您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2016, Vol. 51 ›› Issue (5): 72-77.doi: 10.6040/j.issn.1671-9352.2.2015.253

• • 上一篇    下一篇

基于SMM的密钥传输方案的设计与实现

张坤1,2,赵波1,2*,安杨3   

  1. 1. 武汉大学计算机学院, 湖北 武汉 430072;2. 武汉大学空天信息安全与可信计算教育部重点实验室, 湖北 武汉 430072;3.武汉大学计算机学院, 湖北 武汉430072
  • 收稿日期:2015-08-17 出版日期:2016-05-20 发布日期:2016-05-16
  • 通讯作者: 赵波(1972— ),男,教授,研究方向为可信计算理论、嵌入式体系结构等. E-mail:zhaobo@whu.edu.cn E-mail:190615693@qq.com
  • 作者简介:张坤(1989— ),男,硕士,研究方向为信息系统安全、嵌入式系统. E-mail:190615693@qq.com
  • 基金资助:
    国家重点基础研究发展计划(973计划)项目(2014CB340600);国家自然科学基金重点项目(61332019);国家自然科学基金资助项目(61173138,61272452);国家高技术研究发展计划(863计划)项目(2015AA016002)

Design and implementation of transparent key transmission based on SMM

ZHANG Kun1,2, ZHAO Bo1,2*, AN Yang3   

  1. 1. Computer School Wuhan University, Wuhan 430072, Hubei, China;
    2. Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education, Wuhan 430072, Hubei, China;
    3. Computer School Wuhan University, Wuhan 430072, Hubei, China
  • Received:2015-08-17 Online:2016-05-20 Published:2016-05-16

摘要: 驱动层加解密技术所使用的加密密钥通常保存在基于USB接口的外部设备中,加解密时密钥经由USB接口传输到驱动层,而USB信道并不安全,存在着密钥泄露的风险。针对此问题,基于系统管理模式(SMM),利用SMM对操作系统的不可感知特性,提出了一种安全的密钥传输方案。实验结果表明,该方案能够抵抗USB信道攻击,可有效保证密钥传输过程的安全,显著增强了驱动层加解密密钥的安全性。

关键词: 系统管理模式, USB信道, 密钥传输安全。, 驱动层加解密

Abstract: The encryption key used in the driver layer encryption was usually stored in the peripheral equipment of USB. In the process of encryption, the key is transmitted to the driver layer via USB interface. But the USB channel is not secure enough and there may be key leakage threat. Therefore this paper proposed a secure key transmission solution based on system management module(SMM)to solve this problem. The solution leveraged the intangibility of SMM towards the operating system and we propose a new and secure key transmit scheme. The experiments results indicated that it could effectively resist the attack to USB channel, guarantee the key security during transmission and significantly enhance the security of encryption key in the driver layer.

Key words: secure key transmission, driver layer encryption, USB channel, SMM

中图分类号: 

  • TP309
[1] CHEN J, YE J. Research on the file encryption system based on minifilter driver[C] //Proceedings of the 13th International Conference on Man-Machine-Environment System Engineering. Heidelberger: Springer-verlag Berlin, 2014:175-182.
[2] Microsoft. Filter manager support for minifilter drivers[EB/OL].[2015-03-25]. https://msdn.microsoft.com/en-us/library/windows/hardware/ff541613(v=vs.85).aspx.
[3] KASPER T, OSWALD D, PAAR C. EM side-channel attacks on commercial contactless smartcards using low-cost equipment[M] // YOUM H Y, YUNG M. Information Security Applications. Heidelberger: Springer-verlag Berlin, 2009:79-93.
[4] HE D, KUMAR N, LEE J H, et al. Enhanced three-factor security protocol for consumer USB mass storage devices[J]. IEEE Transactions on Consumer Electronics, 2014, 60(1):30-37.
[5] 顾正义, 黄皓. 新加密文件系统的研究与实现[J]. 计算机工程与设计, 2009,30(14): 3272-3277. GU Zhengyi, HUANG Hao. Research and implementation of new encrypting file system[J].Computer Engineering and Design, 2009, 30(14):3272-3277.
[6] JIZHONG L. An improved security technique for the terminal sensitive documents[C] // Proceedings of the 5th International Conference on Computer Sciences and Convergence Information Technology(ICCIT). Piscataway:IEEE, 2010:1028-1031.
[7] 郑磊, 马兆丰, 顾明. 基于文件系统过滤驱动的安全增强型加密系统技术研究[J]. 小型微型计算机系统, 2007, 28(7):1181-1184. ZHENG Lei, MA Zhaofeng, GU Ming. Techniques of file system filter driver—based and security—enhanced encryption system[J]. Journal of Chinese Computer Systems, 2007, 28(7):1181-1184.
[8] 赵铭伟, 毛锐, 江荣安. 基于过滤驱动的透明加密文件系统模型[J]. 计算机工程, 2009, 35(1):150-152. ZHAO Ming wei, MAO Rui, JlANG Rongan. Transparent encryption file system model based on filter Driver[J]. Computer Engineering, 2009, 35(1):150-152.
[9] 朱明, 徐骞, 刘春明,等. 木马病毒分析及其检测方法研究[J]. 计算机工程与应用, 2003, 39(28):176-179. ZHU Ming, XU Qian, LIU Chunming. Analysis of trojan horse and its detection[J]. Computer Engineering and Applications, 2003, 39(28):176-179.
[10] DUFLOT L, ETIEMBLE D, GRUMELARD O. Security issues related to pentium system management mode[C] // Proceedings of the 7th CanSecWest Security Conference. [S.l.] :[s.n.] , 2006.
[11] 赵霞, 陈向群, 郭耀, 等. 操作系统电源管理研究进展[J]. 计算机研究与发展, 2008, 45(5):817-824. ZHAO Xia, CHEN Xiangqun, GUO Yao, et al. A survey oil operating system power management[J]. Journal of Computer Research and Development, 2008, 45(5):817-824.
[12] DUFLOT L, ETIEMBLE D, GRUMELARD O. Using CPU system management mode to circumvent operating system security functions[J]. Proceedings of the 7th CanSecWest Security Conference. [S.l.] :[s.n.] , 2006.
[13] 杨帆. USB KEY 体系研究与技术实现[D]. 武汉: 武汉大学计算机学院, 2004. YANG Fan. Research and realization of USBKEY structure[D]. Wuhan: Computer School of Wuhan Uunivesriy,2004.
[1] 晏燕,郝晓弘. 差分隐私密度自适应网格划分发布方法[J]. 山东大学学报(理学版), 2018, 53(9): 12-22.
[2] 焦鸿儒,秦静. 可实现全部超星量子存取结构的量子秘密共享方案[J]. 山东大学学报(理学版), 2018, 53(9): 62-68.
[3] 许力冬,王明强. 对10轮AES-128的中间相遇攻击[J]. 山东大学学报(理学版), 2018, 53(7): 39-45.
[4] 张建标,李志刚,刘国杰,王超,王玮. 面向Windows环境进程主动动态度量方法[J]. 山东大学学报(理学版), 2018, 53(7): 46-50.
[5] 崔朝阳,孙甲琦,徐松艳,蒋鑫. 适用于集群无人机的自组网安全分簇算法[J]. 山东大学学报(理学版), 2018, 53(7): 51-59.
[6] 刘政,牛芳琳,钱大兴,蔡希彪,郭颖. 基于喷泉码的防窃听编码设计[J]. 山东大学学报(理学版), 2018, 53(7): 60-64.
[7] 刘明明,张敏情,刘佳,高培贤. 一种基于浅层卷积神经网络的隐写分析方法[J]. 山东大学学报(理学版), 2018, 53(3): 63-70.
[8] 阮树骅,瓮俊昊,毛麾,陈雪莲. 云安全风险评估度量模型[J]. 山东大学学报(理学版), 2018, 53(3): 71-76.
[9] 康海燕,黄渝轩,陈楚翘. 基于视频分析的地理信息隐私保护方法[J]. 山东大学学报(理学版), 2018, 53(1): 19-29.
[10] 孟博,鲁金钿,王德军,何旭东. 安全协议实施安全性分析综述[J]. 山东大学学报(理学版), 2018, 53(1): 1-18.
[11] 谭韧,殷肖川,焦贤龙,廉哲,陈玉鑫. 一种软件定义APT攻击移动目标防御网络架构[J]. 山东大学学报(理学版), 2018, 53(1): 38-45.
[12] 孙泽锐,王继军,李国祥,夏国恩. 基于插值图像的可逆信息隐藏算法[J]. 山东大学学报(理学版), 2018, 53(1): 46-52.
[13] 孙亮,陈小春,钟阳,林志鹏,任彤. 基于可信BMC的服务器安全启动机制[J]. 山东大学学报(理学版), 2018, 53(1): 89-94.
[14] 姚克,朱斌瑞,秦静. 基于生物信息的可验证公钥可搜索加密协议[J]. 山东大学学报(理学版), 2017, 52(11): 11-22.
[15] 韩盼盼,秦静. 云计算中可验证的外包数据库加密搜索方案[J]. 山东大学学报(理学版), 2017, 52(9): 41-53.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!