Research On Some Key Technologies Of Trusted Computing Platform

Faced with the current grim situation in computer network and information security, most of the network information security systems adopt such passive defensive technologies as the traditional firewall, intrusion detection and virus prevention in order to detect and catch the feature information of hacker attacks and virus intrusion. However, such feature information is usually lagged information that has happened, so that these systems fail to predict and determine the future invasion changes accurately and scientifically, much less to prevent the "inner threat/danger " arising from the inside and the operational level. As a result, those systems always carry with them defects and are inevitably subject to attacks.In order to strike at the root of this problem and defend actively instead of passively, trusted computing technology has always been one of the hot topics in the field of information security for more than one decade, whether at home or abroad, in academic circle or business world. Up to now, the research on trusted computing technology has acquired some fruitful results, which contribute a lot to the development of information system security, however, due to the immature theory and practice of trusted computing technology, there remain some problems like the insufficient research on the technological level, lack of developed theoretical support, incomplete systematic structure, complicated applied implementation, etc. Following the trend of trusted computing technology, this dissertation focuses on some key problems of trusted computing platform in trusted computing development.How to achieve convenient and reliable secure storage for trusted computing platform, how to ensure secure and effective remote integrity reporting for trusted computing platform, how to attain direct anonymous attestation with high efficiency but low cost for trusted computing platform, etc, have invariably been the important research points in the field of trusted computing technology. This dissertation conducts in-depth research into the theory of trusted computing platform and proposes some novel solutions from three aspects:key management, remote integrity reporting, direct anonymous attestation. The main contributions of this dissertation are as follows:(1) Research on the theory of trusted computing platform(TCP).In order to comprehensively know about trusted computing platform and conduct a deep research on some key technologies in trusted computing platform, this dissertation first of all introduces and analyzes the core technology of TCP—components of TCP's modules(Trusted Platform Module, TPM) and each component's function, then analyzes and investigates TCP's hierarchical structure and the construction and function of each level, and finally researches and analyzes the theory of three functionalities of TCP (secure storage, attestation mechanism, integrity measurement, storage and reporting). In the meantime, some applications of TCP seal function are also enumerated and analyzed.(2) Research on key management in trusted computing platform.Secure storage is one of the important functionalities in trusted computing platform, and key management is one of the core technologies of secure storage. The traditional key management scheme for trusted computing platform is RSA-based public key cryptography system. In this scheme, the loading times are the same as the number of the loaded object's parent objects. When the TPM key storage hierarchy is very complex, the response speed of loading can be lowered. This dissertation proposes an identity-based TPM key loading scheme. In this scheme, key-loading times are is irrelative to the complexity of TPM key storage hierarchy, so the loading times are not more than twice when any target object is loaded into TPM. In this way, this scheme can improve loading efficiency and brings great convenience to users, which may give certain impetus to the wide application of secure storage in TCP.(3) Research on remote integrity reporting in trusted computing platform.Remote integrity reporting is one of the important functionalities in trusted computing platform. In the traditional scheme, when attesting the integrity reporting sent from the terminal, the remote entity can only discern the security of integrity reporting it receives, but it fails to distinguish which Trusted Platform the integrity reporting comes from. As a result, the scheme is easy to suffer a man-in-the-middle(MiTM) attack: the remote entity fails to identify whether the entity with which it communicates is the same as the one involved in the integrity reporting. This dissertation proposes a security-enhanced remote platform integrity reporting protocol. This protocol integrates the process of the remote platform integrity attestation protocol into the SSL/TLS handshake protocol, and ensures that the entity communicating with the server is identical to the one involved in the integrity reporting, which successfully solves the problem of MiTM in the traditional remote integrity reporting in trusted computing platform, and further enhances the security of remote attestation.(4) Research on direct anonymous attestation in trusted computing platform.Direct Anonymous Attestation(DAA) can attest its identity to remote entity by the proof of knowledge, thereby protecting user's privacy. The traditional DAA scheme is high in requirement, complicated in design and time-consuming that it is unavailable for those equipments with low computing ability, which serves as an obstacle in the application of DAA scheme, and further prevents TCP from widespread usage. This dissertation proposes a new DAA scheme based on bilinear maps under the assumption of q strong Diffie-Hellman and decisional Diffie-Hellman that adapts the limited computational resource of TPM. This scheme can reduce the computational expenses and can efficiently relieve the computation bottleneck of trusted platform, thus making it suitable to be used in equipment with high computing efficiency like PC or intelligent instrument with low computing efficiency like cell phone.To sum up, this dissertation centers on TCP theory and such key technologies as key management system, remote integrity reporting and direct anonymous attestation in TCP. The methods and solutions that have been put forward will have the Positive meaning for the research and practice of TCP theory and information security theory.