The Research And Application On The Key Trusted Technologies In Mobile Computing Environment

With the rapid development of information network technology,information security problems are outstanding.At the meeting of the central network security and information technology leadership team,the general secretary Xi Jinping pointed out that: "No network security,there is no national security." In recent years,important information systems of the government and enterprises are protected by information security level protection standard.In terms of computing environments,application boundaries and network boundary transmissions have achieved good results,and important information systems has been able to be ensured the safety.However,for some specific application scenarios,the staff needs to take the computing platform away from the protected information system environment.Information is processed in the different region and is transferred to the protected system through the Internet.Therefore,it is necessary to extend the security boundary of traditional information systems.And how to ensure the security of mobile computing environment is the great significance to improve the security of the whole information system.Trusted computing is one of the core technologies to solve network security,so the research on the key technologies of trustworthiness in mobile computing environment has important theoretical significance and practical value.At this time the security is particularly important.The Trusted Computing Group(TCG)uses the Trusted Platform Module(TPM)as the trusted root to protect the terminal platform.However,the method is a passive protection and cannot take the initiative to protect the security of the terminal platform.Therefore,the paper is based on Chinese trusted computing theory which presented by our country's academician Shen Changxiang.And the credibility of the terminal platform is guaranteed in the remote office from the perspective of active protection.In this paper,the staff takes the terminal platform to the remote region as the mobile computing environment.Without changing the hardware structure the terminal platform,it is reformed to enhance its credibility in order to archieve the goal of expanding the network security boundary.The main research contents and creative work of the paper are as follows:1.Based on general smart card,a trusted boot scheme is proposed to solve the problem that the user login status is not controllable and the boot environment is untrusted in the mobile computing environment.The TSC(Trusted Smart Card)and the BIOS(Basic Input Output System)are used as the trusted root.And the TSC,the terminal platform and the user identity information are bound to achieve user identification and trusted boot in the mobile computing environment.2.Aiming at the problem which the running software is untrustworthy,software trusted measurement technique based on policy is proposed.A terminal platform needs in accordance with policies that are formulated and distributed by the remote information system.First of all,the credibility of the operating environment is needed to be ensured.On this basis,the static measurement based on property is used to ensure the software of terminal platform operating system to meet the requirement of credibility.When the software is running,each software behavior which is consisted of the input parameters,operating environment,running situation,dependent resources and output results is considered from the instruction level to ensure the credible operation of the software.3.Aiming at the problem which the network connection is untrustworthy,trusted connection architecture based on property is proposed according to the national standard of TCA(Trusted Connection Architecture).In the mobile computing environment,the remote attestation based on property guarantees that the user can only communicate with the remote information system must meet the situation that the user identities,the TSC,the terminal platform,and the remote information system satisfy the credibility requirement at the same time.In addition,in order to guarantee the credibility which the terminal platform to visit the Internet data,network requests of the terminal platform must conform to the related policies.4.According to the business requirements of a ministry,the key technologies of the above researches are adopted to realize the credible guarantee of the mobile computing environment and improve the security of the terminal platform.The Windows 7 operating system is used as the operating system for the terminal platform in mobile computing environment to realize the extension of the existing network security boundary.Firstly,the topology structure and working modes of the terminal platform are described.Then,the framework and key technologies are introduced respectively including a trusted boot scheme based on the general smart card,a software trusted measurement technique based on policy and a trusted connection architecture based on property.