###
Journal of Software:2015.26(9):2396-2417

TCM密钥迁移协议设计及形式化分析
张倩颖,冯登国,赵世军
(中国科学院 软件研究所 可信计算与信息保障实验室, 北京 100190;首都师范大学 信息工程学院, 北京 100048)
Design and Formal Analysis of TCM Key Migration Protocols
ZHANG Qian-Ying,FENG Deng-Guo,ZHAO Shi-Jun
(Trusted Computing and Information Assurance Laboratory, Institute of Software, The Chinese Academy of Sciences, Beijing 100190, China;College of Information Engineering, Capital Normal University, Beijing 100048, China)
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 1928   Download 2119
Received:January 23, 2014    Revised:July 16, 2014
> 中文摘要: 为增强TCM芯片间密钥的互操作性,TCM提供了密钥迁移相关命令接口,允许用户设计密钥迁移协议以实现芯片间密钥的共享.通常,TCM密钥迁移协议以目标TCM上的新父密钥作为迁移保护密钥.研究发现,该协议存在两个问题:对称密钥不能作为被迁移密钥的新父密钥,违背了TCM的初始设计思想;缺少交互双方TCM的相互认证,导致源TCM的被迁移密钥可以被外部敌手获得,并且敌手可以将其控制的密钥迁移到目标TCM中.针对上述问题,提出两个新的密钥迁移协议:协议1遵循TCM目前的接口规范,以目标TCM的PEK(platform encryption key)作为迁移保护密钥,能够认证目标TCM,并允许对称密钥作为新父密钥;协议2简单改动了TCM接口,以源TCM和目标TCM进行SM2密钥协商,得到的会话密钥作为迁移保护密钥,解决了上述两个问题,并且获得了前向安全属性.最后,使用形式化分析方法对上述协议进行安全性分析,分析结果显示,协议满足正确性和预期的安全属性.
Abstract:TCM provides key migration interfaces to enhance interoperability between different TCM chips, allowing users to share keys between TCMs by key migration protocols. This study finds that the conventional TCM key migration protocol, which uses the new parent key of the migrated key on the destination TCM as the migration protection key, has two weaknesses. First, keys cannot be migrated to symmetric keys, which violates the design principles of TCM. Second, the absence of authentication between the originating TCM and destination TCM allows attacker to recover the migrated key of the originating TCM and to import his key into the destination TCM. To solve these issues, the paper proposes two new TCM key migration protocols. The first protocol, compliant with the TCM specification, allows keys to be migrated to symmetric keys and provides authentication of the destination TCM. The second protocol, which requires a slight modification to TCM key migration interfaces, not only solves all the two weaknesses, but also provides prefect forward security. Finally, the study formally analyzes the two protocols and demonstrates that the proposed protocols satisfy the correctness and desired security properties.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(91118006, 61202414); 国家重点基础研究发展计划(973)(2013CB338003) 国家自然科学基金(91118006, 61202414); 国家重点基础研究发展计划(973)(2013CB338003)
Foundation items:
Reference text:

张倩颖,冯登国,赵世军.TCM密钥迁移协议设计及形式化分析.软件学报,2015,26(9):2396-2417

ZHANG Qian-Ying,FENG Deng-Guo,ZHAO Shi-Jun.Design and Formal Analysis of TCM Key Migration Protocols.Journal of Software,2015,26(9):2396-2417