《计算机应用研究》|Application Research of Computers

基于可信计算的企业云签证协议设计与证明

Design and proof of enterprise cloud certification protocol based on trusted computing

免费全文下载 (已被下载 次)  
获取PDF全文
作者 孙浩男,鹤荣育
机构 信息工程大学,郑州 450001
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2020)07-042-2126-06
DOI 10.19734/j.issn.1001-3695.2019.01.0019
摘要 为解决当前企业云内部部门之间通信时缺乏身份认证的问题,提出基于可信计算的企业云签证方法与协议,并对其进行证明和分析。在可信云vTPM架构基础上,通过设计vAIK签证协议,建立vTPM与企业云部门终端之间的身份对应关系并保证了vTPM签名能力的合法性。通过设计vTPM远程证明协议使得企业云内部通信时的消息发送方身份可验。vAIK签证过程中的报告由云平台签名、远程证明过程中的报告由云平台和vTPM共同签名以保证消息发送方的身份真实性,并在vAIK签证和远程证明过程中加入随机数保证报告新鲜性。最后使用SVO逻辑对vTPM证书签证和远程证明协议进行了证明与分析,结果表明该设计能够达到理想目标。
关键词 签证协议; 可信云; 企业云; 远程证明; SVO逻辑
基金项目 国家自然科学基金资助项目
本文URL http://www.arocmag.com/article/01-2020-07-042.html
英文标题 Design and proof of enterprise cloud certification protocol based on trusted computing
作者英文名 Sun Haonan, He Rongyu
机构英文名 PLA Information Engineering University,Zhengzhou 450001,China
英文摘要 In order to solve the problem of lacking identity authentication in the communication between the internal departments of the enterprise cloud, this paper proposed the enterprise cloud certification method and protocol based on trusted computing, and analyzed it with proof. Based on the trusted cloud vTPM architecture, this paper designed the vAIK certification protocol to establish the identity relationship between the vTPM and the enterprise cloud department terminal, and guaranteed the legality of vTPM signature capability. This paper also designed the vTPM remote attestation protocol to make the message sender's identity verifiable in the internal communication of the enterprise cloud. The cloud platform signed the report in the vAIK certification process, and the cloud platform and vTPM jointly signed the report in the remote attestation process to ensure the authenticity of message sender's identity. At the same time, random numbers in the vAIK certification and remote attestation process could guarantee the freshness of the report. Finally, it used the SVO logic to prove and analyze the vTPM certificate and remote attestation protocol. The results show that the design can achieve the desired objective.
英文关键词 certification protocol; trusted cloud; enterprise cloud; remote attestation; SVO logic
参考文献 查看稿件参考文献
 
收稿日期 2019/1/11
修回日期 2019/3/8
页码 2126-2131
中图分类号 TP309.2
文献标志码 A