Based On Smart Card And Pki Trusted Computing Platform

At present,one important reason for the hard situation of the network security is lots of unhealthy endpoint systems in network.Such unhealthy endpoints may not only be the victims of an attack but also be used by hackers as bridges through which viruses are sprend and attack happens,which leads the whole network to be unsafe.The reason why unhealthy endpoint systems lead to so many securiy problems is that exsiting security technology can not make sure that the environment of program execution is creditable.If the important hardware and software configuration of the endpoint systems can not be spitefully modified,and the behavior of program in computer always are expectant and controllable,then the safety level of endpoint systems will be raised remarkablely,and computers have some immunity to vicious code and attack.In order to deal with the security problems caused by the unhealthy endpoint systems, academics put forward the concept of Trusted Computing. Trusted Computing technology ensure that the operation on the computer are predictable and controllable. The Trusted Computing technology make sure that the computer has confidentiality, integrity, controllability, and anti-repudiation.The basic considor of the trusted computing is that at first constructing a trusted root whose safety is ensured by cryptograph technology and phiscal measures,and then setting up a trusted chain,from the trusted root to all kinds of hardware,operating system,applictions,it can anthenticate and trust stair from one to another,and exponds this kind of trust to the whole computer system,even a network.Based on trusted platform framework and trusted network architecture proposed by trusted computing group,a new trusted platform and trusted network link using smart card and PKI technology are put forward and realized.This platform make sure that application, such as Java program, can be always trusted.The main contribution of this dissertation is:1) Smart card which is based on PKCS#11 standard is used as trust root. This kind of smart card not only has functions of safe storage and cryptographical operation which must be kept by generic trust root,but also bases on PKCS#11 standard and have USB interface.As a result, it is more convenient in use and more cheap.Based on this trust root, a trust computer has been constructed through the establishment of a trust chain. Specifically, The characteristic infomation of all hardware and software in endpoint system is collected and stored in trust root.And when the system is booting, all characteristic infomation in trusted root is compare to the present system one by one to make sure the system is trustable.2) The trusted computing group has proposed a trusted network model. A architecture of trusted network has been designed and realized based on that.The architecture has 3 levels. The bottom level is a CA which is constructed with OpenSSL technology and used to sign digital certificates for endpoint systems.And the middle level is a protocal which is used to build trusted communication link.Lastly, the top level is a collector for gathering integrity information of endpoint system which is an important part of digital certificate.3) A trusted network authentication protocal has been designed and realized.This protocal is designed for authentication between a client and server which would communicate with each other.It can make sure that only trusted computer can switch in and access the trusted network,and has non-repudiation.