TPM context manager and dynamic configuration management for trusted virtualization platform

It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM （trusted platform module） context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM （virtual machine） configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG （trusted computing group） static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.     

A Method to Implement Full Anonymous Attestation for Trusted Computing Platform

Trusted computing （TC） technology is brought out by trusted computing group （TCG） to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform＇s real identity, which are Privacy CA-based protocol and direct anonymous attestation （DAA） protocol. However, in the first protocol the privacy CA is the bottleneck and the platform＇s identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM＇s real identity.     

一种基于多可信属性的证据模型建立方法

可信远程证明是可信计算技术中非常重要的一部分,而可信证据又是可信远程证明的基础。但是,通过研究现有主要可信远程证明方法发现对于可信证据研究主要存在以下几个问题：首先,证据信息不充分,不能满足可信证明的需求;其次,证据信息组织不够合理;最后,由于可信性具有一定的主观性,与用户的预期相关,但现有方法中在收集证据时没有考虑用...     

Remote attestation-based access control on trusted computing platform

Existing remote attestation schemes based on trusted computing have some merits on enhancing security assurance level, but they usually do not integrate tightly with the classical system security mechanism. In this paper, we present a component named remote attestation-based access controller (RABAC), which is based on a combination of techniques, such as random number, Bell-La Padula (BLP) model, user identity combined with his security properties and so on. The component can validate the current hardware and software integrity of the remote platform, and implement access control with different security policy. We prove that the RABAC can not only improve the security of transferred information in remote attestation process but also integrate remote attestation and classical system security mechanism effectively.     

一种改进的属性远程证明方案

为了克服现有基于属性证书的远程证明方案在隐私保护和安全性方面的不足,文中提出了一种基于隐藏证书技术的属性远程证明方案（HCP-RA）,该方案在传统基于属性的远程证明的基础上引入了隐藏证书技术,实现了对机密性证书和策略的保护,同时实现了验证方和被验证方之间的双向可信性验证功能。文中首先给出了HCP-RA模型,随后针对该模型给出了形式化描述和相应的远程证明协议,并通过应用实例来说明该协议的具体工作过程。与传统的基于属性证书的远程证明技术相比较,该方案在隐私保护方面具有很大优势;双向可信性验证提高了传统单向属性远程证明的安全性。     

基于过滤机制的Web服务可信远程认证

针对目前可信认证方案在认证效率和具体应用上的不足,提出了基于虚拟机的可信认证方案,并对Web服务器提出具体的认证策略,通过实验证明这种策略是可行和有效的。     

基于直接匿名证言的可信平台身份证明协议的设计

直接匿名证言(DAA)既解决了隐私CA的瓶颈问题,又实现对TPM的认证和匿名,是当前可信计算平台身份证明最好的理论解决方案之一,TCG在TPMv1.2中将其作为解决平台身份证明问题的标准.但该标准中仅仅重点描述了DAA实现认证和匿名的原理、复杂运算和关键步骤,并没有给出具体和完整的协议流程.基于DAA基本原理设计了可信平台身份证明的安全协议:AI-DAA.该协议不仅能够实现可信平台身份认证和隐私保护,而且还能保证协议实体之间的双向身份认证和信息传输的机密性.协议安全性分析表明,AI-DAA不仅能防止消息重放攻击,而且还能抵御中间人攻击.     

多组件属性的远程证明

在现有组件属性证明方案的基础上,提出了多组件属性的证明方案,以解决多个组件以一定的结构构成的安全属性的证明问题,满足不同类型属性的证明需求。以CL签名为基础进行多个组件与属性的签名,使组件-属性的映射具有多对一的关系,并对各组件的组成结构进行了简要分析。多组件属性的证明方案具有组件验证效率高,协议配置灵活,可兼容单组件的属性证明等特点,证明平台的隐私可以得到保证。多组件属性证明方案适用于具有特定组件结构的属性证明。     

可信计算中的远程认证体系

提出了一种安全高效的元件的远程认证体系结构,体系结构中采用多种签名结合的方式确保各元件属性认证的真实性与正确性,采用基于中国余数定理的子群签名的方式确保用户平台认证时的私密性。与现有的远程认证体系结构相比,本方案引入了可恢复原消息的盲签名,减小了证书发布机构的被攻击风险,提高了整个体系结构的安全性。同时子群签名相对于现有方案普遍采用的零知识签名,具有更高的效率。     

基于双线性映射直接匿名认证方案的改进

针对目前可信计算中直接匿名认证(DAA)方案存在协议交互流程繁琐、计算量大的问题,提出了一种直接匿名认证方案IMP-DAA。以椭圆曲线上的双线性映射为理论依据,以q-SDH困难假设为安全基础,简化了协议交互流程;在保证可信计算平台安全的前提下,降低了各参与方的计算量;并从安全性和有效性两个方面进行了分析。     

A Peer-to-Peer resource sharing scheme using trusted computing technology

Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.     

