跨平台的可信执行环境模块方案研究

doi:10.3969/j.issn.1000-436x.2014.z2.011

Abstract

Abstract:

The current TPM,MTM and other trusted computing modules don’t take into account the variety of platforms and the update of the inside algorithms,protocols and functions.A hardware trusted execution environment module (TEEM) architecture,which uses ARM TrustZone technology to build a trusted computing module running in a secure isolated environment is designed.Proposed module not only supports variety of platforms,but also has strong mobility and portability.Moreover,it allows configuring and updating functions and algorithms of the module flexibly.A prototype system is implemented and its performance is tested.By analyzing the security of the system and the measurement results,it is shown that TEEM provides users with a safe,stable,efficient trusted execution environment.

Key words: trusted execution environment, trusted computing, ARM TrustZone, trusted platform module, mobile trusted module

Qian-ying ZHANG,Shi-jun ZHAO,Wei FENG,Yu QIN,Deng-guo FENG. Research of a trusted execution environment module for multiple platforms[J]. Journal on Communications, 2014, 35(Z2): 72-85.

Figures/Tables 12

References 27

[1]	冯登国, 秦宇, 汪丹 ,等. 可信计算技术研究[J]. 计算机研究与发展, 2011,48(8): 1332-1349. FENG D G , QIN Y , WANG D ,et al. Research on trusted computing technology[J]. Journal of Computer Research and Development, 2011,48(8): 1332-1349.
[2]	Trusted Computing Group. TPM main specification version 1.2[EB/OL]. .
[3]	Trusted Computing Group-Mobile Phone Work Group. TCG mobile trusted module specification version 1.0[EB/OL]. .
[4]	国家密码管理局. 可信计算密码支撑平台功能与接口规范[EB/OL]. .State Cryptography Administration. Functionality and interface specification of cryptographic support platform for trusted computing[EB/OL]. .
[5]	Trusted Computing Group. Trusted platform module library[EB/OL]. .
[6]	HAN L , LIU J , ZHANG D ,et al. A portable TPM scheme for general-purpose trusted computing based on EFI[A]. Proceedings of the 5th International Conference on Multimedia Information Networking and Security[C]. Beijing,China, 2009. 140-143.
[7]	ZHANG D , HAN Z , YAN G . A portable TPM based on USB key[A]. Proceedings of the 17th ACM Conference on Computer and Communications Security[C]. Chicago,USA, 2010. 750-752.
[8]	EKBERG JE , BUGIEL S . Trust in a small package:minimized MRTM software implementation for mobile secure environments[A]. Proceedings of the 4th ACM Workshop on Scalable Trusted Computing[C]. Chicago,USA, 2009. 9-18.
[9]	DIETRICH K . An integrated architecture for trusted computing for java enabled embedded devices[A]. Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing[C]. Alexandria,USA, 2007. 2-6.
[10]	DIETRICH K , WINTER J . Towards customizable,application specific mobile trusted modules[A]. Proceedings of the 5th ACM Workshop on Scalable Trusted Computing[C]. Chicago,USA, 2010. 31-40.
[11]	WINTER J . Trusted computing building blocks for embedded linux-based ARM trustzone platforms[A]. Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing[C]. Alexandria,USA, 2008. 21-30.
[12]	SANTOS N , RAJ H , SAROIU S ,et al. Using ARM trustzone to build a trusted language runtime for mobile applications[A]. Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems[C]. Salt Lake City,UT,USA, 2014. 67-80.
[13]	WU C , ZHOU Y , PATEL K ,et al. AirBag:boosting smartphone resistance to malware infection[A]. Proceedings of the 21th Annual Network and Distributed System Security Symposium[C]. San Diego,California,USA, 2014.
[14]	GILAD Y , HERZBERG A , TRACHTENBERG A . Securing smartphones:a micro-TCB approach[J]. IEEE Pervasive Computing Magazine, 2014.
[15]	EISENBARTH T , GüNEYSU T , PAAR C ，et al. Reconfigurable trusted computing in hardware[A]. Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing[C]. Alexandria,USA, 2007. 15-20.
[16]	SCHELLEKENS D , TUYLS P , PRENEEL B . Embedded trusted computing with authenticated non-volatile memory[A]. Proceedings of the 1st International Conference on Trusted Computing and Trust in Information Technologies[C]. Villach,Austria, 2008. 60-74.
[17]	ARENO M , PLUSQUELLIC J . Securing trusted execution environments with PUF generated secret key[A]. Proceedings of the 11th IEEE International Conference on Trust,Security and Privacy in Computing and Communications[C]. Liverpool,UK, 2012. 1188-1193.
[18]	BERGER S , CACERES R , GOLDMAN KA ,et al. vTPM:virtualizing the trusted platform module[A]. Proceedings of the 15th Conference on USENIX Security Symposium[C]. Vancouver,Canada, 2006. 305-320.
[19]	ENGLAND P , LOESER J . Para-virtualized TPM sharing[A]. Proceedings of the 1st International Conference on Trusted Computing and Trust in Information Technologies[C]. Villach,Austria, 2008. 119-132.
[20]	STUMPF F , ECKERT C . Enhancing trusted platform modules with hardware-based virtualization techniques[A]. Proceedings of the 2nd Second International Conference on Emerging Security Information,Systems and Technologies[C]. Cap Esterel,France, 2008. 1-9.
[21]	CHEN C , RAJ H , SAROIU S ,et al. cTPM:a cloud TPM for cross-device trusted applications[A]. Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation[C]. Seattle,WA,USA, 2014. 187-201.
[22]	Trusted Computing Group. TCG software stack (TSS) specification version 1.2[EB/OL]. .
[23]	TPM Emulator. Software-based TPM emulator[EB/OL]. .
[24]	Lynn B . PBC library–the pairing-based cryptography library[EB/OL]. .
[25]	IBM’s software TPM. IBM software trusted platform module[EB/OL]. .
[26]	Digia. Qt product[EB/OL]. .
[27]	Thesycon. USB CDC/ACM class driver for Windows 8,7,Vista,XP[EB/OL]. .

Metrics

Recommended 0

No Suggested Reading articles found!

命令	TEEM/ms	Windows/ms	Linux/ms	命令	TEEM/ms	Windows/ms	Linux/ms
ReadPubek	31.8	187	55.1	StirRandom	1.9	312	330
CreateWrapKey	4432	4406	3928	SHA1Start	3.4	46.8	19.6
LoadKey	611	655	683.9	SHA1Update	3.1	31.2	19.4
EvictKey	1.9	62.5	114.5	SHA1Complete	0.8	31.2	19.4
GetPubKey	5.7	250	458	SHA1CompleteExtend	0.9	31.2	20.1
Sign	83	343	217	MakeIdentity	3240	3593	4337
UnBind	84	375	167	ActivateIdentity	111	421	526
Seal	11	288	116	PcrRead	3.3	62.5	14.2
UnSeal	89	453	169	PcrExtend	3.2	62.5	15.7
GetRandom	3.9	78	48.5	Quote	86	359	167

Research of a trusted execution environment module for multiple platforms

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 27

Related Articles 15

Metrics

Recommended 0

[1]	Xinfeng HE,Junfeng TIAN,Fanming LIU. Survey on trusted cloud platform technology [J]. Journal on Communications, 2019, 40(2): 154-163.
[2]	Junfeng TIAN,Tianle LI. Data integrity verification based on model cloud federation of TPA [J]. Journal on Communications, 2018, 39(8): 113-124.
[3]	Junfeng TIAN,Yongchao ZHANG. Trusted auditing method of virtual machine based on improved expectation decision method [J]. Journal on Communications, 2018, 39(6): 52-63.
[4]	Liang TAN,Neng QI,Lingbi HU. New extension method of trusted certificate chain in virtual platform environment [J]. Journal on Communications, 2018, 39(6): 133-145.
[5]	Xingshu CHEN,Wei WANG,Xin JIN. Label-based protection scheme of vTPM secret [J]. Journal on Communications, 2018, 39(11): 170-180.
[6]	Tian-shu WANG,Gong-xuan ZHANG,Xi-chen YANG. Trusted solution monitoring system based on ZigBee wireless sensor network [J]. Journal on Communications, 2017, 38(Z2): 67-77.
[7]	Lei WANG,Ming-hua YANG,Zeng-liang LIU,Jian-qun ZHENG. Trust chain generating and updating algorithm for dual redundancy system [J]. Journal on Communications, 2017, 38(1): 1-8.
[8]	Wei FENG,Yu QIN,Deng-guo FENG,Bo YANG,Ying-jun ZHANG. Design and implementation of secure Windows platform based on TCM [J]. Journal on Communications, 2015, 36(8): 91-103.
[9]	. Research of a trusted execution environment module for multiple platforms [J]. Journal on Communications, 2014, 35(Z2): 11-85.
[10]	. Trusted virtual machine management model for cloud computing [J]. Journal on Communications, 2014, 35(Z2): 13-105.
[11]	Zhen-ji ZHOU,Li-fa WU,Zheng HONG,Hai-guang LAI,Cheng-hui ZHENG. Trusted virtual machine management model for cloud computing [J]. Journal on Communications, 2014, 35(Z2): 94-105.
[12]	Qian-ying ZHANG,Deng-guo FENG,Shi-jun ZHAO. Research of platform identity attestation based on trusted chip [J]. Journal on Communications, 2014, 35(8): 94-106.
[13]	. Research of platform identity attestation based on trusted chip [J]. Journal on Communications, 2014, 35(8): 13-106.
[14]	. WLAN Mesh security association scheme in trusted computing environment [J]. Journal on Communications, 2014, 35(7): 12-103.
[15]	Yue-lei XIAO,Yu-min WANG,Liao-jun PANG,Shi-chong TAN. WLAN Mesh security association scheme in trusted computing environment [J]. Journal on Communications, 2014, 35(7): 94-103.