高级检索

    一种基于TPM匿名证书的信任协商方案

    A Scenario of Trust Negotiation Based on TPM Anonymous Credentials

    • 摘要: 为促进分布式网络环境中跨安全域的信息共享与协作,需要一种合理有效的信任协商敏感信息保护机制.可信计算组织(Trusted Computing Group,TCG)专注于从计算平台体系结构上增强其安全性.基于可信计算的匿名证书机制提出一种新的信任协商方案:匿名证书信任协商 ACTN(anonymous credentials based trusted negotiation),良好地解决了跨安全域的敏感信息保护的问题,可以有效地防止重放攻击、窜改攻击和替换攻击.使用一个硬件模块TPM进行隐私信息保护,并通过TPM模块提供可靠的匿名证书和平台认证.定义了ACTN的模型以及模型中的匿名证书,详细说明了匿名证书的基本参数以及匿名证书的创建方法,讨论了策略的安全性、委托机制以及证书链的发现机制,同时设计了协商节点的框架以及协商过程.通过实验并与TrustBuilder和COTN协商系统进行比较,表明系统具有良好的稳定性和可用性.最后指出相关的一些未来研究方向.

       

      Abstract: An effective sensitive information protection mechanism in trust negotiation is needed to promote sharing and collaboration between security domains in distributed network computing. TCG is an industry standardization body that aims to develop and promote an open industry standard for trusted computing hardware and software building blocks to enable more secure data storage, online business practices, and online commerce transactions while protecting privacy and individual rights. The novel anonymous credentials based trusted negotiation system (ACTN) is designed and implemented based on the TPM anonymous credentials of trusted computing, which excellently deals with the difficulty of the protection of sensitive resources between strangers. The scenario resists the replay attacks, tampering attacks, masquerading, and the mechanism is based on a hardware module, called trusted platform module. The model of ACTN and the anonymous credentials are defined in detail; the parameter and the construct method of anonymous credentials are explained; the security of policy, the mechanism of delegation and the credential chain discovery are discussed; the framework of negotiation nodes and the process of negotiation are designed in addition. The results of the experiments are compared with the TrustBuilder and COTN negotiation system, and the results prove the sound performance and good security guarantee. Finally, some related future research fields of the paper are pointed out.

       

    /

    返回文章
    返回