TVOS智能终端机顶盒安全方案的设计与实现
发布时间:2019-04-16 18:19
【摘要】:随着三网融合大势的到来,终端智能化趋势已明朗,而基于智能操作系统的智能终端产品更成为未来发展的趋势。陕西广电网络结合了全省数字电视网络发展状况与日益增长的用户个性化需求,研发出了基于国家广电总局TVOS智能操作系统的智能终端机顶盒,并且已通过总局的标准性测试。然而在终端智能、网络互联、业务多元、信息共享的开放环境下,安全挑战日益严峻,在充分认识到安全挑战的强度与广度,深入分析其它智能操作系统面临的系统侵入、信息盗取等安全问题后,TVOS智能终端的安全问题被提上了日程,TVOS智能终端的安全是保障终端可靠运行、业务有序开展、用户安心使用的根基。本文在深入分析研究了TVOS硬件结构和软件架构及其主要业务功能的实现机制后,主要针对系统刷机、违规应用、系统侵入等重点安全问题,提出了适用于TVOS智能终端机顶盒的安全方案并详细论述了方案的设计实现方法。该安全方案主要分为如下两个方面:1.终端安全体系的设计与实现部分主要讨论了终端在运行过程中所涉及的各个层级的安全实现方案:将底层OTP安全芯片作为终端安全体系的基础,并采用了密码学与软件工程学等多种安全技术手段,向上联通TVOS操作系统内核层、组件层、执行环境层、应用框架层,与TVOS各功能层级有机协同,形成了相互支撑、协同联动的层次化安全防护机制,具备了硬件安全、软件安全、网络安全、数据安全、应用安全等全方位的安全防护能力。2.前端安全平台的设计与实现部分主要讨论了数据在传递过程中安全信任链的传递过程,并针对数据的安全传递所涉及的密钥的安全生成、安全管理和安全流转提出了TVOS前端安全平台实现方案,包括密钥/证书的的管理实现、签名管理实现与应用管理的实现:前端安全平台通过采用B/S架构的WEB页面管理并生成密钥及数字证书,完成相应OTP芯片、TVOS操作系统镜像、BootLoader、TVOS应用的安全签名与签名前后文件的传输,并可完成TVOS终端应用认证管理、应用黑白名单管理及每个TVOS应用的权限管理。本文所设计的TVOS智能终端安全方案,涵盖了TVOS智能终端机顶盒运营过程中所面临的所有安全问题。该方案首先保证了可信的TVOS执行环境,其次为TVOS所搭载的各应用程序提供了可信的安全环境,最后保证了可信的软件在终端设备的可靠使用。TVOS智能终端机顶盒安全方案,不仅可充分满足广播电视安全管控的需求,也保障了三网融合业务安全开展。
[Abstract]:With the coming of the integration of three networks, the trend of terminal intelligence has become clear, and the intelligent terminal product based on intelligent operating system has become the trend of future development. According to the development of digital TV network and the increasing demand of user personalization, Shaanxi Radio and Television Network has developed an intelligent terminal set-top box based on TVOS intelligent operating system of State Administration of Radio, Film and Television, and has passed the standard test of the General Administration of Radio, Film and Television (SARFT). However, in the open environment of terminal intelligence, network interconnection, multi-business and information sharing, the security challenge is becoming more and more serious. Aware of the strength and breadth of the security challenge, we deeply analyze the system intrusion faced by other intelligent operating systems. After the security problems such as information theft and so on, the security problem of TVOS intelligent terminal has been put on the agenda. The security of TVOS intelligent terminal is the foundation to ensure the reliable operation of the terminal, the orderly development of business, and the user's peace of mind to use it. After deeply analyzing and studying the hardware structure and software architecture of TVOS and the realization mechanism of its main business functions, this paper mainly aims at the key security problems such as system brushing machine, illegal application, system intrusion and so on. This paper presents a security scheme for TVOS intelligent terminal set-top box and discusses the design and implementation of the scheme in detail. The security scheme is divided into two main areas: 1. In the part of the design and implementation of terminal security architecture, we mainly discuss the security implementation scheme of every level involved in the operation of the terminal: taking the bottom OTP security chip as the base of the terminal security system, Several security techniques, such as cryptography and software engineering, are adopted to connect the inner core layer, component layer, execution environment layer, application framework layer of TVOS operating system upward, and organically cooperate with each other to support each other at each function level of TVOS. The hierarchical security protection mechanism of collaborative linkage has the comprehensive security protection capability of hardware security, software security, network security, data security, application security and so on. The design and implementation of the front-end security platform mainly discusses the transfer process of the secure trust chain in the process of data transmission, and aims at the secure generation of the key involved in the secure transmission of the data. Security management and security flow proposed TVOS front-end security platform implementation scheme, including key / certificate management implementation, The implementation of signature management and application management: the front-end security platform completes the corresponding OTP chip, TVOS operating system mirror, BootLoader, by using the WEB page management and generating the key and digital certificate. The secure signature of the TVOS application and the transfer of the files before and after the signature, and can complete the authentication management of the TVOS terminal application, the management of the black-and-white list and the authority management of each TVOS application. The security scheme of TVOS intelligent terminal designed in this paper covers all the security problems in the operation of TVOS intelligent terminal set-top box. First, this scheme guarantees a trusted TVOS execution environment, secondly, it provides a trusted security environment for the applications on TVOS. Finally, it ensures the reliable use of trusted software in the end devices. TVOS intelligent terminal set-top box security scheme, Not only can fully meet the needs of radio and television security control, but also to ensure the security of triple play business.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2015
