摘要
文章针对当前基于隐私CA(Privacy CA)的平台身份建立方案和DAA(直接匿名证明)方案应用于网络终端平台身份管理时存在的两个问题:EK(Endorsement Key)证书管理复杂以及与传统基于管理员身份的终端管理方案未有效结合,无法支持基于管理员的平台身份撤销,提出了改进的基于可信芯片的网络终端平台身份管理方案.该方案包括平台EK产生、平台匿名身份建立、身份撤销、身份认证时的安全协议定义,利用了零知识证明以及基于ID的加密机制,有效解决了上述问题.同时在随机预言机模型下,作者还给出了该方案的正确性、匿名性以及不可伪造性的安全性证明.
TPM/TCM-Based platform identity management is the base to construct TNC (trusted network connect). However there are two problems when managing platform identity of the network terminals using privacy-CA and DAA (direct anonymous attestation) approaches. The first one is that it is hard to manage EK certificate of TPM/TCM, especially in large scale networks. Secondly traditional administrator-based terminal management can not be combined with the approaches based on TPM/TCM. The paper proposes an improved approach to manage termi- nal platform identity based on TPM/TCM. It defines the protocols to issue EK, establish platform anonymous identity, revoke platform identity, and authenticate platform identity. Moreover the security of this approach is proven under RO (random oracle) model.
出处
《计算机学报》
EI
CSCD
北大核心
2010年第9期1703-1712,共10页
Chinese Journal of Computers
基金
国家科技支撑计划(2008BAH22B06)
国家"八六三"高技术研究发展计划项目基金(2007AA01Z412)
中国科学院知识创新工程领域前沿项目(ISCAS2009-DR14
ISCAS2009-GR)资助~~
