计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2014年
10期
72-77
,共6页
赵波%费永康%向騻%李逸帆
趙波%費永康%嚮騻%李逸帆
조파%비영강%향상%리일범
可信计算%可信计算平台%信任链%嵌入式系统%安全启动
可信計算%可信計算平檯%信任鏈%嵌入式繫統%安全啟動
가신계산%가신계산평태%신임련%감입식계통%안전계동
trusted computing%trusted computing platform%trust chain%embedded systems%secure boot
针对目前移动智能平台系统面临的安全威胁,利用可信计算技术解决嵌入式系统的安全问题,是一种可行且高效的安全解决方案。在不改变现有移动设备硬件架构的前提下,提出了一种嵌入式平台系统的安全启动机制,将安全TF卡作为外置可信平台模块,构建了一条从Bootloader到上层应用程序的完整的信任链,该信任链的起点保护在安全TF卡的安全区域内,启动过程中各个组件的度量标准值由安全TF卡中的密钥签名存放。描述了该机制的实现过程,并对其安全性、效率进行了详细的分析测试。实验结果显示,该机制能够抵御针对嵌入式平台的多种攻击,有效保护嵌入式系统安全。
針對目前移動智能平檯繫統麵臨的安全威脅,利用可信計算技術解決嵌入式繫統的安全問題,是一種可行且高效的安全解決方案。在不改變現有移動設備硬件架構的前提下,提齣瞭一種嵌入式平檯繫統的安全啟動機製,將安全TF卡作為外置可信平檯模塊,構建瞭一條從Bootloader到上層應用程序的完整的信任鏈,該信任鏈的起點保護在安全TF卡的安全區域內,啟動過程中各箇組件的度量標準值由安全TF卡中的密鑰籤名存放。描述瞭該機製的實現過程,併對其安全性、效率進行瞭詳細的分析測試。實驗結果顯示,該機製能夠牴禦針對嵌入式平檯的多種攻擊,有效保護嵌入式繫統安全。
침대목전이동지능평태계통면림적안전위협,이용가신계산기술해결감입식계통적안전문제,시일충가행차고효적안전해결방안。재불개변현유이동설비경건가구적전제하,제출료일충감입식평태계통적안전계동궤제,장안전TF잡작위외치가신평태모괴,구건료일조종Bootloader도상층응용정서적완정적신임련,해신임련적기점보호재안전TF잡적안전구역내,계동과정중각개조건적도량표준치유안전TF잡중적밀약첨명존방。묘술료해궤제적실현과정,병대기안전성、효솔진행료상세적분석측시。실험결과현시,해궤제능구저어침대감입식평태적다충공격,유효보호감입식계통안전。
Currently, intelligent mobile platform is facing with a series of security threats. One feasible and effective solu-tion for those threats is leveraging trusted computing technology to guarantee the security of embedded systems. In this paper, a secure boot mechanism for embedded system is designed without changing the existing mobile device hardware architecture. This paper presents a complete trust chain from bootloader to upper-layer applications, in which the security TF card plays a role as external trusted platform. The starting point of the trust chain is stored in the secure area of TF card and the measurement reference value for securely booting is signed by the secret key in security TF card before stored. This paper also describes the implementation of the mechanism and carries out detailed analysis focusing on security and efficiency. The experimental results show that the mechanism can defense a variety of attacks on embedded platform, and effectively protect the security of the embedded system.
