CN100583768C - Safety requirement based remote proving method and system thereof - Google Patents

Safety requirement based remote proving method and system thereof Download PDF

Info

Publication number
CN100583768C
CN100583768C CN 200710098814 CN200710098814A CN100583768C CN 100583768 C CN100583768 C CN 100583768C CN 200710098814 CN200710098814 CN 200710098814 CN 200710098814 A CN200710098814 A CN 200710098814A CN 100583768 C CN100583768 C CN 100583768C
Authority
CN
China
Prior art keywords
metric
proof
prover
platform
measure
Prior art date
Application number
CN 200710098814
Other languages
Chinese (zh)
Other versions
CN101043338A (en
Inventor
冯登国
震 徐
宇 秦
Original Assignee
中国科学院软件研究所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国科学院软件研究所 filed Critical 中国科学院软件研究所
Priority to CN 200710098814 priority Critical patent/CN100583768C/en
Publication of CN101043338A publication Critical patent/CN101043338A/en
Application granted granted Critical
Publication of CN100583768C publication Critical patent/CN100583768C/en

Links

Abstract

The invention provides a long-distance proof method and system based on the safety request, and the long-distance proof method is based on the believed computer platform and makes a strict definition, and the measurement and proof are finished jointly between the proof party, checking party and the proof authority institution: the proof party starts the proof request according to the safety requirement, and the checking party measures the allocation of platform, and the proof authority institution verifies the measurement result, and at last the checking party decides relying on the platform of proof party or not. Comparing with other long-distance proof methods, the invention separates the measurement with the proof, and the proof course just needs match with the measurement proof, and it has the characteristics of safety request measurement proof, platform privacy protection and smart system allocation, and it can be used in the one-way long-distance proof, and it can be used in the two-way long-distance proof by simple expansion.

Description

基于安全需求的远程证明方法及其系统技术领域本发明属于可信计算平台安全技术领域,尤其涉及一种远程证明方法及其系统。 Based on the security requirements of the remote method and proved TECHNICAL FIELD The present invention belongs to the technical field trusted computing platform security, particularly to a method and system for remote attestation. 背景技术随着网络技术的迅速发展,存储在计算机内的数据可能被远程盗用或非授权访问,仅仅依靠防火墙、防病毒软件等外部保护机制,依靠简单的口令等认证方式,很难抵挡住黑客、病毒、内部窃密者的侵袭。 BACKGROUND With the rapid development of network technology, data stored in the computer may be stolen or unauthorized remote access, relying solely on firewalls, anti-virus software and other external protection mechanisms, such as relying on simple password authentication, hard to resist hackers , viruses, internal theft by invasion. 针对这些问题,为了增强计算机平台的内部免疫力,近年来以可信平台模块(Trusted Platform Module, TPM)为核心的可信计算平台技术迅速发展,在原有计算机平台上引入安全芯片架构,提供对计算机平台软硬件配置完整性、正确性的认证,建立分布式环境下应用程序间、计算机平台之间的相互信任。 The rapid development of these problems, in order to enhance internal immunity computer platform in recent years, with the Trusted Platform Module (Trusted Platform Module, TPM) as the core of trusted computing platform technology, the introduction of the security chip in the original computer architecture platform, providing computer hardware and software platform configuration integrity, correctness of certification, the establishment of mutual trust between applications, distributed environment between the computer platform. 可信计算是构建计算机系统安全、网络安全的重要手段。 Trusted Computing is a computer system security, network security is an important means of building. 可信计算平台提供了存储保护、远程证明、隔离机制、安全I/0等保护功能,极大地增强了平台的数据保护能力,使得平台内部、平台与平台之间能够建立广泛的信任。 Trusted Computing platform provides memory protection, remote attestation, isolation mechanism, safety I / 0 protection, greatly enhanced data protection capabilities of the platform so that the internal platform, to build trust between the platform and a wide range of platforms. 可信计算其含义为"系统提供可信赖的服务能力,而且这种可信赖性是可以验证的"。 Trusted Computing 'ability to provide reliable service system, and this trustworthiness is validation "of its meaning. 安全PC从加电的时刻起,对系统进行完整性度量,保证每个运行的部件都是可信赖的;TPM对系统中敏感数据进行加密存储, 数据封装,防止了非法窃取敏感数据;现有的计算机在网络上是依靠不固定的也不唯一的IP地址进行活动,导致网络黑客泛滥和用户信用不足,而具备由权威机构颁发的唯一的身份证书的可信计算平台具备在网络上的唯一的身份标识,从而能够向外部实体提供可靠的外平台身份证明和应用身份证明;TPM对内部资源进行授权访问,其独特功能类似于设置了权限的"防火墙"。 Secure PC powered from the time, the system integrity measurement, ensure that each operation member are reliable; for the TPM system encrypts sensitive data storage, data encapsulation, preventing illegal stealing sensitive data; prior the computer on the network is not fixed nor rely on a unique IP address activities, leading to the proliferation of hackers and users lack credit, and have a unique identity certificate issued by the authority in the trusted computing platform with the only network identity, thereby providing a reliable external entity outside the identification and application platform identity; TPM unauthorized access to internal resources, its unique features similar to setting up a "firewall" privilege. 这一系列的机制保证了系统能够提供可信赖的服务能力,而对于这种可信赖的服务能力,远程依赖方是否信任,通过远程证明的机制进行证明实现。 This series of mechanisms to ensure the system's ability to provide reliable service, and for the service capabilities of this reliable, remote whether the relying party trust, be achieved through the mechanism of proof remote attestation. 远程证明作为可信计算的一大特色功能,旨在认证平台硬件、软件堆栈中每一层运行的软件的运行状态,向远程依赖方证明应用程序所在的平台可信。 Remote attestation as a distinctive feature of trusted computing, designed to run state certified hardware platforms, each layer of the software stack running software platform on which the remote relying party applications credible proof. 远程证明方法有四种基本模型:直接证明,基于TTP (Trusted Third Party,可信第三方)验证的证明,基于离线TTP的证明,委托证明。 There are four basic remote attestation model: direct proof that TTP (Trusted Third Party, a trusted third party) verification based on proven off-line TTP, and delegate certification. 直接证明是证明方度量平台自身完整性,向验证方出示平台完整性信息,验证方通过完整性值数据库验证证明方的证明。 Direct evidence to prove the integrity of their own party platform measure, show platform integrity information to the verifier, the prover proves the verifier verified the integrity of the value of the database. 缺陷不言而喻,这需要每个验证方都拥有一个完整性值数据库。 It goes without saying defect, which requires each party has to verify the integrity of the value of a database. 基于TTP验证的证明、基于离线TTP的证明和委托证明都是通过可信第三方来验证完整性度量值。 Proof of TTP-based authentication, based on proven off-line TTP and delegate certification is to verify the integrity of the measure by a trusted third party. 由于基于离线TTP的证明存在证明和验证的时间间隔,要求证明和验证两者间隔时间不能太长,否则很难保证证明的可信性。 Because of the time there is proof and verification of proof of TTP-based off-line spacing, and verification requirements to prove both time intervals can not be too long, otherwise it is difficult to ensure the credibility of the certificates. 委托证明要求验证方完全信任TTP,委托TTP验证明方的证明,TTP会成为通讯瓶颈。 Delegate certification requires authentication complete confidence in TTP, TTP verification commission to prove out party, TTP Communications will become a bottleneck. 基于TTP验证的证明在可信平台上应用比较普遍,现有的很多证明方法,如基于属性的远程证明、Web Service的远程证明等,都是釆用这种模型,这是可信计算平台远程证明非常通用的模型。 TTP proof verification based on trusted platform application is relatively common, many existing methods of proof, such as attribute-based remote attestation, remote attestation of Web Service, are preclude the use of this model, which is remote Trusted Computing Platform It proved to be very versatile model. 发明内容本发明目的在于提供一种基于验证方安全需求的远程证明方法及其系统。 The present invention aims to provide a proof-based remote authenticator system and its security requirements. 与其他远程证明方法相比,本发明拥有按安全需求度量证明、平台隐私保护、系统配置灵活等特色。 Compared with other remote proof, according to the present invention have a measure of security needs proof, privacy protection platform, flexible system configuration and other features. 本发明的远程证明方法基于可信计算平台,包含3个角色:证明方(Attestor)、验证方(Verifier)和证明权威机构(AA, Attestation Authority)。 Remote attestation process of the invention based on trusted computing platform, comprising three roles: prover (the Attestor), the authenticator (Verifier) ​​and a certification authority (AA, Attestation Authority). 验证方根据安全需求发起证明请求,证明方按照请求度量平台配置,证明权威机构验证度量结果,最终由验证方判定是否信任证明方平台。 The authenticator initiates the security needs of an attestation request, the prover platform configuration measurement in accordance with the request, a certification authority to verify measurement results, the final decision by the parties to verify whether to trust the prover platform. 所谓的平台配置度量就是可信平台模块(TPM)对计算机系统的软件、固件和硬件的二进制数据块进行杂凑计算,所得到的杂凑值为其度量值,度量值和度量描述信息组成了度量日志。 So-called Platform Configuration metric is a trusted platform module (TPM) software of a computer system, firmware, and hardware blocks of binary data for hash calculation, the resulting hash value of the metric, metric and metric description information form the metric log . 度量值不断地扩展TPM内部的平台配置寄存器(PCR) 得到最终的度量结果。 Measure continuously expand inside the TPM platform configuration register (PCR) to obtain the final measurement results. 上述证明方的度量和远程证明依赖三大核心模块:证明服务模块(AS, Attestation Service)、度量代理模块(MA, Measurement Agent)和可信平台模块(证明方的模块构成参照图3)。 The above measures prove parties and rely on remote attestation three core modules: proof of service module (AS, Attestation Service), a measure of the proxy module (MA, Measurement Agent) and Trusted Platform Module (proving party modules see FIG. 3). 证明服务模块接收验证方的证明请求,负责与远程验证方进行通信;度量代理模块按照证明要求度量平台配置,组建远程证明相关的证明数据;可信平台模块完成具体模块的杂凑计算、加密和签名操作。 Proof service module proof request received authentication party, responsible for communication with a remote authenticator; metric proxy module metric platform configuration in accordance with the certification requirements, the formation of remote attestation relevant supporting data; Trusted Platform Module complete module-specific hash calculated, encryption and signature operating. 本发明基于安全需求的远程证明方法具体包括如下步骤-1. 验证方根据从证明权威机构获取的证明属性证书创建证明请求,并将证明请求发送给证明方;2. 证明方收到验证方发送的证明请求后,根据验证方要求证明的内容和证明权威机构颁发的度量属性证书,由TPM实施系统组件度量,加密度量日志,对其内部PCR存储的最终度量结果签名;3. 证明方将加密的度量日志、最终度量结果及其签名结果发送给验证方;4. 验证方保留最终度量结果及其签名,而将加密的度量日志发送给证明权威机构;5. 证明权威机构对验证方发送的加密度量日志进行验证;6. 证明权威机构将以度量日志计算的最终度量结果和验证结果发送给验证方;7. 如果证明权威机构验证结果为通过验证,验证方比较证明权威机构计算的最终度量结果和证明方发送的最终度量结果,二者一致则 The method of the present invention is demonstrated remote security requirements based -1 includes the following steps to create the authenticator to prove the proving request attribute certificate acquired from the certification authority, and the prover to prove to a request;.. 2 receives the authenticator sends the prover after proof request, the authenticator according to claim metric attribute certificate and the content certificate issued by a certification authority, by the TPM system component metrics embodiment, encrypted log metric, metric sign their final PCR results stored inside; 3 encrypted prover log metric, measurement results and the final result to the signature verifier; 4 authenticator final measurement results and its signature, and the encrypted log metric to a certification authority; 5 certification authority transmits authenticator encrypted validation metric logs; 6 certification authority will measure the final measurement result and the verification result to the authenticator computing log; 7. If the certification authority verification result is verified, authenticator certification authority comparison metric calculated final the final measurement results and sends the results to prove, both consistent with the 验证度量结果的签名,从而最终确保证明方的可信性。 Measure the results of the signature verification, and ultimately ensure the credibility of the prover. 上述的证明属性证书限定证明方需要证明的内容,包含需要证明的组件列表;而度量属性证书包含组件描述信息和组件的全部度量点声明。 Attribute certificate defined above demonstrate the prover to prove to the content, it contains a list of components that need to prove; metric and metric attribute certificate contains all information relevant statement assembly and components described. 证明属性证书和度量属性证书都是证明权威机构按照验证方的证明需求生成的,分别发送给验证方和证明方。 Attribute certificate and proof measure attribute certificate is a certification authority in accordance with the requirements prove authenticator generated, are transmitted to the verifier and prover. 上述远程证明流程中,步骤2是证明方使用嵌入计算平台主板上的TPM度量平台组件,组件的度量方法可按照本发明自定义的MEASURE流程进行(参照具体实施方式中的函数1),包括下列步骤-2-1证明服务模块从验证方的证明属性证书中,解析得到需要证明的平台组件,将要证明的组件列表发送给度量代理模块。 Said remote attestation process, step 2 prover embedded metrics TPM metric platform assembly, the components on the platform motherboard can be calculated from the MEASURE process definition is performed (refer to the function 1 embodiment) of the present invention, comprising the following step -2-1 prove service module certificate attribute certificate verification side, the platform components need to prove parsed, the list of components that will be sent to prove the measure proxy module. 2-2度量代理模块验证当前的平台组件是否与需要证明的平台组件匹配,如果不匹配则退出证明,匹配则度量代理模块使用TPM按照下面的MEASURE流程实施组件度量:a) .从需要证明的平台组件中,选取某一组件C;b) .用SHA1算法依次度量组件C的度量点,度量代理模块保存C的度量日志,c) .度量代理模块使用TPM—Extend方法得到组件C的度量值h(C);d) .如果全部需要证明的组件已经度量完成,跳到步骤e执行,否则跳回歩骤a继续执行;e) .度量代理模块将步骤c得到的全部组件的度量值h(C),依次扩展TPM内部的PCR 寄存器,得到TPM的最终度量值(保存在PCR中)。 2-2 Metric agent module to verify the current platform assembly matches the platform assembly to prove if a mismatch exit proof, the match metric agent TPM module uses the following components of the embodiment of a measure of flow MEASURE:. A) from the need to prove platform components, select a component C;. B) using SHA1 algorithm sequentially metric for the point component C, a metric measure of the proxy log storage module C, c) a metric agent module obtained using the method of TPM-Extend metric unit C. h (C);. d) If all the components have to prove a measure completed, execution jumps to step e, otherwise proceed to a step jump back ho; e) measure all of the components of the agent module metric obtained in step c h. (C), successively extended inside the TPM PCR registers of the TPM to give a final metric value (stored in PCR). 2-3度量代理模块加密全部组件度量日志,然后将加密的度量日志发送给证明服务模块。 2-3 metric agent module to encrypt all the components measure the log, then send the encrypted log metric to prove the service module. 2-4 TPM使用平台身份密钥对最终的度量结果(保存在PCR中)签名,将最终度量结果、签名结果、TPM身份证书发送给证明服务模块。 2-4 TPM using the platform identity key measure of the final result (stored in PCR) signed the final measurement results, signature result, TPM to prove the identity of the certificate sent to the service module. 上述基于安全需求的远程证明方法步骤5和7是证明权威机构、验证方共同验证证明结果。 Based on the above security needs remote attestation process steps 5 and 7 is a certification authority to verify proof of joint verification results. 其中,步骤5证明权威机构对度量日志解密后,利用收集的标准度量值,可按照本发明自定义的VERIFY流程进行完整性验证(参照具体实施方式中的函数2),具体包括下列步骤:5-1.依次验证证明方组件度量日志,从证明方度量日志中选取组件C的度量日志,比较组件各个度量点的度量值是否和发布的标准值一致,如果不一致则验证失败。 Wherein the step 5 after certification authority decrypted log metric, metric collection using standard, self VERIFY process definition in accordance with the present invention, integrity verification (refer to the function of the embodiment 2), including the following steps: 5 -1 verification sequentially logs the prover assembly metric, metric for log log unit C selected from the prover, if each metric and metric point of comparison component values ​​consistent with published standards, if not the verification fails. 5-2.重新计算组件C的度量值,按照TPM—Extend方法依次扩展各个度量点的值,得到组件C的度量值。 5-2. Recalculation unit C metric, in accordance with a method sequentially extended TPM-Extend value of each point of measurement, metric unit C obtained. 5-3.比较组件C的度量值是否与标准值一致,如果不相等则验证失败。 5-3. Metric comparison component C is consistent with the standard value, the verification fails if not equal. 如果已经完成全部组件的验证,跳至步骤5-4执行,否则继续执行步骤5-l。 If all of the components have been verified, execution jumps to step 5-4, otherwise proceed to step 5-l. 5-4.按照TPlVLExtend方法依次扩展各个组件的度量值,计算出最终的平台度量值, 然后证明权威机构将验证结果、最终的度量值发送给验证方。 5-4. The method according TPlVLExtend extended sequentially measure each component, calculate a final platform metric, then the certification authority verification result, the final metric sent to the authenticator. 验证过程作为度量过程的逆操作,与度量过程相比不需要TPM参与,主要工作是验证度量日志正确性,同时重新进行度量结果杂凑计算。 Verification process as the inverse operation of the measurement process, as compared with the measurement process does not need to participate in TPM, the main task is to verify the correctness of the measurement log, and re-calculated hash measurement results. 证明权威机构仅仅验证度量日志, 证明方的最终度量结果则由验证方进行验证,因此在证明权威机构可信的前提下,证明方伪造度量日志、篡改中间验证结果都能被验证方检测到。 Certification authority verification measure only the log, the final measurement result by the authenticator to authenticate the prover and therefore prove the premise of a trusted authority, forgery measure logs the prover, the verification result can tampering intermediate the authenticated detected. 上述步骤2中的加密过程为证明方生成对称密钥,对度量日志加密,并利用证明权威机构的公钥加密对称密钥。 The encryption process is generated above in step 2 To demonstrate the symmetric key encryption to public key encryption metric logs, and using the symmetric key certification authority. 相应的,证明权威机构收到验证方发送来的加密度量日志后, 首先使用自己的私钥解密加密的对称密钥,然后再使用对称密钥解密经过加密的度量日志。 After the respective, receiving the encrypted certification authority metric log authenticator sent by first using its own private key to decrypt the encrypted symmetric key, and then uses the symmetric key to decrypt the encrypted log metric. 本发明基于安全需求的远程证明系统包括证明方、验证方和证明权威机构三方,三者之间的通讯经过互联网(Internet)进行,其中证明方计算机主板物理上嵌入安全芯片TPM, 验证方、权威机构不需要带有TPM。 The present invention is based on the security requirements of the remote proof system comprising a prover, verifier, and tripartite certification authority, among the three communication via the Internet (Internet) for, TPM security chip embedded on the motherboard physical computer prover, verifier, authority agency is not required with TPM. 验证方根据安全需求发起证明请求,证明方按照请求度量平台配置,证明权威机构验证度量结果,最终由验证方判定是否信任证明方平台。 The authenticator initiates the security needs of an attestation request, the prover platform configuration measurement in accordance with the request, a certification authority to verify measurement results, the final decision by the parties to verify whether to trust the prover platform. 其中,证明方又包括证明服务模块、度量代理模块和可信平台模块,其中:证明服务模块接收验证方的证明请求,负责与远程验证方进行通信;度量代理模块按照证明要求度量平台配置,组建远程证明相关的证明数据;可信平台模块完成具体的杂凑计算、加密和签名操作。 Wherein the prover includes a certification service module in turn, a measure of the proxy module and the trusted platform module, wherein: the service module receives demonstrate proof request verification party, responsible for communication with a remote authenticator; metric metric internet proxy module configured in accordance with the certification requirements, the formation of remote attestation relevant supporting data; trusted platform module performs specific hash calculation, encryption and signing operations. 可信平台模块(TPM)位于计算机系统的硬件层,内嵌于主板上,度量代理模块是操作系统的内核模块,度量代理模块调用TPM进行度量、签名都是通过安装在操作系统的TPM驱动完成,而证明服务模块运行于应用服务层,在操作系统之上,与TPM无直接关联,证明服务模块通过操作系统的消息通讯机制进行数据的传递。 Trusted Platform Module (TPM) is located in the computer system hardware layer, embedded in the motherboard, the agent module is a measure of the operating system kernel module, a metric to measure the agent TPM module calls, the signature is driven by the operating system installed in the TPM complete , as evidenced service module running on the application service layer, on top of the operating system, not directly related to the TPM to prove service module message is transmitted by the data communication mechanisms of the operating system. 上述的验证方可由验证方服务器和资源服务器构成,运行在一个相对独立的受保护网络中,该受保护网络通过网络接入点控制一切来自外部的网络请求,验证方服务器负责验证来自证明方的完整性度量,验证完毕后,向网络接入点给出访问控制判定结果,从而控制证明方的网络访问连接,只有经过验证的证明方的访问才允许访问资源服务器。 The verification consists of only the above-described authentication server and the resource server, running a independent protected network, all the protected network control request from an external network through a network access point, the authenticator server is responsible for authentication from the prover integrity measurement, verification has been completed, access is given to the network access point control determination result, to control the network access prover connections, only authenticated access prover allowed to access the resource server. 本发明基于安全需求的远程证明系统中,在证明方(服务请求者)请求验证方(服务提供者)的某种服务前,证明方利用可信平台的安全特性向验证方证明平台运行环境满足服务所限定的安全要求。 The present invention is demonstrated before the remote system based on security requirements, the prover (service requestor) requests the authenticator (service provider) is a service, a trusted platform prover to prove internet security features to meet the operating environment authenticator service security requirements defined. 电子银行应用中的用户和银行,VPN应用中的远程用户和VPN 服务器,这些实际应用实例对应该远程证明系统的证明方和验证方。 E-banking applications and banking users, VPN applications of remote users and the VPN server, these examples demonstrate the practical application of the party and the party should verify remote attestation system.

