|
|||||
|
|
| 一种高效的具有灵活属性证书状态校验机制的PBA方案 | |
| 引用本文: | 周福才, 岳笑含, 白洪波, 徐 剑. 一种高效的具有灵活属性证书状态校验机制的PBA方案[J]. 计算机研究与发展, 2013, 50(10): 2070-2081. |
| 作者姓名: | 周福才 岳笑含 白洪波 徐剑 |
| 作者单位: | 1. 东北大学软件学院 沈阳 110819 2. 沈阳工业大学信息科学与工程学院 沈阳 110870 3. 东北大学信息科学与工程学院 沈阳 110819 |
| 基金项目: | 国家科技重大专项基金项目,国家"八六三"高技术研究发展计划基金项目,辽宁省百千万人才工程项目,沈阳市科学技术计划项目 |
| 摘 要: | 可信计算平台的远程二进制证明方案确保了该平台的完整性,通过这种方法平台可以向远程方证明其可信性.然而这种二进制证明方案却存在很多缺陷,其中一个主要问题就是泄露了关于平台的(软、硬件)配置信息,这导致很多隐私问题的出现,例如差别化服务及匿名性破坏等问题.因此针对在可信计算环境下传统二进制证明中所带来的平台配置信息泄露等问题,提出了一种新型的基于属性证明方案(property-based attestation, PBA).该方案具有属性证书状态校验机制灵活、方案整体计算代价小及随机预言模型下可证安全等特点.利用本地验证者撤销的技术,设计了方案的模型,定义了方案的安全性,给出了方案的具体构建,并在随机预言模型下对该方案进行了安全性证明,证明其满足正确性、证明不可伪造性及配置隐私性等安全性质.最后将提出的PBA方案与现有PBA方案在计算代价和证明值长度方面分别进行了比较,比较表明该方案同时具有实用、高效的特点. |
| 关 键 词: | 可信计算 基于属性的证明 本地验证者撤销 证明不可伪造性 配置隐私性 |
An Efficient Property-Based Attestation Scheme with Flexible Checking Mechanisms of Property Certificate Status |
|
| Zhou Fucai, Yue Xiaohan, Bai Hongbo, Xu Jian. An Efficient Property-Based Attestation Scheme with Flexible Checking Mechanisms of Property Certificate Status[J]. Journal of Computer Research and Development, 2013, 50(10): 2070-2081. | |
| Authors: | Zhou Fucai Yue Xiaohan Bai Hongbo Xu Jian |
| Abstract: | Remote binary attestation scheme of the trusted computing platform guarantees the integrity and hence the trustworthiness of the platform can be demonstrated to remote parties. However, as pointed out recently, the binary attestation has some shortcomings, particularly in applications. The major problem of the binary attestation is that it reveals the information about the configuration of a platform (hardware and software) or applications, which may lead to privacy issues, such as discrimination services, anonymity violations, etc. In order to solve the problems of platform configuration information leakage caused by the traditional binary attestation in the trusted computing environment, we propose a new privacy-preserving property-based attestation (PBA) scheme, which has flexible checking mechanisms of property certificate status, low computational cost and provable security in the random oracle model. By making use of the ideas of the verifier-local revocation and tracing signatures in the group signature, we present new certificate checking mechanisms, which include offline checking mechanism and online checking mechanism. Moreover, we design the model of the scheme, define the security model of the scheme, give concrete construction of the scheme in detail, and formally prove the security of this scheme in the random oracle model. We prove that this scheme satisfies the correctness, attestation unforgeability and configuration privacy. Finally, compared with other existing PBA schemes, the proposed PBA is more practical and efficient in both the computational cost and attestation length. |
| Keywords: | trusted computing property-based attestation (PBA) verifier-local revocation attestation unforgeability configuration privacy |
| 本文献已被 万方数据 等数据库收录! | |
| 点击此处可从《计算机研究与发展》浏览原始摘要信息 | |
| 点击此处可从《计算机研究与发展》下载全文 | |