logo

SCIENTIA SINICA Informationis, Volume 50 , Issue 8 : 1127-1147(2020) https://doi.org/10.1360/SSI-2020-0096

Trusted computing theory and technology in innovation-driven development

More info
  • ReceivedApr 20, 2020
  • AcceptedJun 2, 2020
  • PublishedAug 3, 2020

Abstract


Funded by

国家重点研发计划(2018YFB0904900,2018YFB0904903,2020YFE0200600)

国家自然科学基金(61872343,61802375)


Acknowledgment

李为、牛海行两位研究生参与了本论文部分内容的写作和讨论, 在此表示衷心的感谢.


References

[1] Common Criteria Project Sponsoring Organization. Common Criteria for Information Technology Security Evaluation. ISO/IEC International Standard 15408 version 2.1. Genevese: Common Criteria Project Sponsoring Organization, 1999. Google Scholar

[2] Avizienis A, Laprie J C, Randell B. Basic concepts and taxonomy of dependable and secure computing. IEEE TransDependable Secure Comput, 2004, 1: 11-33 CrossRef Google Scholar

[3] Trusted Computing Group. TCG Specification Architecture Overview, version 1.2. 2003. https://www.trustedcomputinggroup.org. Google Scholar

[4] State Cryptography Administration. Information security techniques- functionality and interface specification of cryptographic support platform for trusted computing. GB/T 29829-2013. Google Scholar

[5] Brickell E, Camenisch J, Chen L Q. Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington DC, 2004. 132--145. Google Scholar

[6] Brickell E, Chen L Q, Li J. A new direct anonymous attestation scheme from bilinear maps. In: Proceedings of International Conference on Trusted Computing. Berlin: Springer, 2008. 166--178. Google Scholar

[7] Chen X, Feng D. Direct Anonymous Attestation for Next Generation TPM. JCP, 2008, 3 CrossRef Google Scholar

[8] Brickell E, Li J. A pairing-based DAA scheme further reducing TPM resources. In: Proceedings of International Conference on Trust and Trustworthy Computing. Berlin: Springer, 2010. 181--195. Google Scholar

[9] Chen L Q, Page D, Smart N P. On the design and implementation of an efficient DAA scheme. In: Proceedings of International Conference on Smart Card Research and Advanced Applications. Berlin: Springer, 2010. 223--237. Google Scholar

[10] Brickell E, Chen L Q, Li J. A (corrected) DAA scheme using batch proof and verification. In: Proceedings of International Conference on Trusted Systems. Berlin: Springer, 2011. 304--337. Google Scholar

[11] Yang K, Zhang Z F, Xi L. Direct anonymous attestation with minimal TPM computational resources. In: Proceedings of China Cryptography Annual Meeting, Zhengzhou, 2014. Google Scholar

[12] Qin Y, Chu X, Feng D G, et al. DAA protocol analysis and verification. In: Proceedings of International Conference on Trusted Systems. Berlin: Springer, 2011. 338--350. Google Scholar

[13] Feng D G, Qin Y, Chu X B, et al. Trusted Computing: Principles and Applications. Berlin: Walter de Gruyter GmbH, 2018. Google Scholar

[14] Zhang Q Y, Feng D G, Zhao S J. Design and formal analysis of TCM Key migration protocols. J Softw, 2015, 26: 2396--2417. Google Scholar

[15] Shao J X, Feng D G, Qin Y. Type-based analysis of protected storage in the TPM. In: Proceedings of International Conference on Information and Communications Security. Cham: Springer, 2013. 135--150. Google Scholar

[16] Zhao S, Xi L, Zhang Q. Security analysis of SM2 key exchange protocol in TPM2.0. Security Comm Networks, 2015, 8: 383-395 CrossRef Google Scholar

[17] Wang W J, Qin Y, Feng D G. Automated proof for authorization protocols of TPM 2.0 in computational model. In: Proceedings of International Conference on Information Security Practice and Experience. Cham: Springer, 2014. 144--158. Google Scholar

[18] Shao J X, Qin Y, Feng D G, et al. Formal analysis of enhanced authorization in the TPM 2.0. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, Singapore, 2015. 273--284. Google Scholar

[19] Xi L, Yang K, Zhang Z F, et al. DAA-related APIs in TPM 2.0 revisited. In: Proceedings of International Conference on Trust and Trustworthy Computing. Cham: Springer, 2014. 1--18. Google Scholar

[20] Francois D, Nada E K, Liqun C, et al. First Report on the Security of the TPM. DS-LEIT-779391/D3.2/v1.1. 2019. Google Scholar

[21] Sun H, Sun K, Wang Y, et al. TrustOTP: transforming smartphones into secure one-time password tokens. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, 2015. 976--988. Google Scholar

[22] Zhang Y J, Zhao S J, Qin Y, et al. Trusttokenf: a generic security framework for mobile two-factor authentication using trustzone. In: Proceedings of 2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, 2015. 1: 41--48. Google Scholar

[23] Liu H, Saroiu S, Wolman A, et al. Software abstractions for trusted sensors. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, Low Wood Bay Lake District, 2012. 365--378. Google Scholar

[24] Ahmad Z, Francis L, Ahmed T, et al. Enhancing the security of mobile applications by using TEE and (U) SIM. In: Proceedings of 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing, Vietri sul Mere, 2013. 575--582. Google Scholar

[25] Santos N, Raj H, Saroiu S, et al. Using ARM TrustZone to build a trusted language runtime for mobile applications. In: Proceedings of the 19th international conference on Architectural Support for Programming Languages and Operating Systems, Salt Lake City, 2014. 67--80. Google Scholar

[26] Liu D, Cox L P. Veriui: attested login for mobile devices. In: Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, Santa Barbara, 2014. 1--6. Google Scholar

[27] Li W, Li H, Chen H, et al. Adattester: secure online mobile advertisement attestation using trustzone. In: Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, Florence, 2015. 75--88. Google Scholar

[28] McCune J M, Parno B J, Perrig A. Flicker. SIGOPS Oper Syst Rev, 2008, 42: 315-328 CrossRef Google Scholar

[29] Winter J. Trusted computing building blocks for embedded linux-based ARM TrustZone platforms. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing. New York: ACM, 2008. 21--30. Google Scholar

[30] Sierraware. SierraTEE Virtualization for ARM TrustZone and MIPS. 2020. https://www.sierraware.com/open-source-ARM-TrustZone.html. Google Scholar

[31] Costan V, Lebedev I, Devadas S. Sanctum: minimal hardware extensions for strong software isolation. In: Proceedings of 25th USENIX Security Symposium, Austin, 2016. 857--874. Google Scholar

[32] Lee D, Kohlbrenner D, Shinde S, et al. Keystone: an open framework for architecting trusted execution environments. In: Proceedings of the 15th European Conference on Computer Systems. Heraklion: ACM, 2020. 1--16. Google Scholar

[33] Zhao S J, Zhang Q Y, Qin Y, et al. SecTEE: a software-based approach to secure enclave architecture using TEE. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2019. 1723--1740. Google Scholar

[34] Sun H, Sun K, Wang Y, et al. TrustICE: hardware-assisted isolated computing environments on mobile devices. In: Proceedings of 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, 2015. 367--378. Google Scholar

[35] Jang J, Choi C, Lee J. PrivateZone: Providing a Private Execution Environment Using ARM TrustZone. IEEE Trans Dependable Secure Comput, 2018, 15: 797-810 CrossRef Google Scholar

[36] Zhang N, Sun K, Lou W, et al. Case: cache-assisted secure execution on ARM processors. In: Proceedings of 2016 IEEE Symposium on Security and Privacy, San Jose, 2016. 72--90. Google Scholar

[37] Yun M H, Zhong L. Ginseng: keeping secrets in registers when you distrust the operating System. In: Proceedings of Network and Distributed System Security Symposium, San Diego, 2019. Google Scholar

[38] Zhang Y J, Qin Y, Feng D G, et al. An efficient TrustZone-based in-application isolation schema for mobile authenticators. In: Proceedings of International Conference on Security and Privacy in Communication Systems. Cham: Springer, 2017. 585--605. Google Scholar

[39] Azab A M, Ning P, Shah J, et al. Hypervision across worlds: real-time kernel protection from the ARM Trustzone secure world. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2014. 90--102. Google Scholar

[40] Ge X, Vijayakumar H, Jaeger T. Sprobes: enforcing kernel code integrity on the trustzone architecture. 2014,. arXiv Google Scholar

[41] Sun H, Sun K, Wang Y, et al. Trustdump: reliable memory acquisition on smartphones. In: Proceedings of European Symposium on Research in Computer Security. Cham: Springer, 2014. 202--218. Google Scholar

[42] Brasser F, Kim D, Liebchen C, et al. Regulating smart personal devices in restricted spaces. 2015. https://rucore.libraries.rutgers.edu/rutgers-lib/58513/. Google Scholar

