Institutional Repository
| 基于TrustZone的可信移动终端云服务安全接入方案 | |
| Alternative Title | Secure Access Scheme of Cloud Services for Trusted Mobile Terminals using TrustZone |
| 杨波; 冯登国; 秦宇; 张英骏 | |
| 2016 | |
| Source | 软件学报
 |
| ISSN | 1000-9825 |
| Volume | 27Issue:6Pages:1366-1383 |
| English Abstract | 可信云架构为云计算用户提供了安全可信的云服务执行环境,保护了用户私有数据的计算与存储安全.然而在移动云计算高速发展的今天,仍然没有移动终端接入可 信云服务的安全解决方案.针对上述问题,提出了一种可信移动终端云服务安全接入方案.方案充分考虑了移动云计算应用背景,利用ARM TrustZone硬件隔离技术构建可信移动终端,保护云服务客户端及安全敏感操作在移动终端的安全执行.结合物理不可克隆函数技术,给出了移动终端密钥 与敏感数据管理机制.在此基础上,借鉴可信计算技术思想设计了云服务安全接入协议.协议兼容可信云架构,提供云服务端与移动客户端间的端到端认证.分析了 方案具备的6种安全属性,给出了基于方案的移动云存储应用实例,实现了方案的原型系统.实验结果表明:可信移动终端TCB较小,方案具有良好的可扩展性和 安全可控性,整体运行效率较高. |
| Indexed Type | CSCD |
| Abstract | Trusted cloud architecture provides isolated execution environment for trusted and secure cloud services, which protects the security of cloud users' data computation and storage. However, with the rapid development of mobile cloud computing, there is currently no secure solution for mobile terminals accessing trusted cloud architecture. To address this issue, this research proposes a secure access scheme of cloud services for trusted mobile terminals. By fully considering the background of mobile cloud computing, an architecture of trusted mobile terminal is constructed using ARM TrustZone hardware-based isolation technology that can prevent the cloud service client and security-sensitive operations on the terminal from malicious attacks. Leveraging physical unclonable function (PUF), the key and sensitive data management mechanism is presented. Based on the trusted mobile terminal and by employing trusted computing technology, the secure access protocol is designed. The protocol is compatible with trusted cloud architecture and establishes an end-to-end authenticated channel between mobile cloud client and cloud server. Six security properties of the scheme are analyzed and an instance of mobile cloud storage is provided. Finally a prototype system is implement. The experimental results indicate that the proposed scheme has good expandability and secure controllability. Moreover, the scheme achieves small TCB for mobile terminal and high operating efficiency for cloud users. |
| Keyword | 移动云计算 可信计算 可信移动终端 安全接入 物理不可克隆函数(Puf) |
| Department | 杨波, 中国科学院软件研究所, 中科院可信计算与信息保障实验室, 北京 100190, 中国;秦宇, 中国科学院软件研究所, 中科院可信计算与信息保障实验室, 北京 100190, 中国;张英骏, 中国科学院软件研究所, 中科院可信计算与信息保障实验室, 北京 100190, 中国;冯登国, 中国科学院软件研究所, 计算机科学国家重点实验室;;中科院可信计算与信息保障实验室, 北京 100190, 中国; |
| Language | 中文 |
| CSCD ID | CSCD:5720679 |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/17359 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | 杨波,冯登国,秦宇,等. 基于TrustZone的可信移动终端云服务安全接入方案[J]. 软件学报,2016,27(6):1366-1383. |
| APA | 杨波,冯登国,秦宇,&张英骏.(2016).基于TrustZone的可信移动终端云服务安全接入方案.软件学报,27(6),1366-1383. |
| MLA | 杨波,et al."基于TrustZone的可信移动终端云服务安全接入方案".软件学报 27.6(2016):1366-1383. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| 基于TrustZone的可信移动终端云服(2143KB) | 开放获取 | License | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment