计算机应用 ›› 2012, Vol. 32 ›› Issue (01): 56-59.DOI: 10.3724/SP.J.1087.2012.00056

• 第四届中国计算机网络与信息安全学术会议论文(CCNIS’2011) • 上一篇    下一篇

度量行为信息基的可信认证

闫建红1,2,彭新光1   

  1. 1. 太原理工大学 计算机科学与技术学院,太原 030024
    2. 太原师范学院 计算机系,太原 030012
  • 收稿日期:2011-08-08 修回日期:2011-09-06 发布日期:2012-02-06 出版日期:2012-01-01
  • 通讯作者: 彭新光
  • 作者简介:闫建红(1972-),女,山西盂县人,博士研究生,CCF会员,主要研究方向:网络安全、可信计算;彭新光(1955-),男,山西太原人,教授,博士生导师,博士,主要研究方向:计算机网络与安全。
  • 基金资助:

    山西省留学基金资助项目(2009-28);山西省自然科学基金资助项目(2009011022-2)

Trusted attestation of measurement action information base

YAN Jian-hong1,2,PENG Xin-guang1   

  1. 1. College of Computer Science and Technology, Taiyuan University of Technology, Taiyuan Shanxi 030024, China;
    2. Department of Computer Science, Taiyuan Normal University, Taiyuan Shanxi 030012, China
  • Received:2011-08-08 Revised:2011-09-06 Online:2012-02-06 Published:2012-01-01
  • Contact: PENG Xin-guang

摘要: 为了提高远程认证的灵活性和效率,提出将Merkle哈希树应用到基于可信平台的行为动态验证中,给出创建认证度量行为信息基AM_AIB的过程。通过度量当前行为,计算得到行为发生时根哈希值,然后远程认证。根哈希值由可信平台模块(TPM)签名,传递给服务器端验证,如果和服务器端的根哈希值一致,表明该行为是可信的。可根据行为特性设计不同粒度的行为信息基。实验结果表明,该模型能提高时间性能,验证方式灵活,保护平台隐私,克服了基于属性验证的静态特点,确保了平台应用软件运行时可信。

关键词: 可信计算, 行为动态认证, 认证度量行为信息基, Merkle哈希树, 可信平台模块

Abstract: To improve the flexibility and efficiency of remote attestation, behavior dynamic attestation was proposed based on Merkle Hash tree. The process of creating AM_AIB tree was designed. The client measured and calculated current root Hash value which was signed by Trusted Platform Module (TPM), and then transmitted it to server-side for certification. If it was consistent with Hash value of server-side, the behavior was supposed to be credible. The model of Attestation Measurement Action Information Base (AM_AIB) could also be designed in different granularity according to the characteristics of behavior. The experimental results show the proposed method can improve the time performance and protect the privacy of platform. It is flexible and it also can overcome the static feature based on attribute verification and ensure that the platform application software runs credibly.

Key words: trusted computing, behavior dynamic attestation, Attestation Measurement Action Information Base(AM_AIB), Merkle Hash tree, Trusted Platform Module (TPM)

中图分类号: