Research On Master Key Storage Technology Based On Embedded Trusted Platform

With the rapid development of Information technology, people enjoying the convenience brought by the computer.At the same time,the information security is facing unprecedented dangers.The traditional security mechanisms include anti-virus software and the system’s own firewall,intrusion,access control,etc.These measures protect the security of computer systems to a certain extent.However,the design flaws of the software and the passivity of the protective mechanism of systems are difficult to meet the security needs of important areas.The trusted platform module uses the hardware modules and the cipher technology to provide the trusted services of integrity measurement,Identity authentication and data protection.The hardware structure of the trusted platform overcomes the flaws of the traditional security mechanisms and improve the safety performance of computer systems.This article comes from the National Natural Science Foundation project "Trusted identity authentication and the copyright protection mechanisms for web services"(ID:61272420) and the National defense research project "The research and development of enhancing the embedded real-time operation system by trusted computing and virtualization technology". This paper proposed a Trusted cryptographic module based the embedded mobile platform(ETCM), which complies with the" Tunctionality and Interface Specification of Cryptographic Support Platform for Trusted Computing" issued by the State Cryptography Administration.The embedded trusted cryptographic module realized SMS4,SM2,SM3 algorithms with the core cryptographic module.The platform hardware architecture design accounts of the features that the resources in the embedded platform is constrained,the main components are high-performance and low-power.In addition,fhis paper proposed a hidden storage master key scheme based the Fuzzy Vault algorithm for the key storage mechanism of the platform.Adding a key storage module inside the platform,which only provides a protection service for the storage master key.This paper also proposed two improved algorithms based the key bindings and cancelable multi-fuzzy vault to overcome the flaws of the traditional Fuzzy Vault algorithm.The improved algorithm improved the safety of the storage master key by the Chinese Remainder Theorem,random eigenvalues and the multi-user management.Finally, the experiment proved that the master key storage solutions based on the embedded Trusted Platform is safe and feasible to achieve the desired effect.