Institutional Repository
| TPM可迁移密钥安全性分析与研究 | |
| Alternative Title | security analysis and research on tpm migratable key |
| 张倩颖; 赵世军; 冯登国 | |
| 2012 | |
| Source | 小型微型计算机系统
 |
| ISSN | 1000-1220 |
| Volume | 33Issue:10Pages:2188-2193 |
| English Abstract | TPM密钥迁移机制使密钥按照迁移特性分为了可迁移密钥和不可迁移密钥两类,本文深入分析可迁移密钥的安全性,指出可迁移密钥存在的安全问题.首先,利用密钥迁移机制,TPM所有者能将TPM内部可迁移密钥以迁移块的形式导出,解密迁移块能获得可迁移密钥私钥.其次,TPM用户能通过密钥迁移机制将非TPM产生的用户可控密钥构造成迁移块,作为迁移密钥导入到TPM内部.此外,用户使用TPM密钥加载命令能将非TPM产生的用户可控密钥作为TPM产生的可迁移密钥加载到TPM中.在对TPM规范理论分析的基础上,本文从技术角度给出了攻击可迁移密钥安全性的实现方法,并对部分安全问题提出了解决方案.通过分析,本文指出TPM提供密钥迁移机制的同时,也降低了可迁移密钥的安全保护强度.因此,用户在使用可迁移密钥时,应增强安全意识,在安全要求高的操作中尽量不要使用TPM可迁移密钥. |
| Indexed Type | CNKI ; CSCD ; WANFANG |
| Abstract | TPM key migration mechanism put keys into two categories in accordance with the migration characteristics.This paper gives a deep security analysis of TPM migratable keys,and points out some security flaws about TPM key migration.First,by key migration mechanism,the TPM owner can export a migratable key in the form of migration blob,decrypt the blob,and get the plaintext of the TPM private key.Second,a TPM user can use TPM key migration mechanism to import a non-TPM generated key blob into TPM.Third,a TPM user can construct a loadable blob of a non-TPM generated key,and then load it into TPM by the TPM key loading command.On the basis of analyzing the TPM specification theoretically,we give an attack in technical view,and propose a solution to one of the security problems.The analysis indicates that the TPM key migration mechanism,in spite of improving key interoperability between TPMs,reduces the security strength of the migratable key.Therefore,TPM users must think over the security weaknesses when using migratable keys,and do not use migratable keys in security critical operation as far as possible. |
| Keyword | 可信平台模块 可迁移密钥 安全性分析 密钥迁移 |
| Department | 中国科学院软件研究所; |
| Subject | Computer Science (Provided By Thomson Reuters) |
| Sponsorship | 国家自然科学基金项目(91118006)资助 |
| Language | 中文 |
| CSCD ID | CSCD:4652381 |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/15381 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | 张倩颖,赵世军,冯登国. TPM可迁移密钥安全性分析与研究[J]. 小型微型计算机系统,2012,33(10):2188-2193. |
| APA | 张倩颖,赵世军,&冯登国.(2012).TPM可迁移密钥安全性分析与研究.小型微型计算机系统,33(10),2188-2193. |
| MLA | 张倩颖,et al."TPM可迁移密钥安全性分析与研究".小型微型计算机系统 33.10(2012):2188-2193. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment