中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 期刊论文
题名:
基于可信平台模块的虚拟单调计数器研究
作者: 李昊 ; 秦宇 ; 冯登国
关键词: 可信计算 ; 重放攻击 ; 可信平台模块 ; 单调计数器 ; 传输会话Hard disk storage ; Security of data ; Thermoelectric power ; Virtual storage
刊名: 计算机研究与发展
发表日期: 2011
卷: 48, 期:3, 页:415-422
部门归属: 信息安全国家重点实验室(中国科学院软件研究所);信息安全共性技术国家工程研究中心
摘要: 分析了存储中常见的重放攻击问题,提出一种基于可信平台模块TPM构造虚拟单调计数器的方案以阻止重放攻击.该方案基于TPM提供的硬件计数器、传输会话与私钥保护3种机制建立起虚拟计数器管理器(virtual counter manager,VCM),再由VCM构造和管理虚拟单调计数器.同时提出了一种VCM恶意行为检测算法,用以确保VCM的可信性,使得该方案的安全性仅依赖于TPM的防篡改性.最后,通过实验分析,提出了2个性能改进方案,以确保方案的可行性.
英文摘要: Any security storage system needs to address at least three security issues: confidentiality, integrity and freshness. Of these, freshness is the most challenging problem. However, the traditional software-based solutions themselves are on the storage device, such as a hard disk. Hence, they can not solve the problem. The attacker can replay the whole disk data using an "out-of-date" image of hard disk. Thus, the only solution to this problem would be to employ some form of irreversible state change. In this paper, we analyze the problem of replay attacks upon storage, and propose a TPM-based solution to build virtual counters, in order to defend against replay attacks. In this solution, we build a virtual counter manager (VCM) with three mechanisms in TPM: TPM Counters, transport sessions and protection of private keys; and then we can create and manage lots of trusted virtual counters with VCM. Furthermore, an algorithm for checking malicious operations of VCM is presented in order to ensure the trust of it. Hence, the security of our solution just depends on the tamper-resistant module TPM. Finally, the performance of our solution is analyzed, and two changes are proposed to improve the performance in order to keep the solution of anti-replay attacks feasible.
语种: 中文
内容类型: 期刊论文
URI标识: http://ir.iscas.ac.cn/handle/311060/13893
Appears in Collections:信息安全国家重点实验室_期刊论文

Files in This Item:
File Name/ File Size Content Type Version Access License
基于可信平台模块的虚拟单调计数器研究.pdf(1052KB)----限制开放-- 联系获取全文

Recommended Citation:
李昊,秦宇,冯登国. 基于可信平台模块的虚拟单调计数器研究[J]. 计算机研究与发展,2011-01-01,48(3):415-422.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[李昊]'s Articles
[秦宇]'s Articles
[冯登国]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[李昊]‘s Articles
[秦宇]‘s Articles
[冯登国]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace