%0 Journal Article %T 具有高表达能力的新型可信计算信任链的设计<br>Highly-descriptive chain of trust in trusted computing %A 龙宇 %A 王辛 %A 徐贤 %A 洪璇 %J 清华大学学报(自然科学版) %D 2018 %R 10.16511/j.cnki.qhdxxb.2018.25.017 %X 基于可信计算芯片的可信启动指从信任根开始,通过建立信任链并沿信任链逐步移交系统控制权的过程。然而,现有信任链是简单的单链结构,并不能满足用户需要。该文首先参考基于身份的层次式签名机制,提出支持多软硬件系统的多信任链方案。该方案支持树状的多启动模块预期或信任路径。其次,参考基于身份的模糊签名机制,提出了支持多种潜在信任状态的信任链方案,该方案支持存在多潜在状态的单信任路径。最后,对上述2种方案进行结合。通过对支持多软硬件系统的方案进行扩充,实现末端节点的密钥拆分,并对回退机制、TPM(trusted platform module)芯片存储等部分进行修改,最终实现了兼有前述2种新信任链的功能的第3种方案:既支持多启动模块预期,又支持多种潜在的信任状态,从而满足用户在动态决定启动模块的同时动态决定信任状态的需求。<br>Abstract:The trusted boot process in trusted computing verifies the next boot module from the root of trust to establish a chain of trust. The classic chain of trust is a simple single-branch tree, but this may not satisfy complete user demands. This paper presents a multi-module chain of trust model based on HIBS (hierarchical identity-based signature) and a multi-pattern chain of trust model based on FIBS (fuzzy identity based signature) that overcome the limitations of single module expectations in a traditional chain so that the user can dynamically choose the module. The two chains of trust models are then combined to improve the results. %K 可信计算 %K 基于身份的签名 %K 信任链 %K < %K br> %K trusted computing %K identity based signature %K chain of trust %U http://jst.tsinghuajournals.com/CN/Y2018/V58/I4/387