作者:刘桂雄1, 余中泼1, 洪晓斌1, 谭文胜2
作者单位:1. 华南理工大学机械与汽车工程学院, 广东 广州 510640;
2. 广州柏诚智能科技有限公司, 广东 广州 511442
关键词:嵌入式系统; 固件; 安全验证; Hash算法
摘要:
针对多样化攻击对终端设备嵌入式系统安全造成的严重威胁,设计一种嵌入式系统固件安全验证方法。基于固件安全分析和可信根完整性度量,提出基于Hash算法嵌入式系统固件安全验证方法,在验证计算机上设计安全验证软件,通过通信协议分析、串口侦听,实现固件二进制数据提取、安全固件Hash值建立、未知安全固件Hash建立等功能,完成嵌入式系统固件载入或者升级过程的完整性验证,并设计基于MD5算法的PLC固件验证软件进行对比实验。实验结果表明:该方法可以正确判断PLC系统固件完整性,可推广应用到其他具有固件的嵌入式系统设备中。
Embedded system firmware security verification method based on Hash algorithm
LIU Gui-xiong1, YU Zhong-po1, HONG Xiao-bin1, TAN Wen-sheng2
1. School of Mechanical and Automotive Engineering, South China University of Technology, Guangzhou 510640, China;
2. Basic Intelligence Technology Co., Ltd., Guangzhou 511442, China
Abstract: Aimed at the challenge that the diverse attacks defy the terminal equipment embedded system security seriously, an embedded system firmware security verification method is studied. According to firmware safety analysis and the measurement method of trusted root integrity, an embedded system firmware security verification method based on Hash algorithm is proposed. It designs a security authentication software on the computer and implements the function of firmware binary data extraction, safety firmware Hash value establishment, unknown security firmware Hash value establishment and so on through the communication protocol analysis and serial port monitor. The embedded system firmware integrity is verified in loading or upgrading process. Meanwhile, firmware authentication software for PLC based on MD5 algorithm is designed to conduct an acontrast experiment. Experimental results indicate that the method can judge firmware integrity of PLC system exactly and it can be applied to other embedded system firmware.
Keywords: embedded system; firmware; security verification; Hash algorithm
2014, 40(5): 92-95 收稿日期: 2014-4-18;收到修改稿日期: 2014-6-12
基金项目: 国家科技型中小企业技术创新基金(12C26214405145);广州市科技计划项目(2013J4400064)
作者简介: 刘桂雄(1968-),男,广东揭阳市人,教授,博士生导师,主要从事先进传感与网络化控制研究。
参考文献
[1] 彭勇,江常青,谢丰,等. 工业控制系统信息安全研究进展[J]. 清华大学学报:自然科学版,2012(10):1396-1408.
[2] 张彤. 电力可信网络体系及关键技术的研究[D]. 北京:华北电力大学,2013.
[3] Chen K. Reversing and exploiting an Apple firmware update[C]//Proceedings of the IEEE Symposinm on Security and Privacy. Oakland,2009.
[4] Weissman C. Security controls in the ADEPT-50 time sharing system[C]//Proceedings of the 1069 AFIPS Fall Joint Computer Conference,1969:119-133.
[5] McMinn L, Butts J, Robinson D, et al. Exploiting the critical infrastructure via nontraditional system inputs[J]. Association for Computing Machinery,2011:37-39.
[6] 刘桂雄,张龙,徐钦桂. 基于改进SHA-1物联网监测节点完整性验证与增强方法[J]. 中国测试,2013,39(1):80-83.
[7] 徐钦桂. 虚拟仪器网络化测控系统可信分析及增强方法研究[D]. 广州:华南理工大学,2012.
[8] 徐钦桂,刘桂雄. 应用程序作弊型后门防御模型[J]. 计算机工程与设计,2010(11):2423-2426,2438.
[9] Department of Homeland Security(DHS). Cyber security assessments of industrial control system[S]. Washington DC,2010.
[10] The European Network and Information Security Agency (ENISA).Protecting industrial control systems,recommenda tions for europe and member state[R]. Heraklion,Greece:Recommendations for Europe and Member States,2011.
[11] 黄华强. 嵌入式系统程序完整性验证技术研究与实现[D].广州:华南理工大学,2010.
[12] 刘桂雄,钟森鸣,余中泼. 一种PLC固件完整性验证装置及验证方法:中国,103645672A[P]. 2014-03-19.
[13] 沈昌祥,张焕国,王怀民,等. 可信计算的研究与发展[J].中国科学,2010,40(2):139-166.
