计算机科学 ›› 2018, Vol. 45 ›› Issue (4): 148-151.doi: 10.11896/j.issn.1002-137X.2018.04.024

• 信息安全 • 上一篇    下一篇

一种基于局部性原理的远程验证机制

夏庆勋,庄毅   

  1. 南京航空航天大学计算机科学与技术学院 南京211106,南京航空航天大学计算机科学与技术学院 南京211106
  • 出版日期:2018-04-15 发布日期:2018-05-11
  • 基金资助:
    本文受国家自然科学基金(61572253),航空科学基金(2016ZC52030)资助

Remote Attestation Mechanism Based on Locality Principle

XIA Qing-xun and ZHUANG Yi   

  • Online:2018-04-15 Published:2018-05-11

摘要: 为了提高嵌入式平台配置远程证明方案的效率,在基于Merkle哈希树存储结构的基础上,结合程序的局部性原理,考虑平台下程序验证的时间特性,对存储程序模块完整性度量值的数据结构进行了改进,提出了一种基于局部性原理的远程验证机制。实验分析表明,新的机制可以减少构造存储度量日志的时间消耗,缩短应用程序实时认证路径的长度,提高平台配置远程证明的验证效率。

关键词: 可信计算,远程证明,Merkle哈希树,局部性原理

Abstract: In order to improve the efficiency of the remote configuration attestation scheme,combining the locality principle of the program with the storage structure of Merkle Hash tree,the data structure used to store the Hash values of the program module integrity was improved,and a remote proof mechanism based on locality principle was proposed.Experiments show that the new mechanism can improve the efficiency of the remote configuration attestation by redu-cing the consumption of constructing stored measurement logs and shortening the length of authentication paths.

Key words: Trusted computing,Remote attestation,Merkle Hash tree,Locality principle

[1] Trusted Computing Group(TCG).http://www.trustedcomputinggroup.org.
[2] ASOKAN N,EKBERG J E,KOSTIAINEN K,et al.MobileTrusted Computing[J].Proceedings of the IEEE,2014,102(8):1189-1206.
[3] FUGINI M G,BREVEGLIERI L,PELOSI G,et al.TrustedComputing for Embedded Systems.http://rd.spring.com/content/pdf/bfm%3A978-3-319-09420-5%2F1.pdf.
[4] MU Y.Zhong Guan Cun Trusted Computing Industry Alliancewas Established[J].Information Security and Communications Privacy,2014(5):16.(in Chinese) 木易.中关村可信计算产业联盟成立[J].信息安全与通信保密,2014(5):16.
[5] SONG X L,ZHANG L H,CHEN D Y.Preventing Hypervisor-based Rootkit with Trusted Execution Technology[J].Information Security & Communications Privacy,2009,7:76-81.
[6] YU A,ZHAO S.Enhancing Flexibility of TCG’s TNC through Layered Property Attestation[C]∥IEEE International Confe-rence on Trust,Security and Privacy in Computing and Communications.IEEE Computer Society,2011:751-756.
[7] ARTHUR W,CHALLENER D,GOLDMAN K.Platform Configuration Registers[M]∥A Practical Guide to TPM 2.0.Apress,,Berkeley,CA,2015.
[8] SAILER R,ZHANG X,JAEGER T,et al.Design and imple-mentation of a TCG-based integrity measurement architecture[C]∥Usenix Security Symposium.San Diego,CA,USA,2004:16-16.
[9] JAEGER T,SAILER R,SHANKAR U.PRIMA:policy-reduced integrity measurement architecture[C]∥SACMAT 2006,ACM Symposium on Access Control MODELS and Technologies.Lake Tahoe,California,USA,2006:19-28.
[10] CAMENISCH J,CHEN L,DrRJVERS M,et al.One TPM to Bind Them All:Fixing TPM 2.0 for Provably Secure Anonymous Attestation[C]∥Security and Privacy.IEEE,2017:901-920.
[11] XU Z Y,HE Y P,DENG L L.Efficient Remote AttestationMechanism with Privacy Protection[J].Journal of Software,2011,22(2):339-352.(in Chinese) 徐梓耀,贺也平,邓灵莉.一种保护隐私的高效远程验证机制[J].软件学报,2011,22(2):339-352.
[12] ZHU Y,LI Q B,ZHONG C L,et al.Non-balanced Binary Hash-tree Model for Fine-grained Integrity Measurement[J].Journal of Chinese Computer Systems,2014,35(7):1604-1609.(in Chinese) 朱毅,李清宝,钟春丽,等.用于细粒度完整性度量的非平衡二叉哈希树模型[J].小型微型计算机系统,2014,35(7):1604-1609.
[13] FU D,PENG X,YANG Y.Unbalanced tree-formed verification data for trusted platforms[J].Security & Communication Networks,2016,9(7):622-633.
[14] DENNING P J.The Locality Principle[J].Communications of the Acm,2005,48(7):19-24.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!