首页 >> 收录期刊 >> 小型微型计算机系统 >> 正文
杂志中文名:小型微型计算机系统
杂志英文名:Mini-micro Systems
主管单位:中国科学院
主办单位:中国科学院沈阳计算技术研究所
地址:沈阳市和平区三好街100号
邮编:110004
电话:024-24696120;
Email:xwjxt@sict.ac.cn
ISSN:1000-1220
主编:林浒












TPM可迁移密钥安全性分析与研究
引用本文:张倩颖,赵世军,冯登国.TPM可迁移密钥安全性分析与研究[J].小型微型计算机系统,2012(10):2188-2193.
作者姓名:张倩颖  赵世军  冯登国
作者单位:中国科学院软件研究所
基金项目:国家自然科学基金项目(91118006)资助
摘    要:TPM密钥迁移机制使密钥按照迁移特性分为了可迁移密钥和不可迁移密钥两类,本文深入分析可迁移密钥的安全性,指出可迁移密钥存在的安全问题.首先,利用密钥迁移机制,TPM所有者能将TPM内部可迁移密钥以迁移块的形式导出,解密迁移块能获得可迁移密钥私钥.其次,TPM用户能通过密钥迁移机制将非TPM产生的用户可控密钥构造成迁移块,作为迁移密钥导入到TPM内部.此外,用户使用TPM密钥加载命令能将非TPM产生的用户可控密钥作为TPM产生的可迁移密钥加载到TPM中.在对TPM规范理论分析的基础上,本文从技术角度给出了攻击可迁移密钥安全性的实现方法,并对部分安全问题提出了解决方案.通过分析,本文指出TPM提供密钥迁移机制的同时,也降低了可迁移密钥的安全保护强度.因此,用户在使用可迁移密钥时,应增强安全意识,在安全要求高的操作中尽量不要使用TPM可迁移密钥.

关 键 词:可信平台模块  可迁移密钥  安全性分析  密钥迁移

Security Analysis and Research on TPM Migratable Key
ZHANG Qian-ying,ZHAO Shi-jun,FENG Deng-guo.Security Analysis and Research on TPM Migratable Key[J].Mini-micro Systems,2012(10):2188-2193.
Authors:ZHANG Qian-ying  ZHAO Shi-jun  FENG Deng-guo
Affiliation:(Institute of Software,Chinese Academy of Sciences,Beijing 100190,China)
Abstract:TPM key migration mechanism put keys into two categories in accordance with the migration characteristics.This paper gives a deep security analysis of TPM migratable keys,and points out some security flaws about TPM key migration.First,by key migration mechanism,the TPM owner can export a migratable key in the form of migration blob,decrypt the blob,and get the plaintext of the TPM private key.Second,a TPM user can use TPM key migration mechanism to import a non-TPM generated key blob into TPM.Third,a TPM user can construct a loadable blob of a non-TPM generated key,and then load it into TPM by the TPM key loading command.On the basis of analyzing the TPM specification theoretically,we give an attack in technical view,and propose a solution to one of the security problems.The analysis indicates that the TPM key migration mechanism,in spite of improving key interoperability between TPMs,reduces the security strength of the migratable key.Therefore,TPM users must think over the security weaknesses when using migratable keys,and do not use migratable keys in security critical operation as far as possible.
Keywords:trusted platform module  migratable key  security analysis  key migration
本文献已被 CNKI 等数据库收录!