【作者】 张媛媛；

【导师】 谷大武；

【作者基本信息】 上海交通大学 ， 计算机科学与技术， 2009， 博士

【摘要】 嵌入式系统是促进信息化与工业化融合的核心技术,是信息产业中发展最快、应用最广的技术。系统设计者和生产者开始越来越多地关注嵌入式系统的安全,尤其是无线嵌入式系统的安全问题。随着反向工程技术的发展,版图重构、总线微探测等手段越来越易于实施,获取底层硬件中传输或处理的数据变得更加容易。如何保护如总线传输过程中、易失性存储器工作过程中、以及其他硬件中的数据,是嵌入式系统乃至整个计算机系统安全中的根本问题。微处理器(MPU)芯片是嵌入式系统运行的核心,由于MPU芯片的集成度日益提高,制造和封装工艺不断改进,而且自身也往往增加了一些防探测和篡改的措施,从而使得对MPU成功实施反向工程的可能性微乎其微,因此,人们通常把MPU作为嵌入式系统的信任源。从微处理器系统结构出发,研究者设计并集成相应的安全方案,解决嵌入式底层硬件的安全问题,从而保证硬件系统的安全性。在嵌入式安全体系结构的基础上,现实中一些重要和敏感的嵌入式网络应用也要求提供必要的安全支撑。随着无线嵌入式设备的迅猛普及和普适计算概念的推进,无线网络安全已经成为迫切的系统设计需求。无线嵌入式系统的网络安全问题主要关注两个方面:一是网络成员之间的信任建立;二是安全协议本身运行的高效性和安全性。本文中我们选取无线传感器网络和低成本RFID系统作为无线嵌入式系统网络安全的研究对象。无线传感器网络的特点是大规模无线通信,研究重点在于网络节点之间的信任建立;RFID系统具有低成本及极低的计算能力,研究重点在于认证方案的轻量级和安全性。基于以上考虑,本文将嵌入式系统安全划分为两个层次进行研究,“系统结构安全”和“通信安全”。在“系统结构安全”层次上,我们从通用计算机系统结构和多处理器系统结构两个方面,分析了现有安全系统结构框架和存储器保护技术,归纳了系统安全方案设计需要解决的关键问题,取得了以下研究结果:第一,针对嵌入式微处理器系统结构的特点,设计了一个安全高效的存储器加密和完整性校验方案。该方案为MPU片内数据在片外运行和存储提供了安全保护,使片外存储器中的数据以不可理解的密文形式存储。同时,该方案采用了GCM工作模式,有效提高了数据加密和验证的速度。在同类方案对系统性能降低均高达25%以上的情况下,仿真实验显示我们的方案仅造成系统性能下降了20%或更低。第二,针对一类典型的嵌入式多处理器系统——片上多处理器CMP结构——中的安全系统结构,提出了高速计数缓存(counter Cache)一致性优化方案AOW。AOW方案是一个“写—无效”方式的监听协议,在总线监听的共享缓存一致性协议——MESI协议的基础上,为counter增加1bit标记,通过若干总线信息保持多个counter副本在若干处理器核心中的一致。该协议能有效提高此类系统中counter Cache访问命中率,减少因counter缺失而引发的存储器访问次数,从而加快数据进出微处理器时的加解密速度,并显著提高系统性能。仿真实验结果显示,多种多处理器安全方案在部署AOW协议之后,总体性能均能得到提升,最高可达8%。我们在“通信安全”层次上,重点研究了无线传感器网络的密钥建立协议和低成本RFID系统的双向认证协议,主要研究成果为:第一,针对无线传感器网络中常见的单向链路大量存在,却未被有效利用于密钥建立过程中的情况,我们提出了基于单向链路的无线传感器网络密钥建立协议。协议可应用于大规模分簇无线网络,也可适用于以随机密钥预分配协议为基本协议的中小型无线网络。实验结果表明,该协议能提高网络中可用节点比例,减少因单向链路覆盖而退出网络活动的节点数量。我们在典型传感器器件—XBOW的MICAz上实现了各类密码原语(包括SHA-1、AES和ECC),并对运行时间和能耗进行了分析和比较。第二,针对低成本RFID系统,我们从成本控制、计算能力和能耗等方面,比较了现有的若干轻量级安全协议,设计了一个仅采用伪随机函数(PRF)的“标签-阅读器”双向认证协议,通过三次信息交互达到双向认证。该协议具有抗重放攻击、抗中间人攻击、前向安全性等诸多安全性能。更多还原

