摘要
针对目前移动智能平台系统面临的安全威胁,利用可信计算技术解决嵌入式系统的安全问题,是一种可行且高效的安全解决方案。在不改变现有移动设备硬件架构的前提下,提出了一种嵌入式平台系统的安全启动机制,将安全TF卡作为外置可信平台模块,构建了一条从Bootloader到上层应用程序的完整的信任链,该信任链的起点保护在安全TF卡的安全区域内,启动过程中各个组件的度量标准值由安全TF卡中的密钥签名存放。描述了该机制的实现过程,并对其安全性、效率进行了详细的分析测试。实验结果显示,该机制能够抵御针对嵌入式平台的多种攻击,有效保护嵌入式系统安全。
Currently, intelligent mobile platform is facing with a series of security threats. One feasible and effective solution for those threats is leveraging trusted computing technology to guarantee the security of embedded systems. In this paper, a secure boot mechanism for embedded system is designed without changing the existing mobile device hardware architecture. This paper presents a complete trust chain from bootloader to upper-layer applications, in which the security TF card plays a role as external trusted platform. The starting point of the trust chain is stored in the secure area of TF card and the measurement reference value for securely booting is signed by the secret key in security TF card before stored. This paper also describes the implementation of the mechanism and carries out detailed analysis focusing on security and efficiency. The experimental results show that the mechanism can defense a variety of attacks on embedded platform, and effectively protect the security of the embedded system.
出处
《计算机工程与应用》
CSCD
2014年第10期72-77,共6页
Computer Engineering and Applications
基金
国家973重点基础研究发展计划(No.2014CB340600)
国家自然科学基金重点项目(No.61332019)
国家自然科学基金(No.61173138
No.61272452)
湖北省重点新产品新工艺研究开发项目(No.2012BAA03004)
企业合作项目(No.YB2012120174
No.YB2013110084)
关键词
可信计算
可信计算平台
信任链
嵌入式系统
安全启动
trusted computing
trusted computing platform
trust chain
embedded systems
secure boot
