(國網電科院南瑞集團信息通信技術分公司，江蘇南京 211106)

摘要：目前針對平臺配置信息的遠程證明方案大都存在暴露平臺配置隱私，難以滿足系統更新與備份的需求等問題。近年來，專家學者們提出了大量的改進方案，但仍然沒有從根本上解決隱私泄露的問題，且計算復雜度較高。我們在A.R.Sadeghi的基礎上，借鑒基于身份的密碼系統思想，提出基于TPM及隱證書的遠程證明方法。該方法利用隱證書技術，通過TPM及其宿主完成屬性證書的簽發，從而不需要一個可信第三方發布屬性證書，也避免了高復雜度的零知識證明，從根本上保護了平臺的隱私并保證了平臺敏感資源的受控訪問，且易于在現實的網絡中得到應用。
關鍵詞：可信計算、遠程證明、TPM、隱私保護
remote attestation techniques based on
TPM and implicit certificates
GuoZixin
(Information Technology & Communication Company，Nari Group Corporation，Sgepri，Nanjing Jiangsu 211106)
guozixin@sgepri.sgcc.com.cn
Abstract:At present, most of the remote proof schemes for platform configuration information have problems of exposing platform configuration privacy and difficult to satisfy the demand for system updates and backups. The experts and scholars have proposed lots of improvement schemes recently, but, can not to solve the problem of exposing platform configuration privacy radically, and there is a problem of higher degree of computational complexity.On the basis of A.R.Sadeghi, the papers propose a remote attestation techniques based on TPM and implicit certificates. The techniques uses implicit certificate, and issuers attribute certificate through TPM and its host, which does not require a trusted third party to issuer attribute certificate, and also to avoid the high complexity of zero-knowledge proof. It protects the privacy of platforms fundamentally and ensures controlled access to sensitive resources, and easy to have applications in the real network.
Keywords: Trusted Computing, Remote attestation, TPM, Privacy Protection

作者簡介：
郭子昕(1983-),男，碩士，2011年畢業于河海大學，現就職于國網電力科學研究院南瑞信息通信技術分公司，主要研究方向：網絡安全、可信計算、嵌入式Linux。