基于可信计算的移动终端用户认证方案

29820068CHINESEJOURNALOFCOMPUTERSVol.29No.8Aug.2006:2006203227;:2006206207.(60473030)(51436050404QT2202).,,1979,,.E2mail:zhyu_swjtu@163.com.,,1944,,,.,,1964,,,.1)1)2)1)(610031)2)(610039)(ME),USIM(UniversalSubscriberIdentityModule)TPM()(TMP),,TMPTPMME.TMP,RSA2KEM()Hash,USIM,MEUSIM,,TMP3.ME,,ME,,.,TPMTMP,Lee.;;;;TP309TrustedComputingBasedUserAuthenticationforMobileEquipmentZHENGYu1)HEDa2Ke1)HEMing2Xing2)1)(LaboratoryofInformationSecurityandNationalComputingGrid,SouthwestJiaotongUniversity,Chengdu610031)2)(SchoolofMathematicsandComputerScience,XihuaUniversity,Chengdu610039)AbstractInthispaper,accordingtothefeaturesofmobileequipment(ME)anexampleofcon2structingtrustedmobileplatform(TMP)ispresentedbasedonthesmartphonesprocessor,alongwithwhichthreealternativemethodstobuildtrustedplatformmodule(TPM)arediscussedaswell.IntheframeworkofTMP,throughcombiningpasswordandfingerprintwiththeUSIMcardviaRSA2KEM(KeyEncapsulateMechanism)andHashfunction,auserauthenticationschemeisproposedtoimprovethesecurityoftheuserdomain,whichachievesthemutualidenti2ficationamonguser,MEandUSIMeveniftheirpublic2keycertificatesareissuedbydifferentcertificateauthorities(CAs).Moreover,theuserauthenticationcannotonlyeasilydistinguishthevalidusersfromthepretendersbutalsoidentifytheownerofMEfromthegenuineoperatorswithoutanypre2negotiation.TheperformanceanalysisandexperimentaltestresultshowthatnomatterwhatkindsofTPMisemployedauthorsauthenticationschemeismoresecure,efficientandflexiblethanthecorrespondingschemepresentedinTMPdraftstandardandachievesad2vancedsecurityandbetterflexibilityascomparedtotheschemesproposedbyLee,Linetal..Keywordstrustedcomputing;trustedmobileplatform;mobileequipment;identityauthentica2tion;fingerprint1,(ME)PC.,,ME[13].,ME.PIN,,.()[4]PDA.[5,6],.,.,.,:(1).ME,,,ME.(2),.(3),USIM(UniversalSubscriberIdentityModule)MEPIN.(4)USIM,USIM.USIMPIN.(5)USIMME,USIMMEUSIMME,MEUSIM.(6).USIMME,ME.1999TCPA[7](TrustedComputingPlatformAlliance,TCG[8]).,.TCG[9]OIAP(Object2IndependentAuthorizationProtocol)OSAP(Object2SpecifiedAuthorizationProtocol)DSAP(DelegateSpecificAuthorizationProtocol)3,ADIP(AuthenticationDataInsertProto2col)ADCP(AuthenticationDataChangeProtocol)AACP(AsymmetricAuthenticationChangePro2tocol)TPM.,(Owner)(TPM)[9,10]20AuthData,.20,AuthDataHash.,TPM,.[11]OSAP,TCG,,TCG.,PIN,AuthData,TPM.PIN.,[11]TCGME,,ME,ME.USIMME(ME).TCG,,[7,9].200410,TCG,(TMP)[1214],.TMP,.,ME.[15],TMP[13](TMP).5,:65212006(1)TPMSIMCA.SIMTPMCA.,SIMTPM.(2)(SIMTPM),,.1OMAP730TMP(3),,3.,(TMP),,TMP.,ME,OMAP730[16],TPM,USIMTPMTMP.RSA2KEM[17](RSA)Hash,(AN),TPMUSIMCA,MEUSIM,[13,15][5,6,9,11,13,15].2OMAP730OMAP730[16]TI,GSM/GPRS,384KBSRAM128MBSDRAM256MBFLASH.,OMAP48KBROM16KBRAM,.OMAP730,TMP.,OMAP730TMP:(1)TPM.TMP[1214]TPM[9,10],TPM:OMAP730RAM,TPM;TPM(AT97SC3203S[18,19]),SMBus[20]OMAP730;,OMAP730ARM9,(RAMROM)TPM.(2)CRTM(CoreRootforTrustedMeas2urement)[12]ROM,TPM.TPMDMAROMCRTM.(3)UARTBR(BiometricReader).,,TMP3.(4)TMI().TMILED.1OMAP730TMP75218:,TMP,,.LCDTPMUARTDMA,DMA.TPMDMASRAM,I/OBR.BRUARTOMAP730.USIMSIMOMAP730ARM7,ISO7816SIM.3USIM2,,:(1),USIM.,,BR,.(2),RSA2KEMHash,TMP,TMP3.(3)MEUSIM.(4)TIDUser()KAU(),USIMTPM,CATPMUSIM.2USIM,,USIM.USIM,,FUCS.(x,y,z).(x,y,z)(1)(4).,PW,SKHEn(HE),H(x)xHash.TPMSKTPMCertTPMBRKBTx(xOxUx).MEHES.,USIMS,.x=H(FUPW)(1)y=xÝH(PW)(2)z=SÝH(FUÝPW)(3)S=H(IDUserPWFU)SKHEmodn(4)1,3METPM,.8521200631.USIMME/TPM:r1,IDUSIM,D1.USIMUARTME/TPMr1IDUSIMD1.2.ME/TPMBR:r2,IDTPM,D2.ME/TPMI/OBRr2TPMIDTPMBRD2.3.BRME/TPM:MACBR.KC=E(KBT,r2)(5)MACBR=MAC(KC,IDTPMHBR)(6)BRD2,HashHBR,(5)KC,(6).BRI/OMACBRTPM.E(k,x)MAC(k,x)kx..4.ME/TPMUSIM:r3,D3,CertTPM,SigTPM.SigTPM=Sig(SKTPM,r1r3IDUSIMPCR)(7)r2BRHashKBT,TPM(5)(6)MACBR,MACBR.,ME/TPM,LCDTMI.,BR,.,TPMSKTPMr3D3PCR(7),SIMUSIM,TPMCertTPM.5.CertTPM,USIMSigTPM().,7;,,USIMME.USIMCertTPM,TIDUserKAUANCertTPM().,IDCTPMNAITPM.USIMAN:r1,r3,TS,IDCTPM,NAI,TIDUser,D3,SigTPM,MACUser.MACUser=MAC(KAU,IDCTPMr1r3D3TS)(8)6.ANUSIM:D5,MACAN.MACAN=MAC(KAU,r3IDUserIDTPMD5)(9)ANTIDUserNAIIDUserKAU,(8)MACUser.,ANIDCTPMPKICertTPM,SigTPM.,ANKAU(9).,D5CertTPMSigTPM.7.USIMME/TPM:C1,C2.C1=E(PKTPM,r4yIDUSIM)(10)KST=KDF(r4Ýr3,x,IDTPM)(11)C2=E(KST,r4FUIDTPMCS)(12)USIM6MACAN,D5ME,,LCDTMI;,4,USIMr4,TPMPKTPMxy,RSA2KEM,(10)(12)C1C2,SIM(C1,C2)TPM/ME.,KDF,KST,CSC2,.4USIM8.BRME/TPM:C3.C3=E(KC,IDBRIDTPMr2FU)(13)TMI,BRPWFU.BR(13)FUC3ME/TPM.ME/TPM5USIM.56(Comp2x),,.TPMSKTPMC1,Hash,yxU.Comp22,xUTPMxO,ME().,4(),.6,95218:USIM,USIM.,ME,.9.TPMUSIM:C4.w=H(FUÝPW)(14)C4=E(KST,IDUSIMr4wD6)(15),ME/TPM(14)(15)C4USIM.D6ME/TPM.r47D6,USIMC4w,S=zÝw.Swz,w,,USIMS,USIM.USIMS,.5ME/TPM44.11[5,6]TCG[9]TCG[11]TMP[13].E-.,,USIMME,,MEUSIM,MEUSIM.,,ME,USIM,ME(USIM),CAME.,[13,15],[5,6,9,11,13,15].1[5,6]TCGTCGTMP,,,,RSA2KEM(U)SIMEUSIMEUSIME-EEMEEEEMEEMEUSIME-USIMMEE-/EEEE/EEE/EEEMEEEEUISM2MEEME2BRE--EUSIM-06212006()[5,6]TCGTCGTMPME-EEEEE,USIM,ME,.(1)(4)(10)(12),RSA2KEM(OW2CPA,RSA[17])Hash,TPMC1yr4,PW,TPMyx,(x,r4,r3)C2KST,FU.,USIMTPMRSA2KEMHash,.TPMUSIM,,,.,USIMME/TPM,,ME.,USIM4SigTPMTPMME(ME/TPMCA,USIMANSigTPM).5Comp22,xU=xO,TPM/MEME.Comp22,,.RSA2KEM,PW,TPM(11)