摘要
针对嵌入式设备上用户隐私数据缺乏加密保护问题,提出一种TrustZone架构下的密钥管理机制。结合PUF技术与用户PIN码生成与设备、用户双关联的用户密钥,保护用户隐私数据的机密性和完整性;同时设计了一种适用于公用嵌入式设备的多用户数据保护场景,提供多用户密钥的生成、存储、更新和销毁方法。最后,描述了基于TrustZone密钥管理模块的实现方法,并进行安全性分析与效率测试,实验表明,该机制具有很好的安全性和密钥管理效率。
Aiming at the lack of encryption protection for user privacy data on embedded devices,a key management mechanism is proposed in TrustZone architecture. Combined with Physical Unclonable Function(PUF) technology and the user's PIN to generate the user key related to both device and user,the confidentiality and integrity of privacy data is protected. Meanwhile,a relatively thorough key management mechanism is designed formutli-user data protection scene in public embedded device to realize key generation,storage,update and destroy. Finally,this multi-user key management moduleisgiven and realizedin TrustZone. And its security and efficiencyis analyzed by experiments. The experiment result show that the mechanism is reliable secure and has high key management efficiency.
作者
崔晓煜
赵波
樊佩茹
肖钰
CUI Xiao-yu ZHAO Bo FAN Pei-ru XIAO Yu(Computer School, Wuhan University, Wuhan 430072, Hubei, China Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, Wuhan University, Wuhan 430072, Hubei, China)
出处
《山东大学学报(理学版)》
CAS
CSCD
北大核心
2017年第6期92-98,共7页
Journal of Shandong University(Natural Science)
基金
国家高技术研究发展计划(863计划)(2015AA016002)
国家重点基础研究发展规划项目计划(2014CB340600)
江苏省自然科学基金青年基金(BK20130372)
