An Authentication Protocol For OSGi Based On Hybrid Encryption

Over the past few years, with more and more embedded devices such as mobile phones, home gateways and controlling devices are connected to the internet, their security have attracted public attention. Therefore, the authentication technique, which is a fundamental function of the security technique, has become a focus on research.Since there are many differences, such as framework, transaction capability, network bandwidth and so on, between enbedded environment and distributed service environment, the current authentication protocols for general systems can't be applied directly to the embedded systems.The Open Services Gateway Initiative (OSGi) organization is the leading standard for next-generation Internet services to homes, cars, consumer electronics, small offices, and other environments. Howerver, the existing authentication protocols for the OSGi have the shortcomings neither of the mass operation nor of the inconvenience of creating and distributing secret keys. So, in this thesis, we study the authentication protocol for OSGi in depth, and our research consists of the following four parts:In the first part - design of the authentication protocol for embedded sytems, we studied the methods for designing security protocol and the characteristics of embedded systems, and the following results are achieved: (1) Based on the KryptoKnight and X.509 protocols, we propose a new authentication protocol for OSGi. This protocol combines the advantages of the symmetric and public key cryptography and meets the requirements of the OSGi, including manageability, minimality and single-sign on.In the second part - formal analysis of the protocol, we studied the formal methods for analysis of security protocols and the CSP mothod, and the following results are achieved: (2) Modelling the protocol with CSP and describe the intruders' ablities formally; (3) Developing the specifications to express security properties and check the security properties of the protocol using FDR - a model checker for CSP.In the third part - implementation of the new protocol, we studied the security issues in the implement level and the skills to develop a security protocol, and the following results are achieved: (4) The protocol is implemented in Java and this implementation can prevent type flaw attacks and multi-protocol attacks.In the forth part - a simple application, we studied the structure of OSGi framework and the following result is achieved: (5) The weak authentication module of the OSGi telnet console service is replaced by our authentication protocol. So users can login the gateways much more safely.