Design And Analysis Of Some Security Protocols Based On CPK In Trusted Computing Environment

Trusted computing is one of the main development trend in information security, cryptographic technique is the key technique in trusted computing, and security protocol is an important composition of cryptographic technique. The base of trusted computing technology is Trusted Platform Module (TPM), TPM's core is key management. Therefore, the encryption algorithm and key management scheme used by TPM will directly affect its security and operating efficiency.As we know, if authentication technology is used in real life, it must be asked to authenticate user, host and process, must be super-large scale, off-line, and needs not a TTP entirely. It is necessary to use public key technology for achieving authentication by A to A (Any thing to any thing) strongly. Yet, the traditional Public Key Infrastructure (PKI) can not achieve the requirements, only this kind of technology can achieve them, which should conjoin public key and identity, and the process of finding public key and validating its authenticity is off-line. Presently, only two technologies can satisfy the requirements, namely, Identity-Based Cryptosystem (IBC) and Combination of Public Key (CPK). In contrast to IBC, CPK has more advantages.Thus, how to inosculate CPK in TPM, study TPM with chinese core technology, and exert the advantages of CPK in trusted computing is a problem worth quite studying. In this paper, abiding by the specifications of Trusted Computing Group (TCG), based on three design and analysis of security protocols closely related to authentication in trusted computing, the research is carried out using CPK. Generally the work consists of the following three parts.Firstly, the problem of the user login standard scheme and improved scheme for trusted computing platform of TCG is introduced. After that, we propose a trusted computing platform user login authentication protocol based on CPK, the security analysis of protocol is given using Security Protocol Analysis Latent Logic (SPALL). This protocol is double-factor authentication, can achieve the authentication among TPM, U-KEY and user, and can separate authentication and warrant strictly. This protocol is more secure, more flexible than the corresponding scheme presented in TCG standard.Secondly, the requirements of protecting privacy procotol are studied, Direct Anonymous Attestation (DAA) of TCG is analyzed, and the deficiencies of DAA are indicated. Aiming at the requirements of DAA, we propose a direct anonymous attestation protocol in trusted computing based on CPK combined with a provably secure ring signature scheme, and give the security analysis of this protocol in detail. The protocol is unconditional anonymity, secure against existential forgery in the random oracle model and under adaptive chosen-message attacks, and achieves the only attestation of trusted platform, unlinkability of interaction, and disclosure of the identity of untrusted platform, etc, the whole requirements of DAA. It is more secure and more simple than the DAA in TCG standard.In the third part, the problem of Trusted Network Connection (TNC) protocol extension is analyzed. As there is not specific key change protocol in TNC, aiming at the security goals of key exchange in trusted computing environment, we propose a key exchange protocol based on CPK for TNC. The secure properties of protocol are formally proved with SPALL. The protocol can provide secure negotiation of session key and security association, protection of entities' identities, verification of platform integrity, and mutual authentication of communication entities. In contrast to related protocols, it needs only three messages and less computational load, and it is more simple and more efficient.