基于可信芯片的平台身份证明方案研究

张倩颖; 冯登国; 赵世军

doi:10.3969/j.issn.1000-436x.2014.08.013

您当前的位置：

首页 >

文章列表页 >

基于可信芯片的平台身份证明方案研究

学术论文 | 更新时间：2024-10-11

- 基于可信芯片的平台身份证明方案研究
- Research of platform identity attestation based on trusted chip
- 通信学报 2014年35卷第8期页码：94-106
- 作者机构：
  
  1. 中国科学院软件研究所，北京 100190;2．中国科学院大学，北京 100049
  2. 中国科学院大学，北京 100049
- 作者简介：
  
  [ "张情颖（1986-），女，河北三河人，中国科学院博士生，主要研究方向为网络与系统安全、可信计算。" ]
  [ "冯登国（1965-），男，陕西靖边人，博士，中国科学院研究员、博士生导师，主要研究方向为密码学和信息安全。" ]
  [ "赵世军（1985-），男，山东潍坊人，中国科学院博士生，主要研究方向为网络与系统安全、可信计算。" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(91118006);国家自然科学基金资助项目;The National Natural Science Foundation of China(61202414);国家重点基础研究发展计划（“973计划）基金资助项目;The National Basic Research Program of China (973 Program)(2013CB338003)
- DOI：10.3969/j.issn.1000-436x.2014.08.013
  中图分类号： TP309
- 网络出版日期：2014-08，
  
  纸质出版日期：2014-08-25
- 稿件说明：
移动端阅览
张倩颖, 冯登国, 赵世军. 基于可信芯片的平台身份证明方案研究[J]. 通信学报, 2014,35(8):94-106.

Qian-ying ZHANG, Deng-guo FENG, Shi-jun ZHAO. Research of platform identity attestation based on trusted chip[J]. Journal on communications, 2014, 35(8): 94-106.
张倩颖, 冯登国, 赵世军. 基于可信芯片的平台身份证明方案研究[J]. 通信学报, 2014,35(8):94-106. DOI： 10.3969/j.issn.1000-436x.2014.08.013.

Qian-ying ZHANG, Deng-guo FENG, Shi-jun ZHAO. Research of platform identity attestation based on trusted chip[J]. Journal on communications, 2014, 35(8): 94-106. DOI： 10.3969/j.issn.1000-436x.2014.08.013.

摘要

对基于可信第三方的平台身份证明方案进行了研究，提出了一种用证书和令牌标识可信计算平台并直接使用令牌证明平台身份的方案。与其他方案相比，该方案降低了证明过程的计算量和通信量，并且验证方验证平台身份的同时能够确认平台状态可信，获得了更高的安全性。利用协议组合逻辑证明了方案满足平台身份验证正确性和匿名性。原型系统实验结果表明，该方案平台身份证明效率高，特别适用于无线网络环境。

Abstract

By studying the platform identity attestation base on trusted third parties

a scheme where a trusted computing platform is identified by a certificate and a token is proposed. In this scheme

only the token is used when the platform proves its identity. Compared to other schemes

this scheme not only has much lower calculation and communication

but also convinces the verifier of the trustworthiness of the client's platform state during the platform identity attestation. A detailed security proof of the proposed scheme is presented by using the protocol composition logic

and the proof shows that the scheme satisfies correctness and anonymity of platform identity verification. The experiment result in a devel-oped prototype system shows that the proposed scheme provides good performances in computation and communication

and is especially suitable for the wireless network.

关键词

Keywords

references

冯登国，秦宇，汪丹等 . 可信计算技术研究 [J ] . 计算机研究与发展， 2011 , 48 ( 8 ): 1332 - 1349 .

FENG D G , QIN Y , WANG D , et al . Research on trusted computing technology [J ] . Journal of Computer Research and Development , 2011 , 48 ( 8 ): 1332 - 1349 .

BRICKELL E , CAMENISCH J , CHEN L Q . Direct anonymous at-testation [A ] . Proceedings of the 11th ACM Conference on Computer and Communications security [C ] . Washington, DC, USA , 2004 .

Trusted Computing Group. TPM main specification version 1.2 [EB/OL ] . http://www.trustedcomputinggroup.org/ http://www.trustedcomputinggroup.org/ , 2011 .

REID J , NIETO J M G , DAWSON E , et al . Privacy and trusted com-puting [J ] . Proceedings of the 14th International Workshop on Data-base and Expert Systems Applications [C ] . Prague, Czech Republic , 2003 .

PIRKER M , TOEGEL R , HEIN D , et al . privacy CA for anonymityand trust [J ] . Proceedings of the 2nd International Conference on Trusted Computing [C ] . Oxford, UK , 2009 .

CHEN L Q , WARINSCHI B . Security of the TCG privacy-CA solu-tion [J ] . Proceedings of the 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous [C ] . Hong Kong, China , 2010 .

CHEN L Q , LEE M F , WARINSCHI B . Security of the enhanced TCG privacy-CA solution [J ] . Proceedings of the 6th International Confer-ence on Trustworthy Global Computing [C ] . Aachen, Germany , 2011 .

杨力，马建峰，朱建明 . 可信的匿名无线认证协议 [J ] . 通信学报， 2009 , 30 ( 9 ): 29 - 35 .

