一种基于TPM匿名证书的信任协商方案

ISSN100021239PCN1121777PTPJournalofComputerResearchandDevelopment45(8):127921289,2008:2007-03-29;:2007-12-19:(60673121);(2006aa010201,2007aa010601).TPM1,2,311,21(100083)2(100190)3(100049)(szg@ercist.iscas.ac.cn)AScenarioofTrustNegotiationBasedonTPMAnonymousCredentialsShiZhiguo1,2,3,HeYeping1,andZhangHong1,21(SchoolofInformationEngineering,UniversityofScienceandTechnology,Beijing100083)2(NationalEngineeringCenterforFundamentalSoftware,InstituteofSoftware,ChineseAcademyofSciences,Beijing100190)3(GraduateUniversityofChineseAcademyofSciences,Beijing100049)AbstractAneffectivesensitiveinformationprotectionmechanismintrustnegotiationisneededtopromotesharingandcollaborationbetweensecuritydomainsindistributednetworkcomputing.TCGisanindustrystandardizationbodythataimstodevelopandpromoteanopenindustrystandardfortrustedcomputinghardwareandsoftwarebuildingblockstoenablemoresecuredatastorage,onlinebusinesspractices,andonlinecommercetransactionswhileprotectingprivacyandindividualrights.Thenovelanonymouscredentialsbasedtrustednegotiationsystem(ACTN)isdesignedandimplementedbasedontheTPManonymouscredentialsoftrustedcomputing,whichexcellentlydealswiththedifficultyoftheprotectionofsensitiveresourcesbetweenstrangers.Thescenarioresiststhereplayattacks,tamperingattacks,masquerading,andthemechanismisbasedonahardwaremodule,calledtrustedplatformmodule.ThemodelofACTNandtheanonymouscredentialsaredefinedindetail;theparameterandtheconstructmethodofanonymouscredentialsareexplained;thesecurityofpolicy,themechanismofdelegationandthecredentialchaindiscoveryarediscussed;theframeworkofnegotiationnodesandtheprocessofnegotiationaredesignedinaddition.TheresultsoftheexperimentsarecomparedwiththeTrustBuilderandCOTNnegotiationsystem,andtheresultsprovethesoundperformanceandgoodsecurityguarantee.Finally,somerelatedfutureresearchfieldsofthepaperarepointedout.Keywordsinformationsecurity;automatedtrustnegotiation;trustedcomputing;anonymouscredential;accesscontrol,.(TrustedComputingGroup,TCG).:ACTN(anonymouscredentialsbasedtrustednegotiation),,.TPM,TPM.ACTN,,,.TrustBuilderCOTN,..;;;;TP3091,,(automatedtrustnegotiation,ATN),,.,,(CA)[1].,.,[223].,ACK[1][1][4][5][6]UniPro[7].,.(TrustedComputingGroup,TCG).TCG[8](trustedplatformmodule,TPM).ACTN.,TPM,.1.1Winsborough[9]2000,,(eager),;(parsimonious).,.,,,,.[1].Yu[10],(prune),,.,,.,,.,Yu,.,Seamons[11]Yu[12],.,Hess[13]TLS,SSLPTLS.Winslett[14]TrustBuilder.SeamonsWinsboroughLi[15216].WinsboroughLi,.1.2.,,,.,08212008,45(8),.,,PSPL[17],TPL[18],X2Sec[19],KeyNote[20],RT[21222],Trust2X[22]TrustBuidler[22].RT[22]:(principal)(role)..RT,RT0,RT1,RTTRTD.RT0RT,.:(head)(body),.RT0,A.rB:C.r2,ArB,BC.r2.RT1RT0,.RTT(Ý).RTD,.Trust2X[23],.Trust2XX2TNL,XML,Trust2X.Trust2XXML,.X2TNL,(trusttickets),,.1.3ACKUniPro.ACK[1](acknowledgementpolicy),.,,.,ACK,,.(trusttargetgraph,TTG)[1].TTGACK,.,TTG,,.[4],,.,.PKI:,,P.(obliviousattributecertificate,OACerts),[5].OACerts,,.(oblivioussignature2basedenvelope,OSBE),[6].(unifiedschemeforresourceprotection,UniPro)Yu()[7].UniPro,.ATN,.2ACTN6:,,,ClientRequester;,ServerAccessMediator.R,,,R1,R2,,RN.M,,,M1,M2,,MN.RM,,RM.:1..R1821:TPMM,4ò,,,Resó,:,,,1N;,t,,,1;,e,E;Res,,.,.,,..E,eEt,Et.ACTNRM,,,ACTN2.2..ACTN5òR,M,S,T,Pó,,RM,:RòR,R,R,ResRó,MòM,M,M,ResMó.S:.S(e)e.S(e)=,e.T:2.T(e).eS(e)T(e).E,E:T(E)=eET(e).P,T.,.EK,T(E)|=,.,PM.,.3..IòI,EI,CHAPI,ACIó,I:,,;E,IK;CHAP:P.,CHAP.t,CHAP[t]t.CHAP,P,,,CHAPChallengeResponse,SuccessFailure.AC:RP,.,.,.,SSLPTLS.RM.,...,..:(success)(failure)...,..4.ACTN.5òQ,M,initR,startM,replyó,:Q,q,qQ;M,m,.m1,m2,,mn;initR:IkQ,IKR,initR(I,KR)=q,q|{success,failure};startM:IReskQM,I,,KR,startM(I,,KR)=(q,m),Mq,q|{success,failure},mR;reply:QMQM,I,qm.reply(q,m)=òq,mó.q,q|{success,failure}28212008,45(8)m.,,,.3ACTNTCG[8]1.1,1.2,,,.3.1(TPM)f,f,TPMf,fTPM.ACTN,f,:5..:œn,œf,œe,œe,œv,œ,œH,œr,œœ.,œnRSA,œn=2048b.œffi,œf=104b,f1f2.œeC2Le,œe=368b.œeC2Le,œe120b.œvC2Lv,œv=2536b.œ,œ=80b.œHHash,œH160b.œ,œ=1632b.œ3,œ=208b.œr,,œr=80b.3.2RM,6.1)RSAn=pq,p=2p+1q=2q+1,p,p,qq,nœnb.2)nQRng.3)x0,x1,xz,xs,xh,xg[1,pq],g=gxgmodn,h=gxhmodn,S=hxSmodn,Z=hxZmodn,R0=Sx0modn,R1=Sx1modn.4)R0,R1,S,Z,gh:g,hògó,S,ZòhóR0,R1òSó.5),,=r+1,r,2œ-12œ2œ-12œ.R3,(-1)P1(mod),=(-1)Pmod.6)(n,g,g,h,S,Z,R0,R1,,,)pq.3.33:TPMTPMPlatform.=(n,g,g,h,S,Z,R0,R1,,,),.I(H(1bsnI))(-1P),bsnI.TPM(n,R0,R1,S,,),cntTPM,8:1)TPMPlatform;2)PlatformI(H(1bsnI))(-1P),ITPM;3)TPMI1(mod),U=Rf00Rf11SvmodnNI=f0+fœf12Imod,U,NI;4)M(f0,f1)NI=(f0+f12œf)(mod),,;5)TPMf0,f1,v;6)M,v^R{0,1}œv-1eR2œe-1,2œe-1+2œe-1,v=v^+2œv-1A=(ZPUSv)1Pemodn;PlatformA;PlatformvTPM,TPMvv=v+v,(f0,f1,v).3.4MN,N,N,,.6..M,òQ,M,initR,startM,replyó,II,.M,3821:TPMII.(active)(passive),R,M.[R,sidR,m1,m2,,mk],R,sidRR,m1,m2,,mk.sidR,m1,m2,,mk.IsidR,[R,sidR,m1,m2,,mk][a1,a2,,aL],.1):I-=òQ,M,initR,startM,replyó.init(I).2)1:òst1,a1ó=òQ,M,initR,startM,replyó.start(I-,sidR,R).3)2œ:Pi[2,œ],òsti,aió=sidR.respone(I-,sti-1,mi-1).4):Pi[1,œ-1],sti|{success,failure}.5)œ=k+11œkstœ{success,failure},,.[M,m1,m2,,mk],M,m1,m2,,mk.,.IsidM,[M,m1,m2,,mk][a1,a2,,aœ],:1):I-=òQ,M,initR,startM,replyó.init(I).2)1:st0=òQ,M,initR,startM