| Trusted Computing is a new technology in the field of information security, it ensures security from the terminal and solves the problem of information system security fundamentally, there are three main features for it: Protected Capabilities, Attestation, Integrity Measurement, Storage and Reporting. In trusted computing, the user must be authorized when they implement the order to entity (such as key), the process of authorize is based on authorization secret– called authorization data, and through the authorization protocols to ensure the confidentiality and security about the process of authorization.The Trusted Computing Group (TCG) defines a series of authorization protocols in the TPM specification, such as OIAP protocol and OSAP protocol, and has been implemented in the Trusted Platform Module (TPM), but in practice, there are some security vulnerabilities in the authorization protocols, and exist some security risk, these can not guarantee the security of the entire authorization process.The Trusted Cryptographic Module (TCM) is the trusted computing hardware module, and its function is similar with TPM, the only difference is that TCM is based on Independent-Cryptographic Algorithm. The main contents of this article is aiming at the authorization protocols of the TCG specification, first analyze the security vulnerabilities of the procotols, then improve the security holes, and finally implement the improved protocols in the TCM platform.Firstly, this paper introduces the authorization protocols mechanism in the TPM specification and the relevant knowledge about the authorization protocols, such as the authorization data, the authorization session, the process of command validation. Then, we make a logical analysis about the existing authorization protocols, including the advantages and disadvantages in the process of the protocols, and give some suggestions about it, designes the authorization protocols mechanism based on the TCM platform. Finally, by integrating a series of Trusted Cryptographic modules in Trusted Computing laborary, unifying them to one Trusted Platform, and on base of is writing code to test the feasibility and security of the modified authorization protocols.Through the research and emulation in the Trusted Platform Module (TPM) and Trusted Cryptographic Module (TCM), we can know the three main functions of the Trusted Computing Platform better; we can understand the TPM theoretical knowledge better as well as improve the practical ability. Through analyzing and improving the authorization protocols, not only we can familiar with the trusted computing security mechanism in the authorization protocols, but also we can learn a lot of methods about analyzing and solving problems.The work in the future, we should strengthen the study of the theory knowledge about the authorization protocols, improve the mechanism of the authorization protocols and continue writing code to test and make experiment, we should improve the performance and efficiency of the protocols on base of ensuring the protocol's integrity and security. |
PDF Full Text Request