Highly-descriptive chain of trust in trusted computing
LONG Yu1, WANG Xin2, XU Xian3, HONG Xuan4
1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China; 2. State key Laboratory of Parallel and Distributed Processing, Department of Computer Science and Engineering, National University of Defense Technology, Changsha 410073, China; 3. Department of Computer Science and Engineering, East China University of Science and Technology, Shanghai 200237, China; 4. Department of Computer Science, Shanghai Normal University, Shanghai 200234, China
Abstract:The trusted boot process in trusted computing verifies the next boot module from the root of trust to establish a chain of trust. The classic chain of trust is a simple single-branch tree, but this may not satisfy complete user demands. This paper presents a multi-module chain of trust model based on HIBS (hierarchical identity-based signature) and a multi-pattern chain of trust model based on FIBS (fuzzy identity based signature) that overcome the limitations of single module expectations in a traditional chain so that the user can dynamically choose the module. The two chains of trust models are then combined to improve the results.
龙宇, 王辛, 徐贤, 洪璇. 具有高表达能力的新型可信计算信任链的设计[J]. 清华大学学报(自然科学版), 2018, 58(4): 387-394.
LONG Yu, WANG Xin, XU Xian, HONG Xuan. Highly-descriptive chain of trust in trusted computing. Journal of Tsinghua University(Science and Technology), 2018, 58(4): 387-394.
[1] PEARSON S. Trusted computing platforms, the next security solution[M]. London, England:HP Labs, 2002. [2] 张焕国, 刘玉珍, 余发江, 等. 一种新型嵌入式安全模块[J]. 武汉大学学报:理学版, 2004, 50(A01):7-11. ZHANG H G, LIU Y Z, YU F J, et al. A new type of embedded secure module[J]. Journal of Wuhan University (Natural Science Edition), 2004, 50(A01):7-11. (in Chinese) [3] 李子臣. 移动互联网时代信息安全新技术展望[J]. 信息通信技术, 2012(6):75-80. LI Z C. The new techniques of information security in mobile network[J]. Journal of Information and Communication, 2012(6):75-80. (in Chinese) [4] Trusted Computing Group. TCG software stack (TSS) specification, version 1.2[Z/OL]. (2005-02-01). https://www.trustedcomputinggroup.org/. [5] 秦中元, 胡爱群. 可信计算系统及其研究现状[J]. 计算机工程, 2006, 32(14):111-113. QIN Z Y, HU A Q. Trusted computing system and its current research[J]. Computer Engineering, 2006, 32(14):111-113. (in Chinese) [6] CHALLENER D, YODER K, CATHERMAN R, et al. A practical guide to trusted computing[M]. London, UK:Pearson Education, 2007. [7] 沈昌祥, 张焕国, 冯登国, 等. 信息安全综述[J]. 中国科学E辑:信息科学, 2007, 37(2):129-150. SHEN C X, ZHANG H G, FENG D G, et al. The summarization of information security[J]. Science China Ser E:Information Sciences, 2007, 37(2):129-150. (in Chinese) [8] 刘宏伟, 朱广志. 可信计算平台认证机制研究[J]. 计算机工程, 2006, 32(24):149-151. LIU H W, ZHU G Z. Research on attestation scheme of trusted computation platform[J]. Computer Engineering, 2006, 32(24):149-151. (in Chinese) [9] 张旻晋, 桂文明, 苏涤生, 等. 从终端到网络的可信计算技术[J]. 信息技术快报, 2006, 4(2):21-34. ZHANG M J, GUI W M, SU D S, et al. The trusted computing techniques from end to network[J]. Information Technology Letter, 2006, 4(2):21-34. (in Chinese) [10] SHAMIR A. Identity-based cryptosystems and signature schemes[C]//Advances in Cryptology-CRYPTO 1984. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 1985:47-53. [11] BONEH D, FRANKLIN M. Identity-based encryption from the Weil pairing[C]//Advances in Cryptology-CRYPTO 2001. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 2001:213-229. [12] GENTRY C, SILVERBERG A. Hierarchical ID-based cryptography[C]//Advances in Cryptology-ASIACRYPT 2002. Queenstown, NZ, USA:Springer Berlin Heidelberg, 2002:548-566. [13] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Advances in Cryptology-EUROCRYPT 2005. Arhus, DK, USA:Springer Berlin Heidelberg, 2005:457-473. [14] WANG C J. A provable secure fuzzy identity based signature scheme[J]. Science China Information Sciences, 2012, 55(9):2139-2148. [15] Trusted Computing Group[Z]. TCG TPM library 2.0, 2014.(2014-10-01). http://www.trustedcomputinggroup.org/tpm-library-specification/. [16] CAMENISCH J, CHEN L Q, DRIJVERS M, et al. One tpm to bind them all:Fixing tpm2.0 for provably secure anonymous attestation[C]//38th IEEE Symposium on Security and Privacy. San Jose, CA, USA:IEEE, 2017:901-920. [17] CHEN L Q, LI J. Flexible and scalable digital signatures in tpm 2.0[C]//Proceedings of the 2013 ACMACM Sigsac Conference on Computer and Communications Security. Berlin, Germany:ACM, 2013:37-48. [18] BRICKELL E, LI J T. A pairing-based daa scheme further reducing TPM resources[C]//Proceedings of the 3rd International Conference on Trust and Trustworthy Computing. Berlin, Germany:Springer Berlin Heidelberg, 2010:181-195. [19] CHEN L Q, DAN P, SMART P. On the design and implementation of an efficient DAA scheme[C]//Proceedings of the 9th Smart Card Research and Advanced Application IFIP Conference. Passau, Germany:Springer Berlin Heidelberg, 2010:223-237. [20] CAMENISCH J, LYSYANSKAYA A. Signature schemes and anonymous credentials from bilinear maps[C]//Advances in Cryptology|CRYPTO'04. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 2004:56-72. [21] SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11):612-613.