【作者】 郭斌；

【导师】 史燕；

【作者基本信息】 西南交通大学 ， 密码学， 2003， 硕士

【摘要】 21世纪初，世界主流计算机技术已进入了后PC时代。后PC时代，即非PC信息设备大显神通的时代。嵌入式系统正是非PC信息设备的主体，并伴随着互联网技术在世界范围的扩展和中国通信事业的高速发展，嵌入式产品尤其是嵌入式网络产品必将具有更为广泛的应用、研发和市场前景。嵌入式网络产品要求非PC接入Internet，即嵌入式微型互联网。利用嵌入式微型互联网技术可实现基于Internet的远程数据采集、远程监控、远程维护、自动发送e-mail、上传／下载文件、工业自动化等，因而Internet也延伸到了嵌入式设备中。嵌入式设备在Internet上的信息交互必将使其在开放的Internet中存在着一些安全隐患。所以开发具有安全服务的嵌入式网络产品是大势所趋，反过来，安全服务也促使嵌入式网络产品具有更为广泛的应用。 在这样的背景下，本文结合了实时嵌入式网络系统的关键技术和网络安全协议IPSec，设计并实现了在IP层提供安全服务的嵌入式网络产品，并对如何提供系统性能以及系统的实时性和安全协议IPSec的完全实施进行了研究和探讨。其目的是掌握快速设计并实现具有高性价比且扩展性极强的较为通用的实时嵌入式网络系统。在此基础上通过对嵌入式设备接入Internet时所带来的安全威胁的分析，针对嵌入式系统的特点，选择并实施了网络安全协议IPSec，使本文所设计的提供安全服务的嵌入式网络产品将具有更为广泛的应用。 本文首先探讨了嵌入式网络的原理和设计要求，接着介绍了本文所开发的嵌入式系统的硬件平台的设计(包括处理器的选择与配置、存储器的选择和IO设备的选用等)，系统的启动(包括BIOS和DOS的启动以及嵌入式操作系统VRTX的配置和引导)，网络及其安全服务的实现(包括嵌入式协议栈USNET的选取、底层驱动程序的设计和安全协议IPSec的分析与实施)。最后作者论述了自己对系统为实施安全协议所做的调整与优化；同时笔者也对进一步提高系统的可靠性和实时性提出了自己的建议，并在操作系统与协议栈的无缝连接方面进行了初步探讨。 本文所研制的实时嵌入式网络产品已被一些公司、高校和科研院所采用。从目前的使用情况来看，该产品基本达到了预期的效果。更多还原

【Abstract】 At the beginning of the 21st century, as the mainstream of current computer technologies, post-PC is becoming more and more important. Therefore, significant research activities have been seen in the embedded system development, especially embedded networks development, which is the main part of post-PC. Embedded networks require access to the Internet to form embedded micro-internet, so that many services such as remote data collection, remote monitoring, remote maintenance, e-mailing, file transfer and industrial automation can be available on embedded micro-internet. Because of convenient information exchanges and Internet’s extending into embedded systems, information security thus also becomes one of the most important concerns in the embedded systems development.To meet this requirement, a secure embedded networks system has been implemented based on IPSec protocol and current key technologies of real-time embedded networks. And some researches on improvements of embedded system’s performance and reliability have been carried out. Finally some probably useful suggestions have also been proposed. The article is composed of 4 parts.Part 1 ( chapter 2 ) introduces the principle of real-time embedded system and embedded-networking system, including their characteristics and requirements. The status in quo and the development trend of real-time embedded-networking system is also introduced.Part 2 ( chapter 3 and 4 ) analyzes and designs the embedded-networking system based on Intel 386EX, VRTX RTOS and USNET. It includes chip selection, schematic circuit design, CPU selection and configuration, startup of the system, selection and configuration of embedded operation system, selection and configuration of TCP/IP software. It also describes some driver programming techniques of network controller.Part 3 ( chapter 5 and 6 ) briefly introduces encryption technology and the IPSec protocol system, including architecture, mode, security association, security policy, implementation mode, processing of in/out packet, ESP(encapsulation security payload), AH(authentication header), IKE(internet key exchange) etc. The security requirements of embedded-networking is also analyzed.Part 4 ( chapter 7 ) is about the study of highly efficient implementation of IPSec. Firstly, it narrates processing of in/out packet, constructing SPD(security policy database) and SADB(security association database), studying IKE, realizing the module of encryption algorithm by modifying USNET. Secondly, it introduces some ways to improve the capability of the whole system that has implemented IPSec. Finally, it brings forward a new plan on the capability improvement of the whole system.更多还原