期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于可信密码模块的远程证明协议 被引量:4

Remote Attestation Based on Trusted Cryptography Module
在线阅读 下载PDF
导出
摘要 可信密码模块是以我国研发的密码算法为基础,结合国内安全需求与产业市场,借鉴国际先进的可信计算技术框架与技术理念自主创新研发的.本文中首先对可信计算平台密码技术方案和国际可信计算组织规范在密码算法、授权协议和密钥管理等几方面进行了比较.基于可信密码模块,提出的基于隐藏属性证书的远程证明方案,用属性证书代替平台配置信息,不仅能有效防止隐私性的暴露,而且可以在系统升级和备份过程中完成可信检测,提高了实现的效率. Trusted cryptography modules are based on basic cryptographic algorithms developed independently by our country,and combined with domestic security requirements,industrial market requirements,international frameworks and concepts of advanced trusted computing technologies.In this paper,firstly,we compare the trusted cryptography modules with the specifications of cryptographic algorithms,authorization protocols and key management defined by international trusted computing group.Secondly,a new remote automated anonymous attestation scheme is proposed,which uses property-based certificate instead of platform configuration information.The proposed scheme can hide the identity of platform through applying signature,efficiently complete trust checking in the procedures of system upgrade and backup.
作者 赵佳 韩臻 刘吉强 章睿
机构地区 北京交通大学计算机与信息技术学院 福建师范大学网络安全与密码技术重点实验室
出处 《北京交通大学学报》 CAS CSCD 北大核心 2010年第2期33-37,共5页 JOURNAL OF BEIJING JIAOTONG UNIVERSITY
基金 国家"863"计划项目资助(2007AA01Z410) 北京交通大学科技基金资助项目(2008RC060) 网络安全与密码技术福建省高校重点实验室开放课题(09A007) 长江学者与创新团队发展计划项目资助(IRT0707)
关键词 可信计算 远程证明 可信密码模块 属性证书 椭圆曲线签名 trusted computing remote attestation trusted cryptography module property certificate elliptic curve signature
分类号 TP309.2 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献12

  • 1Nibaldi G H.Specification of A Trusted Computing Base[R].M79-228,the MITRE Corporation,Bedford,MA,USA,Nov.1979.
  • 2Department of Defense Computer Security Center.Department of Defense Trusted Computer System Evaluation Criteria[S].DoD,USA,Dec.1985.
  • 3国家密码管理局.可信计算密码支撑平台功能与接口规范[S].2007.
  • 4Brickell E,Camenisch J,Chen L.Direct Anonymous Attestation[C]∥Proceedings of the 11th ACM Conference on Computer and Communications Security,Washington,DC,USA,2004:132-145.
  • 5Group T C.TPM Main Specification,Main Specification Version 1.2[S].March,2006.
  • 6Brickell E,Li J T.Enhanced Privacy ID:A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities[C]∥Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society,2007:21-30.
  • 7Ge H,Liu L.A Method to Implement Direct Anonymous Attestation[EO/BL](2006).http:∥eprint.iacr.org/2006/023.ps,2006.
  • 8Leung A,Chen L Q,Mitchell C J.On A Possible Privacy Flaw in Direct Anonymous Attestation (DAA)[C]∥Proceedings of the First International Conference on Trusted Computing and Trust in Information Technologies,2008:179-190.
  • 9Rudolph C.Covert Identity Information in Direct Anonymous Attestation (DAA)[C]∥Proceedings of the 22nd IFIP TC-11 International Information Security Conference (SEC2007) on New Approaches for Security.Privacy and Trust in Complex Environments,Springer,Boston,2007:443-448.
  • 10Smyth B,Ryan M,Chen L.Direct Anonymous Attestation (DAA):Ensuring Privacy with Corrupt Administrators[C]∥Proceedings of the Fourth European Workshop on Security and Privacy in Ad Hoc and Sensor Networks,Lecture Notes in Computer Science (LNCS).Volume 4572,Springer-Verlag,2007:218-231.

