实际应用情况表明:基于PKI的信任机制可以证明资源访问者、资源拥有者的身份是可信的,但是无法确认资源访问者、资源拥有者所处的环境是可信的。因为需要相互向对方证明或者提供证据给对方 以确认自身所处环境的可行性。 基于PKI的信任机制缺乏这样一种能力: 在安全专用网络中,当网络中的一个主机申请加入这个专网时,在验证了它的身份后 还应该判定主机上的操作系统和软件是可以信赖的,这样可以有效阻止病毒和木马在专用网络中的传播。 如何有效地的远程证明一个主机的硬件、操作系统、应用软件等的真实可信性是一个亟待解决的问题。 可信计算技术的出现是为了保证终端设备的安全。 以TPM作为可信度量根、可信存储根、可信报告根。可信平台可以:向外来用户证实平台所处的状态,让外来用户判断本平台是否处于一个安全的状态。 PCR:平台配置寄存器platform configuration register 可信报告:
The AIK has only one intended use: digitally sigh the platform configuration during attestation. The reason to have an unlimited number of AIK is to achieve anonymity. if the same AIK is used on every attestation the anonymity is lost. "In order to be able to use a TPM in an effective way the owner must take ownership. The user taks ownership by showing his/her physicial presents by e.g. pressing a key and then type in a password. when ownership has been taken the SPK is created in the TPM. SPK=Storage Root Key" 3. An Aik key pair is generated in the TPM. to get the public aik verified and signed by a ttp, the platform bundles the public aik and the endorsement, platform and conformance credentials into a request. request0=public(aik)+endorsement+platform+conformance (credential) 4. the tpm create a hash of the TTP's public key, the hash is encrypted with the private aik to create a signature, which is sent with the request to a ttp. request1=sign(h(public(TTP)))+request0. 5.ttp receive the request1: verify the signature and credentials. if ok then create the aik certificate by signing public aik with the ttp's private key. 6. aik certificate is sent back to the platform, encrypted by the public endorsement key.(确保只有发起者能得到该证书) 这样做的目的是什么呢?既然证明者需要得到该证书! TPM的结构示意: The PCR is a 160 bits storage location used for integrity measurements.There are at lease 16 PCRs and they are in a shielded location inside the TPM. The first 8 is reserved for TPM use(measuring during boot, etc) The last 8 is reserved for operating system and application. 参考:http://hi.baidu.com/baby_of_gyq/blog/item/35fdfea10343ab834610643d.html |