| Along with the rapid development of Information Technology, information security has become an increasingly prominent problem. Except for the inappropriate security setting measures, the characteristics of the existing security technologies like time delayed, detective passive, and just anti outside make these security technologies can not solve the problems of information security fundamentally, and these methods do not solve the security problems from the source of the problems-the user terminal platform.The technology of Trusted Computing proposed makes it possible to solve security problems from the user terminal platform, and provides a new way to address the issues of information security more effectively. Trusted computing technology aims on the security of the terminal platform as a starting point, makes a hardware chip as the trust base of the terminal platform, and then uses the trust chain transfer technology to build a safe and reliable terminal platform, after that based on the technology of remote attestation to verify the credibility of the communication platform, so as to ensure the credibility of both sides to communicate, and finally build a trusted network environment.Remote attestation technology is the basis for the establishment of a trust network and can provide a trust environment for both sides to communicate credibly. The remote attestation process requires the verification of both the identity and the integrity state of the platform. After the analysis of some identity attestation methods, a modified bilinear mapping attestation method based on the security assumptions of q-SDH and DDH is proposed to promote the efficiency of the identity attestation. The correctness and security of the new method has been analyzed and proved, and then there is a comparative and analysis of the calculation with other methods. To improve the deficiency of the recent platform integrity attestation methods, a new method Property-based Chameleon Remote Attestation is proposed combining with the advantage of the Property-based Attestation method. In accordance with the anti-collision and the trapdoor collision characteristics of the Chameleon hash function, a new idea of grouping the components according to the property of the component is proposed to promote the flexibility of the attestation. The Chameleon hash value of the component property used in the attestation process has effectively protected the platform configuration information. During each attestation process, it is required to re-measure the platform configuration so as to ensure the validity of the integrity attestation of the platform. Finally an experiment of PBCRA method has been designed, and proved that the new method is feasible and effective. |
PDF Full Text Request