Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2020, Vol. 60 Issue (6): 464-473    DOI: 10.16511/j.cnki.qhdxxb.2020.26.007
  专题:可信计算与信息安全 本期目录 | 过刊浏览 | 高级检索 |
余发江, 陈宇驰, 张焕国
武汉大学 国家网络安全学院, 空天信息安全与可信计算教育部重点实验室, 武汉 430072
Dynamic key management with individual key revocation for TPM
YU Fajiang, CHEN Yuchi, ZHANG Huanguo
Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
全文: PDF(8115 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 可信平台模块(TPM)的内部存储空间很小,密钥大多以加密的形式存储在模块外部,因此需要一种可以单独撤销某一存储在模块外部密钥的方法。该文通过使用变色龙散列函数,提出了一种具备撤销单一外部密钥功能的动态密钥管理方法。该方法构建了一个动态密钥管理树,将密钥存储在叶节点中。基于TPM保存的私钥,可以在不影响其他密钥的情况下添加新密钥、更新和撤销旧密钥。动态密钥管理树中每一层最左侧的节点存储在TPM内部,其余节点存储在外部,更新和撤销密钥时,只需遍历从密钥叶节点到密钥子树根节点的路径,因此该方法的内部存储开销和时间开销和密钥总数量呈对数关系。动态密钥管理方法能很好地兼容现有的TPM应用程序,同时也可以应用在其他嵌入式密码模块中。
E-mail Alert
关键词 可信平台模块(TPM)密钥管理密钥撤销    
Abstract:The trusted platform module (TPM) has limited internal memory, so most keys must be saved outside the TPM and such systems require a mechanism to revoke individual keys saved outside the module. A dynamic key management mechanism with a dynamic key management tree and a chameleon hash function was developed to store application keys in leaf nodes. TPM then uses a secret key to append new keys and update or revoke old keys without modifying any other keys. Only the leftmost node of each level in the tree is stored inside the TPM with the others all stored outside. When updating or revoking an old key, TPM traverses all the nodes on the path from the corresponding leaf node to the node stored inside the TPM. The required internal memory size for key updates or revocation with this scheme is a logarithmic function of the total number of keys, which is much more efficient than previous schemes. This dynamic key management mechanism is compatible with existing applications and can be adapted to any embedded crypto-module.
Key wordstrusted platform module (TPM)    key management    key revocation
收稿日期: 2019-09-27      出版日期: 2020-04-27
余发江, 陈宇驰, 张焕国. 具备撤销单一密钥功能的TPM动态密钥管理机制[J]. 清华大学学报(自然科学版), 2020, 60(6): 464-473.
YU Fajiang, CHEN Yuchi, ZHANG Huanguo. Dynamic key management with individual key revocation for TPM. Journal of Tsinghua University(Science and Technology), 2020, 60(6): 464-473.
链接本文:  或
[1] Trust Computing Group (TCG). TPM main part 1 design principles specification version 1.2:Revision 116[S]. Beaverton:TCG, 2011.
[2] Trusted Computing Group (TCG). Trusted platform module library part 4:Supporting routines:Family "2.0" level 00 revision 01.38[S]. Beaverton:TCG, 2016.
[3] SHAO J X, QIN Y, FENG D G. Formal analysis of HMAC authorisation in the TPM2.0 specification[J]. IET Information Security, 2018, 12(2):133-140.
[4] HAN S, SHIN W, PARK J H, et al. A bad dream:Subverting trusted platform module while you are sleeping[C]//Proceedings of the 27th USENIX Security Symposium. Baltimore, USA:USENIX Association, 2018:1229-1246.
[5] HAO F, CLARKE D, ZORZO A F. Deleting secret data with public verifiability[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 13(6):617-629.
[6] CORTIER V, STEEL G, WIEDLING C. Revoke and let live:A secure key revocation API for cryptographic devices[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security. Raleigh, USA:ACM, 2012:918-928.
[7] CORTIER V, STEEL G. A generic security API for symmetric key management on cryptographic devices[C]//Proceedings of the 14th European Symposium on Research in Computer Security. Saint-Malo, France:Springer, 2009:605-620.
[8] LIU C, KHOUZANI H A, YANG C M. ErasuCrypto:A light-weight secure data deletion scheme for solid state drives[J]. Proceedings on Privacy Enhancing Technologies, 2016, 2017(1):132-148.
[9] KATZENBEISSER S, KURSAWE K, STUMPF F. Revocation of TPM keys[C]//Proceedings of the Second International Conference on Trusted Computing. Oxford, UK:Springer, 2009:120-132.
[10] KRAWCZYK H, RABIN T. Chameleon signatures[C]//Proceedings of the Network and Distributed Systems Security Symposium (NDSS 2000). San Diego, USA:NDSS, 2000:143-154.
[11] SCHÖDER D, SIMKIN M. VeriStream:A framework for verifiable data streaming[C]//Proceedings of the 19th International Conference on Financial Cryptography and Data Security. San Juan, Puerto Rico:Springer, 2015:548-566.
[12] SCHROEDER D, SCHROEDER H. Verifiable data streaming[C]//Proceedings of 2012 ACM Conference on Computer and Communications Security. Raleigh, USA:ACM, 2012:953-964.
[13] SHAMIR A, TAUMAN Y. Improved online/offline signature schemes[C]//Proceedings of the 21st Annual International Cryptology Conference. Santa Barbara, USA:Springer, 2001:355-367.
[14] BARKER E B, BARKER W C, BURR W E, et al. Recommendation for key management-part 1:General[S]. Gaithersburg:NIST, 2007.
[15] ASHLEY, DEBORA, WILSON G, et al. TrouSerS:An open-source TCG software stack implementation[EB/OL].[2019-06-10].
No related articles found!
Full text



版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持