基于Hash算法嵌入式系统固件安全验证方法.docx

第 40 卷第 5 期2014 年 9 月中国测试CHINA MEASUREMENT TESTVol.40 No.5 September，2014doi：10.11857/j.issn.1674-5124.2014.05.024基于 Hash 算法嵌入式系统固件安全验证方法刘桂雄 1， 余中泼 1， 洪晓斌 1， 谭文胜 2（1. 华南理工大学机械与汽车工程学院，广东 广州 510640；2. 广州柏诚智能科技有限公司，广东 广州 511442）摘 要：针对多样化攻击对终端设备嵌入式系统安全造成的严重威胁，设计一种嵌入式系统固件安全验证方法。基于固 件安全分析和可信根完整性度量，提出基于 Hash 算法嵌入式系统固件安全验证方法，在验证计算机上设计安全验证软 件，通过通信协议分析、串口侦听，实现固件二进制数据提取、安全固件 Hash 值建立、未知安全固件 Hash 建立等功能， 完成嵌入式系统固件载入或者升级过程的完整性验证，并设计基于 MD5 算法的 PLC 固件验证软件进行对比实验。实 验结果表明：该方法可以正确判断 PLC 系统固件完整性，可推广应用到其他具有固件的嵌入式系统设备中。关键词：嵌入式系统；固件；安全验证；Hash 算法中图分类号：TP301.6；O224；TP311.522；TP309文献标志码：A文章编号：1674-5124（2014）05-0092-04Embedded system firmware security verification method based on Hash algorithmLIU Gui-xiong1，YU Zhong-po1，HONG Xiao-bin1，TAN Wen-sheng2（1. School of Mechanical and Automotive Engineering，South China University of Technology， Guangzhou 510640，China；2. Basic Intelligence Technology Co.，Ltd.，Guangzhou 511442，China）Abstract: Aimed at the challenge that the diverse attacks defy the terminal equipment embedded system security seriously， an embedded system firmware security verification method is studied. According to firmware safety analysis and the measurement method of trusted root integrity， an embedded system firmware security verification method based on Hash algorithm is proposed. It designs a security authentication software on the computer and implements the function of firmware binary data extraction，safety firmware Hash value establishment，unknown security firmware Hash value establishment and so on through the communication protocol analysis and serial port monitor. The embedded system firmware integrity is verified in loading or upgrading process. Meanwhile， firmware authentication software for PLC based on MD5 algorithm is designed to conduct an acontrast experiment. Experimental results indicate that the method can judge firmware integrity of PLC system exactly and it can be applied to other embedded system firmware.Key words: embe