Research And Design Of Trusted Computing Security Data Terminal

In order to enhance the security of the data acquisition and transmissionsystem on construction machineries, a secure data acquisition terminal isdesigned by using trusted computing technology. In addition to CAN bus dataacquisition functions, the new data terminal supports TPM assisted trusted boot,security status of the current system could be indicated by results of codemeasurement. By use of seal and unseal operation, data could be transmitedthrough a more safe channel.(1)Sstatus of the background and research topics are briefly introduced,especially the ecurity threat data collection terminal faces; Trusted Computingare introduced; and the feasibility of TCG Software Stack ported to embeddedsystems are discussed.(2)The necessity of building trusted computing environment and theinterdependence of the various software packages are analyzed. By the aid ofTPM_emulator, a simulation environment is designed. The environment is ableto simulate remote procedure calls initiated by multiple trusted computingplatforms, while reducing the cost of experiments. Hardware system, including aTPM chip and data acquisition circuitry, is designed. A secure boot solution isdesigned, with the consideration of passive behavior of TPM and compatibilitywith existing embedded computer architecture. The solution enables the terminalto startup in conformity with TCG advisement by measuring code in differentstages respectively. The solution also has good compatibility, and can adapt tochanges in the external circuit and firmware upgrade. By combing static anddynamic analytical method，compatibility issues is solved when transplantingTrouSerS to embedded platform. By configuring the dynamic link libraryoptions in Qt project scripts, the integration of trusted computing applicationsand data collection procedures is achieved. Encrypted remote data transmissionis realized.(3) Finally, the test results prove the feasibility of embedded trustedcomputing.The solution can provides protection for remote data transmission system.