【Abstract】 Being a reprentative technology in the fusion of computer science and industrial technology, embedded system security issues, especially wireless embedded system security are paid much more attention on by designers and producers.With the progress of reverse engineering techniques, remapping and microprobing become easier to implement, and eavesdropping of data in hardware layer is feasible. Therefore, how to protect system bus, volatile memory and other hardwares is a vital problem in embedded system. MPU is the core part of an embedded system. With the increase of the degree of integration, improvement of manufacture and packaging, anti-probing and tampering measures, the reverse engineering on MPU is quite impossible. Therefore, MPU is suitable place to reserve overall system secret, so designing and integrating a security scheme into the architecture is the best way to derive the security from MPU to whole system.Besides the security assurance by physical layer, embedded systems require robust and secure applications in upper layers. With the drive of commercial applications, popularization of wireless networks and the concept of ubiquitous computing expedite security towards integrity system design. Wireless embedded system networks focus on two issues: (1) establishing trust among network members, and (2) efficiency and security of protocol itself. Therefore, we select two representative scnarios; wireless sensor networks (WSNs) and low-cost RFID systems. We put a hot research topic on wireless sensor networks because they involve complex network communications and how to establish trust among network members are challenging. Low-cost RFID systems’s less power and computation ability also bring a tricky situation which implies that standard cryptographic premitives are impossible to be deployed, so the lightweight and efficiency of security resolution must be prerequisite.Therefore, we compartmentalize security issues on embedded systems into two layers, one is Architectural Security, and the other one is Communication Security. On the Architectural Security layer, we start our research on common computer architecture. After analyzing existing secure architecture framework and memory protection techniques, we obtain the following achievements:First, according to the feature of microprocessor architecture, we designed an efficient memory encryption and verification scheme. This scheme provides architecture support for data encryption outside MPU chip and data verification while accessing main memory. Meanwhile, it adopts GCM encryption mode, the speed of data encryption/decryption and verification is improved, which makes our scheme more efficient than others, and more suitable for embedded system microprocessor architecture. The simulation results reveal that our scheme slows down the system 20% and less, while other schemes cause more than 25% performance slow down.Second, considering the popularization of Chip Multi-Processor (CMP) architecture, we proposed counter Cache coherence optimiazation method AOW for CMP adopting secure architecture. AOW is a“write-invalid”snooping protocol as MESI. It provides 1bit onto MESI protocol to identify the status and keep the freshness of counters. The aim of AOW is to advance the hit rate of counter Cache, so that the times of memory access for missing counter will be obviously reduced. The results of system simulations reveal that AOW protocol promots the system performance at least 8% under SPEC2000 benchmarks.On the Communication Security layer, we choose two representative wireless networks, wireless sensor networks and RFID systems. We obtain the achievements as follows:First, focusing on large amount of unidirectional links in sensor networks, our researches include key establishment protocols which exploit these links in WSNs. We realize that unidirectional links are neglected by most security protocols so that nodes covered by only unidirectional links are no longer available in network activities. We propose IntraKey and InterKey Protcol exploiting unidirectional links in WSNs. These protocols promots the proportion of available nodes in network, and the simulation results prove that. Later on, we implement several cryptographic premitives including an asymmetric key algorithm ECC on XBOW MICAz, and measure the time and energy consuming.Second, for low-cost RFID system, our researches include analyzing the relation between circuit and cryptographic premitive complexity, and compare several lightweight authentication protocols. After the realization of the impossibility of standard cryptographic premitives, we propose a lightweight mutual authentication protocol for low-cost RFID systems adopting only Pesudo-Random Function (PRF), and authenticate each other through three message flows. It also provides forward security and the ability of anti-replay attack and man-in-the-middle attack.更多还原