期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于串空间的可信计算协议分析 被引量:12

Analyzing Trusted Computing Protocol Based on the Strand Spaces Model
下载PDF
导出
摘要 可信计算技术能为终端、网络以及云计算平台等环境提供安全支撑,其本身的安全机制或者协议应该得到严格的形式化证明.该文基于串空间模型对其远程证明协议进行了分析.首先,扩展了串空间的消息代数和攻击者串,使其能表达可信计算相关的密码学操作,并对衍生的定理进行了证明;并且提出了4个新的认证测试准则,能对协议中的加密、签名、身份生成和哈希等组件进行推理.其次,基于扩展的串空间模型对远程证明协议的安全属性(隐私性、机密性和认证性)进行了抽象和分析.最后,给出了对发现攻击的消息流程,并基于ARM开发板对其中的布谷鸟攻击进行了实现,验证了串空间的分析结果. Trusted Computing technology can provide security supports for terminals, networks and cloud computing platforms; and its secure mechanisms or protocols should be proved formally and rigorously. This paper tries to analyze its remote attestation protocol based on the strand spaces model. Firstly, we extend the term algebra and penetrator's model in the strand spaces in order to express the cryptographic operations used in trusted computing, and the derived theorems have also been proved. We also propose four new authentication test principles accordingly, which can be used to reason about the encryption, signature, identity-making and hash compo- nents in the protocol Then, we use the extended strand spaces model to describe and analyze the security properties (including privacy, secrecy and authentication) of remote attestation protocol. Finally, we describe the message flow of the attacks captured by the strand space analysis, and implement the cuckoo attack using ARM development board, which experimentally proved the results inferred from strand spaces model.
作者 冯伟 冯登国
机构地区 中国科学院软件研究所可信计算与信息保障实验室 中国科学院大学
出处 《计算机学报》 EI CSCD 北大核心 2015年第4期701-716,共16页 Chinese Journal of Computers
基金 国家自然科学基金(61202414 91118006) 国家"九七三"重点基础研究发展规划项目基金(2013CB338003)资助~~
关键词 可信计算 远程证明 串空间 认证测试 形式化验证 trusted computing remote attestation strand spaces authentication test formal verification
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献30

  • 1Trusted Computing Group. TPM Main Specification Level 2 Version 1.2, Revision 116, 2011.
  • 2Feng Wei, Qin Yu, Yu Ai-Min, Feng Deng-Guo. A DRTM- based method for trusted network connection//Proceedings of the IEEE 10th International Conferenee on Trust, Security and Privacy in Computing and Communications. Changsha, China, 2011: 425-435.
  • 3Santos N, Rodrigues R, Gummadi K P, Saroiu S. Policy- sealed data: A new abstracton for building trusted cloud services//Proceedings of the 21st USENIX Security Symposium. Bellevue, WA, 2012.. 175-188.
  • 4Coker G, Guttman J, et al. Attestation: Evidence and trust//Proceedings of the 10th International Conference on Information and Communications Security (ICICS08). Birmingham, UK, 2008:1-18.
  • 5Coker G, Guttman J, et al. Principles of remote attestation. International Journal of Information Security, 2011, 10(2) .. 63-81.
  • 6Ramsdell J D, Guttman J D, et al. An Analysis of the CAVES Attestation Protocol using CPSA. Bedford: The MITRE Corporation, 2009.
  • 7Doghmi S F, Guttman J D, Thayer F J. Searching for shapes in cryptographic protocols//Proeeedings of the 13th TACAS. LNCS 4424. Berlin: Springer, 2007:523-537.
  • 8Ramsdell J D, Guttman J D. CPSA Primer. Bedford The MITRE Corporation, 2012.
  • 9冯登国,秦宇,汪丹,初晓博.可信计算技术研究[J].计算机研究与发展,2011,48(8):1332-1349. 被引量:116
  • 10Pirker M, Toegl R, Hein D, Danner P. A PrivacyCA for anonymity and trust//Proceedings of the Trust and Trust- worthy Computing(Trust 2009). Oxford, UK, 2009:101-119.

二级参考文献36

共引文献118

同被引文献108

引证文献12

二级引证文献49

计算机学报
2015年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部