证明权威机构是一个具有公信力的可信第三方,负责辅助验证方验证平台的完整性度量日志。 A certification authority is a trusted third party with a credible, responsible for secondary authenticator to verify the integrity metric log platform. 系统平台的软硬件生产商对外发布其组建度量标准值,证明权威机构收集组件度量标准值,验证过程时核实证明方度量日志的正确性。 Platform hardware and software manufacturers released their metric values ​​formation, a certification authority to collect the component metrics values, the prover to verify the correctness of the log measure of verification process. 若遇到未知组件的度量日志验证, 证明权威机构要么直接向组件生产者査询,要么间接向其他证明权威机构询问完成验证。 If they are a measure of the log to verify unknown components, a certification authority or direct inquiries to the component producers, or indirectly ask other proof of authority to complete verification.

证明权烕机构的另一重要功能便是实现远程证明中的度量和证明相互分离。 Another important function of the right to prove Xue institutions is proof of remote measurement and certification separated from each other. 证明方汇总平台组件信息,向证明权威机构申请度量属性证书。 Prover platform components summary information, apply to the certification authority measure attribute certificates. 度量属性证书包含组件描述信息和组件的全部度量点声明,若验证方请求证明组件A,那么按照组件A的描述信息和度量点声明TPM就能完成组件A的度量。 Metric attribute certificate described contains all the components and the measurement point information components declaration, if a request for certification verifier assembly A, and then the measurement point according to the description of component A TPM statements to complete assembly A metric. 验证方根据实际应用的安全需求,从证明权威处获取证明属性证书,证明属性证书中包含需要证明的组件列表。 The authenticator according to the security needs of practical applications, obtain proof certificate Certificate authority at the property to prove attribute certificate contains a list of components that need to prove. 度量属性证书和证明属性证书都由证明权威机构发布,两者既分开创建又相互关联,由证明权烕机构保证其真实性。 Metric attribute certificate and proof attribute certificate issued by a certification authority, create two separate but related only by the right to prove Xue institutions to ensure its authenticity.

