|
|
- 2018
具有高表达能力的新型可信计算信任链的设计
|
Abstract:
基于可信计算芯片的可信启动指从信任根开始,通过建立信任链并沿信任链逐步移交系统控制权的过程。然而,现有信任链是简单的单链结构,并不能满足用户需要。该文首先参考基于身份的层次式签名机制,提出支持多软硬件系统的多信任链方案。该方案支持树状的多启动模块预期或信任路径。其次,参考基于身份的模糊签名机制,提出了支持多种潜在信任状态的信任链方案,该方案支持存在多潜在状态的单信任路径。最后,对上述2种方案进行结合。通过对支持多软硬件系统的方案进行扩充,实现末端节点的密钥拆分,并对回退机制、TPM(trusted platform module)芯片存储等部分进行修改,最终实现了兼有前述2种新信任链的功能的第3种方案:既支持多启动模块预期,又支持多种潜在的信任状态,从而满足用户在动态决定启动模块的同时动态决定信任状态的需求。
Abstract:The trusted boot process in trusted computing verifies the next boot module from the root of trust to establish a chain of trust. The classic chain of trust is a simple single-branch tree, but this may not satisfy complete user demands. This paper presents a multi-module chain of trust model based on HIBS (hierarchical identity-based signature) and a multi-pattern chain of trust model based on FIBS (fuzzy identity based signature) that overcome the limitations of single module expectations in a traditional chain so that the user can dynamically choose the module. The two chains of trust models are then combined to improve the results.
| [1] | Trusted Computing Group. TCG software stack (TSS) specification, version 1.2[Z/OL]. (2005-02-01). https://www.trustedcomputinggroup.org/. |
| [2] | 秦中元, 胡爱群. 可信计算系统及其研究现状[J]. 计算机工程, 2006, 32(14):111-113. QIN Z Y, HU A Q. Trusted computing system and its current research[J]. Computer Engineering, 2006, 32(14):111-113. (in Chinese) |
| [3] | 刘宏伟, 朱广志. 可信计算平台认证机制研究[J]. 计算机工程, 2006, 32(24):149-151. LIU H W, ZHU G Z. Research on attestation scheme of trusted computation platform[J]. Computer Engineering, 2006, 32(24):149-151. (in Chinese) |
| [4] | 张旻晋, 桂文明, 苏涤生, 等. 从终端到网络的可信计算技术[J]. 信息技术快报, 2006, 4(2):21-34. ZHANG M J, GUI W M, SU D S, et al. The trusted computing techniques from end to network[J]. Information Technology Letter, 2006, 4(2):21-34. (in Chinese) |
| [5] | PEARSON S. Trusted computing platforms, the next security solution[M]. London, England:HP Labs, 2002. |
| [6] | 张焕国, 刘玉珍, 余发江, 等. 一种新型嵌入式安全模块[J]. 武汉大学学报:理学版, 2004, 50(A01):7-11. ZHANG H G, LIU Y Z, YU F J, et al. A new type of embedded secure module[J]. Journal of Wuhan University (Natural Science Edition), 2004, 50(A01):7-11. (in Chinese) |
| [7] | 李子臣. 移动互联网时代信息安全新技术展望[J]. 信息通信技术, 2012(6):75-80. LI Z C. The new techniques of information security in mobile network[J]. Journal of Information and Communication, 2012(6):75-80. (in Chinese) |
| [8] | 沈昌祥, 张焕国, 冯登国, 等. 信息安全综述[J]. 中国科学E辑:信息科学, 2007, 37(2):129-150. SHEN C X, ZHANG H G, FENG D G, et al. The summarization of information security[J]. Science China Ser E:Information Sciences, 2007, 37(2):129-150. (in Chinese) |
| [9] | SHAMIR A. Identity-based cryptosystems and signature schemes[C]//Advances in Cryptology-CRYPTO 1984. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 1985:47-53. |
| [10] | BONEH D, FRANKLIN M. Identity-based encryption from the Weil pairing[C]//Advances in Cryptology-CRYPTO 2001. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 2001:213-229. |
| [11] | GENTRY C, SILVERBERG A. Hierarchical ID-based cryptography[C]//Advances in Cryptology-ASIACRYPT 2002. Queenstown, NZ, USA:Springer Berlin Heidelberg, 2002:548-566. |
| [12] | SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Advances in Cryptology-EUROCRYPT 2005. Arhus, DK, USA:Springer Berlin Heidelberg, 2005:457-473. |
| [13] | WANG C J. A provable secure fuzzy identity based signature scheme[J]. Science China Information Sciences, 2012, 55(9):2139-2148. |
| [14] | Trusted Computing Group[Z]. TCG TPM library 2.0, 2014.(2014-10-01). http://www.trustedcomputinggroup.org/tpm-library-specification/. |
| [15] | CAMENISCH J, CHEN L Q, DRIJVERS M, et al. One tpm to bind them all:Fixing tpm2.0 for provably secure anonymous attestation[C]//38th IEEE Symposium on Security and Privacy. San Jose, CA, USA:IEEE, 2017:901-920. |
| [16] | CHEN L Q, LI J. Flexible and scalable digital signatures in tpm 2.0[C]//Proceedings of the 2013 ACMACM Sigsac Conference on Computer and Communications Security. Berlin, Germany:ACM, 2013:37-48. |
| [17] | BRICKELL E, LI J T. A pairing-based daa scheme further reducing TPM resources[C]//Proceedings of the 3rd International Conference on Trust and Trustworthy Computing. Berlin, Germany:Springer Berlin Heidelberg, 2010:181-195. |
| [18] | CHEN L Q, DAN P, SMART P. On the design and implementation of an efficient DAA scheme[C]//Proceedings of the 9th Smart Card Research and Advanced Application IFIP Conference. Passau, Germany:Springer Berlin Heidelberg, 2010:223-237. |
| [19] | CAMENISCH J, LYSYANSKAYA A. Signature schemes and anonymous credentials from bilinear maps[C]//Advances in Cryptology|CRYPTO'04. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 2004:56-72. |
| [20] | SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11):612-613. |
| [21] | CHALLENER D, YODER K, CATHERMAN R, et al. A practical guide to trusted computing[M]. London, UK:Pearson Education, 2007. |