【分类号】:TN949.197
本文编号:2458991
[Abstract]:With the coming of the integration of three networks, the trend of terminal intelligence has become clear, and the intelligent terminal product based on intelligent operating system has become the trend of future development. According to the development of digital TV network and the increasing demand of user personalization, Shaanxi Radio and Television Network has developed an intelligent terminal set-top box based on TVOS intelligent operating system of State Administration of Radio, Film and Television, and has passed the standard test of the General Administration of Radio, Film and Television (SARFT). However, in the open environment of terminal intelligence, network interconnection, multi-business and information sharing, the security challenge is becoming more and more serious. Aware of the strength and breadth of the security challenge, we deeply analyze the system intrusion faced by other intelligent operating systems. After the security problems such as information theft and so on, the security problem of TVOS intelligent terminal has been put on the agenda. The security of TVOS intelligent terminal is the foundation to ensure the reliable operation of the terminal, the orderly development of business, and the user's peace of mind to use it. After deeply analyzing and studying the hardware structure and software architecture of TVOS and the realization mechanism of its main business functions, this paper mainly aims at the key security problems such as system brushing machine, illegal application, system intrusion and so on. This paper presents a security scheme for TVOS intelligent terminal set-top box and discusses the design and implementation of the scheme in detail. The security scheme is divided into two main areas: 1. In the part of the design and implementation of terminal security architecture, we mainly discuss the security implementation scheme of every level involved in the operation of the terminal: taking the bottom OTP security chip as the base of the terminal security system, Several security techniques, such as cryptography and software engineering, are adopted to connect the inner core layer, component layer, execution environment layer, application framework layer of TVOS operating system upward, and organically cooperate with each other to support each other at each function level of TVOS. The hierarchical security protection mechanism of collaborative linkage has the comprehensive security protection capability of hardware security, software security, network security, data security, application security and so on. The design and implementation of the front-end security platform mainly discusses the transfer process of the secure trust chain in the process of data transmission, and aims at the secure generation of the key involved in the secure transmission of the data. Security management and security flow proposed TVOS front-end security platform implementation scheme, including key / certificate management implementation, The implementation of signature management and application management: the front-end security platform completes the corresponding OTP chip, TVOS operating system mirror, BootLoader, by using the WEB page management and generating the key and digital certificate. The secure signature of the TVOS application and the transfer of the files before and after the signature, and can complete the authentication management of the TVOS terminal application, the management of the black-and-white list and the authority management of each TVOS application. The security scheme of TVOS intelligent terminal designed in this paper covers all the security problems in the operation of TVOS intelligent terminal set-top box. First, this scheme guarantees a trusted TVOS execution environment, secondly, it provides a trusted security environment for the applications on TVOS. Finally, it ensures the reliable use of trusted software in the end devices. TVOS intelligent terminal set-top box security scheme, Not only can fully meet the needs of radio and television security control, but also to ensure the security of triple play business.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2015
【分类号】:TN949.197
【参考文献】
相关期刊论文 前10条
1 孙庭;姚辉军;庄] ;;基于广电网络的智能终端安全解决方案[J];电视技术;2014年06期
2 胡颖;;公开密钥加密体系和数字签名技术的研究[J];计算机光盘软件与应用;2013年11期
3 刘璞;于璐;徐志德;;智能终端操作系统比较分析与应用研究[J];移动通信;2013年05期
4 姚一楠;于璐;何桂立;;Android平台的安全挑战及应对措施[J];现代电信科技;2012年09期
5 雷灵光;张中文;王跃武;王雷;;Android系统代码签名验证机制的实现及安全性分析[J];信息网络安全;2012年08期
6 张中文;雷灵光;王跃武;;Android Permission机制的实现与安全分析[J];信息网络安全;2012年08期
7 陈佳闻;;Linux进程调度策略的分析[J];山东农业大学学报(自然科学版);2012年02期
8 符易阳;周丹平;;Android安全机制分析[J];信息网络安全;2011年09期
9 周艺琼;梁声灼;;基于加密和信息隐藏技术的数据安全传输[J];微计算机信息;2009年24期
10 刘克胜;王忠寿;;API Hook关键技术解析[J];网络安全技术与应用;2006年11期
,本文编号:2458991
本文链接:https://www.wllwen.com/kejilunwen/wltx/2458991.html
