| Network is playing a remarkable important role in our life. The devices and applications connected by network increase dramatically, including not only desktop computer, laptop and servers, but also cellphones, PDAs and various embedded devices. While we enjoy the opportunities and develop space brought in by network, we have to face a serious problem - all the devices in the network might be attacked. In such a connected age, the information is exchanged so frequently that we have to consider how to protect the information when it is stored or transmitted, and how to make sure that our systems and the applications can run seriously. These problems attract more and more attention.People began to research the security strategy of network and computer long before and had already achieved certain accomplishment. However, as for embedded system, since the system resource is limited and the power is weak, it is much more difficult to add security strategy to embedded system.Up to now, much of the effort towards implementing embedded security solutions has been focused on building security features into operating systems (OS). However, the fact that OS are by definition open, and extremely complex software systems, makes it difficult to provide robust security solutions based on the OS alone.One option is to add a hardware security module to the design. This approach suffers from all of the restrictions inherent in any pure hardware solution. Pure hardware solutions are inflexible; they cannot easily be adapted to cater for new security functions. Additionally, adding hardware IP adds manufacturing cost to the design and can have an adverse affect on power consumption.Off-chip hardware, such as co-processors and storage, offers another approach to embedded security, enabling the acceleration of demanding cryptography algorithms, for example. However, adding a second processor to the system adds to the cost, complexity and power budget. Additionally, it may not be possible for the CPU device to ascertain the integrity of the off-chip device - it may be removed and interfered with.The lack of common security elements across different platforms is obstructing the development of integrated security solutions. With no standards in place, implementation of embedded security measures has been fragmented, costly.The main purpose of this thesis is to bring up a method to build embedded security client and then apply this security client into a security network multimedia broadcast system in order to prove the security client's feasibility.This thesis begins with analyzing the importance and necessity of adding security to embedded system. Second, it introduces several existing security strategy of embedded system and compare their main features and principle. Based on the above work, it proposes a new method to build embedded security client and gives the simple implementation of this method. This method mainly takes the advantage of ARM TrustZone technology. At last, it designs and implements the security network multimedia broadcast system, which makes use of the security client. The security network multimedia broadcast system refers to OMA DRM 2.0 standard. The system includes client authentication, media protection, media storage, play control and so on.The main contributions of this thesis can be concluded as following:1. Do a deep research and analysis of existing embedded security strategies and the results can be referred in other projects of academia.2. Put forward a new method to build embedded security client based on ARM TrustZone technology. Give the reference design of security client and implementation.3. Design and implement the security network multimedia broadcast system, including client authentication, media protection and media storage. This system offers a feasible way to protect the multimedia broadcast system.The results of this thesis can be referred as a solution in correlative scientific research or application project. |
PDF Full Text Request