本发明基于安全需求的远程证明的平台度量过程和验证过程都进行严格的定义,度量和证明在证明方、验证方、证明权威机构三方中相互协同完成。 The present invention is based on the platform remote measurement process and the verification process to prove the safety requirements are strictly defined, measure and prove the prover, verifier to prove that the three parties cooperate with each other in complete authority. 该远程证明方法将度量和证明分离,由证明方平台的TPM按照验证方的安全需求度量,证明平台配置信息,证明过程中只需进行简单的度量证明匹配,避免了无效平台信息的度量和验证,减少了度量和证明的复杂度。 The remote proof and measure proof of the separation, by the TPM of the prover platform security on demand metric authenticator to prove the platform configuration information, the process demonstrated only a simple measure proof matches, avoiding ineffective metrics and platform authentication information reduce the complexity metrics and proven. 度量的平台配置信息以加密形式传输,防止了平台配置隐私的泄露。 Metrics platform configuration information transmitted in encrypted form to prevent the disclosure of platform configuration privacy. 该远程证明易于证明方、验证方灵活配置,无需进行证明协商。 The remote is easy to prove that the prover, the authenticator flexible configuration, without the need for proof of consultation. 该方法不但可应用于单向的远程证明,经过简单扩展还可应用于双向远程证明。 This method can be applied not only to a one-way remote attestation, through simple extension is also applicable to two-way remote attestation. 具体而言,该方法的优点在于: Specifically, the advantage of this method is that:

1) 由验证方发起,远程证明的内容是由验证方的安全需求所确定,不同的安全需求,证明内容和平台度量不同。 1) initiated by the authenticator, remote attestation content is determined by the security needs of the authenticator, different security needs to prove that different content and platform metrics. 而证明方发起的远程证明的内容则是证明方平台的整个运行环境,与之相比,避免了众多与安全需求无关的无效证明信息,同时也避免了整个平 The contents of the prover initiated remote attestation of the entire operating environment prover platform, compared with them, to avoid a large number of unrelated information security needs to prove ineffective, but also to avoid the whole flat

.台配置信息的泄漏。 The stage configuration information leakage.

2) 度量时由证明方按照特有的度量函数进行度量,证明时则由证明权威机构和验证方按照专用的验证函数进行验证,不需要度量和验证的协商。 2) When the measure in accordance with the specific metrics from the metric function prover, by the certification authority and the verifier for authentication verification according to the specific function, does not need to measure and verify the proof of negotiation. 这将远程证明中度量和证明两者分离,证明过程只进行简单度量证明匹配,就保证了证明方度量内容和验证方验证要求的一致性。 This remote will prove both metric and proven separation process is simply a measure of proof to prove match, to ensure the consistency of the prover party verification and validation metrics content requirements.

3) 采用加密平台完整性度量结果的方法,保护平台配置隐私,避免在验证方泄漏平台配置信息。 3) the method of encryption platform integrity measurement result, privacy protection platform configured to prevent leakage of platform configuration information authenticator. 而加密的平台度量结果在可信第三方能够解密验证。 The encryption platform measurement results can be decrypted at a trusted third party verification. 4)采用协同验证的方法,验证完整性度量中间结果是在可信第三方进行,而完整性签名, 可信平台身份标识,验证完整性度量最终结果是在验证方进行,这能防止证明方伪造证明消息,篡改通讯消息欺骗验证方,同时也能防止可信第三方给出错误的验证结果欺骗验证方。 4) co-verification method to verify the integrity of the measurement results is carried out in the middle of a trusted third party, but the integrity of the signature, trusted platform identity, verify the integrity of the final result is a measure of the authenticator, which can prevent the prover forgery proof news, tampering communication messages to deceive the authenticator, but also can prevent a trusted third party give false results to deceive verify the authenticator.

附图说明 BRIEF DESCRIPTION

图1是本发明基于安全需求的远程证明方法步骤示意图。 Figure 1 is a schematic view of the present invention is based on the step of the remote proof security requirements.

图2是本发明基于安全需求的远程证明方法流程图。 FIG 2 is a flowchart of a remote proof security requirements based on the present invention.

图3是本发明的证明方系统模块构成图。 FIG 3 is a prover system module according to the present invention. FIG.

图4是本发明实施例基于安全需求的远程证明系统结构示意图。 4 is a schematic system configuration of the remote proof security requirements based embodiment of the present invention.

具体实施方式 Detailed ways

下面通过实施例,结合附图进一步说明本发明,但不以任何方式限制本发明的范围。 The following examples, in conjunction with the accompanying drawings further illustrate the present invention without limiting the scope of the present invention in any way. 基于安全需求的远程证明流程,结合可信计算平台的可信引导、平台组件度量、可信网络连接,我们实现基于安全需求的可信网络连接远程证明系统。 Remote attestation process based on security needs, combined with the trusted boot trusted computing platform, the platform components measure, Trusted Network Connect, we realize connection to a remote proof system based on trusted network security needs. 详细的系统结构参照图4,该远程系统的应用场景是,证明方试图访问受保护网络中的资源服务器R,首先必须经过验证方服务器完整性验证后,才允许访问。 Detailed System configuration Referring to FIG 4, the application scenario is remote system, the prover tries to access a protected network resource server receiving R, after the server side must first be verified integrity verification before allowing access. 证明系统的证明方是一台带有TPM安全芯片的计算机,在系统内核层运行作度量代理内核模块,按照证明需求完成平台配置完整性收集,度量代理之上是负责与验证方服务器通讯的证明服务模块。 Prover proves the system is a computer with a TPM security chip, the system kernel level to run as a proxy measure of kernel modules, completed in accordance with proven demand proof platform configuration integrity collect, measure on the proxy server is responsible for communicating with the authenticator service module. 证明方通过开放的Internet访问受保护网络P。 Prover through open Internet access to protected network P. 验证方则是由验证方服务器V,资源服务器R构成,验证方位于受保护网络P中。 Is composed of a verifier to verify the server side V, the resource server R, the authenticator is located in a protected network P. 受保护网络P由网络接入点C、验证方服务器V、资源服务器R构成。 P protected network by a network access points C, authenticator server V, R configuration server resources. C控制一切外部的网络请求,未经验证的网络请求一律转发至验证服务器V进行安全验证,被拒绝的证明方A的网络连接将被禁止,只有经过验证的证明方A的访问才允许访问资源服务器R。 C control all external network requests, unauthenticated network request shall be forwarded to the V authentication server for secure authentication, network connections rejected prover A will be prohibited access to only authenticated the prover A is allowed to access resources R. server 验证方服务器V负责验证来自请求方的完整性度量,验证完毕后,向网络接入点C给出访问控制判定结果,控制证明方的网络访问连接。 V authenticator server responsible for verifying the integrity metric from the requesting party, after the authentication is completed, control is given access to the network access point C determination result, the control network access prover connections.

基于安全的远程证明系统实现中,验证方选取的安全需求是验证证明方的安全启动流程、操作系统补丁、防病毒软件、防火墙软件的安全性,通过TPM度量系统启动过程和系统组件,向远程方证明计算机系统运行环境是可信的,验证是否允许计算机接入受保护网络。 Security system for remote proof-based verifier selected security requirements is to verify secure boot process prover, operating system patches, security, anti-virus software, firewall software, start the process and system components via TPM metric system, the remote side computer system operating environment proof is credible, allowing a computer to verify that access the protected network.

系统的各台计算机和网络设备布置完毕后,紧接着初始化整个证明系统。 After each computer system and network device arrangement is completed, followed by the entire proof system initialization. 首先验证方V向证明权威AA请求证明属性证书,M颁发X. 509 v4. 0的属性证书,属性证书中的属性域包含可信引导、操作系统补丁、防病毒软件、防火墙软件等4项要求证明的组件。 First, the verifier V to the prover request attribute certificate authority proof AA, M attribute certificate issued X. 509 v4. 0, the attribute certificate attribute field contains trusted boot, the operating system patches, anti-virus software in claim 4, firewall software proven components. 然后是证明方获取度量证书,证明方向AA系统请求度量属性证书,度量属性证书中包含系统常用组件的度量点,上面所提到的4个组件的度量点必须包括在内。 Then the prover measure acquiring a certificate, the system requests the prover to the AA metric attribute certificate, the attribute certificate metric for points common components included in the system, measurement point 4 of the above-mentioned components must be included.

证明方并不是随意度量,验证方都能验证成功的,还得遵循一定的约定或规则。 Prover not arbitrary measure, the verifier can verify successful, you have to follow certain rules or conventions. 基于安全需求的远程证明,度量流程和证明流程必须要制定明确的规则,这个系统中我们制定了组件级的度量流程和验证流程,把度量(验证)请求作为输入,度量(验证)结果作为输出,定义了MEASURE和VERIFY函数描述度量流程和验证流程。 Remote prove security needs, measure processes and proven processes must establish clear rules, this system we have developed a component-level metrics process and verification process, the measure (verify) request as an input measure (verification) as a result of output , and defines the mEASURE function vERIFY process described measurement and verification procedures. 平台度量的基础是组件的度量,下面首先定义组件的度量,然后定义平台的度量过程为函数MEASURE。 Metric is a measure of the platform base assembly, first define the following metric component, then measurement process is defined as a function platform MEASURE.

假定可信计算平台配置为:CONF-(C"C2,C3,…,C"; Assuming trusted computing platform configured to: CONF- (C "C2, C3, ..., C";

&的度量点集合为:MP—SET(Ci)={Mcu,MCi2,...,MCiKi}; & Metric point set as: MP-SET (Ci) = {Mcu, MCi2, ..., MCiKi};

Cj的度量值列表集合为:ML—SElXC^UcipIw,...,^^,其中Icu=SHAl(MClj),是度量点M印的度量值,j=l,2,.."Ki。 List Cj metric set as: ML-SElXC ^ UcipIw, ..., ^^, wherein Icu = SHAl (MClj), is a measure of printed metric point M, j = l, 2, .. "Ki.

定义组件Cj的度量函数MEASURE(C,,MP—SET(Ci》,度量函数描述如下: 函数输入:A, MP—SETXCJ^Mc^McinMciKi}' ML—SET(C一( }; Cj defining component metric function MEASURE (C ,, MP-SET (Ci ", metric function is described as follows: Input Function: A, MP-SETXCJ ^ Mc ^ McinMciKi} 'ML-SET (C a (};

初始化:组件&的度量PCR设为virtPCR(Ci)-O;度量点标号』=1; PCR的扩展运算为PCR一Extend; Initialization: to measure a PCR assembly & virtPCR (Ci) -O; measurement reference point "= 1; extended operation Extend PCR is a PCR;

输出:ML—SET(C》,virtPCR(Cj)。 Output: ML-SET (C ", virtPCR (Cj).

1. 从MP—SET(Ci)中选取M^,组件Ci的度量点Mcij, Icij=SHAl(MciJ); 1. Select from M ^ MP-SET (Ci), the measurement point component Ci Mcij, Icij = SHAl (MciJ);

2. ML—SET(Ci"ML一SET(Ci)u(IciJ; 2. ML-SET (Ci "ML a SET (Ci) u (IciJ;

3. virtPCR(Ci一PCR—Extend(virtPCR(Ci),I。j); 3. virtPCR (Ci a PCR-Extend (virtPCR (Ci), I.j);

4. IF j-Ki; 4. IF j-Ki;

THEN完成组件Ci的度量,结束: ELSE j=j+l,跳到第(l)步继续度量。 THEN assembly metric Ci is completed, end: ELSE j = j + l, skip to (l) continuing step metric.

在对组件进行度量的基础上,对于整个平台配置,证明方实现的平台的度量函数为:MEASURE(CONF, MP—SET(CONF))={ MEASURE(Ci,MP一SET(Ci)) },i=l,2,...,N 。 Based on the assembly to measure on for the entire platform configuration, metric function prover achieve platform is: MEASURE (CONF, MP-SET (CONF)) = {MEASURE (Ci, MP a SET (Ci))}, i = l, 2, ..., N. 整个平台的度量结果是MEASURE(CONF,MP—SET(CONF))={ML,virt;PCR};其中: Measurement result of the whole platform is MEASURE (CONF, MP-SET (CONF)) = {ML, virt; PCR}; wherein:

ML={ ML一SET(C!),virtPCR(q),ML—SET(C2),virtPCR(C2),.."ML一SET(CN),virtPCR(CN)} ML = {ML a SET (C!), VirtPCR (q), ML-SET (C2), virtPCR (C2), .. "ML a SET (CN), virtPCR (CN)}

总的PCR值virtPCR (对virtPCR(Ci)值的综合扩展),virtPCR按如下方法计算: The total PCR value virtPCR, virtPCR calculation (for virtPCR (Ci) extended integrated value) as follows:

virtPCR=0 ; FORi=l TON DO virtPCR = 0; FORi = l TON DO

virtPCR = PCR一Extend( virtPCR, virtPCR(Ci)) a virtPCR = PCR Extend (virtPCR, virtPCR (Ci))

所以度量函数定义为: MEASURE(CONF,MP—SET(CONF))={ML,virtPCR}______________________函数丄 Therefore metric function is defined as: MEASURE (CONF, MP-SET (CONF)) = {ML, virtPCR} ______________________ function Shang

证明权威机构AA进行平台的完整性值的验证过程定义验证函数为VERIFY(ML): AA authorities prove the integrity of the value of the platform verification process custom validation function VERIFY (ML):

1. 验证完整性值: 1. Verify the integrity value:

ML={ML—SET(C》,virtPCR(C,),ML—SET(C2),virtPCR(C2),...,ML—SET(CN),virtPCR(CN)}; ML = {ML-SET (C ", virtPCR (C,), ML-SET (C2), virtPCR (C2), ..., ML-SET (CN), virtPCR (CN)};

i=l,2,...,L,依次验证ML—SET(Cj),验证组件的度量值是否和完整性值数据库中存储的标准值一致。 i = l, 2, ..., L, in turn, verifies that the value of the standard ML-SET (Cj), measure and verify whether the component values ​​stored in the database integrity.

2. 验证PCR值:步骤1的验证结果如果不一致,vRet=false,停止验证;如果一致, ML一SET(Ci)^Icu,Ici,2,…,Ici,Ki),验证virtPCR(Ci): 2. Verify PCR value: the verification result of step 1 and if not, vRet = false, validation is stopped; if they are consistent, ML a SET (Ci) ^ Icu, Ici, 2, ..., Ici, Ki), verification virtPCR (Ci):

tPCR=0 tPCR = 0

FORj-1 TOKj DO FORj-1 TOKj DO

tPCR = PCR_Extend( tPCR,ICiJ); tPCR = PCR_Extend (tPCR, ICiJ);

3. 比较tPCR与virtPCR(Ci)是否一致,如果不一致,vRet=false ,停止验证。 3. Comparison tPCR coincides with virtPCR (Ci), and if not, vRet = false, authentication is stopped.

计算总的PCR值:如果所有组件都验证成功,vRetKrue,计算平台总的PCR: vPCR=0 ; FORi=l TOLDO Calculate the total PCR value: if all components successfully verified, vRetKrue, calculate the total PCR internet: vPCR = 0; FORi = l TOLDO

vPCR = PCR一Extend( vPCR,virtPCR(Cj》; a vPCR = PCR Extend (vPCR, virtPCR (Cj ";

验证函数返回:VERIFY(ML)={vRet,vPCR}。 Verification function returns: VERIFY (ML) = {vRet, vPCR}. 所以验证函数定义为- Therefore, the verification function is defined as -

VERIFY(ML)={vRet,vPCR}_____________________________________函数2 VERIFY (ML) = {vRet, vPCR} _____________________________________ function 2

基于上述的度量和验证函数,本发明安全需求的远程证明方法整个过程七个步骤可分为两个阶段:度量阶段和证明阶段,详述如下(参见图1和图2,其中简记:证明方--A; 验证方—V;证明权威机构—AA;证明服务—AS;度量代理—MA): Based on the above measurement and verification functions, the remote proof security needs seven steps of the present invention the entire process can be divided into two phases: Phase measurement phase and to prove, as detailed below (see FIGS. 1 and 2, wherein the abbreviated: proof Fang --A; authenticator -V; certification authority -AA; proof of service -AS; proxy measure -MA):

度量阶段只有证明方和验证方参与,其功能是证明方按照验证方的证明请求,通过底 The measurement phase only participation prover and verifier, which functions according to the prover party to verify attestation request, through the bottom

层可信平台模块TPM对可信计算平台进行度量。 Layer trusted platform module TPM of trusted computing platform metrics. 度量阶段包括下列步骤1〜3: 1 ~ 3 measurement phase includes the following steps:

1 V-—〉 A:随机数RN,证明属性证书 1 V -> A: a random number RN, the attribute certificate proof

(1) A认证V的身份,只有V是A的合法用户,A的内部模块AS才有必要提供远程证明。 (1) A certified identity of V, V is the only legitimate user A, internal module AS A only necessary to provide remote attestation.

(2) V向AS发送随机数RN和证明属性证书。 (2) V transmits the random number RN and attribute certificate to prove AS.

