Research On Trusted Remote Attestation Technology For Embedded Systems

With the widespread application of embedded devices,people are increasingly paying attention to network security issues.Trusted computing based on hardware trusted roots has evolved into an industrial technology that protects computing infrastructures and terminals.Trusted devices can be interconnected to create trusted networks through trusted remote attestation.With the network attack in the Internet,how to design and implement a remote attesting mechanism with strong security and high attesting efficiency is a key issue.The main research work in this thesis is as follows:(1)As the traditional remote attesting architecture usually adopts one-way authentication,there may be potential security threats such as malicious collusion and flood attack.Therefore,a mutual authentication for embedded platforms is designed.Measurement agents and attestation agents are adopted in the architecture,which are used to collect and attest the platform identity and integrity information.The architecture can reduce the coupling of various functional modules and improve the computational efficiency of the system.(2)A mutual anonymous identity authentication protocol is designed.We add the time stamping mechanism and mutual authentication period based on the existing direct anonymous authentication protocol.We analyze the security of the protocol.The results show that the protocol can improve the security of the authentication.(3)Combined with the locality principle,we improve data structure used to store the integrity measurements of the module,and propose a remote attestation mechanism based on LPBHT.This mechanism can shorten the length of the certification path and improve the verification efficiency of platform configuration integrity certification.Aiming at the problem of TOC-TOU loopholes in the verification process,we improve a randomized metric selecting method to reduce the possibility of exploiting vulnerabilities and increase the security of the verification process.Based on the above research work,we design a remote attestation system by coding and build the experimental environment on the Loongson embedded platform to realize the certification and management.The experimental results show that the use of the remote attestation mechanism designed in this paper has higher efficiency and security.