跳到主要內容

臺灣博碩士論文加值系統

(44.211.26.178) 您好!臺灣時間:2024/06/24 22:44
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:陳怡婷
研究生(外文):CHEN, YI-TING
論文名稱:應用於OPC UA安全系統之SHA-256晶片設計
論文名稱(外文):Chip Design of SHA-256 for OPC UA secure system
指導教授:朱元三
指導教授(外文):CHU, YUAN-SUN
口試委員:侯廷昭陳世樂許明華朱元三
口試委員(外文):HOU, TING-CHAOCHEN, SHYH-LEHSHEU, MING-HWACHU, YUAN-SUN
口試日期:2021-08-03
學位類別:碩士
校院名稱:國立中正大學
系所名稱:電機工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2021
畢業學年度:109
語文別:中文
論文頁數:77
中文關鍵詞:工業物聯網物聯網OPC UA安全性HashSHA-256
外文關鍵詞:IIoTIoTOPC UASecurityHashSHA-256
相關次數:
  • 被引用被引用:1
  • 點閱點閱:479
  • 評分評分:
  • 下載下載:86
  • 收藏至我的研究室書目清單書目收藏:0
工業 4.0 顯著的特色為工廠流程自動化和跨平台的數據交換,從而發展出工業物聯網。OPC統一架構 (OPC Unified Architecture,OPC UA)[1]專為工業自動化而設計,是開源的通訊協定,讓不同平台的資料能透過OPC UA溝通,在機器內、機器間,及機器到系統均能實現。而隨著數據大量的傳遞,網路安全顯得格外重要,一個安全的通訊環境需要具備機密性(Confidentiality)、完整性(Integrity)、可用性(Availability)三樣特性。其中完整性(Integrity)則須依賴Hash演算法,目前常見的Hash演算法為SHA-256(224,384,512)。
本論文建置一個具有SHA-256演算法之OPC UA安全通訊環境,Client與Server傳遞訊息時確保訊息完整性,將收發訊息額外的做Hash處理,檢查傳送方與接收方的Hash值是否一致;使用者可以根據應用場景設定OPC UA安全等級,決定資料是否「簽名」與「加密」,滿足機密性;而OPC UA這個通訊協定為開源的協定,具有高度的可用性。
因末端設備大多使用微處理器控制,加解密演算法會耗掉相當大的CPU資源,適合將其移至硬體上運算,本論文另提出一個改良的4-stage pipeline SHA-256演算法架構,根據其演算法特性,能在資料進入運算前利用pipeline改善critical path,利用多工器選擇欲相加的元素,計算一次Hash需要68個cycles。在45nm下(TN40G)能操作於454.5MHz,整體演算法速度與無pipeline之基本架構相比,使用多8%的Gate count但可使計算速度提升78%,而此一硬體的計算時間也比軟體計算快765倍。
The characteristic of Industry 4.0 is the automation and cross-platform data exchange within the manufacturing plant. It thus promotes the development of the Industrial Internet of Thing(IIoT). OPC Unified Architecture (OPC UA) is designed for industrial automation. It’s an open communication protocol. Data from different platforms can communicate by OPC UA, allowing information exchange inside and between the machines. OPC UA is also a bridge of different protocols. Security is a very significant component of the network, the data can’t be exposed to or known by the third party. A secure communication environment has three elements: Confidentially, Integrity, and Availability. Integrity relies on the hash algorithm. The commonly used hash is SHA-256(224,384,512).
This work builds a SHA-256 OPC UA secure system, Client and Server hash the data before exchange, and the receiving end checks that its hash is the same as the signer’s. It can promise the Integrity. Users can decide whether to sign and/or encrypt data or not depending on the application. It reaches the goal of Confidentiality. OPC UA is an open source protocol thus meeting the target of Availability.
