摘要
远程证明是可信计算的一个重要特征,目的是证明远程平台的身份或配置信息是否可信.常用的二进制证明方法不仅暴露了本地平台的配置信息,而且在现实情况中很难处理平台多样性问题.文中提出的可信计算中远程自动匿名证明方案利用环签名实现直接匿名证明,隐藏了平台的身份信息,以属性证书代替平台配置信息,可以有效防止私有信息的暴露,同时兼顾到对系统的升级和备份的可信评测.证明协议避免了使用零知识证明.分析结果显示,具有较高的实现效率.
Remote attestation is an important attribute in trusted computing. The purpose of remote attestation is to attest the identity and configuration of remote platform. The shortcomings of popular binary attestation are not only revealing information about the configuration of platform or information, but also requiring the verifiers to know all possible "trusted" configurations of all platform as well as managing updates and patches that change the configuration. The remote automated anonymous attestation hides the identity of platform by ring signature, replaces configuration by property-based certificate, which takes good reference for updates and patches of system. The hidden certificate signed by trusted computing module and its host does not need extra zero-knowledge proof, so our scheme is very efficient in realization.
出处
《计算机学报》
EI
CSCD
北大核心
2009年第7期1304-1310,共7页
Chinese Journal of Computers
基金
国家"八六三"高技术研究发展计划项目基金(2007AA01Z410
2007AA01Z177)
国家"九七三"重点基础研究发展规划项目基金(2007CB307101)
长江学者创新团队项目(IRT0707)
北京交通大学校基金(BJTU K08J0030)资助~~
关键词
可信计算
远程证明
自动协商
属性证书
环签名
trusted computing
remote attestation
automated negotiation
property certificate ring signature
