基于可信芯片的平台身份证明方案研究

doi:10.3969/j.issn.1000-436x.2014.08.013

Abstract

Abstract:

By studying the platform identity attestation base on trusted third parties, a scheme where a trusted computing platform is identified by a certificate and a token is proposed. In this scheme, only the token is used when the platform proves its identity. Compared to other schemes, this scheme not only has much lower calculation and communication, but also convinces the verifier of the trustworthiness of the client's platform state during the platform identity attestation. A detailed security proof of the proposed scheme is presented by using the protocol composition logic, and the proof shows that the scheme satisfies correctness and anonymity of platform identity verification. The experiment result in a devel-oped prototype system shows that the proposed scheme provides good performances in computation and communication, and is especially suitable for the wireless network.

Key words: trusted computing, platform identity attestation, protocol composition logic, anonymity

Qian-ying ZHANG,Deng-guo FENG,Shi-jun ZHAO. Research of platform identity attestation based on trusted chip[J]. Journal on Communications, 2014, 35(8): 94-106.

Figures/Tables 15

References 27

[1]	冯登国，秦宇，汪丹等. 可信计算技术研究[J]. 计算机研究与发展， 2011,48(8):1332-1349. FENG D G , QIN Y , WANG D , et al. Research on trusted computing technology[J]. Journal of Computer Research and Development, 2011,48(8):1332-1349.
[11]	BRICKELL E , CAMENISCH J , CHEN L Q . Direct anonymous at-testation[A]. Proceedings of the 11th ACM Conference on Computer and Communications security[C]. Washington, DC, USA, 2004.
[3]	Trusted Computing Group. TPM main specification version 1.2[EB/OL]. , 2011.
[4]	REID J , NIETO J M G , DAWSON E , et al. Privacy and trusted com-puting[J]. Proceedings of the 14th International Workshop on Data-base and Expert Systems Applications[C]. Prague, Czech Republic, 2003.
[5]	PIRKER M , TOEGEL R , HEIN D , et al. privacy CA for anonymityand trust[J]. Proceedings of the 2nd International Conference on Trusted Computing[C]. Oxford, UK, 2009.
[6]	CHEN L Q , WARINSCHI B . Security of the TCG privacy-CA solu-tion[J]. Proceedings of the 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous[C]. Hong Kong, China, 2010.
[7]	CHEN L Q , LEE M F , WARINSCHI B . Security of the enhanced TCG privacy-CA solution[J]. Proceedings of the 6th International Confer-ence on Trustworthy Global Computing[C]. Aachen, Germany, 2011.
[8]	杨力，马建峰，朱建明 . 可信的匿名无线认证协议[J]. 通信学报， 2009,30(9):29-35. YANG L , MA J F , ZHU J M . Trusted and anonymous authentication scheme for wireless networks[J]. Journal on Communications, 2009,30(9):29-35.
[9]	杨力，马建峰，裴庆祺等. 直接匿名的无线网络可信接入认证方案[J]. 通信学报， 2010,31(8):98-104. YANG L , MA J F , PEI Q Q , et al. Direct anonymous authentication scheme for wireless networks under trusted computing[J]. Journal on Communications, 2010,31(8):98-104.
[10]	崔巍，李益发，斯雪明 . 基于 Eucalyptus 的基础设施即服务云框架协议设计[J]. 电子与信息学报， 2012,34(7):1748-1754. CUI W , LI Y F , SI X M . The protocol design of a Eucalyptus-based in-frastructure-as-a-service (IaaS) cloud framework[J]. Journal of Elec-tronics ＆ Information Technology, 2012,34(7):1478-1754.
[11]	WINKLER T , RINNER B . User-centric privacy awareness in video surveillance[J]. Multimedia Systems, 2012,18(2): 99-121.
[12]	WINKLER T , RINNER B , ESTERLE L , et al. Privacy and security in video surveillance[J]. IEEE Signal Processing Magazine, 2013,30: 190-198.
[13]	PIRKER M , WINTER J , TOEGL R . Lightweight Distributed Hetero-geneous Attested Android Clouds. Trust and Trustworthy Comput-ing[M]. Springer Berlin Heidelberg, 2012 122-141.
[14]	FONGEN A , MANCINI F . Attested genuineness in service oriented environments[A]. Proceedings of the 3rd International Conference on Digital Information Processing and Communications[C]. 2013 8-17.
[15]	KRAXBERGER S , TOEGL R , PIRKER M , et al. Trusted Identity Management for Overlay Networks[M]. Information Security Practice and Experience, Springer Berlin Heidelberg, 2013 16-30.
[16]	陈小峰，冯登国 . 一种多信任域内的直接匿名证明方案[J]. 计算机学报， 2008,31(7):1122-1130. CHEN X F , FENG D G . TA direct anonymous attestation scheme in multi-domain environment[J]. Chinese Journal of Computers, 2008,31(7):1122-1130.
[17]	BRICKELL E , CHEN L Q , LI J T . A new direct anonymous attestation scheme from bilinear maps[A]. Proceedings of the 1st International Conference on Trusted Computing and Trust in Information Technolo-gies[C]. Villach, Austria, 2008.
[18]	CHEN L Q , PAGE D , SMART N P . On the design and implementation of an efficient DAA scheme[A]. Proceedings of the 9th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Ad-vanced Application[C]. Passau, Germany, 2010.
[19]	CHEN X F , FENG D G . Direct anonymous attestation for next genera-tion TPM[J]. Journal of Computers, 2008,3(12): 43-50.
[20]	BRICKELL E , LI J T . Enhanced privacy ID from bilinear pair-ing[EB/OL]. , 2011.
[21]	CHEN L Q . A DAA scheme requiring less TPM resources[A]. Pro-ceedings of the 5th International Conference on Information Security and Cryptology[C]. Beijing, China, 2009.
[22]	BRICKELL E , LI J T . A pairing-based DAA scheme further reducing TPM resources[A]. Proceedings of the 3rd International Conference on Trust and Trustworthy Computing[C]. Berlin, Germany, 2010.
[23]	陈小峰，冯登国 . 一种基于双线性映射的直接匿名证明方案[J]. 软件学报， 2010,21(8):2070-2078. CHEN X F , FENG D G . Direct anonymous attestation based on bilin-ear maps[J]. Journal of Software, 2010,21(8):2070-2078.
[24]	杨力，马建峰，姜奇 . 无线移动网络跨可信域的直接匿名证明方案[J]. 软件学报， 2012,5(5):1260-1271. YANG L , JIANG Q . Direct anonymous attestation scheme in cross trusted domain for wireless mobile networks[J]. Journal of Soft-ware, 2012,5(5):1260-1271.
[25]	DURGIN N , MITCHELL J C , PAVOLVIC D . A compositional logic for proving security properties of protocols[J]. Journal of Computer Securtity, 2003,11(4): 677-721.
[26]	DATTA A , DEREK A , MITCHELL J C , et al. Protocol composition logic (PCL)[J]. Electronic Notes in Theoretical Computer Science, 2007,172: 311-358.
[27]	HE C H , SUNDARARAJAN M , DATTA A , et al. A modular correct-ness proof of IEEE 802.11i and TLS[J]. Proceedings of the 12th ACM Conference on Computer and Communications Security[C]. Alexan-dria, USA, 2005. 2-15.

Metrics

Recommended 0

No Suggested Reading articles found!

特性	PCA方案	ePCA方案	本方案
n次证明申请证书数	n	n	1
expire时间内n次证明申请令牌数	—	—	1
证明信息长度	＞2 048 bit	＞2 048 bit	1Hash
身份验证运算	签名验证	签名验证	散列
验证效率	低	低	高
同一AIK证书证明的不可链接性	×	×	√
同一令牌证明的不可链接性	—	—	√
平台身份隐私保护	√	√	√
AIK与EK绑定性	×	√	√
平台状态验证	×	×	√
安全级别	低	中	高

[1]	Zhenyu WANG, Yang GUO, Shaoqing LI, Shen HOU, Ding DENG. Design of efficient anonymous identity authentication protocol for lightweight IoT devices [J]. Journal on Communications, 2022, 43(7): 49-61.
[2]	Jie CUI, Xuefeng CHEN, Jing ZHANG, Lu WEI, Hong ZHONG. Bus cache-based location privacy protection scheme in the Internet of vehicles [J]. Journal on Communications, 2021, 42(7): 150-161.
[3]	Weihao LI,Jin CAO,Hui LI. Privacy self-correlation privacy-preserving scheme in LBS [J]. Journal on Communications, 2019, 40(5): 57-66.
[4]	Xinfeng HE,Junfeng TIAN,Fanming LIU. Survey on trusted cloud platform technology [J]. Journal on Communications, 2019, 40(2): 154-163.
[5]	Xuefeng LI,Junwei ZHANG,Jianfeng MA. UCAP:a PCL secure user authentication protocol in cloud computing [J]. Journal on Communications, 2018, 39(8): 94-105.
[6]	Junfeng TIAN,Tianle LI. Data integrity verification based on model cloud federation of TPA [J]. Journal on Communications, 2018, 39(8): 113-124.
[7]	Junfeng TIAN,Yongchao ZHANG. Trusted auditing method of virtual machine based on improved expectation decision method [J]. Journal on Communications, 2018, 39(6): 52-63.
[8]	Liang TAN,Neng QI,Lingbi HU. New extension method of trusted certificate chain in virtual platform environment [J]. Journal on Communications, 2018, 39(6): 133-145.
[9]	Xingshu CHEN,Wei WANG,Xin JIN. Label-based protection scheme of vTPM secret [J]. Journal on Communications, 2018, 39(11): 170-180.
[10]	Tian-shu WANG,Gong-xuan ZHANG,Xi-chen YANG. Trusted solution monitoring system based on ZigBee wireless sensor network [J]. Journal on Communications, 2017, 38(Z2): 67-77.
[11]	Lei ZHANG,Chun-guang MA,Song-tao YANG,Zeng-peng LI. CP-ABE based users collaborative privacy protection scheme for continuous query [J]. Journal on Communications, 2017, 38(9): 76-85.
[12]	Zhuo-xiong PEI,Xing-hua LI,Hai LIU,Kai-yue LEI,Jian-feng MA,Hui LI. Anonymizing region construction scheme based on query range in location-based service privacy protection [J]. Journal on Communications, 2017, 38(9): 125-132.
[13]	Xiao-tong FU,Si CHEN,Ning ZHANG. Proxy-cryptocurrency payment system [J]. Journal on Communications, 2017, 38(7): 199-206.
[14]	Lei WANG,Ming-hua YANG,Zeng-liang LIU,Jian-qun ZHENG. Trust chain generating and updating algorithm for dual redundancy system [J]. Journal on Communications, 2017, 38(1): 1-8.
[15]	Jie SU,Shuai LIU,Zhi-yong LUO,Guang-lu SUN. Method of constructing an anonymous graph based on information loss estimation [J]. Journal on Communications, 2016, 37(6): 56-64.

Research of platform identity attestation based on trusted chip

RichHTML

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

Figures/Tables 15

References 27

Related Articles 15

Metrics

Recommended 0