克服安全问题的嵌入式系统 毕业论文外文翻译.doc

附录aovercome security issues in embedded systemsby gary drosselembedded systems design(06/12/07, 12:15:00 h edt)traditional security techniques may not suffice anymore. embedded systems are getting more complex and hackers are getting smarter.embedded systems traditionally have had very limited security options. indeed, fitting a robust set of security features into such a small mechanical footprint can be challenging. storage components, processing power, battery life, time-to-market, and overall cost concerns have prevented most security features from being implemented. overcoming these design challenges has become crucial to embedded systems designers in light of the growing threat of security breaches as more systems are shared or attached to networks and new regulations are adopted that make security mandatory.the security industry has focused largely on portable storage devices for the consumer electronics industry. the basic premise here is that users want security capabilities to travel with the device, such as with a usb thumb drive. this approach lets users protect their data on any system, whether its on an office or home pc, an internet kiosk, or a public computer. software applications and data are password-protected using industry-defined security protocols, which often are targeted by internet hackers. portable data devices are also highly susceptible to theft. once stolen and the security encryption defeated, the fully intact data can be accessed, loaded onto a pc or the internet, sold, or worse.on the other hand, embedded systems applications for the enterprise oem market face their own unique challenges. these oems (original equipment manufacturers) targeting the netcom, military, industrial, interactive kiosk, and medical markets typically provide infrastructure equipment to their customers by supplying everything from network routers and voting machines to medical diagnostic equipment and data recorders. the key requirement is that data must be rendered unreadable should the storage devices be removed from the systems for which theyre intended. the host system must maintain ultimate control over security algorithms to protect the data and prevent ip theft. security requirements can vary for these applications. they can be as simple as ensuring that the correct storage product is in the host, or as intricate as tying the software ip and application data directly to the storage device.tying security to the hosttwo key functions are required in enterprise oem applications to protect application data and software ip. the first is a need to ensure that the end customer is using a qualified storage device in the system. due to warranty or service contracts, the oem must verify that the storage device originally shipped with the equipment is indeed still in the system. the second is a need to tie specific application data and software ip to the specific drive for which it is intended to prevent theft and ensure software integrity. in this way, even if the portable storage device is stolen, the data cant be accessed and the device wont function properly.optimally, the host should have access to at least two unique pieces of data for validation purposes. one identifies the drive and ensures its the correct product. the second data string identifies the specific drive and its correlating data. the host system can then use that data to create encryption/decryption keys for software ip and application data. such a method doesnt provide copy protection, but it restricts the use of particular software on any system other than the original host.design considerationsdesign considerations for enterprise oem applications are many. first, its important to ensure the integrity of the stored data. the drive itself must not be susceptible to corruption due to power disturbances. portability has become of huge importance, so the technology considered must be low power and small and light enough to match the design requirements. in addition, extreme environmental conditions such as shock, vibration, altitude, and a wide temperature range must be considered. multiple-year product lifecycle and high-endurance ratings are also important. if a drive wears out unexpectedly, critical data can be lost, so a feedback mechanism that prevents field failures and unplanned downtime would be beneficial.consumer applications typically only need the storage device to store data. in enterprise oem applications, designers must consider operating systems requirements for storage. an operating system must be kept open to accommodate needed read/write functions. the traditional use of write protection becomes impossible on a storage device that supports an open operating system.another important consideration for enterprise oems is the accidental overwriting of critical system files, such as the master boot record. when a power fluctuation occurs, address lines can float to undetermined states. if theres still enough power to write to the storage component, data could be written to an improper location, potentially corrupting critical system files.many embedded systems have different security requirements for different data types. perhaps theres a need to write-protect a file or look-up table or to have a password-protected area for regulatory validation. the traditional approach would be to implement multiple storage devices, such as a secure eprom for validation codes; a cd-rom for read-only access; or a flash card for data and user statistics or tracking.this may not be the best solution for power and space-constrained embedded designs. not only does using three different devices for one system have a larger-than-desired footprint, but the cost is also increased exponentially by the purchase and programming of three devices.storage security solutionsadvanced storage technologies are now available that let designers add the security thats required for their particular design. these new storage solutions definitely provide the desired environmental performance, low power, small footprint, and longer product lifecycles.for instance, to streamline the embedded design that would need the three different storage devices previously mentioned, this same application could use one advanced storage system divided into task-specific zones. by using advanced zoning techniques, one solid-state drive can be partitioned into zones providing the ability for separate security measures deployed on each zone, as shown in figure 1. the result is a dramatic savings in space and cost. in the previous example, zone 1 can store the operating system, zone 2 can be partitioned for read-only access, and zone 3 can be used for data tracking or storing classified data. in this way, one drive performs the tasks originally handled by three separate devices. given that advanced solid-state drives can be divided into up to five partitions, theres potential for even more functionality. to prevent the theft of application data and software ip, advanced storage technologies enable this information to be tied to a specific storage drive and enable a specific drive to be tied to a specific host system, as in figure 2. a restricted area, only accessible by one or several vendor-specific commands, can be used as a handshaking area to implement these requirements.view the full-size imageadvanced storage systems can have two or more keys resident in its restricted (non-user) data space. the first key could identify the specific media (such as flash drive and hard drive) and the second could contain a randomized number specific to that individual drive. the designer can send a vendor-specific command to read the information from the media and use it as a key for a host-specified encryption/decryption algorithm.should the storage system be removed from the host system for which it was originally intended and placed in a similar system, the new host could identify the transplanted drive as the correct media type. however, the randomized number will be completely different. as a result, the data will be unusable by the new host. should the data itself be copied to a different type of drive, the host can tell its not the correct drive and again the data wont be usable.the security design challenges for embedded systems are different and potentially more demanding than those for the consumer market. while most consumer storage devices contain only data, enterprise oem applications contain operating systems, need to protect critical system files, and must ensure the data is rendered unusable should the device be removed from the host system for which it was originally intended. this has often led to solutions that incorporate multiple drives, a process which can be both complicated and expensive. one of the best ways to enhance security while minimizing cost in embedded systems is to use advanced zoning technology to set up multiple zones with different security parameters on one drive. in this way, the myriad functions, and security requirements can all be met. table 1 shows the design tradeoffs associated with various storage solutions.gary drossel, vice president of product planning for siliconsystems, manages the companys product marketing and planning, strategic marketing, and application engineering efforts. he received a bs degree in electrical and computer engineering from the university of wisconsin. drossel can be reached at .附录b克服安全问题的嵌入式系统由gary drossel嵌入式系统设计06/12/07 ，美国东部时间12时15分00秒嵌入式系统正变得日益复杂和黑客越来越聪明，传统的安全技术可能已经无法满足当前的需要了。嵌入式系统传统上已经有非常有限的安全性选项。事实上，拟合强大的安全功能集成到这样一个小机械足迹是非常富有挑战性的。存储部件、处理能力、电池寿命、产品上市时间以及总成本的关注都妨碍了最高的安全功能得到应用。鉴于日益严重的安全漏洞威胁是许多系统共享或连接到网络，克服这些设计挑战对于嵌入式系统设计师已经迫在眉睫，新的强制性安全法规已经被采用。安全行业已侧重于移动存储设备的消费类电子产品行业。这种关注的基本前提是，用户需要具有安全性能的便携设备，如指纹识别。这种方法可以保护用户存储于任何系统中的数据，无论是在办公室、个人电脑还是互联网站，亦或公用计算机上。行业规定的安全协议的加密软件和数据的应用，往往针对的是互联网黑客的攻击。便携式数据设备很容易失窃。一旦被盗了，安全密码被破解后，就可以获取里面的原始数据，这些数据可能被下载在电脑上或上传到英特网上出售，甚至产生更糟糕的后果。另一方面，嵌入式系统在企业oem市场应用方面也自己面临着少有的挑战。这些原始设备制造商（原始设备制造商）的对象是网络、军事、工业、互动亭和医疗市场。他们为这些消费者提供诸如网络路由、投票器、医疗诊断设备、数据记录器等一系列基础设备。通常提供基础设施设备，以他们的客户提供从网络路由器和投票机的医疗诊断设备和数据记录器。关键的要求是，当存储设备从已有的系统拔出后，数据必须不可读。为了保护数据的安全以防ip盗窃，主机系统必须通过安全算法掌握最终控制权。安全要求可能为这些应用变化。它们可能是简单的验证存储在主机上的密码，或者是错综复杂的软件ip地址绑定和直接向便携设备申请数据。安全绑定到主机原始设备制造商需要的两项主要功能是保护应用数据和软件的知识产权。首先是需要确保最终用户使用存储设备中使用正版系统。由于保单或服务合约， oem必须核实存贮设备最初的配置的确还在系统中。其次防止窃取和保证软件的安全性，配合特定的驱动来绑定相应的应用数据和软件的ip是必要的。这样，即使便携式存储设备被盗，数据也无法访问并且设备将无法正常运行。为保护数据的安全，主机应该至少两次对特殊的数据进行认证。第一次认证时驱动，确保是可是别的设备。第二个数据的字符串识别特定的驱动器和其相关的数据。然后主机就能利用软件ip和应用数据编/解码关键词。这种方法不支持复制保护，但它限制使用特定软件，的原始主机除外。设计注意事项针对企业oem应用的设计注意事项是很多的。首先，确保存储数据的完整性是重要的。驱动器本身不能容易因电源的干扰造成崩溃。便携性已成为极为重要，所以必须考虑技术的低功耗和体积小，重量轻，以符合设计要求。此外，极端环境条件，如冲击，振动，海拔，温度范围必须加以考虑。多年的产品生命周期和高耐力评分也很重要。如果一个驱动器意外损坏，关键数据可能会丢失，因此，能够防止外地失败和意外停机的一种反馈机制将是有益的。消费类应用通常只需要存储设备来存储数据。在企业oem应用中，设计师必须考虑存储空间的操作系统要求。操作系统必须保持开放，以适应需要的读/写功能。传统写保护功能就不可能在支持一个开放的操作系统存储设备上使用。另一个重要的企业的oem注意事项是意外覆写重要的系统文件，如主引导记录。当一个电源发生波动，地址线会漂移到某个未定的状态。如果仍然有足够的电力写入存储元件，数据可以被写入不当的位置，有可能损害的关键系统文件。许多嵌入式系统对不同的数据类型有不同的安全要求。也许有必要用管理验证密码保护区来写保护文件或查找表。传统的做法是，实现多种存储设备，如验证码的安全eprom; cd-rom的只读访问权限;或数据闪存卡和用户统计或跟踪。这未必是电