基于国密SM2数字签名的网络摄像头保护技术

Protection Technology of Network Camera Based on SM2 Digital Signature

随着物联网技术的快速发展,智能家居网络慢慢得到普及,然而隐私泄露、数据被恶意篡改等安全问题不断涌现。文章分析了近期网络摄像头出现的典型漏洞,包括弱默认凭证漏洞、认证绕过漏洞、内建WebShell的利用和专用协议远程控制漏洞,并针对目前网络摄像头系统出现的安全登录方面的问题,提出了基于SM2数字签名的摄像头管理系统登录身份验证协议,根据协议实现中的密钥处理方式不同,提出了有电子钥匙和无电子钥匙两种方案。在有电子钥匙的情况下,电子钥匙作为安全密钥容器;当无电子钥匙时,提供一种基于口令的密钥方案解决了密钥管理问题。最后,文章利用RaspberryPi3B开发板构建一个实验仿真平台,并在C/S、B/S和APP/S架构下实现了该身份认证协议。仿真实验表明,文中方案能够有效防止针对登录口令的嗅探攻击。

With the rapid development of Internet of things （IOT） technology, smart home network is gradually popularizing. However, security problems such as privacy leaks and malicious tampering of data are emerging constantly. The typical vulnerabilities of recent network camera are analyzed, including weak default credential vulnerabilities, authentication bypass vulnerabilities, use of built-in WebShell and proprietary protocol remote control vulnerabilities, and the intrusion access control for a network camera is implemented. Aiming at the security logins problems for current network camera system, the login authentication protocol of camera management system based on SM2 digital signature is proposed. According to the different key processing methods in the protocol implementation, two schemes of electronic key and no electronic key axe proposed. In the case of an electronic key, the electronic key is used as a security key container. When there is no electronic key, a password-based key scheme is provided to solve the key management problem. Finally, an experimental simulation platform is constructed by using Raspberry Pi 3B development board. The authentication protocol is implemented under the framework of C/S, B/S and APP/S. Simulation results show that this scheme can effectively prevent sniffing attacks against login passwords.