透過您的圖書館登入
IP:18.206.160.129
  • 學位論文

具高度安全性之汽車韌體下載系統分析與建置

The Analysis of Exalted Assurance of Automobile Firmware Download System and Construction.

指導教授 : 林百福
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。

摘要


近年來網際網路的快速發展,使人們隨時隨地可以上網流傳任何數位媒體(Digital Media),例如,影音、文章及程式碼等。由於網際網路系統開放的特性,在沒有特別的防護措施之下,在網路上傳送的資料是赤裸裸地被所有人檢視。包括下載汽車靭體的過程,只要有心人士在網路上架上監聽軟體,例如,HP OpenView、Sniper等,即可不費吹灰之力得到全業公司費盡苦心研發結晶,例如控制程式。 論文中使用SSL安全機制來提供網路上的防護,是在上層建立安全措施且可以整合到幾種特定軟體中,如Netscape及Windows Explorer瀏覽器中都有內建SSL,此種方法的優點在於建置容易實用性高加密演算法,加上一個運算度快的資訊隱藏方法來保護安全憑證,順利結合密碼學與藏密學。 本論文提出的架構,於WAN(Wide Area Network)的部份結合了防火牆架設、入侵偵測系統、系統漏洞的檢測、SSL(Secure Socket Layer),而LAN(Local Area Network)的部份使用虛擬私有網路(VPN, Virtual Private Network)技術來防止重要資訊的外洩,尤其結合資訊隱藏技術,成功交換安全憑證,另外本論文也將會就非技術層面作討論,如人員的管理,避免不適任的人員造成了系統,甚至企業的安全漏洞,實體安全和制定安全政策也是值得討論的。實驗結果並經由FIPS140-1證實,本論文提出的系統架構具高度的安全性。

並列摘要


The rapid development of modern network technology allows people to have access to varieties of digital media such as audio & video, articles and programs, etc. Since the network system is open to all public, without distinctive protection, delivering information online will be under bare observation. Therefore, the process of automobile firmware download could be monitored by the one who is using a monitorial software, for example, HP Open View, Sniper, etc. In a word, if there is not any protection against leakage, the domain knowledge of the company can be easily obtained. In this thesis, SSL( secure socket layer ) security system is used to provide the protection for the network and it can integrate some special software such as Netscape and Windows Explorer browsers. The advantage of SSL is to form an easy application for highly protected calculation, a high speed processing concealment method and combine with cryptology to have an assured credential. There are two kinds of framework in the thesis. One is WAN, the other is LAN. Concerning WAN ( wide area network ), it combines fire wall, invasion detecting system, leakage detector and SSL. As for local area network ( LAN ), it uses the virtual private network ( VPN ) to prevent divulgence of important information. Above all, it associates an information hiding technique to exchange safety credential successfully. Furthermore, non-technical discussions will be included in this thesis. For example, the staff management is emphasizing the prevention of disclosure of system and company safety loophole resulted from incompetent errors. Real safety and constitution of safety policy are both worth discussing. The experimental results, proven by FIPS140-1, are that the systematic frameworks in this thesis have a high level assurance.

參考文獻


[3] Icove, Seger, and VonStorch, “Computer Crime – A Crimefighter’s Handbook,” O’Reilly & Associates Inc., 1995.
[17] Lin, C.-Y., and Chang, S.-F., “A Robust Image Authentication Method Distinguishing JPEG Compression from Malicious Manipulation,” IEEE Transactions on Circuits and Systems of Video Technology, Vol. 11, No. 2, pp. 153-168, Feb., 2001.
[22] D. Kosiur, Building and Managing Virtual Private Networks, Wiley Computer Press, 1998.
[32] D. Kahn, The Codebreakers: the Story of Secret Writing, MacMillan publishing, 1996.
[35] Rivest, R., Shamir, A., and Adleman. L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21, 120-126.

延伸閱讀