可信计算平台委托机制的分析与改进

Analysis and Improvement of Delegation Mechanism in a Trusted Computing Platform

  • 摘要: 针对TCG委托机制中存在的使用已失效的委托信息仍能获得TPM服务的安全问题,提出了一种基于m叉哈希树MHT的委托方案。MHT存储在平台中,叶节点记录当前有效委托的哈希值,子节点连接后计算哈希值构成父节点,如此递归产生根节点存储在TPM中。创建或撤销委托时,添加或删除MHT相应的叶节点,同步更新MHT内部节点直到根节点;执行委托时,查询MHT,判断委托当前是否合法有效,避免TPM中的资源被非法利用。实验结果表明,新的委托方案具有更高的安全性,且容易实现。

     

    Abstract: This paper analyzes the principles and security problems of delegation mechanism in the V1.2 specification of TPM,and proposes a new delegation scheme.In this scheme,a merkle hash tree(MHT) has been maintained,each leaf of which records a hash of a delegation blob and the root resides in TPM.Based on the MHT,the protocols of delegation mechanism were improved.The MHT has been updated synchronously in the creation and revocation protocol and been queried to judge whether the delegation blob is valid currently in execution protocol.The results indicate that the new delegation mechanism is feasible and the reliability and security of delegation model have been improved by means of this new scheme.

     

/

返回文章
返回