Remote Attestation Protocol Based On Proxy Multi-Signature

With the rapid development of computer systems, software attacks become more and more automated and complex. Inherent defects of the software and the passive nature of traditional way of safety prevention have been insufficient to cope with the increasing threats to security of computer systems. And security prevention mechanism which rely solely on software can not protect the security of computer and network information appropriately.Trusted Computing settles these security threats with a new design idea, which provides more security for the system platform with hardware protection and build a trusted computing environment using a combination of hardware and software on this platform. Trusted Computing can ensure that computing of its platform with features such as controllability, confidentiality and authenticity. The same time, using these features can make up the flaws and shortcomings of security prevention mechanism which relys solely on software. Thus Trusted Computing is a better way to solve security threats and challenges of computer system security.Trusted Computing is one of the hot research of computer and network information security field and ensures the security of the system platform by a TPM hardware-small tamper-resistant chip embedded on the motherboard. A core function of the Trusted Computing is remote attestation which includes a credible and complete measurement and integrity reporting. Remote attestation can send the current system state of Attestor to the remote Verifier.At present, Trusted Computing Group officially have released Remote Attestation Protocol including TPMv1.1Privacy CA and TPMv1.2Direct the Anonymous Attestation(DAA). These Remote Attestation Protocol are low efficiency and the overhead of time is too large to adapt to large-scale or reality computer system. Owing to the TPM hardware model is a single process, the remote client can only respond the request of the remote attestation in turn. When a large number of requests of remote attestation reach at the same time, issues of response efficiency arose which will become the bottleneck of the system.Remote Attestation Protocol Based on Proxy Multi-Signature is to solve the above problem. Through the use of proxy signature, remote clients can focus on the batch signature of computer cluster, which can improve the efficiency of the remote attestation. The proxy signature of this paper is based on the Elliptic Curve Digital Signature Algorithm(ECDSA). Compared to the previous proxy signature algorithm, its security is established on the intractability of Elliptic Curve Discrete Logarithm Problem. And Remote Attestation Protocol of this paper reflects the several advantages of Elliptic Curve Cryptography:high efficiency of the system, safer and short ECC key.This experiment is with Intel_i5dual-core processor,2GB of memory of a computer and Linux operating system. TPM is implemented by the TPM Emulator. We can use Java language to achieve the prototype model and control the TPM by JTSS software stack. On the credibility of the experimental environment, we can implement a prototype of remote attestatition protocol based proxy multi-signature and verify the feasibility of the remote proof.