Because the end device of IIoT is usually controlled by micro-controllers and the encryption/decryption algorithm cost a lot of resource of CPU, it is better to execute them on dedicated hardware than by CPU. This work proposes an improved 4-stage pipeline SHA-256 architecture. It works on 454.5MHz under 45nm process. Based on the characteristic of SHA-256, improving the critical path by pipelining, and using mux to select the element for adding. It needs 68 cycles once a hash. The throughput increases by 78% while only using 8% more gate counts, comparing with the non-pipe one. The hardware speeds up the calculation of Hash by 765 times than the software.

誌謝 iv
摘要 v
Abstract vi
目錄 viii
圖目錄 xii
表目錄 xvi
第 一 章 簡介 1
1.1 動機 1
1.2 研究目標 1
1.3 論文架構 2
第 二 章 背景知識 3
2.1 OPC UA概述 3
2.2 OPC UA System 3
2.2.1 Client 4
2.2.2 Server 4
2.2.3 Client/Server Connection 6
2.2.4 OPC UA系統的安全威脅 7
2.3 OPC UA系統的安全目標 9
2.4 OPC UA Security Model 9
2.5 數位簽章(Digital Signature) 11
2.5.1 Public-key cryptography 11
2.5.2 Flow of Digital Signature 11
第 三 章 相關研究 13
3.1 Research on OPC UA security [24] 13
3.2 The Design of a High Speed ASIC Unit for the Hash Function SHA-256 (384, 512) [15] 15
3.3 An ASIC Design for a High Speed Implementation of the Hash Function SHA-256 (384, 512) [16] 16
3.4 Lightweight and High Performance SHA-256 using Architectural Folding and 4-2 Adder Compressor [17] 17
第 四 章 系統設計與實作 19
4.1 實驗環境 19
4.1.1 硬體環境 19
4.1.2 軟體環境 20
4.2 Mode and Policy 20
4.2.1 Mode 20
4.2.2 Policy 20
4.3 實驗過程 22
4.3.1 Security Handshake [4] 22
4.3.1.1 憑證(Certificate) 23
4.3.2 實驗流程與參數設定 24
4.3.3 OPC UA system without security 25
4.3.4 OPC UA secure system without SHA-256 26
4.3.5 OPC UA secure system with SHA-256 28
4.4 OPC UA Format 31
4.4.1 Frame in detail 32
4.4.2 Message Header 33
4.4.3 Security Header 34
4.4.4 Sequence Header 34
4.5 數據比較與安全性分析 35
第 五 章 SHA-256演算法 37
5.1 雜湊演算法簡介 37
5.1.1 SHA-1 v.s. SHA-2 39
5.2 SHA-256演算法 40
5.2.1 邏輯函數定義 40
5.2.2 Expander 41
5.2.3 Compressor 42
5.2.3.1 雜湊初始值(initial value) 42
5.2.3.2 雜湊常量(Constants)-Kt 43
5.2.3.3 邏輯函數運算 43
第 六 章 SHA-256硬體設計與實作 45
6.1 SHA-256硬體架構 45
6.2 SHA-256個區塊說明 46
6.2.1 資料預處理(Pre-Processing) 46
6.2.1.1 Padding附加填充位元 46
6.2.1.2 附加長度 47
6.2.2 邏輯函數硬體化 48
6.2.3 Expander硬體化 50
6.2.4 Compressor硬體化 53
6.3 架構分析與改進 56
6.3.1 加法器的選用 56
6.3.2 改善critical path 58
6.4 實驗結果比較 65
6.5 晶片佈局圖 67
6.5.1 設計考量 67
6.5.2 晶片佈局圖 68
6.6 Verification 69
6.6.1 Verification Flow 69
6.6.2 Test Vector 70
6.6.3 Simulation result 71
第 七 章 相關論文比較 72
第 八 章 結論與未來展望 76
8.1 結論 76
8.2 未來展望 77





[1]OPC Foundation, “OPC Unified Architecture Specification – Part 1: Overview and Concepts Release 1.04,2018.”
[2]Leitner, Stefan-Helmut; Mahnke, Wolfgang OPC UA–Service-oriented Architecture for Industrial Applications, 11/2006 Softwaretechnik-Trends ISSN 0720-8928
[3]OPC Foundation, “OPC Unified Architecture Specification – Part 2: Security Model 1.04,2018.”
[4]OPC Foundation, “OPC Unified Architecture Specification – Part 6: Mappings Release 1.04,2018.”
[5]OPC Foundation, “OPC Unified Architecture Specification – Part4: Services Release 1.04,2018.”
[6]Announcing the first SHA1 collision. Google Online Security Blog. 2017-02-23 [2017-02-24]. 上網日期:2021年7月13日。檢自:https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
[7]OPC Foundation, “OPC Unified Architecture Specification – Part7: Profiles Release 1.04,2018.”
[8]Nicobon的作品, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=48484042
[9]CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=1446602
[10]kockmeyer的作品, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1823488
[11]National Institute of Standards and Technology (2015) Secure Hash Standard (SHS). (U.S. Department of Commerce), Federal Information Processing Standards Publications (FIPS PUBS) 180-4, Change Notice 4 August 04, 2015. http://dx.doi.org/10.6028/NIST.FIPS.180-4
[12]Open62541. (2020, June 25). Github. https://github.com/open62541/open62541/releases/tag/v1.1.1
[13]FreeOpcua. (2020, April 7). Github. https://github.com/FreeOpcUa/opcua-client-gui
[14]ARMmbed. (2020, July 1). Github. https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0
[15]L. Dadda, M. Macchetti and J. Owen, "The design of a high speed ASIC unit for the hash function SHA-256 (384, 512)," Proceedings Design, Automation and Test in Europe Conference and Exhibition, 2004, pp. 70-75 Vol.3, doi: 10.1109/DATE.2004.1269207.
[16]Luigi Dadda, Marco Macchetti, and Jeff Owen. 2004. An ASIC design for a high speed implementation of the hash function SHA-256 (384, 512). In Proceedings of the 14th ACM Great Lakes symposium on VLSI (GLSVLSI '04). Association for Computing Machinery, New York, NY, USA, 421–425. DOI:https://doi.org/10.1145/988952.989053
[17]M. M. Wong, V. Pudi and A. Chattopadhyay, "Lightweight and High Performance SHA-256 using Architectural Folding and 4-2 Adder Compressor," 2018 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC), 2018, pp. 95-100, doi: 10.1109/VLSI-SoC.2018.8644825.
[18]Yong kyu Kang, Dae Won Kim, Taek Won Kwon and Jun Rim Choi, "An efficient implementation of hash function processor for IPSEC," Proceedings. IEEE Asia-Pacific Conference on ASIC,, 2002, pp. 93-96, doi: 10.1109/APASIC.2002.1031540.
[19]阮一峰. (2018, September 5). 哈希碰撞与生日攻击. 阮一峰的网络日志. http://www.ruanyifeng.com/blog/2018/09/hash-collision-and-birthday-attack.html
[20]Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone. "Chapter 9 - Hash Functions and Data Integrity" (PDF). Handbook of Applied Cryptography. p. 336.
[21]L., Ross a. elliot, Martin a. enderwitz, & Robert w. stewart. (n.d.). The Zynq Book Embedded Processing with the ARM® Cortex®-A9 on the Xilinx® Zynq®-7000 All Programmable SoC (1st Edition).
[22]OPC Foundation, “OPC Unified Architecture Specification – Part 1: Overview and Concepts Release 1.04,2018.”
[23]C. Jeong and Y. Kim, “Implementation of efficient SHA-256 hash algorithm for secure vehicle communication using FPGA,” in 2014 International SoC Design Conference (ISOCC), Nov 2014, pp. 224–225.
[24]R. Huang, F. Liu and D. Pan, "Research on OPC UA security," 2010 5th IEEE Conference on Industrial Electronics and Applications, 2010, pp. 1439-1444, doi: 10.1109/ICIEA.2010.5514836.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