微信服务号

微信订阅号

2025年4月23日 23:54 星期三
首页 > 过刊浏览>2011年第22卷第2期 >339-352. DOI:10.3724/SP.J.1001.2011.03714
PDF HTML阅读 XML下载 导出引用 引用提醒
一种保护隐私的高效远程验证机制
作者:
基金项目:

国家自然科学基金(90818012); 中国科学院重大方向性项目(KGCX2-YW-125); 北京市科学技术委员会项目(Z08000102000801)


Efficient Remote Attestation Mechanism with Privacy Protection
Author:
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [26]
    • |
  • 相似文献 [20]
    • |
  • 引证文献
    • | |
  • 文章评论
    摘要:

    基于Merkle 哈希树提出了一种效率高、方式灵活并能保护平台隐私的远程验证机制.针对特定的目标应用场景,分析IMA(integrity measurement architecture)体系架构的不足,详细描述基于Merkle 哈希树的远程验证机制的体系架构和度量验证过程,阐述新机制对现有TPM(trusted platform module)的功能增强即TPM_HashTree 命令的功能及伪代码,并分析讨论新机制的优点.

    Abstract:

    A remote attestation mechanism, with high efficiency, flexibility and privacy protection based on Merkle hash tree is proposed in this paper. The problems of IMA (integrity measurement architecture) architecture are analyzed for a special target application scenario; followed by a detailed description of RAMT (remote attestation mechanism based on Merkle hash tree) architecture and its process of integrity measuring and verifying. The function and pseudo-code of command TPM_HashTree, which is a function enhancement to the existing TPM (trusted platform module), are presented for the newly proposed mechanism. The advantages of the new mechanism are analyzed and discussed.

