Research And Implementation Of Trusted Service Sharing Mechanism For Embedded Smart Devices

With the rapid development of Internet of Things technology,the application of embedded smart devices is more and more extensive and in-depth.They are interconnected through the network and cooperate with each other to provide more powerful task execution ability.However,due to the openness of network and unavoidable system vulnerabilities,embedded smart devices bring great convenience to human life,but also face more and more prominent security threats.Trusted Platform Module(TPM),proposed by Trusted Computing Organization(Trusted Computing Organization),provides powerful protection for the confidentiality,integrity and authenticity of information systems.At present,the security protection technology of general computing platform based on TPM has been studied and applied deeply.However,a large number of embedded smart devices cannot directly deploy TPM due to resource constraints and strict volume requirements.In this paper,a trusted service sharing scheme for embedded smart devices is proposed.The scheme uses the devices that deploy TPM to provide trusted services through the network to devices that lack TPM protection.The main innovative works of this paper include:(1)To solve the trusted boot problem of embedded smart devices lacking TPM protection,a trusted service based trusted boot model for embedded smart devices is proposed.When boots on a device lacking TPM protection,U-Boot performs the first stage of the forward trusted authentication chain to ensure that the kernel starts properly.Then,the kernel perform a reverse trusted certification of U-Boot and compare the measurement with the credible value that is stored in advance on the trusted service module of the remote deployment of TPM devices.After being confirmed that the current system status is credible,then it continues trusted certification chain in the second stage to complete the boot of the Init process and imperative kernel module and daemons in the kernel.If the authentication result is successful,the system starts normally;Otherwise,the system boot process terminates.Experimental results show that the model can provide trusted boot service for devices without TPM protection,and the average time of trusted boot is only 22.8% slower than that of TBP model.(2)To solve the problem of network congestion caused by many devices lacking TPM protection accessing a single trusted service device in a large network,a trusted service discovery and selection method is proposed.This method is a model optimization method based on the above trusted boot model,which is initiated when trusted service requests are needed for devices lacking TPM protection.First of all,by setting the TTL(Time To Live)control mechanism of trusted service discovery messages in the network by flooding to discover all the available trusted service devices,and trusted service selection method is used to select the best for the lack of TPM protection devices provide trusted service,and returned to the trusted boot model to make it continue trusted boot.The experimental results show that the model can provide trusted boot service for devices lacking TPM protection,and the average time of trusted boot is no more than 44.9% longer than that of TBP model.