Highly-descriptive chain of trust in trusted computing

LONG Yu; WANG Xin; XU Xian; HONG Xuan

doi:10.16511/j.cnki.qhdxxb.2018.25.017

PDF(1599 KB)

Journal of Tsinghua University(Science and Technology) ›› 2018, Vol. 58 ›› Issue (4) : 387-394. DOI: 10.16511/j.cnki.qhdxxb.2018.25.017

COMPUTER SCIENCE AND TECHNOLOGY

Highly-descriptive chain of trust in trusted computing

{{article.zuoZhe_EN}}

Author information +

History +

Abstract

The trusted boot process in trusted computing verifies the next boot module from the root of trust to establish a chain of trust. The classic chain of trust is a simple single-branch tree, but this may not satisfy complete user demands. This paper presents a multi-module chain of trust model based on HIBS (hierarchical identity-based signature) and a multi-pattern chain of trust model based on FIBS (fuzzy identity based signature) that overcome the limitations of single module expectations in a traditional chain so that the user can dynamically choose the module. The two chains of trust models are then combined to improve the results.

Key words

trusted computing / identity based signature / chain of trust

Cite this article

EndNote

Ris (Procite)

Bibtex

Download Citations

LONG Yu, WANG Xin, XU Xian, HONG Xuan. Highly-descriptive chain of trust in trusted computing[J]. Journal of Tsinghua University(Science and Technology). 2018, 58(4): 387-394 https://doi.org/10.16511/j.cnki.qhdxxb.2018.25.017

References

[1] PEARSON S. Trusted computing platforms, the next security solution[M]. London, England:HP Labs, 2002.
[2] 张焕国, 刘玉珍, 余发江, 等. 一种新型嵌入式安全模块[J]. 武汉大学学报:理学版, 2004, 50(A01):7-11. ZHANG H G, LIU Y Z, YU F J, et al. A new type of embedded secure module[J]. Journal of Wuhan University (Natural Science Edition), 2004, 50(A01):7-11. (in Chinese)
[3] 李子臣. 移动互联网时代信息安全新技术展望[J]. 信息通信技术, 2012(6):75-80. LI Z C. The new techniques of information security in mobile network[J]. Journal of Information and Communication, 2012(6):75-80. (in Chinese)
[4] Trusted Computing Group. TCG software stack (TSS) specification, version 1.2[Z/OL]. (2005-02-01). https://www.trustedcomputinggroup.org/.
[5] 秦中元, 胡爱群. 可信计算系统及其研究现状[J]. 计算机工程, 2006, 32(14):111-113. QIN Z Y, HU A Q. Trusted computing system and its current research[J]. Computer Engineering, 2006, 32(14):111-113. (in Chinese)
[6] CHALLENER D, YODER K, CATHERMAN R, et al. A practical guide to trusted computing[M]. London, UK:Pearson Education, 2007.
[7] 沈昌祥, 张焕国, 冯登国, 等. 信息安全综述[J]. 中国科学E辑:信息科学, 2007, 37(2):129-150. SHEN C X, ZHANG H G, FENG D G, et al. The summarization of information security[J]. Science China Ser E:Information Sciences, 2007, 37(2):129-150. (in Chinese)
[8] 刘宏伟, 朱广志. 可信计算平台认证机制研究[J]. 计算机工程, 2006, 32(24):149-151. LIU H W, ZHU G Z. Research on attestation scheme of trusted computation platform[J]. Computer Engineering, 2006, 32(24):149-151. (in Chinese)
[9] 张旻晋, 桂文明, 苏涤生, 等. 从终端到网络的可信计算技术[J]. 信息技术快报, 2006, 4(2):21-34. ZHANG M J, GUI W M, SU D S, et al. The trusted computing techniques from end to network[J]. Information Technology Letter, 2006, 4(2):21-34. (in Chinese)
[10] SHAMIR A. Identity-based cryptosystems and signature schemes[C]//Advances in Cryptology-CRYPTO 1984. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 1985:47-53.
[11] BONEH D, FRANKLIN M. Identity-based encryption from the Weil pairing[C]//Advances in Cryptology-CRYPTO 2001. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 2001:213-229.
[12] GENTRY C, SILVERBERG A. Hierarchical ID-based cryptography[C]//Advances in Cryptology-ASIACRYPT 2002. Queenstown, NZ, USA:Springer Berlin Heidelberg, 2002:548-566.
[13] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Advances in Cryptology-EUROCRYPT 2005. Arhus, DK, USA:Springer Berlin Heidelberg, 2005:457-473.
[14] WANG C J. A provable secure fuzzy identity based signature scheme[J]. Science China Information Sciences, 2012, 55(9):2139-2148.
[15] Trusted Computing Group[Z]. TCG TPM library 2.0, 2014.(2014-10-01). http://www.trustedcomputinggroup.org/tpm-library-specification/.
[16] CAMENISCH J, CHEN L Q, DRIJVERS M, et al. One tpm to bind them all:Fixing tpm2.0 for provably secure anonymous attestation[C]//38th IEEE Symposium on Security and Privacy. San Jose, CA, USA:IEEE, 2017:901-920.
[17] CHEN L Q, LI J. Flexible and scalable digital signatures in tpm 2.0[C]//Proceedings of the 2013 ACMACM Sigsac Conference on Computer and Communications Security. Berlin, Germany:ACM, 2013:37-48.
[18] BRICKELL E, LI J T. A pairing-based daa scheme further reducing TPM resources[C]//Proceedings of the 3rd International Conference on Trust and Trustworthy Computing. Berlin, Germany:Springer Berlin Heidelberg, 2010:181-195.
[19] CHEN L Q, DAN P, SMART P. On the design and implementation of an efficient DAA scheme[C]//Proceedings of the 9th Smart Card Research and Advanced Application IFIP Conference. Passau, Germany:Springer Berlin Heidelberg, 2010:223-237.
[20] CAMENISCH J, LYSYANSKAYA A. Signature schemes and anonymous credentials from bilinear maps[C]//Advances in Cryptology|CRYPTO'04. Santa Barbara, CA, USA:Springer Berlin Heidelberg, 2004:56-72.
[21] SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11):612-613.