First, the concept
The basic idea of trusted computing:
In a computer system, the establishment of a trusted root, the root of trust from the beginning to the hardware platform, operating system, application, a measure level, a confidence level to that trust extended to the entire computer system, and to take protective measures to ensure that computing resources, data integrity and behavior predictability, thereby enhancing the credibility of the computer system.
Popular explanations:
+ ≈ credible and reliable security
Trusted Computing at this stage should have the resources to ensure data integrity, data security and storage platform for remote attestation and other functions.
Second, the key technology
Root of trust:
Root of trust is a credible basis points from a trusted computer, as well as the implementation of point security controls. There are three roots of trust in the function.
1, the root of trust for measurement (root of trust for measurement, RTM). RTM is a credible platform for the credibility of the amount of basis points in the TCG trusted platform, the platform is a piece of software when executed first start for the credibility of the amount of the computer. Also known as the root of trust for measurement core (crtm). Specific to the Trusted Computing PC, the BIOS is the code in the beginning.
2, the trusted storage root (root of trust for storage, RTS). RTS is a confidence measure for secure storage of basis points. By the TPM chip is referred to as a set of platform configuration registers (paltform configuration register, RCP) and a storage root key (storage root key, SRK) composition.
3, credible reports root (RTR, report). Pcr and endorsement by the secret key (endorsement key) is derived keys AIK (attestaion identity key) components.
Trusted Computing Platform root of trust by the TPM chip machines and corresponding software as a key period.
Measurement storage reporting mechanisms:
Based root of trust, the credibility of computer platforms metric and metric values into a trusted store, provide a report when the object access. It is a computer platform to ensure their credibility, and provide reliable service out of an important mechanism.
1, measure
A little single method has yet to be credible computing platform measure, therefore TCG measure of credibility is an important measure of system resources, data integrity method. And system resources on the important data to achieve hash value is calculated and securely stored; when the amount of credibility, recalculate the hash value of the vital resource data, and to be achieved stored hash value comparison.
2, storage
Value amount of confidence be securely stored. tcg by way of the extended computing a hash value. I.e. new plant is connected to the existing value, a hash value is calculated again for the new work integrity metric value stored in the PCR. New PCRi = hash (old PCRi || new value)
3, report
After the reliability value is stored, accessed when accessing objects, status reports provide credible platform to access the object. To ensure the safety of the contents of the report, you must also use encryption, digital signatures and authentication technology, also known as remotely credible proof.
Trusted Platform Module:
A trusted platform module TPM Soc chip, a trusted root trusted computing platform (RTS and the RTR), also embodiments Trusted Computing Platform security control point.
Cryptographic coprocessor: public key cryptography acceleration engine
Key generating means: generates a key of public key cryptography
Engine hash function: hash function hardware engine
Random number generating means: random source in the TPM, a random number generating a key and a symmetric cipher
HMAC engine: hash-based message authentication code function hardware engine
Power management unit: the power state of the TPM watchpoint
Switch Configuration: resource configuration and state of the TPM
Execution Engine: CPU and associated firmware
Nonvolatile memory: the storage key identification data and other important
Volatile memory: TPM working memory
IO components: TPM internal and external communication
Virtual trusted module: vTPM Sun software emulates a physical TPM features to further establish a strong link between physical and vTPM TPM, the TPM trust chain extended from physical to virtual machines.
Trusted Computing Platform:
Trusted PC is the first development and has been trusted computing platform widely used feature is embedded on the motherboard credible building blocks (trusted Building block, TBB). TBB is the root of trust trusted PC platform. Including CRTM and TPM, and the connection between them and the motherboard.
Board structure has a substrate server control manager (baseboard Management controller, bmc), bmc features: configuration management, hardware management, system control and Troubleshooting. BMC should play a role in the measurement storage reporting mechanisms of trusted servers. (At present no examples)
The trusted server must have a safe and reliable trusted migrate virtual machines and virtual machines, and require vTPM vTPM trusted migration technology. , Non-intermittent server requesting server was started a long time does not shut down, which requires credible server has multiple trusted measurement mechanism.
Trusted Software Stack:
Trusted Platform Module (TPM, TCM, TPCM) is the root of trust trusted computing platform, operating system and application software to use the Trusted Platform Module, middleware software needed to link Trusted Platform Module and application, this software middleware to become tcg software stack (TCG software stack, TSS).
Remote Attestation:
Determine whether the user interact with the platform in a process known as remote credible proof.
When the remote trusted computing platform needs to be demonstrated, providing a trusted platform trustworthiness report (PCR value) is reported to the user by the trusted root. During storage and transport network, password protection, to achieve credible platform for remote attestation.
Trusted Network Connect:
tcg trusted network connection (trusted network connect, TNC) extend the platform to implement the trusted network, to ensure that trusted network.
TNC's main idea: to verify the integrity of the access requester, evaluate it based on heterosexual security policy to determine whether to allow the requester connected to a network, thereby ensuring the credibility of the network connection.
Trusted Computing Summary:
Trusted Computing shortcomings:
1, the practical application is not yet widely
(1), applications Trusted Platform Module chip is extensive
(2), the application of trusted computing platform is not wide enough
Most credible chip PC just as credible chip cryptographic support member for disk and data encryption and authentication, and did not support the measure reporting mechanisms and other trusted storage platform capabilities.
