基于无证书环签名的虚拟机可信证明方案

doi:10.11772/j.issn.1001-9081.2017.02.0378

计算机应用 ›› 2017, Vol. 37 ›› Issue (2): 378-382.DOI: 10.11772/j.issn.1001-9081.2017.02.0378

• 第十届中国可信计算与信息安全学术会议 • 上一篇下一篇

基于无证书环签名的虚拟机可信证明方案

荣星^1,2, 赵勇²

1. 信息工程大学, 郑州 450004;
2. 北京工业大学信息学部, 北京 100124

收稿日期:2016-09-06 修回日期:2016-09-30 出版日期:2017-02-10 发布日期:2017-02-11
通讯作者: 荣星,royafly@126.com
作者简介:荣星(1986-),男,安徽合肥人,博士研究生,主要研究方向:信息安全、云计算;赵勇(1980-),男,山西左权人,讲师,博士,主要研究方向:可信计算、网络安全。
基金资助:
国家863计划项目（2015AA016002）。

Trustworthiness attestation scheme for virtual machine based on certificateless ring signature

RONG Xing^1,2, ZHAO Yong²

1. Information Engineering University, Zhengzhou Henan 450004, China;
2. College of Computer Science, Beijing University of Technology, Beijing 100124, China

Received:2016-09-06 Revised:2016-09-30 Online:2017-02-10 Published:2017-02-11
Supported by:
This work is partially supported by the National High Technology Research and Development Program (863 Program) of China (2015AA016002).

摘要/Abstract

摘要： 由于虚拟环境的复杂性和动态性，使用传统方法证明其安全状态时会出现运算效率低下的情况；而环签名具有运算效率高、匿名性强的特点，利用无证书公钥系统可解决密钥管理问题。为此，提出一种采用无证书环签名机制的虚拟机可信证明方案。私钥生成中心（PKG）验证平台物理环境的状态可信后，由PKG和虚拟可信平台模块（vTPM）管理器利用无证书算法共同生成vTPM签名密钥，虚拟机对外证明时采用环签名机制，将证明者的信息隐藏在环成员列表中，从而实现虚拟机对外的匿名身份证明和状态证明。在完成证明准备工作后，虚拟机不需要在每次证明和迁移时重复生成虚拟身份证明密钥（vAIK）证书，因此大大提高了证明效率；另外方案具有很强的安全性和匿名性，适用于虚拟机数量巨大的云计算环境。

关键词: 虚拟机, 可信证明, 无证书公钥系统, 环签名, 云计算

Abstract: Due to the complexity and dynamic behavior in virtual environment, the efficiency is low when adopting traditional methods to prove the secure state of virtual machines. Ring signature has high computational efficiency and strong anonymity, so the the key management can be solved by using the certificateless public key system. A trustworthiness attestation scheme which adopted certificateless ring signature scheme in Virtual Machine (VM) was put forward. After the trusted physical environment of virtual platform was validated by the Private Key Generator (PKG), the virtual Trusted Platform Module (vTPM) signature key was generated by PKG and vTPM manager using certificateless signature algorithm, and the ring signature was employed by VM to perform remote attestation and hide attestor's identity in ring members, which realized the attestation of VM's anonymous identity and state. After completion of the proof preparation, the VM does not need to generate virtual Attestation Identity Key (vAIK) certificates repeatedly in the process of attestation and migration, thus greatly improving the efficiency of attestation. Consequently, the proposed scheme has strong security and anonymity, and it is suitable for the cloud computing environment with huge numbers of VMs.

Key words: Virtual Machine (VM), trustworthiness attestation, certificateless public key system, ring signature, cloud computing

中图分类号:

TP309.7

荣星, 赵勇. 基于无证书环签名的虚拟机可信证明方案[J]. 计算机应用, 2017, 37(2): 378-382.

RONG Xing, ZHAO Yong. Trustworthiness attestation scheme for virtual machine based on certificateless ring signature[J]. Journal of Computer Applications, 2017, 37(2): 378-382.

参考文献

[1] MITCHELL C J. Trusted Computing?[M/OL]. IET Digital Library, 2005:11-27[2015-05-22]. http://digital-library.theiet.org/content/books/10.1049/pbpc006e_ch1.
[2] GARFINKEL T, PFAFF B, CHOW J, et al. Terra:a virtual machine-based platform for trusted computing[J]. ACM SIGOPS Operating Systems Review, 2003, 37(5):193-206.
[3] SANTOS N, GUMMADI K P, RODRIGUES R. Towards trusted cloud computing[C]//HotCloud'09:Proceedings of the 2009 Conference on Hot Topics in Cloud Computing. Berkeley, CA:USENIX Association, 2009:Article No. 3.
[4] 施光源,张建标.可信计算领域中可信证明的研究与进展[J].计算机应用研究,2011,28(12):4414-4419. (SHI G Y, ZHANG J B. Research and development of trustworthiness attestation in trusted computing[J]. Application Research of Computers, 2011, 28(12):4414-4419.).
[5] BRICKELLl E, CHEN L, LI J.A new direct anonymous attestation scheme from bilinear maps[C]//Proceedings of the First International Conference on Trusted Computing and Trust in Information Technologies, LNCS 4968. Berlin:Springer-Verlag, 2008:166-178.
[6] BENDER A, KATZ J, MOSSELLI R. Ring signatures:stronger definitions, and constructions without random oracles[J]. Journal of Cryptology, 2008, 22(1):114-138.
[7] BONEH D, GENTRY C, LYNN B, et al. Aggregate and verifiably encrypted signatures from bilinear maps[C]//EUROCRYPT'03:Proceedings of the 22nd International Conference on Theory and Applications of Cryptographic Techniques, LNCS 2656. Berlin:Springer-Verlag, 2003:416-432.
[8] LIU J, ZHAO J, HAN Z. A remote anonymous attestation protocol in trusted computing[C]//IPDPS 2008:Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing. Piscataway, NJ:IEEE, 2008:1-6.
[9] 杨绍禹,王世卿,郭晓峰.一种基于环签名的跨域云服务资源远程证明方法[J].小型微型计算机系统,2014,35(2):324-328. (YANG S Y, WANG S Q, GUO X F. Ring-signature based remote attestation for cross-realm resources in cloud computing[J]. Journal of Chinese Computer Systems, 2014, 35(2):324-328.).
[10] NING Z-H, JIANG W, ZHAN J, et al. Property-based anonymous attestation in trusted cloud computing[J]. Journal of Electrical and Computer Engineering, 2014, 2014:Article ID 687158.
[11] BERGER S, CÁCERES R, GOLDMAN K A, et al. vTPM:virtualizing the trusted platform module[C]//USENIX-SS'06:Proceedings of the 15th Conference on USENIX Security Symposium. Berkeley, CA:USENIX Association, 2006, 15:Article No. 21.
[12] STUMPF F, BENZ M, HERMANOWSKI M, et al. An approach to a trustworthy system architecture using virtualization[C]//ATC'07:Proceedings of the 4th International Conference on Autonomic and Trusted Computing, LNCS 4610. Berlin:Springer-Verlag, 2007:191-202.
[13] 王丽娜,高汉军,余荣威,等.基于信任扩展的可信虚拟执行环境构建方法研究[J].通信学报, 2011,32(9):1-8. (WANG L N, GAO H J, YU R W, et al. Research of constructing trusted virtual execution environment based on trust extension[J]. Journal on Communications, 2011, 32(9):1-8.).
[14] 刘金成.无证书数字签名方案的研究[D].西安:西安理工大学,2009:42-48. (LIU J C. Reasearch on certificateless signature schemes[D]. Xi'an:Xi'an University of Technology, 2009:42-48.)

[1]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[2]	葛丽娜, 胡雨谷, 张桂芬, 陈园园. 云计算环境基于客体属性匹配的逆向混合访问控制方案[J]. 计算机应用, 2021, 41(6): 1604-1610.
[3]	杨翎, 姜春茂. 基于三支决策的虚拟机节能迁移策略[J]. 计算机应用, 2021, 41(4): 990-998.
[4]	孙晓玲, 杨光, 沈焱萍, 杨秋格, 陈涛. 基于可拆分倒排索引的可搜索加密方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3288-3294.
[5]	吕佳玉, 竺智荣, 姚志强. 云计算环境下的双通道数据动态加密策略[J]. 计算机应用, 2020, 40(8): 2268-2273.
[6]	蔡豪, 袁正道. 云数据中心基于贪心模式的虚拟机选择算法[J]. 计算机应用, 2020, 40(6): 1707-1713.
[7]	陈程军, 毛莺池, 王绎超. 基于激活-熵的分层迭代剪枝策略的CNN模型压缩[J]. 计算机应用, 2020, 40(5): 1260-1265.
[8]	郭曙杰, 李志华, 蔺凯青. 云环境下基于模糊隶属度的虚拟机放置算法[J]. 计算机应用, 2020, 40(5): 1374-1381.
[9]	许英鑫, 孙磊, 赵建成, 郭松辉. 基于蚁群优化算法的虚拟现场可编程门阵列部署策略[J]. 计算机应用, 2020, 40(3): 747-752.
[10]	王庆永, 毛莺池, 王绎超, 王龙宝. 基于多微云协作的计算任务卸载[J]. 计算机应用, 2020, 40(2): 328-334.
[11]	刘福鑫, 李劲巍, 王熠弘, 李琳. 基于Kubernetes的云原生海量数据存储系统设计与实现[J]. 计算机应用, 2020, 40(2): 547-552.
[12]	杨哂哂, 吴慧珍, 庄黎丽, 吕宏武. 基于Markov过程的IaaS系统可用性建模与分析方法[J]. 计算机应用, 2020, 40(10): 3013-3018.
[13]	林立, 熊金波, 肖如良, 林铭炜, 陈秀华. Gaming@Edge:基于边缘节点的低延迟云游戏系统[J]. 计算机应用, 2019, 39(7): 2001-2007.
[14]	徐雅斌, 彭宏恩. 基于需求预测的PaaS平台资源分配方法[J]. 计算机应用, 2019, 39(6): 1583-1588.
[15]	李启锐, 彭志平, 崔得龙, 何杰光. 容器云环境虚拟资源配置策略的优化[J]. 计算机应用, 2019, 39(3): 784-789.

基于无证书环签名的虚拟机可信证明方案

Trustworthiness attestation scheme for virtual machine based on certificateless ring signature

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics