可信平台模块(TPM)的内部存储空间很小,密钥大多以加密的形式存储在模块外部,因此需要一种可以单独撤销某一存储在模块外部密钥的方法。该文通过使用变色龙散列函数,提出了一种具备撤销单一外部密钥功能的动态密钥管理方法。该方法构建了一个动态密钥管理树,将密钥存储在叶节点中。基于TPM保存的私钥,可以在不影响其他密钥的情况下添加新密钥、更新和撤销旧密钥。动态密钥管理树中每一层最左侧的节点存储在TPM内部,其余节点存储在外部,更新和撤销密钥时,只需遍历从密钥叶节点到密钥子树根节点的路径,因此该方法的内部存储开销和时间开销和密钥总数量呈对数关系。动态密钥管理方法能很好地兼容现有的TPM应用程序,同时也可以应用在其他嵌入式密码模块中。
The trusted platform module (TPM) has limited internal memory, so most keys must be saved outside the TPM and such systems require a mechanism to revoke individual keys saved outside the module. A dynamic key management mechanism with a dynamic key management tree and a chameleon hash function was developed to store application keys in leaf nodes. TPM then uses a secret key to append new keys and update or revoke old keys without modifying any other keys. Only the leftmost node of each level in the tree is stored inside the TPM with the others all stored outside. When updating or revoking an old key, TPM traverses all the nodes on the path from the corresponding leaf node to the node stored inside the TPM. The required internal memory size for key updates or revocation with this scheme is a logarithmic function of the total number of keys, which is much more efficient than previous schemes. This dynamic key management mechanism is compatible with existing applications and can be adapted to any embedded crypto-module.
[1] Trust Computing Group (TCG). TPM main part 1 design principles specification version 1.2:Revision 116[S]. Beaverton:TCG, 2011.
[2] Trusted Computing Group (TCG). Trusted platform module library part 4:Supporting routines:Family "2.0" level 00 revision 01.38[S]. Beaverton:TCG, 2016.
[3] SHAO J X, QIN Y, FENG D G. Formal analysis of HMAC authorisation in the TPM2.0 specification[J]. IET Information Security, 2018, 12(2):133-140.
[4] HAN S, SHIN W, PARK J H, et al. A bad dream:Subverting trusted platform module while you are sleeping[C]//Proceedings of the 27th USENIX Security Symposium. Baltimore, USA:USENIX Association, 2018:1229-1246.
[5] HAO F, CLARKE D, ZORZO A F. Deleting secret data with public verifiability[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 13(6):617-629.
[6] CORTIER V, STEEL G, WIEDLING C. Revoke and let live:A secure key revocation API for cryptographic devices[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security. Raleigh, USA:ACM, 2012:918-928.
[7] CORTIER V, STEEL G. A generic security API for symmetric key management on cryptographic devices[C]//Proceedings of the 14th European Symposium on Research in Computer Security. Saint-Malo, France:Springer, 2009:605-620.
[8] LIU C, KHOUZANI H A, YANG C M. ErasuCrypto:A light-weight secure data deletion scheme for solid state drives[J]. Proceedings on Privacy Enhancing Technologies, 2016, 2017(1):132-148.
[9] KATZENBEISSER S, KURSAWE K, STUMPF F. Revocation of TPM keys[C]//Proceedings of the Second International Conference on Trusted Computing. Oxford, UK:Springer, 2009:120-132.
[10] KRAWCZYK H, RABIN T. Chameleon signatures[C]//Proceedings of the Network and Distributed Systems Security Symposium (NDSS 2000). San Diego, USA:NDSS, 2000:143-154.
[11] SCHÖDER D, SIMKIN M. VeriStream:A framework for verifiable data streaming[C]//Proceedings of the 19th International Conference on Financial Cryptography and Data Security. San Juan, Puerto Rico:Springer, 2015:548-566.
[12] SCHROEDER D, SCHROEDER H. Verifiable data streaming[C]//Proceedings of 2012 ACM Conference on Computer and Communications Security. Raleigh, USA:ACM, 2012:953-964.
[13] SHAMIR A, TAUMAN Y. Improved online/offline signature schemes[C]//Proceedings of the 21st Annual International Cryptology Conference. Santa Barbara, USA:Springer, 2001:355-367.
[14] BARKER E B, BARKER W C, BURR W E, et al. Recommendation for key management-part 1:General[S]. Gaithersburg:NIST, 2007.
[15] ASHLEY, DEBORA, WILSON G, et al. TrouSerS:An open-source TCG software stack implementation[EB/OL].[2019-06-10]. https://sourceforge.net/projects/trousers.