2, some of the key technology of trusted computing need to improve and upgrade
(1) As long as the mechanism to further enhance the credibility of the amount
For ordinary pc, every upgrade patch, you need to recalculate the hash value of the important resources of the system.
For server and industrial computer platform, the probability of their patch of smaller, more suitable for the implementation of trusted measurement technology.
(2), data integrity software only shows that the software has not been tampered with, and can not explain itself without flaws.
Based protection mechanisms to check data integrity is to have a certain effect range, scope and safety checks are contradictory, it should be a compromise between the two.
Software has two states: the state of static data and dynamic data state. Based on the data integrity measure it is static. Trusted Computing is still a lack of protection measures and mechanisms for dynamic behavior integrity.
In addition, data security, including confidentiality, integrity and availability of data. Trusted Computing metric storage reporting mechanisms only committed to integrity, did not address two other aspects. Further use of the rich resources TPM password to ensure confidentiality and availability of data.
(3), repeatedly measure (to ensure data integrity and behavior) is the next step directions trusted server platforms and credible industrial computer.
在PC领域,可信度量机制是在PC开机时进行可信度量,对于PC这种一天开关数次的平台来说,用户会相信其可信性。但对于服务器和工控计算机这种一次开机长久不关闭的平台来说,用户很难相信其可信性,需进行多次静态和动态的度量,及重要资源的静态数据完整性和度量其动态行为完整性。
TCG称开机时的可信度量为静态度量(SRTM,static root of trust measurement),开机后的度量为动态度量(DRTM,dynamic root of trust measurement)。
Intel的动态度量机制成为可信执行技术(TXT,trusted execution technology),txt以cpu为信任根,与tpm相结合,执行可信度量,一直度量到应用软件,构建可信的软件执行环境。
执行环境的安全功能有:保护执行,在CPU中提供安全的区域运行敏感应用程序;密封存储,采用密码保护数据的机密性和完整性;远程证明,给用户提供平台的可信性报告,使用户相信平台是可信的;I/O保护,对平台的IO进行保护,使用户与应用程序间的交互路径是可信路径。
AMD采用专门的安全处理器(psp),基于PSP,对系统进行可信度量,为用户建立安全执行环境。在这个环境里屏蔽了所有中断,关闭了虚拟内存,禁止了DMA,除了PSP处理器外其他处理器不工作。在PSP执行安全加载程序前,首先对这个程序进行度量,度量值被写进PCR。PCR磁能通过特殊的LPC总线周期才能读取,软件无法默契周期,保证了只有PSP才能读取这个PCR,确保了可信度良知的安全。
i和a的以CPU芯片为信任根的动态度量虽区别于开机时的度量,但仍是度量数据完整性,仍不是行为完整性与一个系统的多次度量有区别。但这种以CPU为信任根的动态度量技术是有积极意义的,特别适合云计算中新建立一个虚拟机的可信度量。
信息安全:
信息只有存储、传输和处理三种状态,确保信息安全必须确保信息在这三种状态下的安全。
纠错码和密码提高保障通信中的数据完整性和保密性。在存储中也有广泛应用。
信息处理中信息形态发生变化,使安全问题比存储和传输更复杂。受纠错码启发,许多学者研究用于运算器的纠错码,但计算纠错码会降低运算器的效率,又有学者研究同态密码,希望提高运算的保密性。进来,云计算和大数据的发展,同态密码成为热潮;运算器的纠错码的经验告诉我们,安全高效是同台密码的关键。
信息技术的发展迅速,现在的信息系统都是集成了存储、传输和处理的综合系统。
信息安全三大定律:
(1)普遍性,那里有信息,哪里就有信息安全问题;
(2)折中性,安全与方便矛盾;
(3)就低性(木桶原理),信息系统的安全性取决于最薄弱部分的安全性。
计算机安全:
intel SGX:允许应用程序实现一个被称为Enclave的容器,在应用程序的地址空间中划分出一块被保护的区域,为容器内的代码和数据提供机密性和完整性保护,免受恶意软件的破坏。只有位于容器内的代码才能访问Enclave的内存区域,而容器外的软件即使是特权软件(如虚拟机监控器程序,BIOS、操作系统)都不能访问Enclave内的数据。
ARM TrustZone:旨在为应用构建一个可信执行环境,整体安全思想是通过系统结构将其软硬件划分为相互隔离的两个区域,安全区和普通区。每个区的工作模式都包含用户模式和特权模式。ARM通过其总线系统确保安全区的资源不被普通区所访问。普通区的软件智能访问普通区的资源,安全区亦然。在安全区还有一个监控模式,监控模式分别与两区的特权模式相连。监控某持的存在是为两区间的切换。普通区的用户模式需要获取安全区的服务时,首先需要进入普通去的特权模式,在该模式下调用安全监控调用指令,处理器将进入监控模式,监控模式备份普通区的上下文,然后进入安全区的特权模式,此时的运行环境是安全区的执行环境,然后进入安全区的用户模式并得到相应的安全服务。