标准模型下基于属性的高效证明方案

针对可信计算环境下,传统平台认证中所带来的平台配置信息泄露的问题,提出了一个新型的基于属性的证明方案.建立了该方案的模型,给出了方案的具体构建,包括初始化、属性证书颁发、属性证明及验证、撤销等算法.与现有基于属性的证明方案相比,该方案的通信代价更小,计算效率更高.在标准模型下对该方案进行了安全性证明,结果说明了它的正确性、配置隐匿性及不可伪造性等.     

基于可信计算的CSCW系统访问控制

针对现有的CSCW系统不能有效地保障终端平台的可信性以及安全策略和上层应用实施的完整性等问题,提出了基于可信计算技术的CSCW访问控制架构和协作站点间的基于角色的委托授权策略,分别描述了安全策略与共享对象密钥的分发协议、角色委托协议及策略完整性实施协议等.应用实例表明:该框架基于完整的协作实体-平台-应用信任链的构建,提供了可信的协作实体身份与访问控制平台,依赖平台远程证明和策略分发实现了在本地站点上的完整性实施;同时角色委托提高了协同工作能力,也减轻了服务器端集中式策略执行的负担.     

Study on security enhancement technology for disaster tolerant system

This paper proposes a security enhancement scheme for disaster tolerant system based on trusted computing technology which combines with the idea of distributed threshold storage. This scheme takes advantage of trusted computing platform with trusted computing module, which is provided with such excellent features as security storage, remote attestation, and so on. Those features effectively ensure trustworthiness of disaster tolerant point. Furthermore, distributed storage based on Erasure code not only disposes the storage problem about a great deal of data, but also preferably avoids one node invalidation, alleviates network load and deals with joint cheat and many other security problems. Consequently, those security enhancement technologies provide mass data with global security protection during the course of disaster tolerance. Foundation Items: Supported by the National High Technology Research and Development Program of China (863 Program) (2008AA01Z404), the Science and Technical Key Project of Ministry of Education (108087) and the Scientific and Technological Project of Wuhan City (200810321130)     

A new process and framework for direct anonymous attestation based on symmetric bilinear maps

For the problem of the original direct anonymous attestation (DAA) scheme’s complexity and great time consumption, a new DAA scheme based on symmetric bilinear pairings is presented, which gives a practical solution to ECC-based TPM in protecting the privacy of the TPM. The scheme still includes five procedures or algorithms: Setup, Join, Sign, Verify and Rogue tagging, but gets rid of zero-knowledge proof and takes on a new process and framework, of which the main operations are addition, scalar multiplication and bilinear maps on supersingular elliptic curve systems. Moreover, the scheme adequately utilizes the properties of bilinear maps as well as the signature and verification of the ecliptic curve system itself. Compared with other schemes, the new DAA scheme not only satisfies the same properties, and shows better simplicity and high efficiency. This paper gives not only a detailed security proof of the proposed scheme, but also a careful performance analysis by comparing with the existing DAA schemes.     

基于信誉权值策略的多重第三方远程证明机制

针对单一第三方失效而影响云计算环境证明有效性问题,提出一种基于多重第三方远程证明机制。将单一第三方扩展为第三方验证者集群,保证了在部分验证者受到安全威胁情况下,仍然能够为证明请求者提供可靠的证明结果。同时提出第三方筛选算法和基于信誉权值策略应对多个第三方合谋攻击,避免由于恶意指控清白验证者而导致最终断言失效情形。实验结果表明,该机制相对于单一验证者更为安全可靠,在实际应用中能有效防御合谋攻击。     

Implementing Operating System Support for Extended Trusted Path in TPM-Capable Environments

Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module （TPM） technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author＇s research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.     

TPM-Based Remote Attestation for Wireless Sensor Networks

It is essential to design a protocol to allow sensor nodes to attest to their trustworthiness for missioncritical applications based on Wireless Sensor Networks(WSNs). However, it is a challenge to evaluate the trustworthiness without appropriate hardware support. Hence, we present a hardware-based remote attestation protocol to tackle the problem within WSNs. In our design, each sensor node is equipped with a Trusted Platform Module(TPM) which plays the role of a trusted anchor. We start with the formulation of remote attestation and its security. The complete protocol for both single-hop and multi-hop attestations is then demonstrated. Results show the new protocol is effective, efficient, and secure.     

ePUF: A Lightweight Double Identity Verification in IoT

Remote authentication is a safe and verifiable mechanism.In the Internet of Things (loT),remote hosts need to verify the legitimacy of identity of terminal devices.However,embedded devices can hardly afford sufficient resources for the necessary trusted hardware components.Software authentication with no hardware guarantee is generally vulnerable to various network attacks.In this paper,we propose a lightweight remote verification protocol.The protocol utilizes the unique response returned by Physical Unclonable Function (PUF) as legitimate identity basis of the terminal devices and uses quadratic residues to encrypt the PUF authentication process to perform a double identity verification scheme.Our scheme is secure against middleman attacks on the attestation response by preventing conspiracy attacks from forgery authentication.