An AIK Certificate Generation Protocol Remote Attestatin Based On ZKV

The computer network is changing people’s lifestyles imperceptibly, while we enjoying the convenience of technological, questioning the security of the remote platform gradually. How to ensure the various services safty in the enjoyment of the network has become a hot issue in the academic research.The trusted computing emerged. Trusted computing is a hardware security module based on an information security technology to improve the security of the terminal computing environments. And trusted computing not only improve the credibility of the terminal computing environments, but also extend trusted environment from operating system to the network, forming a trusted network connection, named TNC technology. TNC is a combination of trusted computing system and network accessing control mechanisms, to prove that the remote code on the platform computing environment is safty, and this method is called remote attestation.There are five certificates in the trusted platform, namely the endorsement certificate, the verification certificate, the platform certificate, the confirmation certificate and the AIK certificates, and remote attestation is divided into two, one for the remote platform identity proof, anthor for the platform configurationinformation remote prove. Initially, TCG Trusted platform send message as AIK public key||endorsement certificate||platform certificate||verification certificate, to the trusted third party, in this case, endorsement public key may be stolen in the transmission process.Nextly, TCG privacy CA method requires that the trusted third party always online, participate each TPM validation activities, in this case, on the one hand, with the number of activities and frequency increases, the Privacy the CA will become a bottleneck; on the other hand, if the verifier collude with the Privacy CA, they can determine the true identity of the verification platform.In2004, DAA protocol, invented by E.Brickell, overcome the problem of anonymous authentication protocol based on the Privacy CA, Nevertheless, due to the DAA in the use of several zero-knowledge proof and group signature scheme, implementation is still complexity,and is not feasible.Based on ZKV method, AIK certificate generation protocol combine zero-knowledge proof, the Kerberos and virtual vTPM, format a new remote attestation method. This method protect platform information, adviod the trusted third party bottlenecks and the complexity of the study.When platform applicates for AIK certificate, ZKV method uses zero-knowledge proof way and uses Kerberos as TTP, sends requests to AS and the TGS to complete AIK certification, we assume that the system is static, all components are not changed, so a TPM need AS certification only in the first time, when it need to access network, and to apply for an application server ticket to the TGS Department, such that reducing the load of TTP, vTPM as a platform architecture, virtual technology makes function module security isolation, and identification mode to prevent the platform information exposure, to avoid a trusted third party bottlenecks and to reduce the complexity of remote attestation.