虚拟可信平台模块动态信任扩展方法
作者:
基金项目:

国家重点基础研究发展计划(973)(2014CB340600);国家自然科学基金(61772384)


Virtual Trusted Platform Module Dynamic Trust Extension
Author:
Fund Project:

National Basic Research Program of China (973) (2014CB340600); National Natural Science Foundation of China (61772384)

  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [18]
  • |
  • 相似文献 [20]
  • |
  • 引证文献
  • | |
  • 文章评论
    摘要:

    将可信计算技术应用到虚拟计算系统中,可以在云计算、网络功能虚拟化(network function virtualization,简称NFV)等场景下,提供基于硬件的可信保护功能.软件实现的虚拟可信平台模块(virtual trused platform module,简称vTPM)基于一个物理TPM(physical TPM,简称pTPM),可让每个虚拟机拥有自己专属的TPM,但需要将对pTPM的信任扩展到vTPM上.现有方法主要采用证书链来进行扩展,但在虚拟机及其vTPM被迁移后,需要重新申请vTPM的身份密钥证书,可能会存在大量的短命证书,成本较高,且不能及时撤销旧pTPM对vTPM的信任扩展,也不能提供前向安全保证.提出了一种vTPM动态信任扩展(dynamic trust extension,简称DTE)方法,以满足虚拟机频繁迁移的需求.DTE将vTPM看作是pTPM的一个代理,vTPM每次进行远程证明时,需从一个认证服务器(authenticaiton server,简称AS)处获得一个有效的时间令牌.DTE在vTPM和pTPM之间建立了紧密的安全绑定关系,同时又能明显区分两种不同安全强度的TPM.在DTE里,vTPM被迁移后,无需重新获取身份秘钥证书,旧pTPM可及时撤销对vTPM的信任扩展,而且DTE可提供前向安全性.从原型系统及其性能测试与分析来看,DTE是可行的.

    Abstract:

    The integration of trusted computing into virtual computing system can enable the hardware-based protection of trustworthiness in application areas such as cloud computing and network function virtualization (NFV).In a physical trusted platform module (pTPM) based virtual trusted platform module (vTPM), each virtual machine (VM) can be viewed as having its own private TPM.However, it is necessary to extend the trustworthiness of pTPM to vTPM so that a challenger can believe the vTPM is the root of trust of the VM.The existing techniques mainly use a certificate chain to build a trust link from pTPM to vTPM.But if these techniques were deployed in the scenario with frequent vTPM migrations, there would be very high cost of reacquiring new certificates for the migrated vTPM, moreover, pTPM couldn't revoke its trust extension in real time, and they couldn't provide forward security.This paper presents an approach of vTPM dynamic trust extension (DTE) to satisfy the requirements of frequent migrations.With DTE, vTPM is a delegation of the capability of signing attestation data from the underlying pTPM, with one valid time token issued by an authentication server (AS).DTE maintains a strong association between vTPM and its underlying pTPM, and has clear distinguishability between vTPM and pTPM because of the different security strength of the two types of TPM.In DTE, there is no need for vTPM to re-acquire identity key (IK) certificate(s) after migration, and pTPM can have a trust revocation in real time.Furthermore, DTE can provide forward security.Performance measurements and analysis of its prototype demonstrate that DTE is feasible.

    参考文献
    [1] Trusted Computing Group (TCG).TCG Specification Architecture Overview pecification Revision 1.4.2007.https://www.trusted computinggroup.org/wp-content/uploads/TCG_1_4_Architecture_Overview.pdf
    [2] Berger S, Cáceres R, Goldman KA, Perez R, Sailer R, van Doorn L.VTPM: Virtualizing the trusted platform module.In: Proc.of the 15th USENIX Security Symp., Security 2006.Berkeley: USENIX Association, 2006.305-320.https://www.usenix.org/legacy/event/sec06/tech/full_papers/berger/berger.pdf
    [3] Trusted Computing Group (TCG).Virtualized trusted platform architecture specification version 1.0 revision 0.26.2011.http://www.trustedcomputinggroup.org/wp-content/uploads/TCG_VPWG_Architecture_V1-0_R0-26_FINAL.pdf
    [4] Danev B, Masti RJ, Karame GO, Capkun S.Enabling secure VM-VTPM migration in private clouds.In: Proc.of the 27th Annual Computer Security Applications Conf., ACSAC 2011.New York: ACM, 2011.187-196.[doi: 10.1145/2076732.2076759]
    [5] Strasser M.PeterHuewe tpm-emulator v0.7.4.The famous TPM-emulator.2014.https://github.com/PeterHuewe/tpm-emulator
    [6] Int'l Business Machines Corp (IBM).TrouSerS 0.3.13.An open-source TCG software stack implementation.2014.https://sourceforge.net/projects/trousers/
    [7] Int'l Business Machines Corp (IBM).LibTPMs v0.5.2.1.A library that targets the integration of TPM functionality into hypervisors, primarily into qemu.2015.https://github.com/stefanberger/libtpms
    [8] Int'l Business Machines Corp (IBM).Software-Based TPM Emulator (SWTPM) 0.7.4.The package provides socket interfaces and the Linux cuse interface to LibTPMs for the creation of mulitple native/dev/vtpm* devices.2011.https://sourceforge.net/projects/tpm-emulator.berlios/
    [9] Intel.TPM2.0-TSS 0.97.Trusted platform module 2.0 software stack.2015.https://github.com/01org/TPM2.0-TSS
    [10] Int'l Business Machines Corp (IBM).IBM's Software TPM 2.0 477.It is based on the TPM specification parts 3 and 4 source code donated by microsoft, with additional files to complete the implementation.2015.https://sourceforge.net/projects/ibmswtpm2/
    [11] International Business Machines Corporation (IBM).TPM main part 3 IBM commands specification version 1.2 revision 36.2008.http://researcher.watson.ibm.com/researcher/files/us-kgoldman/mainP3IBMCommandsrev36.pdf
    [12] England P, Loeser J.Para-Virtualized TPM sharing.In: Lipp P, Sadeghi AR, Koch KM, eds.Trusted Computing-Challenges and Applications, the Proc.of the 1st Int'l Conf.on Trusted Computing and Trust in Information Technologies, Trust 2008.LNCS 4968, Berlin, Heidelberg: Springer-Verlag, 2008.119-132.[doi: 10.1007/978-3-540-68979-9_9]
    [13] Stumpf F, Eckert C.Enhancing trusted platform modules with hardware-based virtualization techniques.In: Proc.of the 2nd Int'l Conf.on Emerging Security Information, Systems and Technologies (SECUWARE 2008).IEEE Computer Society, 2008.1-9.[doi: 10.1109/SECURWARE.2008.23]
    [14] Sadeghi AR, Stüble C, Winandy M.Property-Based TPM virtualization.In: Wu TC, Lei CL, Rijmen V, Lee DT, eds.Proc.of the 11th Int'l Conf., ISC 2008.LNCS 5222, Berlin, Heidelberg: Springer-Verlag, 2008.1-16.[doi: 10.1007/978-3-540-85886-7_1]
    [15] Aziz NA, Khalid PS.Utilizing TPM functionalities on remote server.In: Yeo SS, Pan Y, Lee YS, Chang HB, eds.Computer Science and its Applications, CSA 2012.LNEE 203, Springer Netherlands, 2012.3-12.[doi: 10.1007/978-94-007-5699-1_1]
    [16] Liu D, Lee J, Jang J, Nepal S, Zic J.A cloud architecture of virtual trusted platform modules.In: Proc.of the 8th IEEE/IFIP Int'l Conf.on Embedded and Ubiquitous Computing (EUC).Washington: IEEE Computer Society, 2010.804-811.[doi: 10.1109/EUC.2010.125]
    [17] Masahiro M, Usuda K, Okamoto E.Proxy signatures: Delegation of the power to sign messages.IEICE Trans.on Fundamentals of Electronics Communications and Computer Sciences, 1996,E79-A(9):1338-1354.
    [18] Masahiro M, Usuda K, Okamoto E.Proxy signatures for delegating signing operation.In: Proc.of the 3rd ACM Conf.on Computer and Communications Security, CCS'96.New York: ACM, 1996.48-57.[doi: 10.1145/238168.238185]
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

余发江,陈列,张焕国.虚拟可信平台模块动态信任扩展方法.软件学报,2017,28(10):2782-2796

复制
相关视频

分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2016-07-25
  • 最后修改日期:2016-09-29
  • 在线发布日期: 2017-09-30
文章二维码
您是第19987540位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号