| ¡¡ | Chinese Journal of Computers Full Text |
| Title | Research on Attestation Method for Trust Computing Environment |
| Authors | FENG Deng-Guo QIN Yu |
| Address | (State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190) |
| Year | 2008 |
| Issue | No.9(1640¡ª1652) |
| Abstract & Background | Abstract At first£¬ the authors analyze the problems of dynamic characteristic, concurrency and consistency for Multiple Remote Attestation Instance (Multi-RAI) in trust computing environment, and propose a complete dynamic update attestation scheme for Multi-RAI in trust computing environment, which guarantees the trustworthiness of endpoints¡® computing environment. Then the authors illustrate attestation method of trust computing environment which is comprised of measurement algorithm for computing environment, computing algorithm for session component tree and attestation protocol for Multi-RAI. At last the authors analyze the security and efficiency of Multi-RAI attestation method, and construct the prototype system¡¡for proving scheme's feasibility and high-performance. Keywords trust computing; remote attestation instance; component measurement; session component tree; update attestation Background The work attributes to the project "Trust Chain Establishment in Trust Platform", which is supported by the National Basic Research Program(973 Program) of China under grant No.2007CB311202, the National Science Foundation of China under grant No.60673083, and the National High Technology Research and Development Program of China (863 Plan) under grant No.2007AA01Z412. The attestation on trust computing environment becomes one of the imminence requirements in the distribution application security, which is widely focused on by so many research centers and institutes. The recent methods like TCG attestation, direct attestation, and property-based attestation ets. solve the static attestation on the running state of computing environment, and also protect the platform configuration privacy, but the research about dynamic update attestation and concurrent attestation is not covered recently. In this paper, the authors analyze the problems of dynamic characteristic, concurrency and consistency for multiple remote attestation instances (Multi-RAI), and then propose a Multi-RAI dynamic and concurrent attestation scheme in trust computing environment which is comprised of component integrity algorithm, session component tree calculation and Multi-RAI attestation protocol. At last the prototype for the proof-of-concept is implemented to prove the feasibility and performance, and the method security and efficiency are also analyzed. |