摘要
终端的可信启动过程是可信计算的关键问题之一。在分析统一可扩展固件接口(UEFI)启动过程和驱动模型的基础上,根据UEFI以及操作系统启动过程中可能面临的安全威胁,提出基于USB Key可信启动方案。在完成UEFI下USB Key的驱动程序以及相关应用程序的基础上,完成完整性度量和完整性验证、数据加解密和身份认证等相关操作,实现基于USB Key的可信启动过程和身份认证过程。实验结果表明,该方案能够快速有效地保证计算机终端在启动过程中不被篡改和用户的合法性。
The trusted boot of Terminal is one of the key concern in trusted computing. Based on the analysis of the United Extensible Firmware Interface( UEFI) and the security requirement in UEFI execution or OS booting,a trusted boot scheme based on USB Key is proposed. With the USB Key driver and related applications in UEFI completed,the integrity measurement and verification,data encryption and decryption,identity authentication are completed,and thus the trusted boot scheme based on USB Key can be achieved. The experimental results show that the scheme can effectively enable trusted boot of computer terminals and user identification.
出处
《信息工程大学学报》
2016年第2期212-217,共6页
Journal of Information Engineering University
基金
国家科技重大专项资助(2013JH00103-04)
数学工程与先进计算国家重点实验室开放课题资助(2013A11)
