摘要
分析了存储中常见的重放攻击问题,提出一种基于可信平台模块TPM构造虚拟单调计数器的方案以阻止重放攻击.该方案基于TPM提供的硬件计数器、传输会话与私钥保护3种机制建立起虚拟计数器管理器(virtual counter manager,VCM),再由VCM构造和管理虚拟单调计数器.同时提出了一种VCM恶意行为检测算法,用以确保VCM的可信性,使得该方案的安全性仅依赖于TPM的防篡改性.最后,通过实验分析,提出了2个性能改进方案,以确保方案的可行性.
Any security storage system needs to address at least three security issues:confidentiality,integrity and freshness.Of these,freshness is the most challenging problem.However,the traditional software-based solutions themselves are on the storage device,such as a hard disk.Hence,they can not solve the problem.The attacker can replay the whole disk data using an "out-of-date" image of hard disk.Thus,the only solution to this problem would be to employ some form of irreversible state change.In this paper,we analyze the problem of replay attacks upon storage,and propose a TPM-based solution to build virtual counters,in order to defend against replay attacks.In this solution,we build a virtual counter manager(VCM)with three mechanisms in TPM:TPM Counters,transport sessions and protection of private keys;and then we can create and manage lots of trusted virtual counters with VCM.Furthermore,an algorithm for checking malicious operations of VCM is presented in order to ensure the trust of it.Hence,the security of our solution just depends on the tamper-resistant module TPM.Finally,the performance of our solution is analyzed,and two changes are proposed to improve the performance in order to keep the solution of anti-replay attacks feasible.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2011年第3期415-422,共8页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目(2007AA01Z412)
国家科技支撑计划基金项目(2008BAH22B06)
中国科学院知识创新工程领域前沿项目(ISCAS2009-DR14
ISCAS2009-GR03)