YANG L , MA J F , ZHU J M . Trusted and anonymous authentication scheme for wireless networks [J ] . Journal on Communications , 2009 , 30 ( 9 ): 29 - 35 .

杨力，马建峰，裴庆祺等 . 直接匿名的无线网络可信接入认证方案 [J ] . 通信学报， 2010 , 31 ( 8 ): 98 - 104 .

YANG L , MA J F , PEI Q Q , et al . Direct anonymous authentication scheme for wireless networks under trusted computing [J ] . Journal on Communications , 2010 , 31 ( 8 ): 98 - 104 .

崔巍，李益发，斯雪明 . 基于 Eucalyptus 的基础设施即服务云框架协议设计 [J ] . 电子与信息学报， 2012 , 34 ( 7 ): 1748 - 1754 .

CUI W , LI Y F , SI X M . The protocol design of a Eucalyptus-based in-frastructure-as-a-service (IaaS) cloud framework [J ] . Journal of Elec-tronics ＆ Information Technology , 2012 , 34 ( 7 ): 1478 - 1754 .

WINKLER T , RINNER B . User-centric privacy awareness in video surveillance [J ] . Multimedia Systems , 2012 , 18 ( 2 ): 99 - 121 .

WINKLER T , RINNER B , ESTERLE L , et al . Privacy and security in video surveillance [J ] . IEEE Signal Processing Magazine , 2013 , 30 : 190 - 198 .

PIRKER M , WINTER J , TOEGL R . Lightweight Distributed Hetero-geneous Attested Android Clouds. Trust and Trustworthy Comput-ing [M ] . Springer Berlin Heidelberg , 2012 122 - 141 .

FONGEN A , MANCINI F . Attested genuineness in service oriented environments [A ] . Proceedings of the 3rd International Conference on Digital Information Processing and Communications [C ] . 2013 8 - 17 .

KRAXBERGER S , TOEGL R , PIRKER M , et al . Trusted Identity Management for Overlay Networks [M ] . Information Security Practice and Experience, Springer Berlin Heidelberg , 2013 16 - 30 .

陈小峰，冯登国 . 一种多信任域内的直接匿名证明方案 [J ] . 计算机学报， 2008 , 31 ( 7 ): 1122 - 1130 .

CHEN X F , FENG D G . TA direct anonymous attestation scheme in multi-domain environment [J ] . Chinese Journal of Computers , 2008 , 31 ( 7 ): 1122 - 1130 .

BRICKELL E , CHEN L Q , LI J T . A new direct anonymous attestation scheme from bilinear maps [A ] . Proceedings of the 1st International Conference on Trusted Computing and Trust in Information Technolo-gies [C ] . Villach, Austria , 2008 .

CHEN L Q , PAGE D , SMART N P . On the design and implementation of an efficient DAA scheme [A ] . Proceedings of the 9th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Ad-vanced Application [C ] . Passau, Germany , 2010 .

CHEN X F , FENG D G . Direct anonymous attestation for next genera-tion TPM [J ] . Journal of Computers , 2008 , 3 ( 12 ): 43 - 50 .

BRICKELL E , LI J T . Enhanced privacy ID from bilinear pair-ing [EB/OL ] . http://eprint. iacr.org/2009/095 http://eprint. iacr.org/2009/095 , 2011 .

CHEN L Q . A DAA scheme requiring less TPM resources [A ] . Pro-ceedings of the 5th International Conference on Information Security and Cryptology [C ] . Beijing, China , 2009 .

BRICKELL E , LI J T . A pairing-based DAA scheme further reducing TPM resources [A ] . Proceedings of the 3rd International Conference on Trust and Trustworthy Computing [C ] . Berlin, Germany , 2010 .

陈小峰，冯登国 . 一种基于双线性映射的直接匿名证明方案 [J ] . 软件学报， 2010 , 21 ( 8 ): 2070 - 2078 .

CHEN X F , FENG D G . Direct anonymous attestation based on bilin-ear maps [J ] . Journal of Software , 2010 , 21 ( 8 ): 2070 - 2078 .

杨力，马建峰，姜奇 . 无线移动网络跨可信域的直接匿名证明方案 [J ] . 软件学报， 2012 , 5 ( 5 ): 1260 - 1271 .

YANG L , JIANG Q . Direct anonymous attestation scheme in cross trusted domain for wireless mobile networks [J ] . Journal of Soft-ware , 2012 , 5 ( 5 ): 1260 - 1271 .

DURGIN N , MITCHELL J C , PAVOLVIC D . A compositional logic for proving security properties of protocols [J ] . Journal of Computer Securtity , 2003 , 11 ( 4 ): 677 - 721 .

DATTA A , DEREK A , MITCHELL J C , et al . Protocol composition logic (PCL) [J ] . Electronic Notes in Theoretical Computer Science , 2007 , 172 : 311 - 358 .

HE C H , SUNDARARAJAN M , DATTA A , et al . A modular correct-ness proof of IEEE 802.11i and TLS [J ] . Proceedings of the 12th ACM Conference on Computer and Communications Security [C ] . Alexan-dria, USA , 2005 . 2 - 15 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

理性安全的公平两方比较协议

面向轻量级物联网设备的高效匿名身份认证协议设计

可信云平台技术综述

基于标签的vTPM私密信息保护方案

基于TPA云联盟的数据完整性验证模型