| 针对虚拟可信平台模块的国密算法扩展技术研究 |
| |
| 引用本文: | 陈兴蜀,蒋超,王伟,金鑫,兰晓. 针对虚拟可信平台模块的国密算法扩展技术研究[J]. 四川大学学报(工程科学版), 2020, 52(3): 141-149 |
| |
| 作者姓名: | 陈兴蜀 蒋超 王伟 金鑫 兰晓 |
| |
| 作者单位: | 四川大学 网络空间安全研究院,四川大学 网络空间安全研究院,四川大学 网络空间安全研究院,四川大学 网络空间安全研究院,四川大学 网络空间安全研究院 |
| |
| 基金项目: | 国家自然科学基金资助项目(61802270, 61802271);中央高校基础研究经费(SCU2018D018, SCU2018D022) |
| |
| 摘 要: | 为了规避使用外国密码算法带来的法律风险,满足中国《商用密码管理条例》的合规性要求,响应网络空间安全的自主可控要求,促进虚拟可信计算技术在国内云计算业务的大规模应用,本文对虚拟可信平台模块(vTPM,virtual Trusted Platform Module)和虚拟机信任链相关组件添加了对国密算法(中国国家商用密码算法)的支持。首先,在vTPM中添加对密码算法工具包GmSSL(GM/T Secure Sockets Layer)中散列密码算法SM3和对称密码算法SM4的调用接口,并利用GmSSL的大数运算模块实现国密算法中的非对称密码算法SM2的调用接口,从而为上层应用提供基于国密算法的可信计算功能。其次,在虚拟机信任链相关组件中添加SM3算法的实现代码,达成建立基于国密算法的虚拟机信任链的目标。最后,验证vTPM中调用接口的正确性和建立的虚拟机信任链的有效性,对比基于SM3算法和SHA-1算法虚拟机信任链的虚拟机开机时间。实验结果表明,添加的调用接口正确且有效,并且和基于SHA-1算法虚拟机信任链的虚拟机相比,基于SM3算法虚拟机信任链的虚拟机开机时间只增加3%,在安全性提升的同时其性能损耗在可接受范围。
|
| 关 键 词: | 云计算 可信计算 虚拟可信平台模块 虚拟机信任链 SM2 SM3 SM4 |
| 收稿时间: | 2019-09-04 |
| 修稿时间: | 2020-04-15 |
Research on the Extension of Chinese Commercial Cryptographic Algorithms for Virtual Trusted Platform Module |
| |
| CHEN Xingshu,JIANG Chao,WANG Wei,JIN Xin,LAN Xiao. Research on the Extension of Chinese Commercial Cryptographic Algorithms for Virtual Trusted Platform Module[J]. Journal of Sichuan University (Engineering Science Edition), 2020, 52(3): 141-149 |
| |
| Authors: | CHEN Xingshu JIANG Chao WANG Wei JIN Xin LAN Xiao |
| |
| Affiliation: | Cybersecurity Research Institute,Sichuan Univ,Cybersecurity Research Institute,Sichuan Univ,Cybersecurity Research Institute,Sichuan Univ,Cybersecurity Research Institute,Sichuan Univ,Cybersecurity Research Institute,Sichuan Univ |
| |
| Abstract: | In order to avoid the legal risks of using foreign countries'' cryptographic algorithms, address the compliance requirements of the Regulations on Commercial Cryptographic Management of China, respond to the autonomous and controllable requirements of Cybersecurity, and promote the large-scale application of virtual trusted computing technology in the domestic cloud computing business, the support of national cryptographic algorithms (China''s National Commercial Cryptographic Algorithms) was added into the virtual trusted platform module(vTPM) and the related components of virtual chain of trust in this paper. Firstly, the calling interfaces of the hash cryptographic algorithm SM3 and the symmetric cryptographic algorithm SM4 in the cryptographic toolkit GmSSL(GM/T Secure Socket Layer) were added to vTPM, and the calling interface of the asymmetric cryptographic algorithm SM2 was implemented by the big number arithmetic module in GmSSL, so as to provide the trusted computing functions based on the national cryptographic algorithms for the upper-layer applications. Secondly, the implementation code for the SM3 algorithm was added into the related components so that the virtual chain of trust based on the national cryptographic algorithm can be established. Finally, the correctness of the calling interfaces and the effectiveness of virtual chain of trust were verified, and the boot time of the virtual machine based on the SM3-algorithm and SHA-1-algorithm virtual chain of trust were compared. The experiments show that the calling interfaces added are correct and effective, and compared with the virtual machine based on the SHA-1-algorithm virtual chain of trust, the boot time of the one based on the SM3-algorithm virtual chain of trust only increases by 3%, of which the security is improved while its performance consumption is acceptable. |
| |
| Keywords: | Cloud Computing Trusted Computing vTPM Virtual Chain of Trust SM2 SM3 SM4 |
|
| 点击此处可从《四川大学学报(工程科学版)》浏览原始摘要信息 |
|
点击此处可从《四川大学学报(工程科学版)》下载全文 |
|
