Design And Implementation Of Trusted Dynamic Measurement And Remote Attestation System Based On TEE

In recent years,information security technology is becoming more and more impor-tant.Once some key data related to national security and people’s interests are leaked,it will cause incalculable losses to the country.Recent frequent hacker attacks around the world have also made governments and enterprises realize the importance of infor-mation security protection,information security has once again become the focus of at-tention.As an important technology to ensure information security,trusted computing overcomes the hysteresis defect of traditional security mechanism and has obvious advan-tages in system security protection.As the key research object of trusted computing 3.0,dynamic measurement technology is also developing rapidly.But so far,the application of dynamic measurement technology in the field of trusted computing is still few,and no mature standardization scheme and industry standard has been formed.The existing dy-namic measurement technology has some problems,such as limited application system,not flexible use,and immature interface protection mechanism.It is complicated to use and not safe enough.To solve the above problems,this paper designs and implements a set of dynamic measurement and remote attestation system based on TEE(Trusted Execution Environment)based on the characteristics of existing trusted computing technology and the popular trusted execution environment TEE.It is called Dymer.The main contribu-tions of this paper are as follows:(1)A trusted dynamic measurement scheme based on TEE is proposed.Based on TEE’s features of high security isolation and high privilege,a set of trusted dynamic mea-sure security protection scheme is implemented in TEE environment from the level of hardware and software,which is used to achieve dynamic protection of key data of the system.Besides,multiple interface protection mechanism is added based on the interac-tion between TEE and the security interface of the operating system.Greatly enhance the information security protection of important data.(2)A remote attestation scheme of dynamic measurement based on virtual PCR(Platform Configuration Register)is implemented.The scheme realizes dynamic attestation protec-tion for trusted devices.By optimizing the original TPM(Trusted Platform Module)re-mote attestation technology,the core algorithm of virtual PCR is implemented,which can achieve both startup measurement attestation of compatible devices and dynamic mea-surement attestation of expanded and supported devices.(3)A system attack demonstration model is designed.Based on the characteristics of trusted dynamic measurement and remote attestation system,the attack demonstration model of the system is designed and completed.Through the attack demonstration model,the attack and protection of the key data of the system are verified,and the effectiveness of the system is further verified.