基于TCM的安全Windows平台设计与实现

doi:10.11959/j.issn.1000-436x.2015139

摘要/Abstract

摘要：

为了解决 Windows 系统的完整性度量与证明问题，提出了一种基于可信密码模块 TCM(trusted cryptography module)的安全Windows平台方案。通过扩展Windows内核实现了2种安全模式：在度量模式下，所有加载的可执行程序都会被度量，度量值由 TCM 提供保护和对外认证；在管控模式下，度量值会进一步与管理员定制的白名单进行匹配，禁止所有不在白名单中的程序执行。实验分析表明，该方案可以增强Windows系统的安全性，抵抗一些软件攻击行为；同时，系统平均性能消耗在20～30ms之间，不会影响Windows的正常运行。

关键词: 可信计算, 完整性度量, 可信密码模块, Windows安全

Abstract:

A secure Windows platform solution based on TCM was proposed to solve the integrity measurement and attestation problem of the Windows system.Two security modes were realized by extending the Windows kernel:in the measurement mode,all executable contents that were loaded onto the Windows system were measured,and the TCM provided the protection and outward attestation for these measurements; and in the control mode,the measurements were further compared with a whitelist customized by an administrator,and all the programs that were not included in the whitelist would be prohibited from running.Experiment analysis shows that proposed solution can enhance the security of Windows platform and resist some software attacks; and at the same time,the average performance overhead is about 20～30ms,which will not influence the normal running of Windows.

Key words: trusted computing, integrity measurement, trusted cryptography module, Windows security

冯伟,秦宇,冯登国,杨波,张英骏. 基于TCM的安全Windows平台设计与实现[J]. 通信学报, 2015, 36(8): 91-103.

Wei FENG,Yu QIN,Deng-guo FENG,Bo YANG,Ying-jun ZHANG. Design and implementation of secure Windows platform based on TCM[J]. Journal on Communications, 2015, 36(8): 91-103.

