基于TCM的安全Windows平台设计与实现

doi:10.11959/j.issn.1000-436x.2015139

Abstract

Abstract:

A secure Windows platform solution based on TCM was proposed to solve the integrity measurement and attestation problem of the Windows system.Two security modes were realized by extending the Windows kernel:in the measurement mode,all executable contents that were loaded onto the Windows system were measured,and the TCM provided the protection and outward attestation for these measurements; and in the control mode,the measurements were further compared with a whitelist customized by an administrator,and all the programs that were not included in the whitelist would be prohibited from running.Experiment analysis shows that proposed solution can enhance the security of Windows platform and resist some software attacks; and at the same time,the average performance overhead is about 20～30ms,which will not influence the normal running of Windows.

Key words: trusted computing, integrity measurement, trusted cryptography module, Windows security

Wei FENG,Yu QIN,Deng-guo FENG,Bo YANG,Ying-jun ZHANG. Design and implementation of secure Windows platform based on TCM[J]. Journal on Communications, 2015, 36(8): 91-103.

Figures/Tables 13

References 23

[1]	Available online[EB/OL]. .
[2]	国家密码管理局. 可信计算密码支撑平台功能与接口规范[S]. 2007.Chinese Commercial Cryptography Administration Office. Functionality and Interface Specification of Cryptographic Support Platform for Trusted Computing[S]. 2007.
[3]	Trusted Computing Group. Trusted Platform Module Main Specification[S]. Version 1.2,Revision 103 2007.
[4]	BRYAN P , JONATHAN M M , ADRIAN P . Bootstrapping trust in commodity computers[A]. Proceedings of the IEEE Symposium on Security and Privacy[C]. 2010. 414-429.
[5]	SAILER R , ZHANG X L , JAEGER T ,et al. Design and implementation of a TCG-based integrity measurement architecture[A]. Proceedings of USENIX Security '04[C]. Berkeley:USENIX Association, 2004. 223-238.
[6]	JAEGER T , SAILER R , SHANKAR U . PRIMA:policy-reduced integrity measurement architecture[A]. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies[C]. New York: ACM Press, 2006. 19-28.
[7]	冯登国, 秦宇等 . 可信计算技术研究[J]. 计算机研究与发展, 2011,48(8): 1332-1349. FENG D G , QIN Y ,et al. Research on trusted computing technology[J]. Journal of Computer Research and Development, 2011,48(8): 1332-1349.
[8]	Trusted Computing Group. Trusted Platform Module Library:Part 1-Part 4[S]. Family 2.0,Level 00 Revision 00.96, 2013.
[9]	NUNO S , RODRIGO R , KRISHNA P.G , STEFAN S . Policy-sealed data:a new abstraction for building trusted cloud services[A]. Proceedings of the 21st USENIX Security Symposium[C]. Bellevue,WA, 2012.10.
[10]	KURT D , JOHANNES W . Implementation aspects of mobile and embedded trusted computing[A]. Proceedings of the 2nd International Conference on Trusted Computing[C]. 2009. 29-44.
[11]	FENG W , FENG D G , WEI G ,et al. TEEM:a user-oriented trusted mobile device for multi-platform security applications[A]. Trust and Trustworthy Computing[C]. 2013. 133-141.
[12]	FENG W , QIN Y , FENG D G ,et al. Mobile trusted agent(MTA):build user-based trust for general-purpose computer platform[A]. Proceedings of Network and System Security[C]. Springer Berlin Heidelberg, 2013. 307-320.
[13]	CHEN C , HIMANSHU R , STEFAN S , ALEC W . cTPM:a cloud TPM for cross-device trusted applications[A]. Proceedings of 11th USENIX Symposium on Networked Systems Design and Implementation[C]. DEATTLE,WA, 2014. 187-201.
[14]	CHEN L Q , LI J T . Flexible and scalable digital signatures in TPM 2.0[A]. Proceedings of ACM SIGSAC Conference on Computer and Communications Security[C]. New York,NY,USA, 2013. 37-48.
[15]	NAUMAN M,KHAN S , ZHANG X , SEIFERT J P . Beyond kernel-level integrity measurement:enabling remote attestation for the Android platform[A]. Trust and Trustworthy Computing[C]. 2010. 1-15.
[16]	ZHANG X W , JEAN-PIERRE S , ONUR A . Design and implementation of efficient integrity protection for open mobile platforms[J]. IEEE Transactions on Mobile Compuring, 2014,13(1): 188-201.
[17]	LI Y L , JONATHAN M.M , ADRIAN P . SBAP:software-based attestation for peripherals[A]. Proceedings of the 3rd International Conference on Trust and Trustworthy Computing[C]. 2010.
[18]	LI Y L , JONATHAN M M , ADRIAN P . VIPER:verifying the integrity of PERipherals' firmware[A]. Proceedings of the 18th ACM Conference on Computer and Communications Security[C]. 2011. 3-16.
[19]	KARIM E D,AURéLIEN F , DANIELE P , GENE T . SMART:secure and minimal architecture for(establishing a dynamic)root of trust[A]. Network and Distributed System Security Symposium(NDSS)[C]. 2012.
[20]	SPARKS E R . A security assessment of trusted platform modules[R]. Technical Report TR2007-597,Dartmouth College, 2007.
[21]	张帆等. Windows 驱动开发技术详解[M]. 北京: 电子工业出版社, 2008. ZHANG F ,et al. Windows Driver Development Internals[M]. Beijing: Publishing House of Electronics Industry of ChinaPress, 2008.
[22]	潘爱民 . Windows内核原理与实现[M]. 北京: 电子工业出版社, 2010. PAN A M . Windows Kernel Principle and Realization[M]. Beijing: Publishing House of Electronics Industry of ChinaPress, 2010.
[23]	谭文, 邵坚磊 . 天书夜读-从汇编语言到Windows内核编程[M]. 北京: 电子工业出版社, 2008. TAN W , SHAO J L . Reading Sanscrit at Midnight – From Assembly Language to Windows Kernel programming[M]. Beijing: Publishing House of Electronics Industry of ChinaPress, 2008.