[43] Fitzek A, Achleitner F, Winter J, et al. The ANDIX research OS---ARM TrustZone meets industrial control systems security. In: Proceedings of 2015 IEEE 13th International Conference on Industrial Informatics, Cambridge, 2015. 88--93. Google Scholar

[44] Pinto S, Oliveira D, Pereira J, et al. FreeTEE: when real-time and security meet. In: Proceedings of 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation, Luxembourg, 2015. 1--4. Google Scholar

[45] Zhang Y J, Feng D G, Qin Y, et al. A Trustzone-based trusted code execution with strong security requirements. J Comput Res Develop, 2015, 52: 2224--2238. Google Scholar

[46] Shor P W. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM Rev, 1999, 41: 303-332 CrossRef ADS Google Scholar

[47] Kassem N E L, Chen L Q, El Bansarkhani R, et al. L-DAA: lattice-based direct anonymous attestation. IACR Cryptol ePrint Arch, 2018, 2018: 401. Google Scholar

[48] Eldefrawy K, Tsudik G, Francillon A, et al. SMART: secure and minimal architecture for (establishing dynamic) Root of Trust. In: Proceedings of Network and Distributed System Security Symposium, San Diego, 2012. 1--15. Google Scholar

[49] Noorman J, Agten P, Daniels W, et al. Sancus: low-cost trustworthy extensible networked devices with a zero-software Trusted Computing Base. In: Proceedings of USENIX Security, Washington, 2013. 479--494. Google Scholar

[50] Strackx R, Piessens F, Preneel B. Efficient isolation of trusted subsystems in embedded systems. In: Proceedings of International Conference on Security and Privacy in Communication Systems. Berlin: Springer, 2010. 344--361. Google Scholar

[51] Schulz P K S, Sadeghi A R, Varadharajan V. Trustlite: a security architecture for tiny embedded devices. In: Proceedings of the 9th European Conference on Computer Systems, Amsterdam, 2014. 1--14. Google Scholar

[52] Brasser F, El Mahjoub B, Sadeghi A R, et al. TyTAN: tiny trust anchor for tiny devices. In: Proceedings of the 52nd Annual Design Automation Conference, San Francisco, 2015. 1--6. Google Scholar

[53] Zhao S J, Zhang Q Y, Hu G Y, et al. Providing root of trust for ARM TrustZone using on-chip SRAM. In: Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, New York, 2014. 25--36. Google Scholar

[54] Wurster G, Van Oorschot P C, Somayaji A. A generic attack on checksumming-based software tamper resistance. In: Proceedings of Security and Privacy, Oakland, 2005. 127--138. Google Scholar

[55] Seshadri A, Perrig A, van Doorn L, et al. Swatt: software-based attestation for embedded devices. In: Proceedings of Security and Privacy, Berkeley, 2004. 272--282. Google Scholar

[56] Li Y, McCune J M, Perrig A. SBAP: software-based attestation for peripherals. In: Trust and Trustworthy Computing. Berlin: Springer, 2010. 16--29. Google Scholar

[57] Li Y, McCune J M, Perrig A. VIPER: verifying the integrity of PERipherals' firmware. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. New York: ACM, 2011. 3--16. Google Scholar

[58] Yang Y, Wang X, Zhu S, et al. Distributed software-based attestation for node compromise detection in sensor networks. In: Proceedings of 2007 26th IEEE International Symposium on Reliable Distributed Systems, Beijing, 2007. 219--230. Google Scholar

[59] Jakobsson M, Johansson K A. Practical and secure software-based attestation. In: Proceedings of Lightweight Security & Privacy: Devices, Protocols and Applications, Istanbul, 2011. 1--9. Google Scholar

[60] Taejoon Park , Shin K G. Soft tamper-proofing via program integrity verification in wireless sensor networks. IEEE Trans Mobile Comput, 2005, 4: 297-309 CrossRef Google Scholar

[61] Abera T, Asokan N, Davi L, et al. C-FLAT: control-flow attestation for embedded systems software. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, New York, 2016. 743--754. Google Scholar

[62] Dessouky G, Zeitouni S, Nyman T, et al. Lo-fat: Low-overhead control flow attestation in hardware. In: Proceedings of the 54th Annual Design Automation Conference, New York, 2017. 1--6. Google Scholar

[63] Asokan N, Brasser F, Ibrahim A, et al. SEDA: scalable embedded device attestation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2015. 964--975. Google Scholar

