摘要
为解决当前企业云内部部门之间通信时缺乏身份认证的问题,提出基于可信计算的企业云签证方法与协议,并对其进行证明和分析。在可信云v TPM架构基础上,通过设计v AIK签证协议,建立v TPM与企业云部门终端之间的身份对应关系并保证了v TPM签名能力的合法性。通过设计v TPM远程证明协议使得企业云内部通信时的消息发送方身份可验。v AIK签证过程中的报告由云平台签名、远程证明过程中的报告由云平台和v TPM共同签名以保证消息发送方的身份真实性,并在v AIK签证和远程证明过程中加入随机数保证报告新鲜性。最后使用SVO逻辑对v TPM证书签证和远程证明协议进行了证明与分析,结果表明该设计能够达到理想目标。
In order to solve the problem of lacking identity authentication in the communication between the internal departments of the enterprise cloud,this paper proposed the enterprise cloud certification method and protocol based on trusted computing,and analyzed it with proof.Based on the trusted cloud vTPM architecture,this paper designed the vAIK certification protocol to establish the identity relationship between the vTPM and the enterprise cloud department terminal,and guaranteed the legality of vTPM signature capability.This paper also designed the vTPM remote attestation protocol to make the message sender’s identity verifiable in the internal communication of the enterprise cloud.The cloud platform signed the report in the vAIK certification process,and the cloud platform and vTPM jointly signed the report in the remote attestation process to ensure the authenticity of message sender’s identity.At the same time,random numbers in the vAIK certification and remote attestation process could guarantee the freshness of the report.Finally,it used the SVO logic to prove and analyze the vTPM certificate and remote attestation protocol.The results show that the design can achieve the desired objective.
作者
孙浩男
鹤荣育
Sun Haonan;He Rongyu(PLA Information Engineering University,Zhengzhou 450001,China)
出处
《计算机应用研究》
CSCD
北大核心
2020年第7期2126-2131,共6页
Application Research of Computers
基金
国家自然科学基金资助项目。
关键词
签证协议
可信云
企业云
远程证明
SVO逻辑
certification protocol
trusted cloud
enterprise cloud
remote attestation
SVO logic