图/表 13

图1

图2

表1

图3

表2

图4

图5

图6

图7

图8

图9

图10

图11

参考文献 23

[1]	Available online[EB/OL]. .
[2]	国家密码管理局. 可信计算密码支撑平台功能与接口规范[S]. 2007.Chinese Commercial Cryptography Administration Office. Functionality and Interface Specification of Cryptographic Support Platform for Trusted Computing[S]. 2007.
[3]	Trusted Computing Group. Trusted Platform Module Main Specification[S]. Version 1.2,Revision 103 2007.
[4]	BRYAN P , JONATHAN M M , ADRIAN P . Bootstrapping trust in commodity computers[A]. Proceedings of the IEEE Symposium on Security and Privacy[C]. 2010. 414-429.
[5]	SAILER R , ZHANG X L , JAEGER T ,et al. Design and implementation of a TCG-based integrity measurement architecture[A]. Proceedings of USENIX Security '04[C]. Berkeley:USENIX Association, 2004. 223-238.
[6]	JAEGER T , SAILER R , SHANKAR U . PRIMA:policy-reduced integrity measurement architecture[A]. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies[C]. New York: ACM Press, 2006. 19-28.
[7]	冯登国, 秦宇等 . 可信计算技术研究[J]. 计算机研究与发展, 2011,48(8): 1332-1349. FENG D G , QIN Y ,et al. Research on trusted computing technology[J]. Journal of Computer Research and Development, 2011,48(8): 1332-1349.
[8]	Trusted Computing Group. Trusted Platform Module Library:Part 1-Part 4[S]. Family 2.0,Level 00 Revision 00.96, 2013.
[9]	NUNO S , RODRIGO R , KRISHNA P.G , STEFAN S . Policy-sealed data:a new abstraction for building trusted cloud services[A]. Proceedings of the 21st USENIX Security Symposium[C]. Bellevue,WA, 2012.10.
[10]	KURT D , JOHANNES W . Implementation aspects of mobile and embedded trusted computing[A]. Proceedings of the 2nd International Conference on Trusted Computing[C]. 2009. 29-44.
[11]	FENG W , FENG D G , WEI G ,et al. TEEM:a user-oriented trusted mobile device for multi-platform security applications[A]. Trust and Trustworthy Computing[C]. 2013. 133-141.
[12]	FENG W , QIN Y , FENG D G ,et al. Mobile trusted agent(MTA):build user-based trust for general-purpose computer platform[A]. Proceedings of Network and System Security[C]. Springer Berlin Heidelberg, 2013. 307-320.
[13]	CHEN C , HIMANSHU R , STEFAN S , ALEC W . cTPM:a cloud TPM for cross-device trusted applications[A]. Proceedings of 11th USENIX Symposium on Networked Systems Design and Implementation[C]. DEATTLE,WA, 2014. 187-201.
[14]	CHEN L Q , LI J T . Flexible and scalable digital signatures in TPM 2.0[A]. Proceedings of ACM SIGSAC Conference on Computer and Communications Security[C]. New York,NY,USA, 2013. 37-48.
[15]	NAUMAN M,KHAN S , ZHANG X , SEIFERT J P . Beyond kernel-level integrity measurement:enabling remote attestation for the Android platform[A]. Trust and Trustworthy Computing[C]. 2010. 1-15.
[16]	ZHANG X W , JEAN-PIERRE S , ONUR A . Design and implementation of efficient integrity protection for open mobile platforms[J]. IEEE Transactions on Mobile Compuring, 2014,13(1): 188-201.
[17]	LI Y L , JONATHAN M.M , ADRIAN P . SBAP:software-based attestation for peripherals[A]. Proceedings of the 3rd International Conference on Trust and Trustworthy Computing[C]. 2010.
[18]	LI Y L , JONATHAN M M , ADRIAN P . VIPER:verifying the integrity of PERipherals' firmware[A]. Proceedings of the 18th ACM Conference on Computer and Communications Security[C]. 2011. 3-16.
[19]	KARIM E D,AURéLIEN F , DANIELE P , GENE T . SMART:secure and minimal architecture for(establishing a dynamic)root of trust[A]. Network and Distributed System Security Symposium(NDSS)[C]. 2012.
[20]	SPARKS E R . A security assessment of trusted platform modules[R]. Technical Report TR2007-597,Dartmouth College, 2007.
[21]	张帆等. Windows 驱动开发技术详解[M]. 北京: 电子工业出版社, 2008. ZHANG F ,et al. Windows Driver Development Internals[M]. Beijing: Publishing House of Electronics Industry of ChinaPress, 2008.
[22]	潘爱民 . Windows内核原理与实现[M]. 北京: 电子工业出版社, 2010. PAN A M . Windows Kernel Principle and Realization[M]. Beijing: Publishing House of Electronics Industry of ChinaPress, 2010.
[23]	谭文, 邵坚磊 . 天书夜读-从汇编语言到Windows内核编程[M]. 北京: 电子工业出版社, 2008. TAN W , SHAO J L . Reading Sanscrit at Midnight – From Assembly Language to Windows Kernel programming[M]. Beijing: Publishing House of Electronics Industry of ChinaPress, 2008.

终端	协议
1)Client	物理现场安装 ATM 软件和完整性度量软件，并重启运行Client-S
2)Client-S→Server-V	注册请求Req
3)Server-V→Client-S	随机挑战值nonce
4)Client-S	a)激活并加载PIK私钥PriPIK到TCM；
	b)载入PEK到TCM，并与当前PCR值绑定；
	c)生成 TCM 签名 Q =TCM_Sign_PriPIK{PCR,nonce}；
	d)从内核读取度量列表ML
5)Client-S→Server-V	Q,ML
6)Server-V	a)验证Client平台CertPIK和CertPEK；
	b)计算聚集值Ag=Hash_Aggre(ML)；
	c)验证签名Verify_PubPIK(Q,Ag,nonce)；
	d)验证ML中的每条完整性记录(与可信数据库对比)；
	e)所有验证通过，保存 Client 终端信息到数据库，并基于ML生成白名单wl；
	f)为验证通过的Client终端生成服务密钥sk；
	g)使用PEK加密wl和sk：ew=Encrypt_PubPEK(wl),esk =Encrypt_PubPEK(sk)
7)Server-V→Client-S	验证失败返回Fail；或者验证成功返回加密分组(ew,esk)
8)Client-S	存储加密的白名单和服务密钥

系统组件	模块功能	代码量/行	总计
	Hook功能	38(asm)+169(C)
	SM3杂凑	293(C)
终端—内核扩展	散列表	155(C)	38行汇编和2 202行C代码
	度量模块	232(C)
	管控模块	167(C)
	通信模块	204(C)
	其他	982(C)
终端—安全服务	TCM交互模块	1 012(C)	1 791行C代码和5 946行Java代码
	内核交互模块	779(C)
	通信与管理界面	5 946(Java)
服务端	认证服务	1 404(C)	1 404行C代码， 8 372行Java代码和7 200行jsp代码
服务端	管理界面	8 372(Java)+7 200(jsp)	1 404行C代码， 8 372行Java代码和7 200行jsp代码