Scheme of Trusted Bootstrap Based on General Smart Card
-
摘要: 为了解决传统的操作系统引导机制存在关键验证信息被绕过的风险和引导数据被篡改的安全隐患,基于可信计算理论,结合带光盘文件系统的智能卡技术,提出了基于通用智能卡的可信引导方案. 在不改变智能卡和终端设备的硬件和固件结构的基础上,通过改造智能卡的存储数据和磁盘的引导数据,实现用户身份信息、智能卡和终端设备绑定的安全目标,将可信计算机制从开机加电扩展至应用层,确保操作系统的初始状态可信. 通过安全性分析和性能分析,证明终端设备引导的安全性,并且在实际应用中得到了验证.Abstract: The risk of the key authentication information being bypassed and the potential safety hazard of booting data being tampered with both exist in the booting mechanism of the traditional operating system. Based on the theory of trusted computing, combined with the technology of smart card with CD-ROM file system, a scheme of trusted boot based on general smart card was proposed. Without changing the structure of hardware and firmware of the smart card and terminal device, through the transformation of storage data in the smart card and disk booting data, the security objective of binding the user’s identity information, the smart card and the terminal device were achieved. The trusted computing mechanism was extended from power on to the application layer to ensure that the initial state of operating system was trustworthy. Through the analysis of security and performance, the security of terminal device bootstrap was proven, which has been verified in practical applications.
-
Key words:
- trusted computing /
- trusted root /
- trusted chain /
- trusted measurement /
- security bootstrap
-
表 1 实验阶段
Table 1. Experimental stages
阶段名称 描述 第1阶段 不插入TSC,直接从磁盘引导 第2阶段 插入TSC,各部分安全性良好 第3阶段 插入TSC,破坏磁盘MBR 第4阶段 插入TSC,破坏磁盘MBR和PBR 第5阶段 插入TSC,破坏磁盘MBR、PBR和Boot Loader 
下载: 导出CSV
-
[1] SHEN C X, ZHANG H G, WANG H M, et al.Research and development of trusted computing[J]. China Science: Information Sciences, 2010, 40(2): 139-166. (in Chinese) [2] SHEN C X.Thinking and revelation of cyber space security strategy[J]. Financial Computerizing, 2014(6): 11-13. (in Chinese) [3] TCG. TCG architecture overview[S/OL].[2009-11-05]. http: ∥www. trustedcomputinggroup. org/resources/tcg_architecture_overview_version_14. [4] TCG. TCG PC specific implementation specification [S/OL].[2009-11-05]. http: ∥www. trustedcomputinggr oup. org/developers/pc_client/specifications. [5] 张焕国, 赵波. 可信计算[M]. 武汉: 武汉大学出版社, 2011: 61-69. [6] HUI Z B.The theoretical construction and realization path of state cyberspace security strategy in China[J]. China Soft Science, 2012(5): 22-27. (in Chinese) [7] BAI G D, HAO J A, WU J L, et al.Trust found: towards a formal foundation for model checking trusted computing platforms[J]. Lecture Notes in Computer Science, 2014, 8442: 110-126. [8] 石文昌. 信息系统安全概论[M]. 2版. 北京: 电子工业出版社, 2014: 252-258. [9] WANG C, REN K, LOU W, et al.Toward publicly auditable secure cloud data storage services[J]. IEEE Network, 2010, 24(4): 19-24. [10] TCG. TPM main specification part 1: design principles [S/OL].[2009-11-05]. http: ∥www. trustedcom putinggroup. org/resources/tpm_main_specification. [11] LI H J, TIAN X X.Research of trust chain of operating system[M]. Berlin: Springer, 2009: 96-102. [12] CONG W N, CAO K.Enabling secure and efficient ranked keyword search over outsourced cloud data[J]. IEEE Transactions on Parallel and Distributed Systems, 2012, 23(23): 1467-1479. [13] 邹德清, 羌卫中, 金海. 可信计算技术原理与应用[M]. 北京: 科学出版社, 2011: 64-72. [14] ZAHNG X, HUANG Q, SHEN C X.A formal method based on noninterference for analyzing trust chain of trusted computing platform[J]. Chinese Journal of Computers, 2010, 33(1): 74-81. (in Chinese) [15] 沈昌祥. 信息安全导论[M]. 北京: 电子工业出版社, 2009: 163-165. -
下载:
点击查看大图
图(11) / 表(1)
计量
- 文章访问数: 88
- HTML全文浏览量: 66
- PDF下载量: 0
- 被引次数: 0
京公网安备 11010502036328号 京ICP备17033152号