二级参考文献10

  • 1Bradshaw R,Holt J,Seamons K.Concealing complex poli-cies with hidden credentials[].Proceedings of theth ACM Conference on Computer and Communications Security.2004
  • 2Winsborough W H,Li N.Protecting sensitive attributes in automated trust negotiation[].Proceedings of the ACM Work-shop on Privacy in the Electronic Society.2002
  • 3Li J,Li N,Winsborough W H.Automated trust negotiation using cryptographic credentials[].Proceedings of theth ACM Conference on Computer and Communications Security.2005
  • 4Li J,Li N.OACerts:Oblivious attribute certificates[].Dependable and Secure Computing.2006
  • 5Li J,Li N.Policy-hiding access control in open environ-ment[].Proceedings of theth Annual ACMSymposium on Principles of Distributed Computing (PODC).2005
  • 6Brickell E,Camenisch J,Chen L.Direct anonymous attesta-tion[].Proceedings of theth ACMConference on Computer and Communications Security.2004
  • 7Haldar V,Chandra D,Franz M.Semantic remote attesta-tion:Avirtual machine directed approach to trusted compu-ting. School of Information and Computer Science,Universi-ty of California,California:Technical Report No.03-20 . 2003
  • 8Sadeghi A,Stuble C.Property-based attestation for compu-ting platforms:Caring about properties,not mechanisms[].Proceedings of theNew Security Paradigms Workshop.2004
  • 9Chen L,Landfermann R,Lohr H,Rohe M,Sadeghi A,Stuble C.A protocol for property-based attestation[].Pro-ceedings of thest ACM Workshop on Scalable Trusted Computing (STC’).2006
  • 10Winsborough W H,Seamons K,Jones V.Automated trust negotiation[].Proceedings of the DARPAInformation surviv-ability Conference and Exposition.2000

共引文献23

同被引文献22

  • 1刘圣祥,张红旗.属性证书的管理与应用[J].信息安全与通信保密,2005(2):112-114. 被引量:2
  • 2Trusted Computing Group. TCG Infrastructure Working Group Reference Architecture for Interoperability[ S] ,2005.
  • 3Chen L Q, Landfermann R, Lohr H, et al. A protocol for property- based attestation [C]//Proceedings of the 1st ACM Workshop on Scalable Trusted Computing. Nova Scotia:ACM Press, 2006 : 7-16.
  • 4Man H A, Willy S, Yi M. Constant size dynamic-TAA [ M ]// Security and Cryptography for Networks. Berlin: Springer, 2006:111-125.
  • 5Brickell E, Li Jiangtao. Enhanced privacy ID from bilinear pairing[EB/OL]. 2009. http://eprint.iacr. org/.
  • 6戚帅,郑康峰.一种改进的基于无证书签名的SSL握手协议[C]//2011年全国通信安全学术会议论文集.北京:中国通信学会通信安全技术专业委员会,2011:179-183.
  • 7Jiang Du, Xing Hui Li, Hua Huang. A study of Man-in-the-Middle Attack Based on SSL Certificate Interac- tion[R]. Instrumentation, Measurement, Computer, Communication and Control, 2011 1 st International Confer ence. 2011,2 445-448.
  • 8Zhe Chen, Shize Guo, Rong Duan, Sheng Wang. Security Analysis on Mutual Authentication against Man-in-the-Middle Attack[R]. Information Science and Engineering (ICISE), 2009 1st International Conference. 2009, 12:1855-1858.
  • 9国家密码管理局.可信计算密码支撑平台功能与接口规范[S/OL].(2007-12)[引用时间?].http://www.osacca.gov.cn/UpFile/File64.PDF.2007.
  • 10李晓峰,冯登国,陈朝武,房子河.基于属性的访问控制模型[J].通信学报,2008,29(4):90-98. 被引量:82

引证文献4

二级引证文献7

北京交通大学学报
2010年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部