摘要
针对TPM只作为对密钥的访问控制设备,而不能销毁被攻破密钥的问题,提出了两种利用密钥列表实施撤销的机制。通过对TPM命令集的少量修改,利用密钥列表对加载的密钥进行有效性检查,从而保证被TPM使用的密钥都是未撤销的,并且两种机制都能实现与当前TCG规范的向后兼容,也不会增加其他操作的负载。最后,提出将两种机制结合以保证密钥撤销和加载操作的效率,增强撤销机制的可实施性。
TPM is not able to destroy collapsed keys, because keys ( except for SRK and EK) are stored outside of it. To solve this problem, this paper proposed two mechanisms of revoking TPM keys. Without major changes to the TPM command set, checked the validities of loaded keys by using key lists. While realizing revocation checking effectively, preserved backwards compatibility with the current TCG specifications, and introducted no overhead for normal operation. At last, to improve the efficiency of revoking and loading operations and enhance the practicability of revocation mechanism, proposed the combination of both mechanisms.
出处
《计算机应用研究》
CSCD
北大核心
2010年第2期714-717,共4页
Application Research of Computers
基金
国家"863"计划资助项目(2008AA01Z404)
