主页期刊介绍编委会编辑部服务介绍道德声明在线审稿编委办公编辑办公English
2020-2021年专刊出版计划 微信服务介绍 最新一期:2020年第6期
     
在线出版
各期目录
纸质出版
分辑系列
论文检索
论文排行
综述文章
专刊文章
美文分享
各期封面
E-mail Alerts
RSS
旧版入口
中国科学院软件研究所
  
投稿指南 问题解答 下载区 收费标准 在线投稿
董攀,丁滟,江哲,黄辰林,范冠男.基于TEE的主动可信TPM/TCM设计与实现.软件学报,2020,31(5):1392-1405
基于TEE的主动可信TPM/TCM设计与实现
Design and Implementation of TPM/TCM with Active Trust Based on TEE
投稿时间:2019-08-30  修订日期:2019-10-24
DOI:10.13328/j.cnki.jos.005953
中文关键词:  TPM  TCM  主动可信  TrustZone  TEE
英文关键词:TPM  TCM  active trust  TrustZone  TEE
基金项目:国家重点研发计划(2018YFB0803501);核高基国家科技重大专项(2017ZX01038104-002);国家自然科学基金(61602492,61303191,61502510,61872444)
作者单位E-mail
董攀 国防科技大学 计算机学院, 湖南 长沙 410073  
丁滟 国防科技大学 计算机学院, 湖南 长沙 410073 dingyan_ding@aliyun.com 
江哲 Department of Computer Science, University of York, YO10 5GH, UK  
黄辰林 国防科技大学 计算机学院, 湖南 长沙 410073  
范冠男 国防科技大学 计算机学院, 湖南 长沙 410073  
摘要点击次数: 401
全文下载次数: 527
中文摘要:
      可信技术正在从被动可信度量向着下一代的主动可信监控方向发展,要求TPM/TCM模块有能力主动度量和干预主机系统,传统的TPM/TCM从架构和运行机制等方面都无法满足这种能力.TEE(trusted execution environment)技术提供了可信执行环境和主动访控能力,为构建下一代TPM/TCM提供了基本平台,但还存在系统结构、存储以及通信等多方面挑战.提出了基于ARM平台TrustZone机制的TZTCM(TrustZone-based trusted cryptography module)方案,通过分核异步系统架构解决TZTCM独立可信运行和主动可信安全监控问题,基于PUF(physical unclonable functions)安全存储机制和基于UUID(universally unique identifier)的TEE安全通信机制,解决了TEE环境下可信平台模块的存储安全和通信安全问题,为设计实现主动可信TPM/TCM给出了理论和实践参考.通过实验验证了所提关键机制的有效性,实验结果表明,TZTCM在密码计算能力上较常见TPM也有很大提升.TZTCM只需要在系统中增加或修改相应的软/固件,除了主动可信监控能力,还具有低成本、高性能、低功耗、易升级等特点,相对传统TPM/TCM具有非常明显的优势.
英文摘要:
      Trusted computing is being developed towards the next-generation active protection and monitoring, which requires that the TPM/TCM has the ability to actively measure and intervene the host system. Unfortunately, traditional TPM/TCM cannot satisfy the requirements in the respects of the architecture and the runtime mechanisms. Trusted execution environment (TEE) technology provides a trusted execution environment and the ability of accessing/controlling the host resources during the run-time, which brings a foundation for the next generation TPM/TCM. However, there are still three main challenges: software architecture, secure storage, and secure communication. This study proposes the design and implementation of TZTCM (TrustZone-based trusted cryptography module), which is a TPM/TCM scheme based on ARM TrustZone. TZTCM adopts several key mechanisms to overcome the three challenges. Firstly, the non-uniform core assigned and asynchronous (NUCAA) system architecture is designed to enable the independent and active operation of TZTCM. Secondly, the secure storage mechanism based on physical unclonable functions (PUF) is designed to guarantee the privacy of data in TZTCM. Thirdly, the secure communication mechanism based on universally unique identifier (UUID) is designed to prevent the channel (between host and TZTCM) from malicious activities. Therefore, TZTCM provides a prototype system of the next-generation TPM/TCM. It is shown that TZTCM has the identical security as a hardware TPM/TCM chip via theoretical analysis. An instance of TZTCM is implemented on an ARM development board (Hikey-board 620), and the runtime test shows that TZTCM can achieve higher performance for cipher computing than traditional TPMs. Compared to current TPMs/TCMs, TZTCM has obvious advantages in many aspects: active safeguard capability, only software/ firmware required, easy update, and low power consumption.
HTML  下载PDF全文  查看/发表评论  下载PDF阅读器
 

京公网安备 11040202500064号

主办单位:中国科学院软件研究所 中国计算机学会 京ICP备05046678号-4
编辑部电话:+86-10-62562563 E-mail: jos@iscas.ac.cn
Copyright 中国科学院软件研究所《软件学报》版权所有 All Rights Reserved
本刊全文数据库版权所有,未经许可,不得转载,本刊保留追究法律责任的权利