您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2017, Vol. 52 ›› Issue (6): 92-98.doi: 10.6040/j.issn.1671-9352.2.2016.219

• • 上一篇    下一篇

一种TrustZone架构下的密钥管理机制

崔晓煜1,2,赵波1,2*,樊佩茹1,2,肖钰1,2   

  1. 1. 武汉大学计算机学院, 湖北 武汉 430072;2. 武汉大学空天信息安全与可信计算教育部重点实验室, 湖北 武汉 430072
  • 收稿日期:2016-08-16 出版日期:2017-06-20 发布日期:2017-06-21
  • 通讯作者: 赵波(1972— ),男,博士,教授,研究方向为信息系统安全、可信计算. E-mail:zhaobo@whu.edu.cn E-mail:clittlefish@gmail.com
  • 作者简介:崔晓煜(1991— ),女,硕士研究生,研究方向为信息系统安全、可信计算. E-mail:clittlefish@gmail.com
  • 基金资助:
    国家高技术研究发展计划(863计划)(2015AA016002);国家重点基础研究发展规划项目计划(2014CB340600);江苏省自然科学基金青年基金(BK20130372)

A key management mechanism basedon TrustZone architecture

CUI Xiao-yu1,2, ZHAO Bo1,2*, FAN Pei-ru1,2, XIAO Yu1,2   

  1. 1. Computer School, Wuhan University, Wuhan 430072, Hubei, China;
    2. Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, Wuhan University, Wuhan 430072, Hubei, China
  • Received:2016-08-16 Online:2017-06-20 Published:2017-06-21

摘要: 针对嵌入式设备上用户隐私数据缺乏加密保护问题,提出一种TrustZone架构下的密钥管理机制。结合PUF技术与用户PIN码生成与设备、用户双关联的用户密钥,保护用户隐私数据的机密性和完整性;同时设计了一种适用于公用嵌入式设备的多用户数据保护场景,提供多用户密钥的生成、存储、更新和销毁方法。最后,描述了基于TrustZone密钥管理模块的实现方法,并进行安全性分析与效率测试,实验表明,该机制具有很好的安全性和密钥管理效率。

关键词: TrustZone, 隐私数据, PUF, 密钥管理

Abstract: Aiming at the lack of encryption protection for user privacy data on embedded devices, a key management mechanism is proposed in TrustZone architecture. Combined with Physical Unclonable Function(PUF)technology and the users PIN to generate the user key related to both device and user, the confidentiality and integrity of privacy data is protected. Meanwhile, a relatively thorough key management mechanism is designed formutli-user data protection scene in public embedded device to realize key generation, storage, update and destroy. Finally, this multi-user key management moduleisgiven and realizedin TrustZone. And its security and efficiencyis analyzed by experiments. The experiment result show that the mechanism is reliable secure and has high key management efficiency.

Key words: TrustZone, key management, data privacy, PUF

中图分类号: 

  • TP309
[1] 郑显义, 李文, 孟丹. TrustZone技术的分析与研究[J]. 计算机学报, 2016, 9: 1912-1928. ZHENG Xianyi, LI Wen, MENG Dan.Analysis and research on TrustZonetechnology[J].Chinese Journal of Computers, 2016, 9: 1912-1928.
[2] ALVES T, FELTON D. Trustzone: Integrated hardware and software security[J]. ARM White Paper, 2004, 3(4): 18-24.
[3] HEIN D, WINTER J, FITZEK A. Secure block device-secure, flexible, and efficient data storage for ARM TrustZonesystems[C] //International Conference on Trust, Security and Privacy in Computing and Communications.Helsinki, Finland: IEEE, 2015: 222-229.
[4] 魏兰. 基于ARM TrustZone的安全存储研究与实现[D]. 成都:电子科技大学, 2015. WEI Lan. Securestoragebasedon ARM TrustZone research and implement[D].Chengdu: University of Electronic Science and Technology of China, 2015.
[5] ZHAO Shijun, ZHANG Qianying, HU Guangyao, et al. Providing root of trust for ARM TrustZone using on-chip SRAM[C] //Proceedings of the 4th International Workshop on Trustworthy Embedded Devices. Scottsdale, Arizona, USA: ACM, 2014: 25-36.
[6] 吕洋. 基于嵌入式可信平台的主密钥存储技术研究[D]. 南京:南京理工大学, 2015. LÜ Yang.Research on master key storage technology based on embedded trusted platform[D]. Nanjing: Nanjing University of Science and Technology, 2015.
[7] RAJ H, SAROIU S, WOLMAN A, et al. fTPM: A Firmware-based TPM 2.0 implementation: MSR-TR-2015-84[R]. [S.l.] :Microsoft Research, 2015.
[8] PARK C. DFCloud: A TPM-based secure data access control method of cloud storage in mobile devices[C] // International Conference on Cloud Computing Technology and Science.Taipei:IEEE, 2012:551-556.
[9] SHIN J, KIM Y, PARK W, et al. A method for data access control and key management in mobile cloud storage services[J]. IEMEK Journal of Embedded Systems and Applications, 2013, 8(6):303-309.
[10] WINTER J. Trusted computing building blocks for embedded Linux-based ARM TrustZone platforms[C] // ACM Workshop on Scalable Trusted Computing, Stc 2008. Alexandria, VA, USA: ACM, 2008:21-30.
[11] 杜文银, 张涛, 凌君. 基于ARM TrustZone技术的移动可信平台[C] //全国嵌入式技术和信息处理联合学术会议.北京:[s.n.] , 2009. DU Wenyin, ZHANG Tao, LING Jun. Mobile trusted platform based on ARM TrustZone technology[C] //National Joint Conference on Embedded Technology and Information Processing. Beijing:[s.n.] , 2009.
[12] 刘客. 嵌入式SoC片上SRAM PUF的设计与实现[D]. 武汉:华中科技大学, 2013. LIU Ke. Design and implementation of on-chip SRAM PUF for embedded SoC[D]. Wuhan: Huazhong University of Science and Technology, 2013.
[13] PLATFORM G. TEE System Architecture[EB/OL].(2016-09).http://www.globalplatform.org/specifications/review/GPD_TEE_SystemArch_v1.0.0.27_PublicReview.pdf.
[14] PLATFORM G. The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market[EB/OL].(2011-11). http://www.globalplatform.org/documents/GlobalPlatform_TEE_White_Paper_Feb2011.pdf.
[15] Linaro. Open Portable Trusted Execution Environment[EB/OL]. https://github.com/OP-TEE.
[1] 刘梦君,刘树波*,刘泓晖,蔡朝晖,涂国庆. 异构无线传感器网络动态混合密钥管理方案研究[J]. J4, 2012, 47(11): 67-73.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!