计算机应用 ›› 2012, Vol. 32 ›› Issue (08): 2275-2282.DOI: 10.3724/SP.J.1087.2012.02275

• 信息安全 • 上一篇    下一篇

动态Huffman树平台配置远程证明方案

付东来1,2,彭新光1,陈够喜2,杨秋翔2   

  1. 1. 太原理工大学 计算机科学与技术学院,太原 030024
    2. 中北大学 电子与计算机科学技术学院,太原 030051
  • 收稿日期:2012-02-21 修回日期:2012-04-17 发布日期:2012-08-28 出版日期:2012-08-01
  • 通讯作者: 付东来
  • 作者简介:付东来(1979-),男,河南林州人,讲师,博士研究生,主要研究方向:可信计算、云计算、信息隐藏、程序理解;
    彭新光(1955-),男,山西太原人,教授,博士生导师,博士,主要研究方向:计算机网络与安全;
    陈够喜(1966-),男,山西太谷人,副教授,博士,主要研究方向:信息隐藏、图像处理;
    杨秋翔(1969-),男,山西临汾人,教授,主要研究方向:信息安全、网络拓扑。
  • 基金资助:
    山西省留学基金资助项目(2009-28);山西省自然科学基金资助项目(2009011022-2);中北大学自然科学基金资助项目

Remote attestation mechanism of platform configuration based on dynamic Huffman tree

FU Dong-lai1,2,PENG Xin-guang3,CHEN Gou-xi2,YANG Qiu-xiang2   

  1. 1. College of Computer Science and Technology, Taiyuan University of Technology, Taiyuan Shanxi 030024, China
    2. School of Electronics and Computer Science and Technology, North University of China, Taiyuan Shanxi 030051, China
    3. College of Computer Science and Technology, Taiyuan University of Technology, Taiyuan Shanxi 030024, China;
  • Received:2012-02-21 Revised:2012-04-17 Online:2012-08-28 Published:2012-08-01
  • Contact: FU Dong-lai

摘要: 为了进一步提高平台配置远程证明方案的效率,在基于Merkle哈希树的远程验证机制RAMT的基础上,改进了可信实体散列值的存储方案,提出了基于动态Huffman树的平台配置远程证明方案RADHT,给出了算法效率的理论证明过程。认真讨论了可信实体的散列值存储方案,详细描述了动态Huffman树平台配置远程证明方案的体系结构、度量及验证过程,给出了一个完整性度量算法示例,并讨论了新机制的隐私保护能力和验证效率。与RAMT方案相比,新机制考虑了可信实体的散列值被查询的概率及其概率的动态更新问题。结果表明,新机制改进了平台配置远程证明方案的效率。

关键词: 可信计算, 远程证明, 平台配置, 动态哈夫曼树, 验证效率

Abstract: In order to improve the efficiency of remote attestation for platform configuration, a method based on RAMT (Remote Attestation based on Merkle Hash Tree) was proposed which improved the approach to storing the Hash value of trusted entities by using a dynamic Huffman tree. And the relevant proof of verification efficiency was also given. From the point of view of data structures used for storing the integrity Hash value of the application software, the problems of the existing methods were analyzed. And detailed description about architecture, measurement and verification of RADHT (Remote Attestation based on a Dynamic Huffman Tree) was given. An example about integrity measurement algorithm was presented for the proposed mechanism. The ability in privacy protection and the efficiency of RADHT were discussed. Compared with RAMT, the probability of the integrity Hash value inquired and its update were considered. Results show the efficiency of the remote attestation is improved.

Key words: trusted computing, remote attestation, platform configuration, dynamic Huffman tree, verification efficiency

中图分类号: