高级检索

    一种高效的具有灵活属性证书状态校验机制的PBA方案

    An Efficient Property-Based Attestation Scheme with Flexible Checking Mechanisms of Property Certificate Status

    • 摘要: 可信计算平台的远程二进制证明方案确保了该平台的完整性,通过这种方法平台可以向远程方证明其可信性.然而这种二进制证明方案却存在很多缺陷,其中一个主要问题就是泄露了关于平台的(软、硬件)配置信息,这导致很多隐私问题的出现,例如差别化服务及匿名性破坏等问题.因此针对在可信计算环境下传统二进制证明中所带来的平台配置信息泄露等问题,提出了一种新型的基于属性证明方案(property-based attestation, PBA).该方案具有属性证书状态校验机制灵活、方案整体计算代价小及随机预言模型下可证安全等特点.利用本地验证者撤销的技术,设计了方案的模型,定义了方案的安全性,给出了方案的具体构建,并在随机预言模型下对该方案进行了安全性证明,证明其满足正确性、证明不可伪造性及配置隐私性等安全性质.最后将提出的PBA方案与现有PBA方案在计算代价和证明值长度方面分别进行了比较,比较表明该方案同时具有实用、高效的特点.

       

      Abstract: Remote binary attestation scheme of the trusted computing platform guarantees the integrity and hence the trustworthiness of the platform can be demonstrated to remote parties. However, as pointed out recently, the binary attestation has some shortcomings, particularly in applications. The major problem of the binary attestation is that it reveals the information about the configuration of a platform (hardware and software) or applications, which may lead to privacy issues, such as discrimination services, anonymity violations, etc. In order to solve the problems of platform configuration information leakage caused by the traditional binary attestation in the trusted computing environment, we propose a new privacy-preserving property-based attestation (PBA) scheme, which has flexible checking mechanisms of property certificate status, low computational cost and provable security in the random oracle model. By making use of the ideas of the verifier-local revocation and tracing signatures in the group signature, we present new certificate checking mechanisms, which include offline checking mechanism and online checking mechanism. Moreover, we design the model of the scheme, define the security model of the scheme, give concrete construction of the scheme in detail, and formally prove the security of this scheme in the random oracle model. We prove that this scheme satisfies the correctness, attestation unforgeability and configuration privacy. Finally, compared with other existing PBA schemes, the proposed PBA is more practical and efficient in both the computational cost and attestation length.

       

    /

    返回文章
    返回