可信计算平台密钥管理技术及应用

【作者】 王海燕；

【导师】 吴振强；

【作者基本信息】 陕西师范大学 ， 计算机软件与理论， 2010， 硕士

【摘要】 密码技术一直以来都是信息安全领域的重要部分,对致力于从源头上解决信息系统安全问题的可信计算技术来讲,密码技术更是可信计算技术关键机制的基础,是可信计算体系中最重要的核心技术。密钥管理是密码系统的基本要素之一,可信计算平台中密钥管理体系的有效性直接关系着整个可信计算系统的安全性,在整个可信计算体系中占有举足轻重的地位。因此,研究可信计算平台中的密钥管理技术具有重要意义。论文在深入分析TCG规范中密钥管理相关技术的基础上,重点研究了可信计算平台中所涉及的密码算法、不同类型的密钥和证书及其生成过程、密钥存储结构、密钥使用等技术,并针对现有方案中存在的不足,结合传统信息安全领域中的密钥管理技术,提出了相应的解决方案。本论文的创新性工作主要有以下两点：(1)在对TCG规范中密钥使用技术深入研究的基础上,针对规范中现有的密钥迁移方案的安全性进行了分析,指出了其中存在的不足之处,并结合动态口令认证技术,在密钥迁移过程中引入动态迁移授权数据,提出了一种新的基于动态迁移授权数据的密钥迁移方案。该方案增强了密钥迁移操作的安全性,为用户提供了一种安全性高且易于管理的密钥迁移操作。(2)在对密钥相关技术综合研究的基础上,结合对密钥协商协议的研究和可信计算平台的特性,利用McCullagh-Barreto协议的思想,提出了一个可信计算环境下无PKG的认证密钥协商协议,并通过定性安全分析和形式化的安全性证明方法,证明了该密钥协商协议的正确性和有效性。用形式化方法对协议进行了安全性分析,结果表明该协议具备已知密钥安全性,完善前向保密性及密钥泄露安全性等安全属性。更多还原

【Abstract】 Cryptography has always been an important part of the information security field. For the trusted computing technology which commits to resolve the information system security from the source, cryptography is the foundation of the key mechanism of trusted computing technology, is the most important core technology of the trusted computing system. As one of the basic elements of cryptography, key management of trusted computing platforms has a direct effective on the entire trusted computing system security and in the entire trusted computing system occupies an important position. Therefore, the study on trusted computing platform key management technology is of great significance.This thesis is based on the in-depth analysis on key management technologies in the TCG specification and focus on the cryptographic algorithm, different types of keys and certificates and their formation process, key storage structure, the use technologies of key involved in the trusted computing platform, and for the shortcomings in existing programs, combined with the key management techniques in the traditional information security field, put forword the corresponding solution. The innovatives of this thesis have the following two points:1) On the base of the depth study on the use technology of key in the TCG specifications, this thesis analysis the key migration program in the existing specification and point out the shortcomings, and takes advantage of dynamic password authentication technology and introduces the dynamic migration authorization data, proposes a new key migration scheme based on dynamic migration authorization data. The scheme not only enhances the operational safety of key migration, but also reduces the management complexity of the authorization data and provides a safe and convenient key migration operation.2) With the study of key agreement protocol the characteristics of the TPM platform based on the comprehensive analysis of the key technologies, combining with McCullagh-Barreto authenticated key agreement protocol, the thesis proposes a TPM platform based authenticated key agreement protocol in trusted computing. Especially, the security properties of the protocol are analyzed in detail in Canetti-Krawczyk model. The results indicate that the protocol has the corresponding security attributes in CK security model such as known key security, perfect forward secrecy, key-compromise impersonation.更多还原