Anonymous Authentication Techniques Of The Trusted Computing Platform Design And Implementation

Because of the openness of Internet which leads to the defection of security and dependability, the current Internet application technology can't meet the security needs of application area such as electronic commerce affair and electronic government affair. The traditional information guard system can't solve the information security of the terminal effectively. Trusted Computing Platform is a computer with software and hardware entity to solve the problem of information security, which makes people pay more and more attention to it. Trusted anonymous authentication technology is a significant function of Trusted Computing Platform, accomplishing the identity authentication of terminal platform which accesses to the network, assuring that the terminal which accesses to the network is trusted anonymously. DAA scheme in TPM vl.2 specification focuses on the privacy of platform identity but the platform configuration information and can't support TPM identity authentication of different trust-domain effectively, which is not suitable for Internet.By researching on some of the existing trusted anonymous authentication schemes, in allusion to the limitation of the schemes, a trusted anonymous authentication scheme with security and high-efficiency is designed and implemented in the thesis, which solves the problem of platform identity authentication in the distribute network environment. The main creative work is as follows:1) In allusion to the disclosure of platform configuration information privacy, a DAA scheme based on agent is proposed. The scheme is based on the asymmetric pairing, which introduces an attestation agent instead of the verifier to verify the identity and integrity of the platform and protects the privacy of platform configuration information. The analysis shows that the scheme meets the need of unforgeability, user-controllable anonymity under LRSW assume and DBDH assume.2) In allusion to the limitation of single domain authentication, by integrating trust-relation, a cross-domain authentication scheme based on trust value is proposed, which solves the TPM identity authentication in different trust-domain. The scheme quantizes trust relationship to trust value between 0 and 1, realizes cross-domain authentication by comparing trust value and expectation value, which can effectively diminish the workload of TPM and retrench the time expense on DAA authentication.3) By using TPM-Emulator, the trusted computing platform environment is set up in Linux. The thesis develops software for using virtual TPM by Glade programming, and the proposed trusted anonymous attestation scheme is implemented partly.