Distributed Trusted Measurement Method Based on VTCM

doi:10.19678/j.issn.1000-3428.0056142

Abstract

Abstract: In order to realize the safe start-up of multiple cooperative embedded computers,it is necessary to embed trusted computing module in each computer,but this will bring large energy consumption and management overhead to resource-constrained embedded system.To address the problem,this paper proposes a distributed trusted measurement method combining Trusted Cryptography Module(TCM) and Virtual Trusted Cryptography Module(VTCM).The embedded computer with TCM module installed is used as the trusted base,and the VTCM and TCM module are run on other computers to verify the configuration information to complete the distributed trusted measurement,so as to realize the trusted extension in the work domain.Experimental results show that the method meets the requirements of confidentiality and integrity in the trusted start-up process of embedded computer,and has the feasibility of secure parallel start-up in embedded environment.

Key words: trusted computing, embedded computer, Trusted Cryptography Module(TCM), Virtual Trusted Cryptography Module(VTCM), distributed trusted measurement

摘要： 为实现多台协同工作的嵌入式计算机安全启动，需在每台计算机内嵌入可信计算模块，但会给资源受限的嵌入式系统带来较大的能耗与管理开销。为此，提出一种结合可信密码模块（TCM）和虚拟可信密码模块（VTCM）的分布式可信度量方法。将已安装TCM模块的嵌入式计算机作为可信基础，在其他计算机上运行VTCM与TCM模块验证配置信息以完成分布式可信度量，从而实现工作域内可信扩展。实验结果表明，该方法满足嵌入式计算机可信启动过程中的机密性和完整性要求，在嵌入式环境下具有安全并行启动的可行性。

关键词: 可信计算, 嵌入式计算机, 可信密码模块, 虚拟可信密码模块, 分布式可信度量

CLC Number:

TP309

HE Wangyu, WANG Zhonghua, LI Yahui. Distributed Trusted Measurement Method Based on VTCM[J]. Computer Engineering, 2020, 46(8): 223-227,234.

何旺宇, 王中华, 李亚晖. 基于VTCM的分布式可信度量方法[J]. 计算机工程, 2020, 46(8): 223-227,234.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0056142

