Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by w...Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.展开更多
Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cry...Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cryptology. In this paper, we analyze the key and credential mechanism which is two basic aspects in the cryptology application of trusted computing. We give an example application to illustrate that the TPM enabled key and credential mechanism can improve the security of computer system.展开更多
In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relation...In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.展开更多
Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled ...Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.展开更多
In today's globalized digital world, networkbased, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-p...In today's globalized digital world, networkbased, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.展开更多
It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen who...It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM (trusted platform module) context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM (virtual machine) configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG (trusted computing group) static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.展开更多
With the growing intelligence and popularity of mobile phones, and the trend of cellular network's convergence to IP based network, more and more mobile applications emerge on the market. For mission critical applica...With the growing intelligence and popularity of mobile phones, and the trend of cellular network's convergence to IP based network, more and more mobile applications emerge on the market. For mission critical applications, like the electronic payment which will be discussed in this paper, the lack of trust in the underlying mobile infrastructure and secure interface to legacy systems (for this case, the banking systems) poses obstacles to their widespread presence in mobile services. Recently, the exposure of hacking of iPhone and other smart phones further emphasizes the criticality of establishing a trust platform for mobile applications. This paper analyzes the building blocks of the trusted smart phone, and proposes a framework to provide a trusted platform for mobile electronic payment. Such a proposed system may allow direct interface to the banking systems due to the banking industry recognized strong security, and hence, may enable its widespread use.展开更多
One important function in trusted computing is protected storage, which can protect unlimited amount of data and keys. In the existing trusted platform module (TPM) key loading scheme for trusted platform, a computi...One important function in trusted computing is protected storage, which can protect unlimited amount of data and keys. In the existing trusted platform module (TPM) key loading scheme for trusted platform, a computing platform with TPM as its trusted anchor, the total times of loading operation is the same as the number of the loaded target object's ancestors, resulting in low efficiency of loading a TPM key which has many ancestors. To improve efficiency, an identity-based TPM key loading scheme is proposed. In this scheme, the times of loading operation is only two when any TPM key is loaded into TPM. Therefore, the required time cost for loading a TPM key can be reduced, especially for complex TPM key storage hierarchy. By analyzing the correctness, security, efficiency and feasibility, the proposed scheme has the better theoretical and application value.展开更多
为了对可信平台控制模块的信任链建立过程进行理论验证,在对基于可信平台控制模块(trusted platform control module,TPCM)的信任链建立过程进行抽象处理的基础上,给出了抽象模型中各个实体状态的进程代数描述,并利用进程代数的公理系...为了对可信平台控制模块的信任链建立过程进行理论验证,在对基于可信平台控制模块(trusted platform control module,TPCM)的信任链建立过程进行抽象处理的基础上,给出了抽象模型中各个实体状态的进程代数描述,并利用进程代数的公理系统做了形式化验证.验证的结果表明系统具有期望的外部行为.展开更多
基金Supported by the National High Technology Research and Development Program of China (2005AA145110)
文摘Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.
基金Supported by the National Natural Science Foun-dation of China (60373087 ,60473023 ,90104005) HP Laborato-ry of China
文摘Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cryptology. In this paper, we analyze the key and credential mechanism which is two basic aspects in the cryptology application of trusted computing. We give an example application to illustrate that the TPM enabled key and credential mechanism can improve the security of computer system.
基金Supported by the National High-Technology Re-search and Development Program ( 863 Program)China(2004AA113020)
文摘In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.
基金Supported by the National Natural Science Foun-dation of China (60373087 ,60473023 and 90104005)HP Labo-ratories of China
文摘Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.
文摘In today's globalized digital world, networkbased, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.
基金the National High Technology Research and Development Program of China (2007AA01Z412)
文摘It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM (trusted platform module) context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM (virtual machine) configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG (trusted computing group) static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.
基金This work was supported by the National Nature Science Foundation of China under Grant No.60472014.
文摘With the growing intelligence and popularity of mobile phones, and the trend of cellular network's convergence to IP based network, more and more mobile applications emerge on the market. For mission critical applications, like the electronic payment which will be discussed in this paper, the lack of trust in the underlying mobile infrastructure and secure interface to legacy systems (for this case, the banking systems) poses obstacles to their widespread presence in mobile services. Recently, the exposure of hacking of iPhone and other smart phones further emphasizes the criticality of establishing a trust platform for mobile applications. This paper analyzes the building blocks of the trusted smart phone, and proposes a framework to provide a trusted platform for mobile electronic payment. Such a proposed system may allow direct interface to the banking systems due to the banking industry recognized strong security, and hence, may enable its widespread use.
基金supported by the National Basic Research Program of China (2007CB310704)the National Natural Science Foundation of China (60821001)the Hi-Tech Research and Development Program of China (2009AA01Z439)
文摘One important function in trusted computing is protected storage, which can protect unlimited amount of data and keys. In the existing trusted platform module (TPM) key loading scheme for trusted platform, a computing platform with TPM as its trusted anchor, the total times of loading operation is the same as the number of the loaded target object's ancestors, resulting in low efficiency of loading a TPM key which has many ancestors. To improve efficiency, an identity-based TPM key loading scheme is proposed. In this scheme, the times of loading operation is only two when any TPM key is loaded into TPM. Therefore, the required time cost for loading a TPM key can be reduced, especially for complex TPM key storage hierarchy. By analyzing the correctness, security, efficiency and feasibility, the proposed scheme has the better theoretical and application value.
文摘为了对可信平台控制模块的信任链建立过程进行理论验证,在对基于可信平台控制模块(trusted platform control module,TPCM)的信任链建立过程进行抽象处理的基础上,给出了抽象模型中各个实体状态的进程代数描述,并利用进程代数的公理系统做了形式化验证.验证的结果表明系统具有期望的外部行为.
