摘要
证明是可信计算从体系结构上保障网络服务安全的重要功能。文中介绍了TCG可信计算环境下的认证策略和以TPM为基础的直接匿名认证协议(Direct Anonymous Attestation,DAA),分析了其特点,提出为了获得更好的应用性,对DAA协议进行基于ECC算法的扩展方案。经安全性分析证明,该方案在可信计算环境下只需有限的系统资源,可以有效提高可信网络接入的安全性与可管可控性。
Attestation is an important component of trusted computation to protect Web services security. This paper analyzes the Direct Anony/nous Attestation(DAA) adopted by the Trusted Computation Group(TCG) on the trusted computing platform and points out its advantage and disadvantage. It gives an extended DAA scheme based ECC for better application. The security analysis proves that the protocol with limited system resources could effectively enhance the trustgd network access control security and controllability in trusted computing environments.
出处
《信息安全与通信保密》
2009年第11期76-78,共3页
Information Security and Communications Privacy
基金
国家863项目资助(基金号:2007AA01Z457)
国家大学生创新性实验计划项目资助(基金号:ITP028)
关键词
可信计算
认证协议
隐私
ECC
trusted computation platform
strategy of attestation
privacy
ECC
