基于DICE的证明存储方案

信息技术的不断发展和智能终端设备的普及导致全球数据存储总量持续增长,数据面临的威胁挑战也随着其重要性的凸显而日益增加,但目前部分计算设备和存储设备仍存在缺乏数据保护模块或数据保护能力较弱的问题.现有数据安全存储技术一般通过加密的方式实现对数据的保护,但是数据的加解密操作即数据保护过程通常都在应用设备上执行,导致应用设备遭受各类攻击时会对存储数据的安全造成威胁.针对以上问题,本文提出了一种基于DICE的物联网设备证明存储方案,利用基于轻量级信任根DICE构建的可信物联网设备为通用计算设备(统称为主机)提供安全存储服务,将数据的加解密操作移至可信物联网设备上执行,消除因主机遭受内存攻击等风险对存储数据造成的威胁.本文工作主要包括以下3方面:(1)利用信任根DICE构建可信物联网设备,为提供可信服务提供安全前提.(2)建立基于信任根DICE的远程证明机制和访问控制机制实现安全认证和安全通信信道的建立.(3)最终利用可信物联网设备为合法主机用户提供可信的安全存储服务,在实现数据安全存储的同时,兼顾隔离性和使用过程的灵活性.实验结果表明,本方案提供的安全存储服务具有较高的文件传输速率,并具备较高...

DICE-based Attestation and Storage Scheme

The continuous development of information technology and the popularization of intelligent terminal devices have led to the continuous growth of the total amount of global data storage, and the threats and challenges faced by data have increased with the prominence of their importance. However, currently, some computing and storage devices still lack data protection modules or have weak data protection capabilities. Existing data security storage technologies generally protect data through encryption, but data encryption and decryption operations, or data protection processes, are usually performed on the applied devices, resulting in threats to the security of stored data when the applied devices are subjected to various attacks. In response to the above issues, this study proposes a DICE-based Internet of Things (IoT) device attestation storage scheme, which utilizes trusted IoT devices built based on the lightweight root of trust DICE to provide secure storage services for general-purpose computing devices (collectively referred to as hosts), moves data encryption and decryption operations to trusted IoT devices, and eliminates threats to stored data caused by risks such as host memory attacks. This study mainly includes the following three aspects: (1) building a trusted IoT device by using the root of trust DICE to provide a security prerequisite for providing trusted services; (2) establishing a DICE-based remote attestation mechanism and access control mechanism to achieve secure authentication and establish a secure communication channel; (3) using the trusted IoT device to provide trusted and secure storage services for legitimate host users, which achieves secure data storage and takes into account isolation and flexibility in the use process. The experimental results show that the secure storage service provided by this scheme has a high file transfer rate and high security, which can meet the requirements for secure data storage in general scenarios.