Highly-descriptive chain of trust in trusted computing

doi:10.16511/j.cnki.qhdxxb.2018.25.017

Download: PDF(1599 KB)
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract The trusted boot process in trusted computing verifies the next boot module from the root of trust to establish a chain of trust. The classic chain of trust is a simple single-branch tree, but this may not satisfy complete user demands. This paper presents a multi-module chain of trust model based on HIBS (hierarchical identity-based signature) and a multi-pattern chain of trust model based on FIBS (fuzzy identity based signature) that overcome the limitations of single module expectations in a traditional chain so that the user can dynamically choose the module. The two chains of trust models are then combined to improve the results.

Keywords trusted computing identity based signature chain of trust

ZTFLH:

TP309.7

Issue Date: 15 April 2018

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	LONG Yu
	WANG Xin
	XU Xian
	HONG Xuan

Cite this article:

LONG Yu,WANG Xin,XU Xian, et al. Highly-descriptive chain of trust in trusted computing[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(4): 387-394.

URL:

http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2018.25.017 OR http://jst.tsinghuajournals.com/EN/Y2018/V58/I4/387

[1] PEARSON S. Trusted computing platforms, the next security solution[M]. London, England:HP Labs, 2002.
[2] 张焕国, 刘玉珍, 余发江, 等. 一种新型嵌入式安全模块[J]. 武汉大学学报:理学版, 2004, 50(A01):7-11. ZHANG H G, LIU Y Z, YU F J, et al. A new type of embedded secure module[J]. Journal of Wuhan University (Natural Science Edition), 2004, 50(A01):7-11. (in Chinese)
[3] 李子臣. 移动互联网时代信息安全新技术展望[J]. 信息通信技术, 2012(6):75-80. LI Z C. The new techniques of information security in mobile network[J]. Journal of Information and Communication, 2012(6):75-80. (in Chinese)
[4] Trusted Computing Group. TCG software stack (TSS) specification, version 1.2[Z/OL]. (2005-02-01). https://www.trustedcomputinggroup.org/.
[5] 秦中元, 胡爱群. 可信计算系统及其研究现状[J]. 计算机工程, 2006, 32(14):111-113. QIN Z Y, HU A Q. Trusted computing system and its current research[J]. Computer Engineering, 2006, 32(14):111-113. (in Chinese)
[6] CHALLENER D, YODER K, CATHERMAN R, et al. A practical guide to trusted computing[M]. London, UK:Pearson Education, 2007.
[7] 沈昌祥, 张焕国, 冯登国, 等. 信息安全综述[J]. 中国科学E辑:信息科学, 2007, 37(2):129-150. SHEN C X, ZHANG H G, FENG D G, et al. The summarization of information security[J]. Science China Ser E:Information Sciences, 2007, 37(2):129-150. (in Chinese)
[8] 刘宏伟, 朱广志. 可信计算平台认证机制研究[J]. 计算机工程, 2006, 32(24):149-151. LIU H W, ZHU G Z. Research on attestation scheme of trusted computation platform[J]. Computer Engineering, 2006, 32(24):149-151. (in Chinese)
[9] 张旻晋, 桂文明, 苏涤生, 等. 从终端到网络的可信计算技术[J]. 信息技术快报, 2006, 4(2):21-34. ZHANG M J, GUI W M, SU D S, et al. The trusted computing techniques from end to network[J]. Information Technology Letter, 2006, 4(2):21-34. (in Chinese)
[10] SHAMIR A. Identity-based cryptosystems and signature schemes[C]//Advances in Cryptology-CRYPTO 1984. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 1985:47-53.
[11] BONEH D, FRANKLIN M. Identity-based encryption from the Weil pairing[C]//Advances in Cryptology-CRYPTO 2001. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 2001:213-229.
[12] GENTRY C, SILVERBERG A. Hierarchical ID-based cryptography[C]//Advances in Cryptology-ASIACRYPT 2002. Queenstown, NZ, USA:Springer Berlin Heidelberg, 2002:548-566.
[13] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Advances in Cryptology-EUROCRYPT 2005. Arhus, DK, USA:Springer Berlin Heidelberg, 2005:457-473.
[14] WANG C J. A provable secure fuzzy identity based signature scheme[J]. Science China Information Sciences, 2012, 55(9):2139-2148.
[15] Trusted Computing Group[Z]. TCG TPM library 2.0, 2014.(2014-10-01). http://www.trustedcomputinggroup.org/tpm-library-specification/.
[16] CAMENISCH J, CHEN L Q, DRIJVERS M, et al. One tpm to bind them all:Fixing tpm2.0 for provably secure anonymous attestation[C]//38th IEEE Symposium on Security and Privacy. San Jose, CA, USA:IEEE, 2017:901-920.
[17] CHEN L Q, LI J. Flexible and scalable digital signatures in tpm 2.0[C]//Proceedings of the 2013 ACMACM Sigsac Conference on Computer and Communications Security. Berlin, Germany:ACM, 2013:37-48.
[18] BRICKELL E, LI J T. A pairing-based daa scheme further reducing TPM resources[C]//Proceedings of the 3rd International Conference on Trust and Trustworthy Computing. Berlin, Germany:Springer Berlin Heidelberg, 2010:181-195.
[19] CHEN L Q, DAN P, SMART P. On the design and implementation of an efficient DAA scheme[C]//Proceedings of the 9th Smart Card Research and Advanced Application IFIP Conference. Passau, Germany:Springer Berlin Heidelberg, 2010:223-237.
[20] CAMENISCH J, LYSYANSKAYA A. Signature schemes and anonymous credentials from bilinear maps[C]//Advances in Cryptology|CRYPTO'04. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 2004:56-72.
[21] SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11):612-613.