授权约束下的平台配置证明研究

doi:10.3969/j.issn.0372-2112.2017.06.016

PDF(2118 KB)

电子学报 ›› 2017, Vol. 45 ›› Issue (6) : 1389-1395. DOI: 10.3969/j.issn.0372-2112.2017.06.016

学术论文

授权约束下的平台配置证明研究

徐明迪¹, 张焕国², 张帆³, 任正伟¹

作者信息 +

Authorization Restriction-Based Platform Configuration Attestation

XU Ming-di¹, ZHANG Huan-guo², ZHANG Fan³, REN Zheng-wei¹

Author information +

文章历史 +

摘要

针对完整性报告协议中平台配置证明存在的安全问题，本文提出了一种基于授权策略的平台配置证明过程，在协议应答者与平台配置证明信息之间建立授权约束，解决应答者提交平台配置信息前存在的篡改攻击，以及提交平台配置信息后存在的中间人攻击.增强后的协议保持对应性属性，可有效解决平台配置证明存在的全局攻击和局部攻击问题，提高完整性报告协议的安全性.

Abstract

Aiming at the security problem existing in platform configuration attestation (PCA) of integrity report protocol (IRP),this paper puts forward a PCA based on authorization policy by establishing an authorization restriction between respondent and platform configuration information.The authorization-based PCA prevents the tampering attack before the information of PCA is submitted to the respondent and the middle-man attack after the information of PCA is sent to requester.The proposed PCA holds the correspondence properties and solves the security problems about local and global attacks,which enhances the security of IRP.

导出引用

徐明迪, 张焕国, 张帆, 任正伟. 授权约束下的平台配置证明研究[J]. 电子学报, 2017, 45(6): 1389-1395. https://doi.org/10.3969/j.issn.0372-2112.2017.06.016

XU Ming-di, ZHANG Huan-guo, ZHANG Fan, REN Zheng-wei. Authorization Restriction-Based Platform Configuration Attestation[J]. Acta Electronica Sinica, 2017, 45(6): 1389-1395. https://doi.org/10.3969/j.issn.0372-2112.2017.06.016

中图分类号： TP309.1

参考文献

[1] 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83. Feng D G,Zhang M,Zhang Y,et al.Study on cloud computing security[J].Journal of Software,2011,22(1):71-83.(in Chinese)
[2] 徐明迪,张焕国,张帆,等.可信系统信任链研究综述[J].电子学报,2014,42(10):2024-2031. Xu M D,Zhang H G,Zhang F,et al.Survey on chain of trust of trusted system[J].Acta Electronica Sinica,2014,42(10):2024-2031.(in Chinese)
[3] 马卓.无线网络可信接入理论及其应用研究[D].西安:西安电子科技大学,2010. Ma Z.Trusted Access in Wireless Networks Theory and Applications[D].Xi'an:Xidian University,2010.
[4] Goldman K,Perez R,Sailer R.Linking remote attestation to secure tunnel endpoints[A].Proceedings of the first ACM Workshop on Scalable Trusted Computing[C].New York:ACM Press,2006.21-24.
[5] Stumpf F,Tafreschi O,R der P,et al.A robust integrity reporting protocol for remote attestation[A].Proceedings of the Second Workshop on Advances in Trusted Computing[C].Berlin:Springer-Verlag Press,2006.25-36.
[6] Whitfield D,Martin H.New directions in cryptography[J].IEEE Transactions on Information Theory,1976,22(6):644-654.
[7] 徐明迪,张焕国,赵恒,等.可信计算平台信任链安全性分析[J].计算机学报,2010,33(7):1165-1176. Xu M D,Zhang H G,Zhao H,et al.Security analysis on trust chain of trusted computing platform[J].Chinese Journal of Computers,2010,33(7):1165-1176.(in Chinese)
[8] Zhang H G,Yan F,Fu J M,et al.Research on theory and key technology of trusted computing platform security testing and evaluation[J].Science China:Information Sciences,2010,53(3):434-453.
[9] Xu W J,Zhang X W,Hu H X,et al.Remote attestation with domain-based integrity model and policy analysis[J].IEEE Transactions on Dependable and Secure Computing,2012,9(3):429-442.
[10] Arapinis M,Ritter E,Ryan M.StatVerif:verification of stateful processes[A].Proceedings of the 24th IEEE Computer Security Foundations Symposium[C].Washington,DC:IEEE Press,2011.33-47.
[11] Datta A,Franklin J,Garg D,et al.A logic of secure systems and its application to trusted computing[A].Proceedings of the 30th IEEE Symposium on Security and Privacy[C].Washington,DC:IEEE Press,2009.221-236.
[12] Jain L,Vyas J.Security Analysis of Remote Attestation[R].Palo Alto:Stanford University,2008.