Metrics

Recommended 0

No Suggested Reading articles found!

终端	协议
1)Client	物理现场安装 ATM 软件和完整性度量软件，并重启运行Client-S
2)Client-S→Server-V	注册请求Req
3)Server-V→Client-S	随机挑战值nonce
4)Client-S	a)激活并加载PIK私钥PriPIK到TCM；
	b)载入PEK到TCM，并与当前PCR值绑定；
	c)生成 TCM 签名 Q =TCM_Sign_PriPIK{PCR,nonce}；
	d)从内核读取度量列表ML
5)Client-S→Server-V	Q,ML
6)Server-V	a)验证Client平台CertPIK和CertPEK；
	b)计算聚集值Ag=Hash_Aggre(ML)；
	c)验证签名Verify_PubPIK(Q,Ag,nonce)；
	d)验证ML中的每条完整性记录(与可信数据库对比)；
	e)所有验证通过，保存 Client 终端信息到数据库，并基于ML生成白名单wl；
	f)为验证通过的Client终端生成服务密钥sk；
	g)使用PEK加密wl和sk：ew=Encrypt_PubPEK(wl),esk =Encrypt_PubPEK(sk)
7)Server-V→Client-S	验证失败返回Fail；或者验证成功返回加密分组(ew,esk)
8)Client-S	存储加密的白名单和服务密钥

系统组件	模块功能	代码量/行	总计
	Hook功能	38(asm)+169(C)
	SM3杂凑	293(C)
终端—内核扩展	散列表	155(C)	38行汇编和2 202行C代码
	度量模块	232(C)
	管控模块	167(C)
	通信模块	204(C)
	其他	982(C)
终端—安全服务	TCM交互模块	1 012(C)	1 791行C代码和5 946行Java代码
	内核交互模块	779(C)
	通信与管理界面	5 946(Java)
服务端	认证服务	1 404(C)	1 404行C代码， 8 372行Java代码和7 200行jsp代码
服务端	管理界面	8 372(Java)+7 200(jsp)	1 404行C代码， 8 372行Java代码和7 200行jsp代码

Design and implementation of secure Windows platform based on TCM

RichHTML

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

Figures/Tables 13

References 23

Related Articles 15

Metrics

Recommended 0

[1]	Bibo TU, Jie CHENG, Haojun XIA, Kun ZHANG, Ruina SUN. Overview of research on trusted attestation technology of cloud virtualization platform [J]. Journal on Communications, 2021, 42(12): 212-225.
[2]	Xinfeng HE,Junfeng TIAN,Fanming LIU. Survey on trusted cloud platform technology [J]. Journal on Communications, 2019, 40(2): 154-163.
[3]	Junfeng TIAN,Tianle LI. Data integrity verification based on model cloud federation of TPA [J]. Journal on Communications, 2018, 39(8): 113-124.
[4]	Junfeng TIAN,Yongchao ZHANG. Trusted auditing method of virtual machine based on improved expectation decision method [J]. Journal on Communications, 2018, 39(6): 52-63.
[5]	Liang TAN,Neng QI,Lingbi HU. New extension method of trusted certificate chain in virtual platform environment [J]. Journal on Communications, 2018, 39(6): 133-145.
[6]	Xingshu CHEN,Wei WANG,Xin JIN. Label-based protection scheme of vTPM secret [J]. Journal on Communications, 2018, 39(11): 170-180.
[7]	Tian-shu WANG,Gong-xuan ZHANG,Xi-chen YANG. Trusted solution monitoring system based on ZigBee wireless sensor network [J]. Journal on Communications, 2017, 38(Z2): 67-77.
[8]	Yuan SHI,Huan-guo ZHANG,Bo ZHAO,Zhao YU. Security-enhanced live migration based on SGX for virtual machine [J]. Journal on Communications, 2017, 38(9): 65-75.
[9]	Lei WANG,Ming-hua YANG,Zeng-liang LIU,Jian-qun ZHENG. Trust chain generating and updating algorithm for dual redundancy system [J]. Journal on Communications, 2017, 38(1): 1-8.
[10]	Qian-ying ZHANG,Shi-jun ZHAO,Wei FENG,Yu QIN,Deng-guo FENG. Research of a trusted execution environment module for multiple platforms [J]. Journal on Communications, 2014, 35(Z2): 72-85.
[11]	Zhen-ji ZHOU,Li-fa WU,Zheng HONG,Hai-guang LAI,Cheng-hui ZHENG. Trusted virtual machine management model for cloud computing [J]. Journal on Communications, 2014, 35(Z2): 94-105.
[12]	. Research of a trusted execution environment module for multiple platforms [J]. Journal on Communications, 2014, 35(Z2): 11-85.
[13]	. Trusted virtual machine management model for cloud computing [J]. Journal on Communications, 2014, 35(Z2): 13-105.
[14]	. Research of platform identity attestation based on trusted chip [J]. Journal on Communications, 2014, 35(8): 13-106.
[15]	Qian-ying ZHANG,Deng-guo FENG,Shi-jun ZHAO. Research of platform identity attestation based on trusted chip [J]. Journal on Communications, 2014, 35(8): 94-106.