The Trusted Platform Design Based On Cloud Computing

The cloud computing environment has the characteristics of flexibility, opennessand public availability, but these characteristics also brought many challenges. With theemergence of the trusted computing technology, trusted computing is used ininformation security field widely. And trusted computing technology is used verymaturely to protect the security of systems and hardware. This dissertation introduced amethod which is to build a secure and reliable terminal Trusted Platform system byintroducing trusted computing technology to embedded terminal equipment andcombing with dynamic metrics and remote proof protection. Trusted chain as a specialprotection mechanism ensures that the absolute credibility of every aspect of thecalculating terminal platform, and passed down credibility to every step. Thus it cancreate a trusted computing environment to ensure the security and credibility of theterminal platform and put an end to the invasion of evil code. This dissertation presentsa solution to improve the credibility of the cloud computing terminal platform throughanalyzing the current cloud computing and trusted computing technologies, on thecombination of the basis for the hardware and software of the calculation terminalplatform and credibility of demand.This dissertation will study the credibility and security of the terminal platform ofcloud computing. This dissertation aims to provide a practical, effective and reliablesolution, so that it can make the existing terminal platforms and cloud server systemsuse the research result to ensure the safe access between the terminal platform and cloudservers. In this dissertation, the trusted computing technology of cloud computingmeans not only the great significance for cloud computing, but also the applicationprospects of security protection of terminal equipment. The main innovations of thisdissertation include:1. Taking trusted platform module TPM embedded into the trusted computingplatform to build a secure and trusted computing terminal platform. That is ensuring thehardware and system security and credible through construction of the static trustedchain, and ensuring the application installation and system operation security and credible through construction of the dynamic trusted chain. In this way, the entireembedded system platform is always in a safe and reliable state and the entireembedded terminal platform becomes a safe and trusted computing terminal platformthrough trusted chains and effective trusted transitions. The dynamic measurementmethod design based on virtual machine monitor and the real-time measurement modeldesign based on trusted computing can more effectively protect application transitionand system operation reliable.2. In the embedded systems, the trusted boot of the credible equipment is the keyof the whole system; therefore, the construction of the trusted root is very important inthe construction of credible embedded devices. Because the trusted root are the startingpoint of the trust chain and also the foundation of credible equipment. The trustedmeasurement technology protects the transition of the trusted chains. In the theory ofthe chain of trust, from the bottom BIOS module to the top of the application, all needto go through the measure after the order to be trusted. We usually say that the measuremeans a measure or the certification process by the module summary with the sameperiod the value of carried out the comparison, to determine the integrity of the module.Only measure recognized to the chain of trust can be reliably transfer.3. In order to guarantee the credibility of terminal platform’s access to cloud server,remote attestation technology is introduced. Remote attestation can ensure the reliabletransmission of networks and the reliable communications of terminals and terminals,terminals and servers, so that it can establish a safe network environment. In the remoteattestation process, the information of the integrity status of the terminal is passed to theauthenticator, when authenticator obtained terminal information, it will authenticate andjudge its reliability then create a resource sharing channel. The using of remoteattestation technology is to build a trusted network terminal equipment and access toservers reliably. This dissertation proposed a program design of remote attestationwhich based on identity and attribute certificate. The requesting side can be provedcredible through the mapping between the identical properties and the platformconfiguration, with the help of a trusted third party such as identity issue and attributecertificates. And the authenticator can verify the security and credibility of therequesting side through the third party’s identity and attribute certificate, so that it canensure the access to server terminal equipment credibly. 4. A cloud-based environment trusted platform-cloud TV has been established onthe technology platform provided by the company and combined with the design of thetrusted boot of the trusted computing, construction of static trusted chains and dynamictrusted chains and trusted computing measure mechanism and trusted authentication.The realization of the prototype system based on the credibility of the trusted terminalcloud TV platform authentication mechanism, making the startup, operation, access tocloud services platform center can be operate and communicate safely and effectively.In summary, this dissertation studied the key technologies of credible certification,such as the trusted boot of the trusted computing, transitions of static trusted chains anddynamic trusted chains, trusted computing measure mechanism and trustedauthentication. Using the technology platform established a credible certification ofterminal prototype system-cloud TV, which based on the cloud computing environment.This dissertation provided some new ideas and new ways for the application of theembedded terminal system in information security.