摘要
针对当前可信计算平台身份证明最好的理论解决方案——直接匿名认证(DAA,DirectAnonymous Attestation)协议中平台隐私数据(A,e)是以明文方式直接存储在平台上很容易受到攻击的问题,基于TPM的安全存储功能,提出了平台隐私数据(A,e)的保护方案。该方案根据用户的身份生成隐私数据(A,e)的保护密钥和授权数据,利用TPM的安全存储功能对该保护后的隐私数据进行存储,并通过理论分析和实验验证,表明了所提方案在保护隐私数据(A,e)的同时,对直接匿名认证协议的性能影响也不大,增强了DAA协议的身份认证可信。
Aiming at the problem in DAA (Direct Anonymous Attestation), the best theoretical solution for Identity Attestation of TPM (Trusted Platform Module) is suggested. And for the authentication secret-- private data (A,e) is directly stored in plaintext on the platform, it could be easily attacked or destroyed. Based on the safe storage function of TPM, a protection scheme for platform private data in DAA is proposed. This scheme, in accordance with the protection key and for the user' s identity generation the authority data, could protect the platform private data, and the private data (A,e) is encrypted with the symmetric key of AES, and stored in hard disk. The theoretical analysis and experimental results indicate that the proposed scheme could effectvely protect the private data ( A,e ) and enhance the creditability of DAA is identity futhentication.
出处
《通信技术》
2013年第6期106-110,共5页
Communications Technology
基金
国家自然科学基金(批准号:60970113
71202165)
四川省青年科技基金(No.2011JQ0038)
四川师范大学校级项目(No.11KYL03)