摘要
通过分析TCG对可信计算平台中平台配置寄存器的定义,结合数据封装技术的相关研究,提出了一种可信平台的属性表示方法,该方法可以较全面地刻划一个可信平台的特征,并方便进行零知识证明的属性验证。针对可信计算平台固有的暴露用户隐私的缺陷,将零知识证明引入平台的属性验证过程,提出了一种第三方参与的基于属性的零知识证明数据封装方法。对该方法进行了安全性分析和实验的验证,实验结果表明,该方法在保持已有方案优势的前提下,有较小的数据增加量,可对数据的远程解封提供支持,且能避免可信平台隐私信息的泄漏。
By analyzing the definition of the platform configuration registers (PCRs) in the trusted computing platform (TCP) by the trusted computing group (TCG) and combining related researches for techniques of data sealing, a method for property representation of the trusted platform. This method not only can fully illustrate all the characteristics of a trusted computing platform is proposed, but also can make the verification process of the properties with the zero-knowledge proof more conveniently. As well known, one major and inherent defect of trusted computing platform is its exposure for user's pri- vacy. Aiming at overcoming such a drawback, a method of data sealing based on property with zero-knowledge proof is pro- posed. And in this method, a Trusted Third Party is invited to make proof for verifying the trusted platform. The analysis for security of the method is presented and verification is made for it by experiment. Results from the experiment shows that, this method maintains as the same advantages as other existed schemes, whereas only with a small quantity of data cost. Such small data incrementation not only supports unsealing at remote server, but also works well for preventing privacy disclosure in a trusted platform.
出处
《计算机工程与设计》
CSCD
北大核心
2013年第1期28-31,54,共5页
Computer Engineering and Design
基金
国家"十一五"科技支撑计划基金项目(2006BAF01A00)
关键词
可信计算
数据封装
属性表示
零知识证明
隐私泄漏
trusted computing
data sealing
property representatiom zero-knowledge proof~ privacy disclosure
