| 题名 | 可信平台模块分析与测试技术研究 |
| 作者 | 陈小峰 |
| 学位类别 | 博士 |
| 答辩日期 | 2009-01-14 |
| 授予单位 | 中国科学院软件研究所 |
| 授予地点 | 软件研究所 |
| 关键词 | 可信平台模块 可信计算平台 符合性测试 直接匿名证明 |
| 其他题名 | Research on Security Analysis and Testing of Trusted Platform Module |
| 中文摘要 | 在可信计算平台的体系结构中,可信平台模块的基础性地位决定了其在可信计算平台的研究中居于中心的地位。本文对可信平台模块中可信机制特别是隐私性保护机制进行了详细的分析,并以可信平台模块作为建模的对象,对其进行形式化分析,探讨利用形式化模型生成测试用例,进行符合性测试的技术。本文主要取得了以下几个方面的成果: 1、针对现有的隐私性保护方案即BCC方案在多信任域环境下的不足,提出了一种多信任域内的直接匿名证明方案,该方案为直接匿名证明方案在多信任域的网络环境下的应用奠定了基础。 2、针对BCC方案匿名性机制中“验证着相关的完全或无”匿名性的缺陷,提出了带子群隐私保护的隐私性保护方案,该方案为小群体内应用隐私性保护方案提供了可行的解决方法,增强了现有隐私性保护方案匿名机制的灵活性。 3、提出了一种新的基于双线性映射的直接匿名证明方案,该方案的计算量小,签名长度短,为下一代基于椭圆曲线的可信平台模块提供了可行的隐私性保护方案。 4、针对目前可信平台模块符合性测试缺少自动化测试方案的现实,本文提出了一个新的针对可信平台模块的测试方案,该方案利用EFSM形式化模型生成测试用例,支持覆盖度的分析,可以实现测试的自动化,在符合性测试中可以帮助提高测试的覆盖程度与工作效率。 5、最后,本文首次对可信平台模块的本地化产品可信密码模块进行了系统的分析,指出了其中的AP授权协议的一些缺陷,并给出了改进意见,对可信密码模块和可信平台模块进行了详细的对比和分析,指出可信密码模块存在的不足和优势。 总的说来,本文的研究成果为可信平台模块的推广提供了有力的支撑,并且为我国可信密码模块的发展提供了借鉴。 关键词:可信平台模块、可信计算平台、 符合性测试、直接匿名证明 |
| 英文摘要 | According to the trusted computing platform architecture proposed by TCG, the trusted platform module is the core component which means that the researches on the trusted platform module is the most important part of the researches on the trusted computing platform.In this paper, we give a detailed analysis of the privacy protection scheme of the trusted platform modules, we also give a formal model of the trusted platform module, investigate the methods of how to generate the test cases using the proposed formal model. The main contributions of this thesis are listed as follows: (1) To avoid the deficiency of current privacy protection scheme in multi-domain environments. This thesis extends the current privacy protection scheme for multi-domain environment. The new scheme lay a solid foundation for protecting the privacy of trusted platform module in multi-domain networks. (2) The current privacy protection scheme adopts an anonymous scheme which is “all or none” for verifiers. This thesis proposes the privacy protection scheme with sub-group privacy enhancement property,the proposed scheme provides the privacy protection solution for the small groups. (3) Propose a new direct anonymous attestion scheme from the bilinear maps. Compared to other current schemes, our scheme cut down the signature length,bring down the TPM part computational cost in the signing process. Our scheme gives a practical solution for ECC-based TPM on protecting the privacy of the TPM. (4) Provide an automatic testing strategy for trusted platform module.The strategy bases on Z formal specification, generates the EFSM model using the Z formal specification. Finally, uses the EFSM model for generating the test cases. The proposed scheme helps to improve the quality and efficiency of the compliance testing. (5)Analyze the AP protocol in the trusted cryptographic module which is the national countartpart of trusted platform module. Point out the flaws in the AP protocol and give the solution. Compare the trusted platform module with the trusted cryptographic module in several aspects, give some constructive suggestions for the trusted cryptographic modules. In summary, the achievement of this thesis promotes the research on the trusted platform module and gives some suggestions for the national trusted cryptographic module. Key words:trusted platform module,trusted computing platform,compliance testing, direct anonymous attestation |
| 语种 | 中文 |
| 公开日期 | 2011-03-17 |
| 页码 | 129 |
| 内容类型 | 学位论文 |
| 源URL | [http://124.16.136.157/handle/311060/6760]  |
| 专题 | 软件研究所_信息安全国家重点实验室_学位论文 |
| 推荐引用方式 GB/T 7714 | 陈小峰. 可信平台模块分析与测试技术研究[D]. 软件研究所. 中国科学院软件研究所. 2009. |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论