[64] Ambrosin M, Conti M, Ibrahim A, et al. SANA: secure and scalable aggregate network attestation. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2016. 731--742. Google Scholar

[65] Feng W, Qin Y, Zhao S. AAoT: Lightweight attestation and authentication of low-resource things in IoT and CPS. Comput Networks, 2018, 134: 167-182 CrossRef Google Scholar

[66] Liu J B, Yu Q, Liu W, et al. Log-based control flow attestation for embedded devices. In: Proceedings of International Symposium on Cyberspace Safety and Security. Cham: Springer, 2019. 117--132. Google Scholar

[67] Seshadri A, Luk M, Perrig A, et al. SCUBA: secure code update by attestation in sensor networks. In: Proceedings of the 5th ACM workshop on Wireless security, Los Angeles, 2006. 85--94. Google Scholar

[68] Perito D, Tsudik G. Secure code update for embedded devices via proofs of secure erasure. In: Proceedings of European Symposium on Research in Computer Security. Berlin: Springer, 2010. 643--662. Google Scholar

[69] Kohnhauser F, Katzenbeisser S. Secure code updates for mesh networked commodity low-end embedded devices. In: Proceedings of European Symposium on Research in Computer Security. Cham: Springer, 2016. 320--338. Google Scholar

[70] Feng W, Qin Y, Zhao S J, et al. Secure code updates for smart embedded devices based on PUFs. In: Proceedings of International Conference on Cryptology and Network Security. Cham: Springer, 2017. 325--346. Google Scholar

[71] Perez R, Sailer R, van Doorn L. vTPM: virtualizing the trusted platform module. In: Proceedings of 15th USENIX Security Symposium, Boston, 2006. 305--320. Google Scholar

[72] Petroni Jr N L, Hicks M. Automated detection of persistent kernel control-flow attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security. New York: ACM, 2007. 103--115. Google Scholar

[73] Seshadri A, Luk M, Qu N, et al. SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles, Stevenson, Washington, 2007. 335--350. Google Scholar

[74] Garfinkel T, Rosenblum M. A virtual machine introspection based architecture for intrusion detection. In: Proceedings of Network and Distributed System Security Symposium, San Diego, 2003. 191--206. Google Scholar

[75] Garfinkel T, Pfaff B, Chow J, et al. Terra: a virtual machine-based platform for trusted computing. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles, Bolton Landing, 2003. 193--206. Google Scholar

[76] Azab A M, Ning P, Sezer E C, et al. HIMA: a hypervisor-based integrity measurement agent. In: Proceedings of 2009 Annual Computer Security Applications Conference, Honolulu, 2009. 461--470. Google Scholar

[77] Schuster F, Costa M, Fournet C, et al. VC3: trustworthy data analytics in the cloud using SGX. In: Proceedings of 2015 IEEE Symposium on Security and Privacy, San Jose, 2015. 38--54. Google Scholar

[78] Kelbert F, Gregor F, Pires R, et al. SecureCloud: secure big data processing in untrusted clouds. In: Proceedings of the Conference on Design, Automation & Test in Europe, Lausanne, 2017. 282--285. Google Scholar

[79] Tramer F, Boneh D. Slalom: fast, verifiable and private execution of neural networks in trusted hardware. https://arxiv.org/abs/1806.03287. Google Scholar

[80] The MesaTEE Team. MesaTEE: a framework for universal secure computing. 2020. https://mesatee.org/. Google Scholar

[81] Zhang C. Truxen: a trusted computing enhanced blockchain. 2020. https://arxiv.org/abs/1904.08335. Google Scholar

[82] Milutinovic M, He W, Wu H, et al. Proof of luck: an efficient blockchain consensus protocol. In: Proceedings of the 1st Workshop on System Software for Trusted Execution, Trento, 2016. 1--6. Google Scholar

[83] Zhang F, Cecchetti E, Croman K, et al. Town crier: an authenticated data feed for smart contracts. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, 2016. 270--282. Google Scholar

[84] Cheng R, Zhang F, Kos J, et al. Ekiden: a platform for confidentiality-preserving, trustworthy, and performant smart contracts. In: Proceedings of 2019 IEEE European Symposium on Security and Privacy, Stockholm, 2019. 185--200. Google Scholar

[85] Brandenburger M, Cachin C, Kapitza R, et al. Blockchain and trusted computing: problems, pitfalls, and a solution for hyperledger fabric. 2020. https://arxiv.org/abs/1805.08541. Google Scholar