| Trusted computing is one of the hottest issues in information security field, providing security solution based on a small tamper-resistant hardware TPM. Remote attestation is one of the core functionalities provided by trusted computing, which includes integrity measurement and reporting and can report current platform configuration to remote challenger. The thesis analyzes remote attestation and the major contribution is as follows:Firstly, a solution for the performance and passivity problems in integrity reporting is presented.Performance problem: Owing to single thread access mode of TPM the terminal have to respond attestation requests in turn, which could be a performance bottleneck when the system receiving a lot of requests. To solve this, integrity report based on batching has been proposed on current TPM and can process lots of requests that arrive within a short time concurrently. Meanwhile the increasing of traffic is reduced by using Merkle hash tree. Simulations illustrate that the scheme is effective when the number of processing every patching is larger than one.Passivity problem: It shows that using remote attestation in network management application can help manager monitor the state of remote agents. However the conventional protocol of integrity reporting adopts nonce preventing reply attack, which causes passivity and cheat problem in practice. As a result, attestation based on actual time has been proposed. It makes use of the transport session of TPM and associate integrity report with actual time in application layer, solving the problem through time uploading and log record.Secondly, aimed at the security request of MAS item in staff room, remote attestation is applied to MAS server, which can provide its integrity state for end-user and management platform to offset the deficiency of current security technology. Then application containing Batching-based and Time-based scheme is implemented. |
PDF Full Text Request