified interface for the development of the security program in the trusted execution environment, the security of the mobile terminal can be guaranteed from the hardware level. Under the condition of cell phone being taken, tee environment will not be destroyed, which ensures the security of sensitive data. In this paper, we mainly use the technology of tee to complete an intelligent password key with the function of digital signature on the intelligent mobile terminal. This paper analyzes in detail the function of the intelligent password key based on tee in improving the security of payment system by combining the application scenario of our usual use of intelligent password key to sign and trade. This paper first introduces the arm TrustZone hardware technology supporting tee and the software framework of tee released by Global platform, and expounds in detail several key technologies and their implementation functions in tee. Secondly, an intelligent cryptographic key is designed by using tee. The intelligent password key API, the maintenance tool and the intelligent password key server are designed and implemented. All the key data storage, key data storage and trusted input and output functions are put into tee by the implementation of all the cryptographic operations, key data storage and trusted input and output functions. The security of the data processing process is ensured. Thirdly, the workflow and function of the intelligent cryptographic key in the system are described in detail by combining with the security payment system based on the intelligent cipher key. Finally, the intelligent password key based on tee is realized by Open Virtualization open source project, and its function is tested. The results show that the system has some practical significance.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN918.4

【相似文献】