Research On Key Technologies Of Remote Attestation Based On Trusted Platform Module And Their Application

Network security has been one of major problems of the current era. Over the years, trusted computing has been used in a variety of ways to build network security solutions. Remote attestation is one basic feature of trusted computing and is mainly used to resolve issues of trust between multiple devices. Trusted Platform Module(TPM) is a cryptographic chip embedded in the motherboard of the computer, and is an essential component used in the implementation of remote attestation. This chip can assure that the challenger can receive the real evidence from the target. The technology enriches the content of the attestation, which provides the challenger with a granular and deep attestation in comparison to identity-based authentication.The current research focuses on remote attestation based on the TPM and their application in data outsourcing and the geolocation of the cloud data. Major contributions are as follows:(1) Proposing a new secure remote attestation protocol with non-repudiationThe description of remote attestation is not precise in the TPM specification. Furthermore, there is not a rigorous or precise definition about the secure protocol for the remote attestation in the document. These problems bring many challenges to the design, application, and study of the remote attestation protocol. Firstly, the protocol was formalized to resolve these problems. Then, the definition regarding the secure remote attestation protocol with non-repudiation was given by an adversarial experiment. Finally, a secure remote attestation protocol with the non-repudiation called TSRAP-NR-? was carefully designed to achieve expected goals. Security properties and performance were analyzed from three aspects including confidentiality, non–repudiation, and scalability. Results show that TSRAP-NR-? achieves the expected goals. Thus, these problems related to the creator, the location, the freshness, and the integrity of the message can well be solved. Furthermore, results show the definition, TSRAP-NR, can characterize the non-repudiation of a secure remote attestation protocol.(2) Proposing a new structure for the stored measurement log with improvements in privacy protection and scalability based on an unbalance treeThe new structure of stored measurement log based on an unbalance tree was proposed to tackle matters in scalability and privacy protection of platform configurations. Moreover, two optimization measures were also present guided by the idea called ―group‖ in order to reduce the size of the unbalance tree and enhance its ability to protect privacy of platform configurations. Three kinds of structures of stored measurement log were analyzed from many aspects including the secure generation of stored measurement log, fault and tamper detection, scalability, and the privacy protection of platform configurations. Furthermore, its effectiveness was evaluated by a prototype. Results show that the new storage structure can solve scalability and privacy protection existing in the stored measurement log of the linear and the balanced tree.(3) Proposing a TPM-based protocol for secure access to outsourcing dataA new TPM-based protocol, TBKMS-III, was proposed for secure access to outsourcing data. The new protocol can cope with risks caused by legal but malicious users existing in the scenario OWUR/W. In the new protocol, the problems on managing session keys and the trustable attestation of the application environment of sensitive outsourcing data are solved. Additionally, the new protocol gives encryption or decryption keys of data nodes more protection. Results obtained by the formal method show that TBKMS-III successfully solves security problems triggered by legal but malicious users from the OWUR/W scenario and it can also avoid replay and type fault attacks.(4) Proposing a TPM-based scheme for the trustable attestation of the geolocation of cloud dataTo attest whether cloud storage providers store cloud data to the agreed geolocation is still a challenge. A TPM-based scheme, GSCD, was proposed for the trustable attestation of the geolocation of cloud data leveraging remote attestation, geolocation techniques of Internet hosts, provable data possession and Intel TXT. Results show that GSCD can successfully see through counterfeit geographical locations generated by rational adversaries in economy through two strategies, i.e., lengthening and shortening.In conclusion, this work further enriches related theory of remote attestation based on TPM and explores new methods for the study of the remote attestation, which lay the foundation in the field of secure remote attestation protocol. The stored measurement log of the unbalance tree also makes contributions for the application of remote attestation in the opening setting. Lastly, the study also provides new solutions towards the problems existing in data outsourcing and geolocation of cloud data.