| Trusted platform enjoys the features of identity attestation, integrity measure and data secure storage. The trusted platform module (TPM) is the entity of trusted computing. To support TPM functions, the trusted software stack (TSS) has been proposed by the Trusted Computing Group (TCG) which supplies interface to applications and manages the resources of TPM.The main contents of this thesis are as follows:(1) Implements the trust service provider interface (TSPI) in TSS, which can be called as a shared object by the applications. There are two kinds of functions:TSP context management function, cryptographic function. TSP context management function manages the resources of TSP. Cryptographic function provides cryptographic operations of encrypt, sign and so on.(2) Apply TPM to password authentication which associates signature verification to password. The password validity is verified by the signature. The security of password has been enhanced against hammering and dictionary attacks by putting the sign key under TPM’s protection.(3) Propose more flexible schemes to seal and unseal data by binding the TPM to the smart card. Extend the traditional single PCR seal to two modes:the one is seal with signature key, and the other is seal with any PCR. The seal with signature key scheme will be applied in the case that user works in different hosts, which allows the user to unseal the data by different TPMs. Seal with any PCR scheme will be applied in the case that PCR is always changing, which allows the user to unseal the data when at least one PCR is not changed. These two schemes make the seal and unseal more flexible while ensure the security of data. |
PDF Full Text Request