一种基于TPM的数据链系统密钥管理方案
|
摘要
深入研究密钥管理机制的安全性、合理性和实用性,设计和实现适应于TPM芯片的密钥管理机制和证书管理机制,提高可信计算平台的安全性、可维护性和易用性,是可信计算平台有效应用的基础,关系到电子政务、电子商务等网络虚拟业务的普及和发展。密钥安全是密码系统安全运行的关键,密钥管理方案是信息安全管理的重要内容,支撑着密码保障的全过程。然而,密钥管理方案的设计却容易被人们忽视。鉴于可信计算的信任链传递机制有效保护了计算机中存储数据的机密性和安全性,并能够防止恶意软件对计算机的攻击。提出了数据链系统的安全管理模型,设计并实现了一种基于TPM(可信平台模块)的数据链系统密钥管理方案。通过认证,表明该方案能够很好地保证数据链系统密钥管理的真实性、完整性和机密性。
Further study of safety,rationality and practicability of the key management mechanism,design and implementation of key management mechanism and certificate management mechanism adapted to the TPM chip,improvement of the security the trusted computing platform and its maintainability and ease of use,is the foundation of effective application of trusted computing platform,which is related to e-government,e-commerce and other network popularization and development of virtual business. The key safety is the key to the operation of the cryptographic system. The key management scheme is an important content of information security management,which supports the whole process of the cryptographic protection. However,the design of the key management scheme is easily ignored. The trust chain transmission mechanism of trusted computing can effectively protect the confidentiality and security of the data,and prevent the computer being attacked by the malicious software. So we propose a model of safety management of data chain system,and design and implement a scheme of data chain system key management based on TPM(trusted platform module). The authentication shows that this scheme can effectively ensure the authenticity,integrity and confidentiality of the key management of data chain system.
Further study of safety,rationality and practicability of the key management mechanism,design and implementation of key management mechanism and certificate management mechanism adapted to the TPM chip,improvement of the security the trusted computing platform and its maintainability and ease of use,is the foundation of effective application of trusted computing platform,which is related to e-government,e-commerce and other network popularization and development of virtual business. The key safety is the key to the operation of the cryptographic system. The key management scheme is an important content of information security management,which supports the whole process of the cryptographic protection. However,the design of the key management scheme is easily ignored. The trust chain transmission mechanism of trusted computing can effectively protect the confidentiality and security of the data,and prevent the computer being attacked by the malicious software. So we propose a model of safety management of data chain system,and design and implement a scheme of data chain system key management based on TPM(trusted platform module). The authentication shows that this scheme can effectively ensure the authenticity,integrity and confidentiality of the key management of data chain system.
引文
[1] 冯登国,裴定一.密码学导引[M].北京:科学出版社,1999.
[2] 石勇.面向云计算的可信虚拟环境关键技术研究[D].北京:北京交通大学,2017.
[3] NAKAMURA M,MUNETOH S.Designing a trust chain for a thin client on a live Linux CD[C]//Proceedings of the 2007 ACM symposium on applied computing.Seoul,Korea:ACM,2007:1605-1606.
[4] ARBAUGH W A,FARBER D J,SMITH J M.A secure and reliable bootstrap architecture[C]//Proceedings of the 1997 IEEE symposium on security and privacy.[s.l.]:IEEE,1997:65.
[5] CHALLENER D,YODER K,CATHERMAN R,et al.A practical guide to trusted computing[M].[s.l.]:IBM Press,2007:13-28.
[6] 方艳湘,黄涛.Linux可信启动的设计与实现[J].计算机工程,2006,32(9):51-53.
[7] 黄涛,沈昌祥.一种基于可信服务器的可信引导方案[J].武汉大学学报:理学版,2004,50(S1):12-14.
[8] 刘孜文,冯登国.基于可信计算的动态完整性度量架构[J].电子与信息学报,2010,32(4):875-879.
[9] 赵勇,韩臻,刘吉强,等.适合于可信度量的可信应用环境体系结构[J].通信学报,2007,28(11A):125-129.
[10] 候方勇,周进,王志英,等.可信计算研究[J].计算机应用研究,2004,21(12):1-4.
[11] 司丽敏.可信计算平台信任链理论与技术研究[D].北京:北京工业大学,2011.
[12] CHEN Xiaofeng,FENG Dengguo.Direct anonymous attestation for next generation TPM[J].Journal of Computers,2008,3(12):43-50.
[13] AVIZIENIS A,LAPRIE J C,RANDELL B,et al.Basic concepts of dependable and secure computing[J].IEEE Trans on Dependable and Secure Computing,2004,1(1):11-33.
[2] 石勇.面向云计算的可信虚拟环境关键技术研究[D].北京:北京交通大学,2017.
[3] NAKAMURA M,MUNETOH S.Designing a trust chain for a thin client on a live Linux CD[C]//Proceedings of the 2007 ACM symposium on applied computing.Seoul,Korea:ACM,2007:1605-1606.
[4] ARBAUGH W A,FARBER D J,SMITH J M.A secure and reliable bootstrap architecture[C]//Proceedings of the 1997 IEEE symposium on security and privacy.[s.l.]:IEEE,1997:65.
[5] CHALLENER D,YODER K,CATHERMAN R,et al.A practical guide to trusted computing[M].[s.l.]:IBM Press,2007:13-28.
[6] 方艳湘,黄涛.Linux可信启动的设计与实现[J].计算机工程,2006,32(9):51-53.
[7] 黄涛,沈昌祥.一种基于可信服务器的可信引导方案[J].武汉大学学报:理学版,2004,50(S1):12-14.
[8] 刘孜文,冯登国.基于可信计算的动态完整性度量架构[J].电子与信息学报,2010,32(4):875-879.
[9] 赵勇,韩臻,刘吉强,等.适合于可信度量的可信应用环境体系结构[J].通信学报,2007,28(11A):125-129.
[10] 候方勇,周进,王志英,等.可信计算研究[J].计算机应用研究,2004,21(12):1-4.
[11] 司丽敏.可信计算平台信任链理论与技术研究[D].北京:北京工业大学,2011.
[12] CHEN Xiaofeng,FENG Dengguo.Direct anonymous attestation for next generation TPM[J].Journal of Computers,2008,3(12):43-50.
[13] AVIZIENIS A,LAPRIE J C,RANDELL B,et al.Basic concepts of dependable and secure computing[J].IEEE Trans on Dependable and Secure Computing,2004,1(1):11-33.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |