Method for verifying integrity of trusted platform
阅读说明:本技术 一种可信平台完整性证明的方法 (Method for verifying integrity of trusted platform ) 是由 肖智强 刘槟滔 张贤佳 黄雨 林志威 周卓标 杨世宏 于 2021-07-05 设计创作,主要内容包括:本发明公开一种可信平台完整性证明的方法,包括以下步骤:在验证第三方建立虚拟化可信平台,该虚拟化可信平台内置有度量值收集模块和度量值比对模块;验证第三方向可信平台发送完整性度量报告的请求;度量值收集模块收集来自可信平台的度量值;度量值比对模块在可信执行环境中将度量值收集模块所收集的度量值与可信平台计算得到的度量值进行比对,并将比对结果发送给可信平台,同时所述验证第三方生成一所述可信执行环境的运行证据,使所述可信平台可安全地信任接收到的比对结果;可信平台在接收比对结果为一致时则表明当前验证者平台处于可信状态。本发明可保障验证者平台的可信性,实用性强,平台身份隐私性能良好,有效证明平台完整性。(The invention discloses a method for verifying the integrity of a trusted platform, which comprises the following steps: establishing a virtualized trusted platform at a verification third party, wherein a metric value collection module and a metric value comparison module are arranged in the virtualized trusted platform; verifying a request for sending an integrity measurement report to a trusted platform by a third party; the metric value collecting module collects metric values from a trusted platform; the metric value comparison module compares the metric value collected by the metric value collection module with the metric value calculated by the trusted platform in the trusted execution environment, sends the comparison result to the trusted platform, and meanwhile, the verification third party generates an operation evidence of the trusted execution environment, so that the trusted platform can safely trust the received comparison result; and when the receiving comparison result is consistent, the trusted platform indicates that the current verifier platform is in a trusted state. The method can guarantee the credibility of the verifier platform, has strong practicability and good platform identity privacy performance, and effectively proves the integrity of the platform.)
1. A method for trusted platform integrity attestation, characterized by: comprises the following steps;
establishing a virtualized trusted platform at a verification third party, wherein a metric value collection module and a metric value comparison module are arranged in the virtualized trusted platform;
verifying a request for sending an integrity measurement report to a trusted platform by a third party;
the metric value collecting module collects metric values from a trusted platform;
the metric value comparison module compares the metric value collected by the metric value collection module with the metric value calculated by the trusted platform in the trusted execution environment, sends the comparison result to the trusted platform, and meanwhile, the verification third party generates an operation evidence of the trusted execution environment, so that the trusted platform can safely trust the received comparison result;
and when the receiving comparison result is consistent, the trusted platform indicates that the current verifier platform is in a trusted state.
2. The method of claim 1, wherein the method comprises: a metric value calculation module and a platform configuration register are arranged in the trusted platform;
the metric value calculation module calculates the metric value of each loading stage, expands the measurement result into a platform configuration register, and sends the measurement result to the metric value comparison module when receiving an integrity measurement report request sent by a verification third party;
the platform configuration register stores the metric values of each loading stage for the metric value collection module to obtain.
3. A method of trusted platform integrity attestation according to claim 2, wherein: the trusted platform is also internally provided with a platform identity key and a platform identity certificate;
and the platform identity key generates a ciphertext when the received comparison result is consistent, performs digital signature on the ciphertext, guides the ciphertext with the digital signature into the platform identity certificate, and sends the platform identity certificate to the verifier platform for identity verification.
Technical Field
The invention relates to the technical field of computer security, in particular to a method for verifying the integrity of a trusted platform.
Background
The platform integrity certification is a process of certifying the real identity of a trusted computing platform through an identity certificate, the identity of a general trusted computing platform is identified by a security chip, and the platform integrity certification essentially authenticates the identity of a TPM/TCM security chip. The Privacy CA authentication method of the trusted computing group TCG only reduces the disclosure of platform identity Privacy information under the assistance of a trusted third party, but the method does not guarantee the platform identity Privacy, so the integrity of the platform cannot be proved.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a method for verifying the integrity of a trusted platform.
The technical scheme of the invention is as follows:
a method of trusted platform integrity attestation, comprising the steps of;
establishing a virtualized trusted platform at a verification third party, wherein a metric value collection module and a metric value comparison module are arranged in the virtualized trusted platform;
verifying a request for sending an integrity measurement report to a trusted platform by a third party;
the metric value collecting module collects metric values from a trusted platform;
the metric value comparison module compares the metric value collected by the metric value collection module with the metric value calculated by the trusted platform in the trusted execution environment, sends the comparison result to the trusted platform, and meanwhile, the verification third party generates an operation evidence of the trusted execution environment, so that the trusted platform can safely trust the received comparison result;
and when the receiving comparison result is consistent, the trusted platform indicates that the current verifier platform is in a trusted state.
The trusted platform is internally provided with a metric value calculation module and a platform configuration register;
the metric value calculation module calculates the metric value of each loading stage, expands the measurement result into a platform configuration register, and sends the measurement result to the metric value comparison module when receiving an integrity measurement report request sent by a verification third party;
the platform configuration register stores the metric values of each loading stage for the metric value collection module to obtain.
Further, a platform identity key and a platform identity certificate are also arranged in the trusted platform;
and the platform identity key generates a ciphertext when the received comparison result is consistent, performs digital signature on the ciphertext, guides the ciphertext with the digital signature into the platform identity certificate, and sends the platform identity certificate to the verifier platform for identity verification.
Compared with the prior art, the invention has the beneficial effects that:
safety: the credibility of the verifier platform is judged by establishing a virtualized credible platform at a verification third party, collecting the measurement values of each loading stage and comparing the measurement values with the measurement values obtained by calculation of the credible platform, so that the method is strong in practicability, good in platform identity privacy performance and capable of effectively proving the integrity of the platform;
visibility: the trusted platform can receive the running evidence of the trusted execution environment generated by the verification third party, and the evidence shows that the metric value comparison process is carried out under corresponding protective measures, namely, the verifier is visible to the metric value comparison process of the verification third party, so that blind trust of the verification result sent by the verification third party is avoided.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed for the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is an implementation architecture diagram of a method for integrity certification of a trusted platform according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
Examples
Referring to fig. 1, the present invention provides a method for integrity certification of a trusted platform, including the following steps;
(1) setting a trusted platform, wherein a metric value calculation module, a platform configuration register, a platform identity key and a platform identity certificate are arranged in the trusted platform, and the trusted platform is respectively connected with a verification third party and a verifier platform;
the metric value calculation module is used for calculating the metric value of each loading stage;
the platform configuration register is used for storing the metric values of each loading stage;
the platform identity key is used for generating a ciphertext and carrying out digital signature;
the platform identity certificate is used for sending to a verifier for identity verification;
(2) establishing a virtualized trusted platform at a verification third party, wherein a metric value collection module and a metric value comparison module are arranged in the virtualized trusted platform;
the metric value collection module is used for collecting metric values from a trusted platform;
the metric value comparison module is used for comparing the metric value collected by the metric value collection module with the metric value calculated by the trusted platform;
(3) when a request of sending an integrity measurement report to a trusted platform by a third party is verified, the measurement value calculation module sends a measurement result to the measurement value comparison module, and meanwhile, the measurement value collection module acquires the stored measurement values of each loading stage from the platform configuration register;
(4) then the metric value comparison module compares the metric value collected by the metric value collection module with the metric value calculated by the trusted platform in the trusted execution environment, and sends the comparison result to the trusted platform, and meanwhile, the verification third party generates an operation evidence of the trusted execution environment, so that the trusted platform can safely trust the received comparison result;
(5) when the receiving comparison result of the trusted platform is consistent, the trusted platform indicates that the current verifier platform is in a trusted state;
specifically, the platform identity key generates a ciphertext when the received comparison result is consistent, performs digital signature on the ciphertext, introduces the ciphertext with the digital signature into the platform identity certificate, and sends the ciphertext with the digital signature to the verifier platform for identity verification.
The method achieves the purposes of safety and visibility:
(1) safety: the credibility of the verifier platform is judged by establishing a virtualized credible platform at a verification third party, collecting the measurement values of each loading stage and comparing the measurement values with the measurement values obtained by calculation of the credible platform, so that the practicability is high, the platform identity privacy performance is good, and the integrity of the platform is effectively proved;
(2) visibility: the trusted platform can receive the running evidence of the trusted execution environment generated by the verification third party, and the evidence shows that the metric value comparison process is carried out under corresponding protective measures, namely, the verifier is visible to the metric value comparison process of the verification third party, so that blind trust of the verification result sent by the verification third party is avoided.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention.