| Trusted computing is proposed to solve the problem that the current computing systems can not solve security issues thoroughly. Its main idea is by introducing a trusted hardware device into PC hardware platform as the source of trust, and using cryptographic mechanism to build trust chain, thereby trust is extended in the entire computer system. Trusted computing provides an effective way to establish a safe and reliable terminal environment. The ultimate aim of the trusted computing platform is to protect the safety of application capitals, so how to develop applications of trusted computing on the basis of the trusted computing module is the key element to improve the security of applications.This paper focuses on the security solutions provided by the trusted platform module. Using encryption technology for authentication, integrity measurement and confidential storage, three security protocols for typical reality scenes are designed to improve the system security.(1) A software updating protocol based on the trusted platform module is proposed, in which the client and the server firstly realized bidirectional authentication and key distribution, and afterwards they transferred the updated software package via digital envelope operation, then using integrity measurement and reporting mechanism to ensure the integrity and legitimate of software upgrade. The procedure of resuming in case of updating failure is also designed in the protocol to prevent the loss of the configuration data and the invalidation of the software, which provides a comprehensive and highly secure way of software updating.(2) With the crucial technologies of integrity measurement and reporting, data sealing and cryptology services of the trusted platform module, an access control protocol based on the trusted platform module is presented. This protocol realized secure and convenient data access control, in which the user and the platform have realized rigorous authentication, and the technology of data sealing guaranteed the protected data can only be visited by the authorized user in the specific state of the specific platform.(3) A file backup and share protocol based on the trusted platform module is provided, which is designed for two applied mode to provide hardware-level data protection: encryption and backup of local files, share encrypted files, respectively used for the backup and network share of confidential or sensitive data. The protocol carried out dual-backup of key and information, which ensures the integrity and security of message transmission and storage. We implemented the protocol by coding in the end, developed the related software stack and application program, and performed strict function tests. |
PDF Full Text Request