| Along with the development of network technology, the security of infor-mation is becoming more and more important. The traditional technology of security protection such as firewalls, the repair of the system and software vulnerabilities, etc, can only carry on after something have been happened, just like mending the fold after the sheep have been stolen, can not provide real-time protection for network and can not effectively protect user's privacy information at bottom.Trusted computing technology is based on the credible hardware equipments, and uses the mechanism of trusted chains, in which the upper layer trusts the lower layer, to make the system can only startup if the hardware equipments are trusted, ensuring the security of the system.The trusted network connection specification provides rules that the terminal trying to access to the network, must have a trusted platform module, and also measures the credibility and safety of the teiminal by collecting and testing the integrity of it. A terminal can only be authorized to access to the network if it fulfills all the requirements of the verifications, otherwise it will be quarantined, repaired and authorized after fulfilling all the requirements, or be rejected this time. All these do ensure the safety of the network ab intra.Remote anonymous authentication can protect user's identity and privacy information not being leaked when he accessed to a network, which can let the verifier believes the credibility of the users, but can't know his identity, so, it is able to defend the security of users'platform, and is able to protect the privacy information of users'platform well at the same time. There are two schemes, PrivacyCA and DAA, raising by the trusted computing organization, which are the main remote anonymous certification currently. Both can solve the problems of identity authentication for users and protection of users'privacy information during the remote anonymous attestation well. But there are also some defects such as the safety is not so strong, the anonymity is not good enough and the efficiency is lower.Based on the ELGamal signature algorithm, a new anonymous attestation schemes (E-DAA) is put forward to improve the DAA scheme. It is described using mathematical formal languages in detail, and the security, anonymity and completeness of the scheme are proofed and analysised. The results show that the E-DAA scheme based on the DAA and the ELGamal signature algorithm satisfy the remote anonymous attestation requirements in safety and anonymous, and the efficiency is improved.In the virtual machine the client and the server are built, and a series of open source software, just like, trousers, tpmmanager, tpm_emulator, freeradius, mysql and libtnc, are used to build a platform meeting the trusted network connection verification.The tpm_emulator is used to simulation the TPM's functions, and the trousers is used to provid the interface functions for applications access to and operates TPM, and the tpmmanager is used to show the users in the visibility way that the state of TPM, the user settings and the datas storaged in the platform configuration registers. These make the uses of TPM convenient. The freeradius and the mysql are used to build the server and realize the functions of authorization accounting and attestation, and the libtnc is used to using build the framework of the trusted network connection. All of these provides basic conditions for testing E-DAA scheme. |
PDF Full Text Request