摘要
基于Merkle哈希树提出了一种效率高、方式灵活并能保护平台隐私的远程验证机制.针对特定的目标应用场景,分析IMA(integrity measurement architecture)体系架构的不足,详细描述基于Merkle哈希树的远程验证机制的体系架构和度量验证过程,阐述新机制对现有TPM(trusted platform module)的功能增强即TPM_HashTree命令的功能及伪代码,并分析讨论新机制的优点.
A remote attestation mechanism, with high efficiency, flexibility and privacy protection based on Merkle hash tree is proposed in this paper. The problems of IMA (integrity measurement architecture) architecture are analyzed for a special target application scenario; followed by a detailed description of RAMT (remote attestation mechanism based on Merkle hash tree) architecture and its process of integrity measuring and verifying. The function and pseudo-code of command TPM_HashTree, which is a function enhancement to the existing TPM (trusted platform module), are presented for the newly proposed mechanism. The advantages of the new mechanism are analyzed and discussed.
出处
《软件学报》
EI
CSCD
北大核心
2011年第2期339-352,共14页
Journal of Software
基金
国家自然科学基金(90818012)
中国科学院重大方向性项目(KGCX2-YW-125)
北京市科学技术委员会项目(Z08000102000801)
关键词
可信计算
远程验证
Merkle哈希树
隐私保护
验证效率
trusted computing
remote attestation
Merkle hash tree
privacy protection
verification efficiency