    参考文献
    [1] Trusted Computing Group. TCG specification architecture overview revision 1.4. 2007. http://www.trustedcomputinggroup.org/
    [2] Trusted Computing Group. TPM main specification version 1.2 revision 103 part 1 & 2 & 3. 2007. http://www.trustedcomputinggroup.org/
    [3] Sailer R, Zhang XL, Jaeger T, van Doorn L. Design and implementation of a TCG-based integrity measurement architecture. In: Proc. of the 13th USENIX Security Symp. Berkley: USENIX Association, 2004. 223?238.
    [4] Jaeger T, Sailer R, Shankar U. PRIMA: Policy-Reduced integrity measurement architecture. In: Ferraiolo D, et al., eds. Proc. of the 11th ACM Symp. on Access Control Models and Technologies. New York: ACM, 2006. 19?28.
    [5] Merkle RC. Protocols for public key cryptosystems. In: Proc. of the IEEE Symp. on Security and Privacy. Washington: IEEE Computer Society, 1980. 122?134.
    [6] Merkle RC. A certified digital signature. In: Brassard G, ed. Proc. of the 9th Annual Int’l Cryptology Conf. on Advances in Cryptology. Heidelberg: Springer-Verlag, 1989. 218?238. [doi: 10.1007/0-387-34805-0_21]
    [7] Sadeghi A, Stüble C. Property-Based attestation for computing platforms: caring about properties, not mechanisms. In: Raskin V, ed. Proc. of the 2004 Workshop on New Security Paradigms. New York: ACM, 2004. 67?77. [doi: 10.1145/1065907.1066038]
    [8] Arbaugh WA, Farber DJ, Smith JM. A secure and reliable bootstrap architecture. In: Proc. of the IEEE Symp. on Security and Privacy. Washington: IEEE Computer Society, 1997. 65?71.
    [9] Sailer R, Jaeger T, Zhang XL, van Doorn L. Attestation-Based policy enforcement for remote access. In: Aturi V, et al., eds. Proc. of the 11th ACM Conf. on Computer and Communications Security. New York: ACM, 2004. 308?317. [doi: 10.1145/1030083. 1030125]
    [10] Shankar U, Jaeger T, Sailer R. Toward automated information-flow integrity for security-critical applications. In: Proc. of the 13th Annual Network and Distributed Systems Security Symp. Internet Society, 2006.
    [11] Shi E, Perrig A, Van Doorn L. BIND: A fine-grained attestation service for secure distributed systems. In: Proc. of the IEEE Symp. on Security and Privacy. Washington: IEEE Computer Society, 2005. 154?168. [doi: 10.1109/SP.2005.4]
    [12] Seshadri A, Luk M, Shi E, Perrig A, van Doorn L, Khosla P. Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In: Herbert A, ed. Proc. of the ACM Symp. on Operating Systems Principles. New York: ACM, 2005. 1?16. [doi: 10.1145/1095810.1095812]
    [13] Seshadri A, Perrig A, van Doorn L, Khosla P. SWATT: SoftWare-Based ATTestation for embedded devices. In: Proc. of the IEEE Symp. on Security and privacy. Washington: IEEE Computer Society, 2004. 272?282. [doi: 10.1109/SECPRI.2004.1301329]
    [14] Haldar V, Chandra D, Franz M. Semantic remote attestation—A virtual machine directed approach to trusted computing. In: Proc. of the 3rd Virtual Machine Research & Technology Symp. Berkley: USENIX Association, 2004. 29?41.
    [15] Poritz J, Schunter M, Herreweghen EV, Waidner M. Property attestation–scalable and privacy-friendly security assessment of peer computers. Technical Report, RZ3548, New York: IBM, 2004.
    [16] Maruyama H, Seliger F, Nagaratnam N, Ebringer T, Munetoh S, Yoshihama S. Trusted platform on demand. Technical Report, RT0564, Tokyo: IBM Tokyo Research Laboratory, 2004.
    [17] Sandhu R, Zhang XW. Peer-to-Peer access control architecture using trusted computing technology. In: Ferrari E, ed. Proc. of the 10th ACM Symp. on Access Control Models and Technologies. New York: ACM, 2005. 147?158. [doi: 10.1145/1063979. 1064005]
    [18] Sandhu R, Ranganathan K, Zhang XW. Secure information sharing enabled by trusted computing and PEI models. In: Lin FC, ed. Proc. of the 2006 ACM Symp. on Information, Computer and Communications Security. New York: ACM, 2006. 2?12. [doi: 10.1145/1128817. 1128820]
    [19] Blum M, Evans W, Gemmell P, Kannan S, Naor M. Checking the correctness of memories. In: Proc. of the 32nd Annual Symp. on Foundations of Computer Science. Washington: IEEE Computer Society, 1991. 90?99.
    [20] Lie D, Thekkath C, Mitchell M, Lincoln P, Boneh D, Mitchell J, Horowitz M. Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices, 2000,35(11):168?177. [doi: 10.1145/356989.357005]
    [21] Gassend B, Suh GE, Clarke D, van Dijk M, Devadas S. Caches and hash trees for efficient memory integrity verification. In: Proc. of the 9th Int’l Symp. on High-Performance Computer Architecture. Washington: IEEE Computer Society, 2003. 295?306. [doi: 10.1109/HPCA.2003.1183547]
    [22] Suh GE, Clarke D, Gassend B, van Dijk M, Devadas S. Hardware mechanism for memory integrity checking. Technical Report, MIT-LCS-TR-872, Cambridge: Massachusetts Institute of Technology, 2002.
    [23] Suh GE, Clarke D, Gassend B, van Dijk M, Devadas S. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In: Banerjee U, ed. Proc. of the 17th Annual Int’l Conf. on Supercomputing. New York: ACM, 2003. 160?171. [doi: 10.1145/ 782814.782838]
    [24] Sarmenta LFG, van Dijk M, O’Donnell CW, Rhodes J, Devadas S. Virtual monotonic counters and count-limited objects using a TPM without a trusted OS. In: Juels A, ed. Proc. of the 1st ACM Workshop on Scalable Trusted Computing. New York: ACM, 2006. 27?42. [doi: 10.1145/1179474.1179485]
    [25] Maheshwari U, Vingralek R, Shapiro W. How to build a trusted database system on untrusted storage. In: Proc. of the 4th Symp. on Operating System Design & Implementation. Berkley: USENIX Association, 2000. 135?150.
    [26] Williams D, Sirer EG. Optimal parameter selection for efficient memory integrity verification using Merkle hash trees. In: Proc. of the 3rd IEEE Int’l Symp. on Network Computing and Applications. Washington: IEEE Computer Society, 2004. 383?388. [doi: 10.1109/NCA.2004.1347805]
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

徐梓耀,贺也平,邓灵莉.一种保护隐私的高效远程验证机制.软件学报,2011,22(2):339-352

复制
分享
文章指标
  • 点击次数:7123
  • 下载次数: 8526
  • HTML阅读次数: 0
  • 引用次数: 0
历史
  • 收稿日期:2009-02-08
  • 最后修改日期:2009-07-06
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19862316位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号