通信技术
通信技術
통신기술
COMMUNICATIONS TECHNOLOGY
2013年
6期
106-110
,共5页
朱贵琼%谭良%陈菊%钟伟瑛
硃貴瓊%譚良%陳菊%鐘偉瑛
주귀경%담량%진국%종위영
可信计算%隐私%直接匿名认证%证明%数据加密
可信計算%隱私%直接匿名認證%證明%數據加密
가신계산%은사%직접닉명인증%증명%수거가밀
trusted computing%privacy%DAA%attestation%data encryption
针对当前可信计算平台身份证明最好的理论解决方案——直接匿名认证(DAA ,Direct Anonymous Attestation)协议中平台隐私数据(,A e )是以明文方式直接存储在平台上很容易受到攻击的问题,基于 TPM 的安全存储功能,提出了平台隐私数据(,A e )的保护方案。该方案根据用户的身份生成隐私数据(,A e )的保护密钥和授权数据,利用 TPM 的安全存储功能对该保护后的隐私数据进行存储,并通过理论分析和实验验证,表明了所提方案在保护隐私数据(,A e )的同时,对直接匿名认证协议的性能影响也不大,增强了 DAA 协议的身份认证可信。
針對噹前可信計算平檯身份證明最好的理論解決方案——直接匿名認證(DAA ,Direct Anonymous Attestation)協議中平檯隱私數據(,A e )是以明文方式直接存儲在平檯上很容易受到攻擊的問題,基于 TPM 的安全存儲功能,提齣瞭平檯隱私數據(,A e )的保護方案。該方案根據用戶的身份生成隱私數據(,A e )的保護密鑰和授權數據,利用 TPM 的安全存儲功能對該保護後的隱私數據進行存儲,併通過理論分析和實驗驗證,錶明瞭所提方案在保護隱私數據(,A e )的同時,對直接匿名認證協議的性能影響也不大,增彊瞭 DAA 協議的身份認證可信。
침대당전가신계산평태신빈증명최호적이론해결방안——직접닉명인증(DAA ,Direct Anonymous Attestation)협의중평태은사수거(,A e )시이명문방식직접존저재평태상흔용역수도공격적문제,기우 TPM 적안전존저공능,제출료평태은사수거(,A e )적보호방안。해방안근거용호적신빈생성은사수거(,A e )적보호밀약화수권수거,이용 TPM 적안전존저공능대해보호후적은사수거진행존저,병통과이론분석화실험험증,표명료소제방안재보호은사수거(,A e )적동시,대직접닉명인증협의적성능영향야불대,증강료 DAA 협의적신빈인증가신。
Aiming at the problem in DAA (Direct Anonymous Attestation), the best theoretical solution for Identity Attestation of TPM (Trusted Platform Module) is suggested. And for the authentication secret— private data ( ,A e )is directly stored in plaintext on the platform, it could be easily attacked or destroyed. Based on the safe storage function of TPM, a protection scheme for platform private data in DAA is proposed. This scheme, in accordance with the protection key and for the user’s identity generation the authority data, could protect the platform private data, and the private data ( ,A e ) is encrypted with the symmetric key of AES, and stored in hard disk. The theoretical analysis and experimental results indicate that the proposed scheme could effectvely protect the private data( ,A e )and enhance the creditability of DAA is identity futhentication.
