|
|
- 2016
基于SMM的密钥传输方案的设计与实现
|
Abstract:
摘要: 驱动层加解密技术所使用的加密密钥通常保存在基于USB接口的外部设备中,加解密时密钥经由USB接口传输到驱动层,而USB信道并不安全,存在着密钥泄露的风险。针对此问题,基于系统管理模式(SMM),利用SMM对操作系统的不可感知特性,提出了一种安全的密钥传输方案。实验结果表明,该方案能够抵抗USB信道攻击,可有效保证密钥传输过程的安全,显著增强了驱动层加解密密钥的安全性。
Abstract: The encryption key used in the driver layer encryption was usually stored in the peripheral equipment of USB. In the process of encryption, the key is transmitted to the driver layer via USB interface. But the USB channel is not secure enough and there may be key leakage threat. Therefore this paper proposed a secure key transmission solution based on system management module(SMM)to solve this problem. The solution leveraged the intangibility of SMM towards the operating system and we propose a new and secure key transmit scheme. The experiments results indicated that it could effectively resist the attack to USB channel, guarantee the key security during transmission and significantly enhance the security of encryption key in the driver layer
| [1] | DUFLOT L, ETIEMBLE D, GRUMELARD O. Using CPU system management mode to circumvent operating system security functions[J]. Proceedings of the 7th CanSecWest Security Conference. [S.l.] :[s.n.] , 2006. |
| [2] | CHEN J, YE J. Research on the file encryption system based on minifilter driver[C] //Proceedings of the 13th International Conference on Man-Machine-Environment System Engineering. Heidelberger: Springer-verlag Berlin, 2014:175-182. |
| [3] | Microsoft. Filter manager support for minifilter drivers[EB/OL].[2015-03-25]. https://msdn.microsoft.com/en-us/library/windows/hardware/ff541613(v=vs.85).aspx. |
| [4] | 杨帆. USB KEY 体系研究与技术实现[D]. 武汉: 武汉大学计算机学院, 2004. YANG Fan. Research and realization of USBKEY structure[D]. Wuhan: Computer School of Wuhan Uunivesriy,2004. |
| [5] | 顾正义, 黄皓. 新加密文件系统的研究与实现[J]. 计算机工程与设计, 2009,30(14): 3272-3277. GU Zhengyi, HUANG Hao. Research and implementation of new encrypting file system[J].Computer Engineering and Design, 2009, 30(14):3272-3277. |
| [6] | JIZHONG L. An improved security technique for the terminal sensitive documents[C] // Proceedings of the 5th International Conference on Computer Sciences and Convergence Information Technology(ICCIT). Piscataway:IEEE, 2010:1028-1031. |
| [7] | 赵霞, 陈向群, 郭耀, 等. 操作系统电源管理研究进展[J]. 计算机研究与发展, 2008, 45(5):817-824. ZHAO Xia, CHEN Xiangqun, GUO Yao, et al. A survey oil operating system power management[J]. Journal of Computer Research and Development, 2008, 45(5):817-824. |
| [8] | HE D, KUMAR N, LEE J H, et al. Enhanced three-factor security protocol for consumer USB mass storage devices[J]. IEEE Transactions on Consumer Electronics, 2014, 60(1):30-37. |
| [9] | 郑磊, 马兆丰, 顾明. 基于文件系统过滤驱动的安全增强型加密系统技术研究[J]. 小型微型计算机系统, 2007, 28(7):1181-1184. ZHENG Lei, MA Zhaofeng, GU Ming. Techniques of file system filter driver—based and security—enhanced encryption system[J]. Journal of Chinese Computer Systems, 2007, 28(7):1181-1184. |
| [10] | 朱明, 徐骞, 刘春明,等. 木马病毒分析及其检测方法研究[J]. 计算机工程与应用, 2003, 39(28):176-179. ZHU Ming, XU Qian, LIU Chunming. Analysis of trojan horse and its detection[J]. Computer Engineering and Applications, 2003, 39(28):176-179. |
| [11] | KASPER T, OSWALD D, PAAR C. EM side-channel attacks on commercial contactless smartcards using low-cost equipment[M] // YOUM H Y, YUNG M. Information Security Applications. Heidelberger: Springer-verlag Berlin, 2009:79-93. |
| [12] | 赵铭伟, 毛锐, 江荣安. 基于过滤驱动的透明加密文件系统模型[J]. 计算机工程, 2009, 35(1):150-152. ZHAO Ming wei, MAO Rui, JlANG Rongan. Transparent encryption file system model based on filter Driver[J]. Computer Engineering, 2009, 35(1):150-152. |
| [13] | DUFLOT L, ETIEMBLE D, GRUMELARD O. Security issues related to pentium system management mode[C] // Proceedings of the 7th CanSecWest Security Conference. [S.l.] :[s.n.] , 2006. |
