| 基于通用智能卡的可信引导方案 |
| |
| 引用本文: | 阎林,张建标,张艾.基于通用智能卡的可信引导方案[J].北京工业大学学报,2017,43(1). |
| |
| 作者姓名: | 阎林 张建标 张艾 |
| |
| 作者单位: | 北京工业大学计算机学院,北京 100124;可信计算北京市重点实验室,北京 100124;信息安全等级保护关键技术国家工程实验室,北京 100124;北京工业大学北京-都柏林国际学院,北京,100124 |
| |
| 基金项目: | 北京市委组织部-优秀人才培养计划 |
| |
| 摘 要: | 为了解决传统的操作系统引导机制存在关键验证信息被绕过的风险和引导数据被篡改的安全隐患,基于可信计算理论,结合带光盘文件系统的智能卡技术,提出了基于通用智能卡的可信引导方案.在不改变智能卡和终端设备的硬件和固件结构的基础上,通过改造智能卡的存储数据和磁盘的引导数据,实现用户身份信息、智能卡和终端设备绑定的安全目标,将可信计算机制从开机加电扩展至应用层,确保操作系统的初始状态可信.通过安全性分析和性能分析,证明终端设备引导的安全性,并且在实际应用中得到了验证.
|
| 关 键 词: | 可信计算 可信根 可信链 可信度量 可信引导 |
Scheme of Trusted Bootstrap Based on General Smart Card |
| |
| YAN Lin,ZHANG Jianbiao,ZHANG Ai.Scheme of Trusted Bootstrap Based on General Smart Card[J].Journal of Beijing Polytechnic University,2017,43(1). |
| |
| Authors: | YAN Lin ZHANG Jianbiao ZHANG Ai |
| |
| Abstract: | The risk of the key authentication information being bypassed and the potential safety hazard of booting data being tampered with both exist in the booting mechanism of the traditional operating system. Based on the theory of trusted computing, combined with the technology of smart card with CD-ROM file system, a scheme of trusted boot based on general smart card was proposed. Without changing the structure of hardware and firmware of the smart card and terminal device, through the transformation of storage data in the smart card and disk booting data, the security objective of binding the user’s identity information, the smart card and the terminal device were achieved. The trusted computing mechanism was extended from power on to the application layer to ensure that the initial state of operating system was trustworthy. Through the analysis of security and performance, the security of terminal device bootstrap was proven, which has been verified in practical applications. |
| |
| Keywords: | trusted computing trusted root trusted chain trusted measurement security bootstrap |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
