中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Title:
基于TrustZone的可信移动终端云服务安全接入方案
Alternative Title: Secure Access Scheme of Cloud Services for Trusted Mobile Terminals using TrustZone
Author: 杨波 ; 冯登国 ; 秦宇 ; 张英骏
Keyword: 移动云计算 ; 可信计算 ; 可信移动终端 ; 安全接入 ; 物理不可克隆函数(PUF)
Source: 软件学报
Issued Date: 2016
Volume: 27, Issue:6, Pages:1366-1383
Indexed Type: CSCD
Department: 杨波, 中国科学院软件研究所, 中科院可信计算与信息保障实验室, 北京 100190, 中国;秦宇, 中国科学院软件研究所, 中科院可信计算与信息保障实验室, 北京 100190, 中国;张英骏, 中国科学院软件研究所, 中科院可信计算与信息保障实验室, 北京 100190, 中国;冯登国, 中国科学院软件研究所, 计算机科学国家重点实验室;;中科院可信计算与信息保障实验室, 北京 100190, 中国;
Abstract: 可信云架构为云计算用户提供了安全可信的云服务执行环境,保护了用户私有数据的计算与存储安全.然而在移动云计算高速发展的今天,仍然没有移动终端接入可 信云服务的安全解决方案.针对上述问题,提出了一种可信移动终端云服务安全接入方案.方案充分考虑了移动云计算应用背景,利用ARM TrustZone硬件隔离技术构建可信移动终端,保护云服务客户端及安全敏感操作在移动终端的安全执行.结合物理不可克隆函数技术,给出了移动终端密钥 与敏感数据管理机制.在此基础上,借鉴可信计算技术思想设计了云服务安全接入协议.协议兼容可信云架构,提供云服务端与移动客户端间的端到端认证.分析了 方案具备的6种安全属性,给出了基于方案的移动云存储应用实例,实现了方案的原型系统.实验结果表明:可信移动终端TCB较小,方案具有良好的可扩展性和 安全可控性,整体运行效率较高.
English Abstract: Trusted cloud architecture provides isolated execution environment for trusted and secure cloud services, which protects the security of cloud users' data computation and storage. However, with the rapid development of mobile cloud computing, there is currently no secure solution for mobile terminals accessing trusted cloud architecture. To address this issue, this research proposes a secure access scheme of cloud services for trusted mobile terminals. By fully considering the background of mobile cloud computing, an architecture of trusted mobile terminal is constructed using ARM TrustZone hardware-based isolation technology that can prevent the cloud service client and security-sensitive operations on the terminal from malicious attacks. Leveraging physical unclonable function (PUF), the key and sensitive data management mechanism is presented. Based on the trusted mobile terminal and by employing trusted computing technology, the secure access protocol is designed. The protocol is compatible with trusted cloud architecture and establishes an end-to-end authenticated channel between mobile cloud client and cloud server. Six security properties of the scheme are analyzed and an instance of mobile cloud storage is provided. Finally a prototype system is implement. The experimental results indicate that the proposed scheme has good expandability and secure controllability. Moreover, the scheme achieves small TCB for mobile terminal and high operating efficiency for cloud users.
Language: 中文
Citation statistics:
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/17359
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:
File Name/ File Size Content Type Version Access License
基于TrustZone的可信移动终端云服务安全接入方案.pdf(2143KB)----限制开放 联系获取全文

Recommended Citation:
杨波,冯登国,秦宇,等. 基于TrustZone的可信移动终端云服务安全接入方案[J]. 软件学报,2016-01-01,27(6):1366-1383.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[杨波]'s Articles
[冯登国]'s Articles
[秦宇]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[杨波]‘s Articles
[冯登国]‘s Articles
[秦宇]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace