计算机工程
計算機工程
계산궤공정
COMPUTER ENGINEERING
2014年
5期
99-102
,共4页
可信计算%远程证明%组签名%Merkle Hash树%隐私保护%可伸缩性
可信計算%遠程證明%組籤名%Merkle Hash樹%隱私保護%可伸縮性
가신계산%원정증명%조첨명%Merkle Hash수%은사보호%가신축성
trusted computing%remote attestation%group signature%Merkle Hash tree%privacy protection%scalability
针对远程证明效率低、隐私保护能力及可伸缩性差的问题,提出一种基于可动态调整的非平衡Merkle哈希树的平台配置远程证明机制。借鉴Merkle哈希树远程证明方案,考虑可信实体完整性度量值被请求的概率,综合利用组签名技术和动态Huffman树构造算法的优势,不仅能大幅减少可信实体度量日志的存储空间,屏蔽具体的可信实体的哈希值,而且缩短认证路径长度。给出具体的软件分发算法、完整性度量和验证算法,并从验证效率、隐私保护和可伸缩性3个方面分析算法的优势。分析结果表明,该机制可提高远程证明算法的效率、隐私保护能力及可伸缩性。
針對遠程證明效率低、隱私保護能力及可伸縮性差的問題,提齣一種基于可動態調整的非平衡Merkle哈希樹的平檯配置遠程證明機製。藉鑒Merkle哈希樹遠程證明方案,攷慮可信實體完整性度量值被請求的概率,綜閤利用組籤名技術和動態Huffman樹構造算法的優勢,不僅能大幅減少可信實體度量日誌的存儲空間,屏蔽具體的可信實體的哈希值,而且縮短認證路徑長度。給齣具體的軟件分髮算法、完整性度量和驗證算法,併從驗證效率、隱私保護和可伸縮性3箇方麵分析算法的優勢。分析結果錶明,該機製可提高遠程證明算法的效率、隱私保護能力及可伸縮性。
침대원정증명효솔저、은사보호능력급가신축성차적문제,제출일충기우가동태조정적비평형Merkle합희수적평태배치원정증명궤제。차감Merkle합희수원정증명방안,고필가신실체완정성도량치피청구적개솔,종합이용조첨명기술화동태Huffman수구조산법적우세,불부능대폭감소가신실체도량일지적존저공간,병폐구체적가신실체적합희치,이차축단인증로경장도。급출구체적연건분발산법、완정성도량화험증산법,병종험증효솔、은사보호화가신축성3개방면분석산법적우세。분석결과표명,해궤제가제고원정증명산법적효솔、은사보호능력급가신축성。
In order to improve efficiency, privacy protecting and scalability of remote attestation, a new method to measure the integrity of trusted entities is proposed. The method based on Remote Attestation based on Merkle Hash Tree(RAMT) takes the frequency of trusted entities into account. It leverages multiple techniques including group signatures and dynamic Huffman algorithms. Thus, it reduces dramatically storage space to store measurement log of executables and hides information of specific software and cuts down a length of the path of verification. These algorithms including software distribution, integrity measurement and verification are given and their advantages are described from three aspects including verification efficiency, privacy protection and scalability. Analysis shows the ability of the protection privacy is enhanced. The efficiency and the scalability of the remote attestation are improved highly.