http://www.ecice06.com/EN/Y2020/V46/I8/223

Figures/Tables 5

References

[1] CHEN Shijie.Embedded system security design based on trusted computing technology[D].Chengdu:University of Electronic Science and Technology of China,2018.(in Chinese) 陈世杰.基于可信计算技术的嵌入式系统安全性设计[D].成都:电子科技大学,2018.
[2] YANG Ziyi,LI Yahui,WANG Zhonghua.High security protection system based on airborne embeded trusted computing platform[J].Aeronautical Computing Technique,2018,48(5):174-177.(in Chinese) 杨子怡,李亚晖,王中华.基于机载嵌入式可信计算平台的高安全防护系统[J].航空计算技术,2018,48(5):174-177.
[3] MAENE P,GOTZFRIED J,CLERCQ R D,et al.Hardware-based trusted computing architectures for isolation and attestation[J].IEEE Transactions on Computers,2018,67(3):361-374.
[4] HAN Lei,LIU Jiqiang,HAN Zhen,et al.Design and implementation of a portable TPM scheme for general purpose trusted computing based on EFI[J].Frontiers of Computer Science in China,2011,5(2):169-180.
[5] SHEN Changxiang,ZHANG Huanguo,WANG Huaimin,et al.Research and development of trusted computing[J].Scientia Sinica Informationis,2010,2(2):139-166.(in Chinese) 沈昌祥,张焕国,王怀民,等.可信计算的研究与发展[J].中国科学:信息科学,2010,2(2):139-166.
[6] ZHANG Huanguo,LI Jing,PAN Danling,et al.Trusted platform module in embedded system[J].Journal of Computer Research and Development,2011,48(7):1269-1278.(in Chinese) 张焕国,李晶,潘丹铃,等.嵌入式系统可信平台模块研究[J].计算机研究与发展,2011,48(7):1269-1278.
[7] WANG Bo,LI Bo,GAO Zhentie,et al.Embedded trusted computing platform based on TPM[J].Microcontrollers and Embedded Systems,2011,11(1):13-16.(in Chinese) 王博,李波,高振铁,等.基于TPM的嵌入式可信计算平台设计[J].单片机与嵌入式系统应用,2011,11(1):13-16.
[8] KHALID O,ROLFES C,IBING A.On implementing trusted boot for embedded systems[C]//Proceedings of 2013 IEEE International Symposium on Hardware Oriented Security and Trust.Washington D.C.,USA:IEEE Press,2013:75-80.
[9] XU Mingdi,YANG Lianjia.Research on trusted computing technology in embedded real-time operationsystem[J].Computer Engineering,2014,40(1):130-133.(in Chinese) 徐明迪,杨连嘉.嵌入式实时操作系统可信计算技术研究[J].计算机工程,2014,40(1):130-133.
[10] GUO Yu.AIK management in TPM[J].China Information Security,2006,28(4):76-78.(in Chinese) 郭煜.TPM中身份证明密钥的管理[J].信息安全与通信保密,2006,28(4):76-78.
[11] AARAJ N,RAGHUNATHAN A,JHA N K.Analysis and design of a hardware/software trusted platform module for embedded systems[J].ACM Transactions on Embedded Computing Systems,2008,8(1):1-31.
[12] WANG Tianshu,ZHANG Gongxuan,YANG Xichen,et al.Design and implementation of embedded systems trusted initiated mechanism[J].Computer Measurement and Control,2015,23(4):1364-1370.(in Chinese) 王天舒,张功萱,杨曦晨,等.嵌入式系统可信启动机制设计与实现[J].计算机测量与控制,2015,23(4):1364-1370.
[13] YANG Xuejiao,RUAN Junzhou,CUI Lizhen.Design and implementation of trusted computing platform based on VxWorks embedded operating system[J].Radio Engineering of China,2015,45(12):6-9.(in Chinese) 杨雪娇,阮军洲,崔丽珍.VxWorks嵌入式系统可信平台的设计与实现[J].无线电工程,2015,45(12):6-9.
[14] KONG Xiangying.Key technology research of trusted computing environment for embedded system[D].Nanjing:Nanjing University of Aeronautics and Astronautics,2015.(in Chinese) 孔祥营.嵌入式系统可信计算环境构建关键技术研究[D].南京:南京航空航天大学,2015.
[15] YI Ping,ZHUANG Yi.Design and implementation of embedded trusted platform based on Loongson processor[J].Computer Technology and Development,2018,28(5):112-116.(in Chinese)易平,庄毅.基于龙芯处理器的嵌入式可信解决方法[J].计算机技术与发展,2018,28(5):112-116.
[16] ALWOSABI A,SHUKUR Z.Proposed system architecture for intreity verification of embedded systems[J].Journal of Engineering and Applied Sciences,2017,12(9):2371-2376.
[17] SADEGHI A R,STÜBLE C.Towards multilaterally secure computing platforms with open source and trusted computing[J].Information Security Technical Report,2005,10(2):83-95.
[18] WANG Yinchuan,YANG Lin,SUN Weifeng.Research on Xen implementation of IBM vTPM[J].Journal of Military Communications Technology,2010,31(3):69-73.(in Chinese)王因传,杨林,孙伟峰.IBM vTPM的Xen实现研究[J].军事通信技术,2010,31(3):69-73.
[19] PAN Wangyang.Research on dynamic integrity measurement model of Xen virtual machine based on vTPM[D].Baoding:Hebei University,2017.(in Chinese)潘汪洋.基于vTPM的Xen虚拟机动态完整性度量模型研究[D].保定:河北大学,2017.
[20] TRUSTED COMPUTING GROUP.TPM main part 1 design specification[EB/OL].[2019-08-12].https://trustedcomputinggroup.org/resource/tpm-main-specification/.
[21] ZHANG Xun.Research of embedded trusted platform module[D].Xi'an:Xidian University,2014.(in Chinese)张洵.可信嵌入式TPM技术研究[D].西安:西安电子科技大学,2014.
[22] WANG Huifang,GUO Jingeng.BAN logic analysis of SSL3.0 protocol[J].Computer Engineering,2001,27(11):147-149.(in Chinese)王惠芳,郭金庚.用BAN逻辑方法分析SSL3.0协议[J].计算机工程,2001,27(11):147-149.

Please choose a citation manager

Content to export