A Trusted Cloud Terminal Solution Based On Portable User TPM

Information technology is encountering its flourishing period, which is interrelated with people’s life accompanying with the rapid development. Google firstly proposed the concept of Cloud Computing which is considered to be the inevitable trend of next-generation computing because of its high degree of information and resources sharing in 2006. Being another leap succeeded Embedding System and Internet of Things, Cloud Computing bring innovations in the field of information security. Meanwhile, the diversity of cloud terminals(e.g. portable computer, cellphone, signal converter, television, and et al.) enlarges the vulnerability of cloud terminals thus become the most serious problem in Cloud Computing.In this paper, we propose a trusted cloud terminal based on user-based trusted module in order to mitigate the problems of credibility in access terminal and the problem of key migration in user roaming scenario. Our scheme utilizes Trusted Computing technique and virtualization technique so that it is able to guarantee the integrity and the security of the system in disparate application environment.User-based trusted module, which is issued by trusted authorities such as government, CA, bank, and so on who initializes the equipment according to the information provided by the user, servers as the root of trust. The user-based trusted module is bound to each user, and symbolizes the identity of the user in information systems thus establishing the base of users’ trust. When accessing the cloud, user-based trusted module serves as a verifier and comprises trusted cloud terminal specified in this paper with user’s platform, which extends the trust chain in information systems to the reality through its characteristic of social trustiness. The function of trusted storage, which stores secret keys inside the module and provides cryptographic services as an interface to upper layers, proffer convenience in key usage in Cloud Computing environment where users often access to the cloud center with different devices in different places.In order to provide benign user experience when Internet service is not available, the trusted cloud terminal has two modes: one is on-line access while the other is off-line access. We design different authentication protocols for each mode of the cloud terminal. The boot of the cloud terminal complies with the idea of trusted bootstrap: loading process of user-based trusted module in management domain firstly measure the integrity of the virtual machine starter; the starter then receives the input of the user to boot corresponding virtual machine, and extends to the platform configuration registers the results of measurement in the sequence of configuration file, kernel file, image file, and initialization file; finally, the kernel measures the integrity of all user processes until remote controller in virtual machine is started up. After the bootstrap of the trusted cloud terminal, management domain gains the measurement results of integrity of platform by the trusted quote function of trusted module, and verifies the condition of access virtual machine through knowledge database. Therefore, the security level of the system is efficaciously improved.By a variety of evaluations, the trusted cloud terminal scheme which incorporate Trusted Computing with virtualization efficiently prompts the security of systems with very low cost.