2 A:度量过程 2 A: measurement process

(1) 证明服务AS验证度量代理MA的完整性,AS从证明属性证书中获取需要证明的平台配置reqCONF, AS将reqCONF发送给MA; (1) Certification of AS verify the integrity of the proxy measure of MA, AS acquired from the need to prove proof platform attribute certificate configuration reqCONF, AS reqCONF will be sent to MA;

(2) MA从度量属性证书中获取度量点列表MP—SET(CONF); (2) MA measure acquiring point list MP-SET (CONF) from the metric attribute certificates;

如果reqCONF g CONF , CONF为整个证明方平台组件配置,r叫CONF e conf表 If reqCONF g CONF, CONF prover platform for the whole assembly configuration, r called CONF e conf table

明平台配置满足证明属性证书的要求,否则终止证明,通知V证明失败。 Ming platform configuration to meet the requirements to prove properties of the certificate, to prove otherwise terminated, notice V proved a failure. MA对请求的平台配置reqCONF,使用TPM采用MEASURE度量方法(函数1)进行度 MA reqCONF platform configuration request, using the TPM using MEASURE metrics (function 1) of

量,其结果为MEASURE(reqCONF,MP—SET(reqCONF》={ML,virtPCR}。 Amount, a result MEASURE (reqCONF, MP-SET (reqCONF "= {ML, virtPCR}.

该步骤中,TPM度量的不是全部平台组件配置CONF,而是仅仅度量了与验证方安全需求相关的平台配置reqCONF,这大大减少了无效配置信息的度量和验证, 提高了远程证明的效率。 In this step, TPM metrics not all platform components configured CONF, but only measures the security requirements associated with the verifier platform configuration reqCONF, which greatly reduces the measure and verify invalid configuration information to improve the efficiency of remote attestation.

(3) MA产生一个对称密钥s—key,用s—key加密度量结果,用AA的公钥加密对称密钥,sML=Encs key(ML) , sKey=EncAA』ubkey(s—key) 。 (3) MA generates a symmetric key s-key, with s-key encryption measurement results, the symmetric key encrypted with the public AA, sML = Encs key (ML), sKey = EncAA "ubkey (s-key). MA验证AS的完整性,将sML, AS MA verify the integrity of the sML,

sKey发送给AS。 sKey sent to AS. 度量日志ML是被加密传送的,仅仅只有证明权威机构AA才能解密度量日志进行验证,验证方V仅仅获得的是度量日志的密文,不会泄露平台配置信息。 ML metric log is transmitted encrypted, with only certification authority AA can decrypt measure logs to verify, verifier V only obtained is a measure of the log of the ciphertext, will not divulge platform configuration information.

(4) AS将随机数rn发送给TPM , TPM对度量结果进行签名Quote = SignAIK』riv{virtPCR,rn},将签名结果和TPM身份证书CertTPM返回给AS。 (4) AS will be sent to the TPM random number rn, measurement results for TPM Quote = SignAIK sign "riv {virtPCR, rn}, the signature and the result is returned to the TPM identity certificate CertTPM AS. TPM对平台度量最终结果PCR值进行签名,保证证明结果的不可篡改。 TPM platform to measure the final result is signed PCR value, to ensure that the results can not tamper proof. 3 A—〉 V: Quote,sML,sKey,CertTPM 3 A-> V: Quote, sML, sKey, CertTPM

A将加密的度量结果sML, sKey, TPM签名结果Quote = SignA,Kj)riv{virtPCR,rn} , TPM A measurement result of the encrypted sML, sKey, TPM signature result Quote = SignA, Kj) riv {virtPCR, rn}, TPM

证书CertT刚发送给V。 Certificate CertT just sent to V.

证明阶段只有验证方和证明权威机构参与,其功能是证明权威机构验证平台完整性度量结果,验证方验证平台度量的最终结果。 Proof stage only party verification and certification authority of the institutions involved, and its function is a certification authority to verify platform integrity measurement results, the final results validate party verification platform metrics. 证明阶段包括下列步骤4〜7: 4~7 proof stage comprises the following steps:

4 V——〉AA:sML, sKey 4 V -> AA: sML, sKey

V保留TPM的签名结果Quote, CertTPM,作为最终验证,将加密的度量结果sML, V reservations TPM signature result Quote, CertTPM, as a final verification, the encrypted measurement results sML,

sKey发送给AA。 sKey sent to the AA.

5 AA:验证 5 AA: Verify

(1) AA用私钥解密对称密钥s一key,再用对称密钥s一key解密度量结果ML ,s_key=DecAAjriv(sKey), ML=Decskey (sML); (1) AA private key to decrypt the symmetric key s using a key, a key and then decrypting the symmetric key s measurement results ML, s_key = DecAAjriv (sKey), ML = Decskey (sML);

(2) AA利用收集的度量标准值验证度量列表ML,采用VERIFY验证方法(函数2)进行平台完整性值的验证,VERIFY(ML)={vRet,vPCR}。 (2) using the AA collected metric value verification metric list ML, using the VERIFY authentication method (function 2) to verify platform integrity value, VERIFY (ML) = {vRet, vPCR}.

6 AA——>V:vRet,vPCR 6 AA -> V: vRet, vPCR

AA将验证结果发送给V。 AA sends the verification results to V.

7 V:最终验证 7 V: final verification

(1) V用Privacy-CA的根证书验证TPM证书,VerifyCert( CertTPM,CertprivacyCA); (1) V TPM certificate verified with a root certificate Privacy-CA, VerifyCert (CertTPM, CertprivacyCA);

(2) V验证AA的证明结果vRet, vRet是否为真; (2) V AA proof verification result vRet, whether Vret is true;

(3) V使用TPM的公钥验证TPM签名,VerifyAIK』ubkey{(virtPCR,m),Quote},验证成功 (3) V TPM using a TPM key authentication signature, VerifyAIK "ubkey {(virtPCR, m), Quote}, the verification is successful

后比较总的PCR值virtPCR是否与AA计算结果vPCR —致; If the comparison of the total PCR value results virtPCR with AA vPCR - it induced;

(4) V验证TPM签名用的随机数rn是否和请求时的随机数RN相同。 Random number (4) V TPM to verify the signature rn random number RN at the same whether the request. 只有通过了上述4步验证,才能说明证明方A远程证明成功。 Only through the four-step verification, in order to illustrate the prover A remote proved to be successful.

综上所述,基于安全需求的可信网络连接远程证明系统中,验证方首先发送证明请求和防止重放攻击的随机数,证明服务解析证明请求,从证明属性证书中提取需要度量的组件,将请求转发给度量代理,度量代理从度量属性证书中提取度量点,按照函数1 MEASURE对请求的组件进行度量,完整性日志以XML消息格式构建。 In summary, based on the trusted network connection to a remote security needs proof system, the verifier first sends a random number to prevent the proof request and replay attacks, service resolving prove attestation request, extracts the component needs to be measured from the attribute certificate proof, metric will be forwarded to the proxy, the proxy extracts metric measurement point metric attribute certificate from the request, a request to measure the component as a function of 1 mEASURE, message integrity log constructed in XML format. 度量代理产生RC4密码算法密钥,对度量日志进行加密,RC4密钥再用AA的公钥进行加密。 RC4 cipher algorithm to generate a proxy measure key measure of log encryption, RC4 key and then the AA public key encryption. 证明方平台可信引导采用的是Grub,操作系统是Windows XP,防病毒软件是Norton Antivirus,防火墙是NortonInternet Security。 Prover platform trusted boot uses Grub, the operating system is Windows XP, antivirus software Norton Antivirus, firewall NortonInternet Security. 度量完成后,证明服务请求TPM对平台配置状态进行签名,最后证明服务将证明数据发送给验证方。 After the measurement is completed, the proof of service requests TPM platform configuration state sign, turns out service will prove data sent to the authenticator. 验证方接收到证明数据,首先向AA请求验证度量日志,AA使用自己的私钥解密RC4对称密钥,再解密日志按照函数2 VERIFY进行验证,AA将中间验证结果返回给验证者。 Authenticator received proof data, the first authentication request to the measurement logs AA, AA RC4 uses its own private key to decrypt the symmetric key, and then decrypt the verification as a function of log 2 VERIFY, AA intermediate result back to the verifier. 验证方V最终验证证明方A的身份证书链,验证TPM的签名,计算出PCR值验证最终结果。 V final authenticator to authenticate the certificate chain of the prover A, the signature verification of the TPM, the PCR value calculated verification final result. V根据验证结果给出是否允许接入网络,驱使网络接入点C控制证明方的网络连接。 The verification result V gives access network is allowed, the network access point C drive control network connections prover.

Claims (6)

1.一种可信计算平台安全技术领域的远程证明方法,包括如下步骤: (1)验证方根据从证明权威机构获取的证明属性证书创建证明请求,并将证明请求发送给证明方; (2)证明方收到验证方发送的证明请求后,根据验证方要求证明的内容和证明权威机构颁发的度量属性证书,由证明方的可信平台模块实施系统组件度量,加密度量日志,对其内部平台配置寄存器存储的最终度量结果签名; (3)证明方将加密的度量日志、最终度量结果及其签名结果发送给验证方; (4)验证方保留最终度量结果及其签名,而将加密的度量日志发送给证明权威机构; (5)证明权威机构对验证方发送的加密度量日志进行验证; (6)证明权威机构将以度量日志计算的最终度量结果和验证结果发送给验证方; (7)如果证明权威机构验证结果为通过验证,验证方比较证明权威机构计算的最终 A trusted remote computing proof safety technology platform, comprising the steps of: (1) The authenticator creates demonstrate proof request attribute certificate acquired from the certification authority, and the prover to prove to a request; (2 after) prover to prove receipt of a request sent by the authenticator, the authenticator according to claim metric attribute certificate and the content certificate issued by the certification authority, the trusted platform module prover embodiment metric system component, encrypted log metric, its internal platform configuration register storing the final measurement result of the signature; (3) the prover encrypted log metric, measurement results and the final result is sent to the signature verifier; (4) authenticator final measurement results and its signature, and the encrypted log metric to a certification authority; (5) an encrypted certification authority sends authentication log metric verifies; (6) a certification authority will measure the final measurement result and the verification result to the authenticator computing log; (7 ) If the verification result for the certification authority is verified, the verifier comparing calculated final certification authority 量结果和证明方发送的最终度量结果,二者一致则验证度量结果的签名,从而最终确保证明方的可信性。 The final measure of the amount and the results prove that sends a result of both the consistent measurement results of the signature verification, and ultimately ensure the credibility of the prover.
2. 如权利要求1所述的远程证明方法,其特征在于,所述步骤(2)具体包括下列步骤:2-1.证明方的证明服务模块从验证方的证明属性证书中,解析得到需要证明的平台组件,将要证明的组件列表发送给度量代理模块;2-2.度量代理模块验证当前的平台组件是否与需要证明的平台组件匹配,如果不匹配则退出证明,匹配则度量代理模块使用可信平台模块按照下述步骤a〜e实施组件度量:a) .从需要证明的平台组件中,选取某一组件C;b) .用SHA1算法依次度量组件C的度量点,度量代理模块保存C的度量日志;c) .度量代理模块使用TPM—Extend方法得到组件C的度量值h(C);d) .如果全部需要证明的组件已经度量完成,跳到步骤e执行,否则跳回步骤a继续执行;e) .度量代理模块将步骤c得到的全部组件的度量值h(C),依次扩展可信平台模块内部的平台配置寄存器,得到最终度 2. The method of remote attestation according to claim 1, wherein said step (2) comprises the steps of: the prover 2-1 demonstrate proof attribute certificate service module from the authenticator, the analysis needs to give proof platform components, a list of components that will be sent to prove the measure of the agent module; 2-2 metric proxy module to verify whether the current platform components matching platform components with the need to prove, if proof does not match the exit, matching the metric proxy module use trusted platform module according to the following steps a~e embodiment metric components: a) from the need to prove the platform assembly, select a component C; B) using SHA1 algorithm metric for sequentially point component C, measurement proxy module saved. log metric C; c) a metric to obtain a measure of the proxy module unit C H (C) using the method of TPM-Extend;. D) If all the components have to prove a measure completed, execution jumps to step e, otherwise jumps back to step. a continue; E) proxy module metric measure all of the components obtained in step c h (C), successively extended inside a trusted platform module platform configuration registers, to give a final degree. 值;2-3.度量代理模块加密全部组件度量日志,然后将加密的度量日志发送给证明服务模块;2-4.可信平台模块使用平台身份密钥对最终的度量结果签名,将最终度量结果、 签名结果、可信平台模块身份证书发送给证明服务模块。 Value; 2-3 metric agent module to encrypt all the components measure the log, then send the encrypted log metric to prove the service module; 2-4 Trusted Platform Module using the platform identity key signature on the final measurement results, the final measure As a result, signature result, the trusted platform module proof of identity certificate to the service module.
3. 如权利要求2所述的远程证明方法,其特征在于,所述步骤(5)证明权威机构对度量日志解密后,利用收集的标准度量值,按照下列步骤进行完整性验证: 5-1.依次验证证明方组件度量日志,从证明方度量日志中选取组件C的度量日志,比较组件各个度量点的度量值是否和发布的标准值一致,如果不一致则验证失败;5-2.重新计算组件C的度量值,按照TPM一Extend方法依次扩展各个度量点的值,得到组件C的度量值; 5-3.比较组件C的度量值是否与标准值一致,如果不相等则验证失败,如果已经完成全部组件的验证,跳至步骤5-4执行,否则继续执行步骤5-l; 5-4.按照TPM—Extend方法依次扩展各个组件的度量值,计算出最终的平台度量值,然后证明权威机构将验证结果、最终的度量值发送给验证方。 3. The method of remote attestation according to claim 2, characterized in that, (5) demonstrated after said step authority decrypted log metric, using standard metric collection, verifying the integrity of the following steps: 5-1 in turn prover assembly verification log metric, metric logging component C selected from the prover log metric, whether the respective measurement points metric comparison component value and the same standard release, and if not then the authentication fails; 5-2 recalculated. metric unit C, a TPM in accordance with the method of sequentially extended extend metric values ​​of each point to obtain a metric unit C; 5-3 metric comparison component C is consistent with the standard value, the verification fails if not equal, if all of the components have been verified, execution jumps to step 5-4, otherwise proceed to step 5-l;. 5-4 in accordance with the method of sequentially extended TPM-extend measure individual components, calculate a final platform metric, then prove the authority verification result, the final metric sent to the authenticator.
4. 如权利要求1〜3中任一项权利要求所述的远程证明方法,其特征在于,所述步骤2中的加密过程为证明方生成对称密钥,对度量日志加密,并利用证明权威机构的公钥加密对称密钥,相应的,在步骤5证明权烕机构收到验证方发送来的加密度量日志后,证明权烕机构首先使用自己的私钥解密加密的对称密钥, 然后再使用对称密钥解密经过加密的度量曰志。 As claimed in any one of the preceding claims 1~3 remote attestation method of claim, wherein the encryption process in Step 2 To demonstrate the symmetric key generated above, a measure of the log is encrypted using the authority proof after the public key encryption symmetric key mechanism, corresponding received encrypted authenticator metric log transmitted in step 5 Xue right proof body that the first right to use their own means Xue private key to decrypt the encrypted symmetric key, and then using the symmetric key to decrypt the encrypted measure said Chi.
5. —种可信计算平台安全技术领域的远程证明系统,包括证明方、验证方和证明权威机构三方,三者之间通过互联网进行通讯连接,由验证方根据安全需求发起证明请求,证明方按照请求度量平台配置,证明权威机构验证度量结果,最终由验证方判定是否信任证明方,所述证明方包括证明服务模块、度量代理模块和可信平台模块,其中:证明服务模块运行于应用服务层,在操作系统之上, 通过操作系统的消息通讯机制进行数据的传递,接收验证方的证明请求,负责与远程验证方进行通信;度量代理模块是操作系统的内核模块,可信平台模块在度量代理模块的驱动下按照证明要求度量平台配置,组建远程证明相关的证明数据;可信平台模块位于证明方计算机系统的硬件层,内嵌于主板上,完成具体的杂凑计算、加密和签名操作;其中验证方根据从证 5. - kind of trusted computing platform security technology in the field of remote attestation system, including the prover, verification and certification authority of the tripartite parties, between the three communication via the Internet, to prove the request initiated by the authenticator according to security needs, the prover measurement platform configuration in accordance with the request, a certification authority verification measurement results, the final determination whether to trust the prover party to verify, the prover includes a certification service module, and a proxy module measures a trusted platform module, wherein: the proof of service module services application running on layer on top of the operating system, the operating mechanism through the message communication system communicating data, proof request receiving party authentication, responsible for communication with a remote authenticator; metric agent module operating system kernel module in a trusted platform module the proxy module driving metric measurement platform configuration in accordance with the certification requirements, the formation of remote attestation relevant supporting data; trusted platform module hardware layer located prover computer systems, embedded on the motherboard, specific hash calculation is completed, the encryption and signing operations ; wherein the authenticator according Syndrome 明权威机构获取的证明属性证书创建证明请求,并将证明请求发送给证明方;证明方收到验证方发送的证明请求后,根据验证方要求证明的内容和证明权威机构颁发的度量属性证书,由证明方的可信平台模块实施系统组件度量,加密度量日志,对其内部平台配置寄存器存储的最终度量结果签名;证明方将加密的度量日志、最终度量结果及其签名结果发送给验证方;验证方保留最终度量结果及其签名,而将加密的度量日志发送给证明权烕机构;证明权烕机构对验证方发送的加密度量日志进行验证;证明权烕机构将以度量日志计算的最终度量结果和验证结果发送给验证方;如果证明权威机构验证结果为通过验证,验证方比较证明权威机构计算的最终度量结果和证明方发送的最终度量结果,二者一致则验证度量结果的签名,从而最终确保证明方的可信性 Clear proof property certificate authority by creating a proof request acquired, and the prover to prove to a request; prover receives the authentication request sent by proof, the verifier according to the requirements and the content certificate to prove a measure of the attribute certificate authority issued, by a trusted platform module prover embodiment metric system component, encrypted log metric, its internal platform configuration register storing the final measurement result of the signature; prover encrypted log metric, measurement results and the final result is sent to the signature verifier; authenticator final measurement results and its signature, the encrypted measurement logs to prove right Xue mechanism; Xue right proof mechanism authenticator encrypted log metric to verify transmission; Xue mechanism will prove right the final metrics computed metric log results and verification result to the verification party; certification authority if the verification result by the verification, the verifier comparing the final proof authority metric calculated final results and measurement results sent by the prover, the two measurement results is consistent with the signature verification, thereby ultimately ensure the credibility of the prover
6.如权利要求5所述的远程证明系统,其特征在于,所述的验证方由验证方服务器和资源服务器构成,运行在一个相对独立的受保护网络中,该受保护网络通过网络接入点控制一切来自外部的网络请求,验证方服务器负责验证来自证明方的完整性度量,验证完毕后,向网络接入点给出访问控制判定结果,只有通过验证的证明方才允许访问资源服务器。 6. The remote proof system as claimed in claim 5, wherein said verifier consists authentication server and the resource server, running on a network independent protected, the protected network via the network access all point control request from outside the network, authenticator server is responsible for verifying the integrity metric from the prover, the verification is completed, the determination result of the access control is given to the network access points, allows access to only just verified by demonstrating that the resource server.
CN 200710098814 2007-04-27 2007-04-27 Safety requirement based remote proving method and system thereof CN100583768C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200710098814 CN100583768C (en) 2007-04-27 2007-04-27 Safety requirement based remote proving method and system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200710098814 CN100583768C (en) 2007-04-27 2007-04-27 Safety requirement based remote proving method and system thereof

Publications (2)

Publication Number Publication Date
CN101043338A CN101043338A (en) 2007-09-26
CN100583768C true CN100583768C (en) 2010-01-20

Family

ID=38808572

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200710098814 CN100583768C (en) 2007-04-27 2007-04-27 Safety requirement based remote proving method and system thereof

Country Status (1)

Country Link
CN (1) CN100583768C (en)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101611649B1 (en) 2008-01-18 2016-04-26 인터디지탈 패튼 홀딩스, 인크 Method and apparatus for enabling machine to machine communication
KR101760451B1 (en) 2009-03-05 2017-07-24 인터디지탈 패튼 홀딩스, 인크 METHOD AND APPARATUS FOR H(e)NB INTEGRITY VERIFICATION AND VALIDATION
TW201605257A (en) * 2009-03-06 2016-02-01 內數位專利控股公司 Platform validation and management of wireless devices
CN101610273B (en) 2009-08-03 2011-12-28 西安西电捷通无线网络通信股份有限公司 A secure method of remote attestation
CN101635709B (en) * 2009-08-25 2011-04-27 西安西电捷通无线网络通信股份有限公司 Method for realizing two-way platform authentication
CN101783800B (en) 2010-01-27 2012-12-19 华为终端有限公司 Embedded system safety communication method, device and system
CN101902472B (en) * 2010-07-09 2013-04-24 北京工业大学 Method for pushing remote declaration based on behaviors in trusted network
EP2635991B1 (en) 2010-11-05 2015-09-16 InterDigital Patent Holdings, Inc. Device validation, distress indication, and remediation
CN102025741B (en) * 2010-12-07 2013-06-05 中国科学院软件研究所 Trusted identity service platform with two-layer framework and construction method thereof
CN102281510B (en) * 2011-07-27 2014-06-25 上海和辰信息技术有限公司 Multi-factor credible identity authenticating method and system for mobile mailbox
CN102957535A (en) * 2011-08-19 2013-03-06 国民技术股份有限公司 Communication method and communication system for trusted computing platform and electronic certificate authentication system
CN102685092B (en) * 2011-11-29 2014-11-19 河海大学 Remote proofing method for proofing security attribute of remote platform
CN102750471B (en) * 2012-05-22 2015-02-11 中国科学院计算技术研究所 Local verification type starting method based on trusted platform module (TPM)
CN103488937B (en) * 2013-09-16 2017-02-22 华为技术有限公司 Measuring method, electronic equipment and measuring system
CN104038478A (en) * 2014-05-19 2014-09-10 瑞达信息安全产业股份有限公司 Embedded platform identity authentication trusted network connection method and system
CN104333451A (en) * 2014-10-21 2015-02-04 广东金赋信息科技有限公司 Trusted self-help service system
CN104506532B (en) * 2014-12-24 2018-06-26 北京智捷伟讯科技有限公司 A kind of remote certification method suitable for emergency relief platform
CN106533681B (en) * 2015-09-11 2019-09-17 中国科学院软件研究所 A kind of attribute method of proof and system that support section is shown
CN107133520A (en) * 2016-02-26 2017-09-05 华为技术有限公司 The credible measurement method and apparatus of cloud computing platform
CN106354550A (en) * 2016-11-01 2017-01-25 广东浪潮大数据研究有限公司 Method, device and system for protecting security of virtual machine
CN106953733A (en) * 2017-05-10 2017-07-14 成都麟成科技有限公司 A kind of platform software integrity certification method and apparatus
CN107104804A (en) * 2017-05-10 2017-08-29 成都麟成科技有限公司 A kind of platform integrity verification method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1783848A (en) 2004-12-02 2006-06-07 北京航空航天大学 Mail transmission agent primary anti-deny method based on domain hierarchy identifying mechanism
CN1929380A (en) 2006-09-23 2007-03-14 西安西电捷通无线网络通信有限公司 Public key certificate state obtaining and verification method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1783848A (en) 2004-12-02 2006-06-07 北京航空航天大学 Mail transmission agent primary anti-deny method based on domain hierarchy identifying mechanism
CN1929380A (en) 2006-09-23 2007-03-14 西安西电捷通无线网络通信有限公司 Public key certificate state obtaining and verification method

Also Published As

Publication number Publication date
CN101043338A (en) 2007-09-26

Similar Documents

Publication Publication Date Title
US6286104B1 (en) Authentication and authorization in a multi-tier relational database management system
TWI467987B (en) Methods for performing integrity checking between a requesting entity and a target entity
CN101495956B (en) Extended one-time password method and apparatus
KR101434769B1 (en) Method and apparatus for trusted federated identity management and data access authorization
KR101459802B1 (en) Authentication delegation based on re-verification of cryptographic evidence
US7165179B2 (en) Digital signature verification and program transmission
US9565180B2 (en) Exchange of digital certificates in a client-proxy-server network configuration
JP5695120B2 (en) Single sign-on between systems
US8024488B2 (en) Methods and apparatus to validate configuration of computerized devices
CN101395624B (en) Verification of electronic signatures
Goldman et al. Linking remote attestation to secure tunnel endpoints
CN100447798C (en) Method and system for using a portable computing device as a smart key device
US7945774B2 (en) Efficient security for mashups
RU2437230C2 (en) Method of trusted network connection for improvement of protection
EP1498800B1 (en) Security link management in dynamic networks
CN1324502C (en) Method for discriminating invited latent member to take part in group
US7350074B2 (en) Peer-to-peer authentication and authorization
CN1881879B (en) Public key framework and method for checking user
US20020107804A1 (en) System and method for managing trust between clients and servers
CN101421968B (en) Authentication system for networked computer applications
EP1714422B1 (en) Establishing a secure context for communicating messages between computer systems
US6105137A (en) Method and apparatus for integrity verification, authentication, and secure linkage of software modules
KR101298562B1 (en) System and method for implementing digital signature using one time private keys
US8555072B2 (en) Attestation of computing platforms
US20040088541A1 (en) Digital-rights management system

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted