(3.234.221.67) 您好!臺灣時間:2021/04/11 15:22
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:邱振玠
研究生(外文):Chen-Chieh Chiu
論文名稱:基於OP-TEE的可信應用程式軟體生態系統
論文名稱(外文):TAMS:An Trusted Application Ecosystem base on OP-TEE
指導教授:張貴雲張貴雲引用關係
指導教授(外文):Guey-Yun Chang
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程學系在職專班
學門:工程學門
學類:電資工程學類
論文出版年:2020
畢業學年度:108
語文別:中文
論文頁數:58
中文關鍵詞:OP-TEEIoT
外文關鍵詞:OP-TEEIoT
相關次數:
  • 被引用被引用:0
  • 點閱點閱:59
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
半導體技術的進步,嵌入式平台的計算能力愈來愈強大,加上5G
超高速、低延時通訊技術,使得物聯網應用正快速發展,物聯網安全
也越趨重要。為了提昇物聯網安全性,各大處理器廠商都在自家處理
器加上可信執行環境(Trust Execution Environment) 技術,讓有隱私或
安全議題的應用程式在可信執行環境中執行以保護其安全性,而且置
放於可信執行環境中執行的應用程式亦必須是可信的應用程式(Trusted
Application)。當設備製造商開始使用可信執行環境在來作為開發平台
時,如何建構出一個同時兼顧安全性與開放性的平台軟體生態圈讓第
三方進來開發可信應用程式,是必然會面臨到的問題與挑戰。本論文
中完善OPTEE
中所欠缺的針對第三方所開發的可信應用程式的來源
驗證機制,同時提供了一個具體而微的實作範例。
The Internet of Things (IoT) is rapidly evolving in recent years. IoT devices
will be able to generate large amounts of securityand
privacysensitive
data. In order to enhance the security of the Internet of Things, processor
manufacturers have added Trusted Execution Environment (TEE) to their processors
to enhance the security of the Internet of Things. Building the TEE
software ecosystem is the important thing for device manufacturers, software
vendor, cloud service provider and customers. To building TEE software
ecosystem will be facing a problem which most secure operating system in
TEE like OPTEE,
by default all Trusted Applications (TA) are signed with
the single RSA key (private key). Device manufacturers need to provide the
same private key to many software vendors for TA signing. However, ask all
software vendors to protect the same private key safely is difficultly. In this
paper, we implement third parties the trusted application verify mechanism
of OPTEE.
It solves problem of the OPTEE
only support a single key and
reduce loading of private key management in device manufacturers .
Contents
中文摘要i
Abstract ii
Contents iii
List of Figures vi
List of Tables viii
1 緒論1
2 文獻探討4
2.1 可信執行環境與TrustZone . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 物聯網裝置的可信執行環境軟體生態系統. . . . . . . . . . . . . . . 6
2.2.1 豐富執行環境的軟體、韌體更新機制. . . . . . . . . . . . . . 6
2.2.2 豐富執行環境的軟體、韌體更新機制. . . . . . . . . . . . . . 7
2.2.3 裝置管理. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 背景知識10
3.1 安全威脅. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1.1 豐富執行環境面對的威脅. . . . . . . . . . . . . . . . . . . . 10
3.1.2 可信執行環境面對的威脅. . . . . . . . . . . . . . . . . . . . 11
3.2 物聯網軟體開發生態系之軟體佈署與更新. . . . . . . . . . . . . . . 11
4 方法13
4.1 主要想法. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.2 修改OPTEE
環境之可信應用程式載入機制. . . . . . . . . . . . . . 15
4.3 OPTEE
環境之可信應用程式檔案格式. . . . . . . . . . . . . . . . . 16
5 OPTEE
核心程式修改實作18
5.1 將中介憑證放在OPTEE
的程式碼. . . . . . . . . . . . . . . . . . . . 18
5.2 OPTEE
中新增公開金鑰基礎建設之程式碼. . . . . . . . . . . . . . . 19
5.3 修改OPTEE
載入可信應用程式機制之程式碼. . . . . . . . . . . . . 20
5.4 OPTEE
核心讀取可信應用程式檔案. . . . . . . . . . . . . . . . . . . 22
6 軟體推播更新實作23
7 效能分析與評估26
7.1 實驗場景. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7.2 實驗環境設置. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.3 實驗. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
8 結論33
Bibliography 34
A TAMS 38
A.1 伺服器端. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
A.2 裝置端. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
A.3 應用程式開發者端. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
B TAMS Client Manager 43
C 伺服器端44
C.1 TAMS Server Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
C.2 TAMS Server Push Manager . . . . . . . . . . . . . . . . . . . . . . . . 44
D 開發者端45
D.1 TAMS Publisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
[1] Arm trustzone technology. [Online]. Available: https://developer.arm.com/ipproducts/
securityip/
trustzone
[2] Aws iot device management. [Online]. Available: https://aws.amazon.com/tw/iotdevicemanagement/
[3] Azure iot 中心. [Online]. Available: https://azure.microsoft.com/zhtw/
services/iothub/
[4] Broadband forum. [Online]. Available: https://www.broadbandforum.
org/
[5] Certificate revocation lists. [Online]. Available: https://tools.ietf.org/html/rfc3280
[6] 什麼是惡意程式、病毒、間諜程式與cookie? [Online].
Available: https://www.websecurity.digicert.com/zh/hk/securitytopics/
whataremalwarevirusesspywareandcookiesandwhatdifferentiatesthem
[7] Global platform. [Online]. Available: https://globalplatform.org
[8] Heap overflow. [Online]. Available: https://resources.infosecinstitute.com/heapoverflowvulnerabilityandheapinternalsexplained/
[9] Libtomcrypt. [Online]. Available: https://www.libtom.net/LibTomCrypt/
[10] Mbedtls. [Online]. Available: https://tls.mbed.org
[11] mosquitto api. [Online]. Available: https://mosquitto.org/api/files/mosquittoh.
html
[12] Online certificate status protocol. [Online]. Available: https://tools.ietf.org/html/
rfc6960
34
[13] Optee.
[Online]. Available: https://www.optee.
org
[14] Opkg package manager. [Online]. Available: https://oldwiki.archive.openwrt.org/
doc/techref/opkg
[15] Software updates for internet of things. [Online]. Available: https://datatracker.ietf.
org/doc/draftietfsuitarchitecture/
[16] Stack overflow. [Online]. Available: https://www.gnu.org/software/guile/manual/
html_node/StackOverflow.
html
[17] Tee management framework: Open trust protocol (otrp) profile v1.0. [Online]. Available:
https://globalplatform.org/specslibrary/
teemanagementframeworkopentrustprotocol/
[18] Teep protocol. [Online]. Available: https://datatracker.ietf.org/doc/draftietfteepprotocol/
[19] Trusty tee. [Online]. Available: https://source.android.com/security/trusty
[20] (2007, apr) Simple object access protocol (soap) 1.2. [Online]. Available:
https://www.w3.org/TR/soap12/
[21] (2007, dec) Tr069
cpe wan management protocol v1.1. [Online]. Available:
https://www.broadbandforum.
org/download/TR069_
Amendment2.
pdf
[22] (2019, mar) Mqtt version 5.0. [Online]. Available: https://docs.oasisopen.
org/mqtt/
mqtt/v5.0/mqttv5.0.
html
[23] N. AYEB, E. RUTTEN, S. BOLLE, T. COUPAYE, and M. DOUET, “Towards
an autonomic and distributed device management for the internet of things,” 2019
IEEE 4th International Workshops on Foundations and Applications of Self* Systems
(FAS*W), 2019.
[24] D. Beattie. (2018, sep) What are subordinate cas and why would you want
your own? [Online]. Available: https://www.globalsign.com/en/blog/whatisanintermediateorsubordinatecertificateauthority
[25] R. Dhobi, S. Gajjar, D. Parmar, and T. Vaghela, “Secure firmware update over the air
using trustzone,” 2019 Innovations in Power and Advanced Computing Technologies
(iPACT),
vol. 1, pp. 1–4, 2019.
[26] A. K. Einav Zilberstein. (2017, jul) A detailed overview of the different
security methods one can use in an e.mmc storage device. [Online]. Available:
https://documents.westerndigital.com/content/dam/doclibrary/
en_us/assets/
public/westerndigital/
collateral/whitepaper/
whitepaperemmcsecurity.
pdf
[27] L. Encrypt. (2020, feb) Chain of trust. [Online]. Available: https://letsencrypt.org/
certificates/#rootcertificates
[28] I. Ijaz, “Design and implementation of pki (for multi domain environment),” International
Journal of Computer Theory and Engineering, pp. 505–509, 2012.
[29] S. Jansen and M. Cusumano, “Defining software ecosystems: A survey of software
platforms and business network governance,” Software Ecosystems: Analyzing and
Managing Business Networks in the Software Industry, vol. 879, 01 2013.
[30] I. JSON. [Online]. Available: https://www.json.org/jsonen.
html
[31] A. Kolehmainen, “Secure firmware updates for iot: A survey,” 2018 IEEE International
Conference on Internet of Things (iThings) and IEEE Green Computing
and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing
(CPSCom) and IEEE Smart Data (SmartData), pp. 112–117, 2018.
[32] O. Limited. (2009, may) Open mobile terminal platform (omtp) in the
advanced trusted environment: Omtp tr1 version 1.1 standard. [Online].
Available: https://www.gsma.com/newsroom/wpcontent/
uploads/2012/03/
omtpadvancedtrustedenvironmentomtptr1v11.pdf
[33] D. K. Nilsson, L. Sun, and T. Nakajima, “A framework for selfverification
of
firmware updates over the air in vehicle ecus,” 2008 IEEE Globecom Workshops,
2008.
[34] A. Rosiello. The basics of shellcoding. [Online]. Available: http:
//www.infosecwriters.com/text_resources/pdf/basics_of_shellcoding.pdf
[35] C. S. C. Services. (2019, feb) Cisco root ca 2048 certificate policy. [Online].
Available: https://www.cisco.com/security/pki/policies/CiscoRootCA2048CP.
pdf
[36] N. Tarate, “Using arm trustzone to implement downloadable cas framework and secure
media pipeline in iptv client devices,” 2018 IEEE International Symposium on
Broadband Multimedia Systems and Broadcasting (BMSB), pp. 1–11, 2018.
[37] C. Teng, J. Gong, Y. Wang, C. Chuang, and M. Chen, “Firmware over the air for
home cybersecurity in the internet of things,” 2017 19th AsiaPacific
Network Operations
and Management Symposium (APNOMS), pp. 123–128, 2017.
[38] P. Thakur, V. Bodade, A. Achary, M. Addagatla, N. Kumar, and Y. Pingle, “Universal
firmware upgrade overtheair
for iot devices with security,” 2019 6th International
Conference on Computing for Sustainable Global Development (INDIACom), pp.
27–30, 2019.
[39] Y. Yang, J. Moon, K. Jung, and J. Kim, “Downloadable trusted applications on tizen
™ tv: Trustware™extension: As a downloadable application framework,” 2018
IEEE International Conference on Consumer Electronics (ICCE), pp. 1–4, 2018.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文
 
無相關期刊
 
無相關點閱論文
 
系統版面圖檔 系統版面圖檔