A Data Sealing Approach Based on Integrity Measurement Architecture

Shen Qingni; Du Hong; Wen Han; Qing Sihan

Journal of Computer Research and Development > 2012 > 49(1): 210-216.

Shen Qingni, Du Hong, Wen Han, Qing Sihan. A Data Sealing Approach Based on Integrity Measurement Architecture[J]. Journal of Computer Research and Development, 2012, 49(1): 210-216.

Citation:

Shen Qingni, Du Hong, Wen Han, Qing Sihan. A Data Sealing Approach Based on Integrity Measurement Architecture[J]. Journal of Computer Research and Development, 2012, 49(1): 210-216.

Citation:

Shen Qingni, Du Hong, Wen Han, Qing Sihan. A Data Sealing Approach Based on Integrity Measurement Architecture[J]. Journal of Computer Research and Development, 2012, 49(1): 210-216.

PDF (1141 KB)

A Data Sealing Approach Based on Integrity Measurement Architecture

Shen Qingni^1,2,
Du Hong^1,3,
Wen Han^1,2,
Qing Sihan^1,4

1(Department of Information Security, School of Software and Microelectronics, Peking University, Beijing 102600) 2(Key Laboratory of Network and Software Assurance (Peking University), Ministry of Education, Beijing 100871) 3(Institute of National Security Science and Technology, Beijing 100044) 4(Institute of Software, Chinese Academy of Sciences, Beijing 100190)

More Information

Published Date: January 14, 2012

Graphical Abstract

Abstract

Abstract

As an important capability of trusted computing platform, sealing can provide strong data storage security by combining data’s encryption with the platform configuration, by which data can only be unsealed under specific configurations. However, sealing operation is hard to use for the complexity of modern OS, the randomness of the loading order of the booting components, the frequently changing configuration, software update and patches. IMA (integrity measurement architecture) implemented in operating system could measure the dynamic configurations and extend them to the trust chain of the whole trusted platform, and then support the data sealing. Therefore, a new approach to data sealing based on IMA is proposed here, which seals data to a relatively fixed configuration in PCR0—PCR7 (Platform Configuration Register) and then applies a list policy (black list policy or white list policy) to the measurement list (ML) in IMA for the variable configuration in PCR10 to determine whether the unseal operation can be performed. Finally, a prototype system “TPM Master” implemented in Linux is given and its performance and security analysis are both evaluated. The results show that the proposed approach could solve the issue of the PCR value varying with the OS complexity and make updating process much more flexible by the list policy，without re-sealing the original data.
- trusted computing,
- trusted platform module (TPM),
- integrity measurement architecture (IMA),
- data sealing,
- secure storage

FullText(HTML)

References (0)

[1]	Han Bing, Wang Hao, Fang Min, Zhang Yongchao, Zhou Lu, Ge Chunpeng. Data Integrity Verification Scheme For Lightweight Devices in Cloud Storage Scenarios[J]. Journal of Computer Research and Development, 2024, 61(10): 2467-2481. DOI: 10.7544/issn1000-1239.202440489
[2]	Fu Yao, Li Qingdan, Zhang Zehui, Gao Tiegang. Data Integrity Verification Scheme for Privacy Protection and Fair Payment[J]. Journal of Computer Research and Development, 2022, 59(6): 1343-1355. DOI: 10.7544/issn1000-1239.20210023
[3]	Xu Guangwei, Bai Yanke, Yan Cairong, Yang Yanbin, Huang Yongfeng. Check Algorithm of Data Integrity Verification Results in Big Data Storage[J]. Journal of Computer Research and Development, 2017, 54(11): 2487-2496. DOI: 10.7544/issn1000-1239.2017.20160825
[4]	Wang Huifeng, Li Zhanhuai, Zhang Xiao, Sun Jian, Zhao Xiaonan. A Self-Adaptive Audit Method of Data Integrity in the Cloud Storage[J]. Journal of Computer Research and Development, 2017, 54(1): 172-183. DOI: 10.7544/issn1000-1239.2017.20150900
[5]	Qin Zhiguang, Wang Shiyu, Zhao Yang, Xiong Hu, Wu Songyang. An Auditing Protocol for Data Storage in Cloud Computing with Data Dynamics[J]. Journal of Computer Research and Development, 2015, 52(10): 2192-2199. DOI: 10.7544/issn1000-1239.2015.20150509
[6]	Tan Shuang, He Li, Chen Zhikun, Jia Yan. A Method of Provable Data Integrity Based on Lattice in Cloud Storage[J]. Journal of Computer Research and Development, 2015, 52(8): 1862-1872. DOI: 10.7544/issn1000-1239.2015.20140610
[7]	Li Hui, Sun Wenhai, Li Fenghua, Wang Boyang. Secure and Privacy-Preserving Data Storage Service in Public Cloud[J]. Journal of Computer Research and Development, 2014, 51(7): 1397-1409.
[8]	Fu Yingxun, Luo Shengmei, Shu Jiwu. Survey of Secure Cloud Storage System and Key Technologies[J]. Journal of Computer Research and Development, 2013, 50(1): 136-145.
[9]	Xiao Da, Shu Jiwu, Chen Kang, Zheng Weimin. A Practical Data Possession Checking Scheme for Networked Archival Storage[J]. Journal of Computer Research and Development, 2009, 46(10): 1660-1668.
[10]	Wang Dan, Feng Dengguo, and Xu Zhen. An Approach to Data Sealing Based on Trusted Virtualization Platform[J]. Journal of Computer Research and Development, 2009, 46(8): 1325-1333.