The Research And Implementation Of Trusted Security Enchancement System Based On USBKey

With the security problems frequently happen in computer systems, especially in terminal computer systems, information systems are confronted with the serious crisis of trust. To address these pressing problems thoroughly, it is necessary to establish a credible computing environment in architecture, The traditional security enhanced technology based on operating system is an efficient solution to resolve the security problem, but it can not guarantee that the base of the system is trustworthy. The technology of trusted computing platform introduces Trusted Platform Module(TPM) as a trust root. By passing the trust from trust root to other parts of the platform, TPM ensures the trust of computing platform and applications, and enhances the security of the terminal platform. However, to acquire a variety of security features defined by TCG, the support from hardware platform is needed. Furthermore, trusted booting process defined by TCG does not support the authentication of terminal user.To overcome these shortages, in this paper we combine trusted mechanism with security capability, and propose a trusted security enhancement architecture based on USBKey for general systems, which achieves the main functions of the TCG specification. We design a trusted booting scheme based on USBKey for linux, which not only implement the secure booting function but also provide security service for the upper applications and reasonably solved the problem of trusted environment for general systems.In this paper, we first introduce the requirement of trusted security enhancement and basic situations of this work, and research the traditional security enhancement technology and trusted operating system, and analyze the relationship of trust and security along with trusted booting technology, which provides abundantly academic and technical background.Secondly, we propose a trusted security enhancement architecture based on USBKey, and establish a comprehensive security architecture from the overall of security system based on the research achievement of current security OS.And then, we carry out similar TPM functions using USBKey, and propose a compatible trust chain which regards USBKey an BIOS as the trust root. View of the current terminal can not safely validate the legality of user, implemented the boot authentication based on USBKey; validate the trust of the OS loader, OS kernel and Init, to ensure the integrity of all parts in the booting process.Finally, according to independent privacy and offline privacy requirements, we propose disk encryption based on USBKey, which ensures the implementation of confidentiality policy and ciphertext to be stored. At the same time we provide trusted support for establishing terminal security environment in Linux.