TR069 protocol is called the “CPE WAN Management Protocol”. It provides a common framework and protocol which manage and configure for next-generation home network devices. Its protocol stack include some standard protocols, such as SOAP, HTTP, SSL/TLS, TCP/IP and so on. When Auto-Configuration Server(ACS) starts to establish connection with the Customer Premises Equipment (CPE), it may choose the layer of SSL/TLS to increase security. In this paper, the process of mutual authentication between CPE and ACS is encrypted, which is designed and implemented using OpenSSL development package, include the method of generate a self-signed certificate, and the process of certificate is verified. Finally, this paper verified its validity by experiment, and analyzes the key frame by capture package.%TR069(CPE 广域网管理协议)提供了对下一代网络中的家庭网络设备进行管理配置的通用框架和协议,其协议栈中包括SOAP, HTTP, SSL/TLS, TCP/IP 等标准协议。当自动配置服务器(ACS)和网络终端设备(CPE)建立连接时,可以选择使用SSL/TLS层增强通信的安全性。本文设计并实现了使用OpenSSL开发包对ACS与CPE的相互认证过程进行加密,包括生成自签证认证证书的方法,以及证书验证过程。最后,通过实验验证了其有效性,并抓包分析了关键帧。
展开▼
