基于策略的语义远程认证
|
摘要
随着互联网的高速发展,网络对安全保障提出了更高的要求。传统的安全技术主要是通过修补漏洞、安装防火墙、防御外部攻击等防御手段来抗击计算机外部的病毒、黑客的攻击和入侵,但这些不能从根本上解决计算机网络的安全。事实上,所有计算机入侵攻击都是从个人计算机终端上发起的。因此,网络安全技术就要从另一个角度来解决安全问题,那就是直接保护终端计算机的安全,从终端出发确保网络资源的安全来实现整个网络安全。可信计算技术就是为了解决这些问题而日益成为网络安全领域研究的一个新热点。同时,在可信计算技术中,终端计算机是通过用户身份认证来实现安全的远程访问,用户在实现远程认证的同时也要求保护自己的隐私不被泄漏。
目前,在TCG规范中只针对操作系统加载前系统初始引导阶段的信任的建立与传递作出了描述,为了实现在系统中将信任传递扩展到应用程序。本文在TCG规范的基础上继续构建一条完整信任链,它是基于java虚拟机设计的一条从硬件到软件的完整信任链,最终实现java程序的可信执行环境。本文分析了信息安全技术的现状和发展要求,阐明了终端安全研究的思路和技术发展方向,详细介绍了TCG提出的可信计算的概念,构成和目前的研究进展情况。另外,还介绍了可信JVM,它修改了java程序的启动执行流程,结合了可信PC硬件平台、Linux操作系统以及java程序运行时环境JRE6,构建成的一条完整的信任链。该信任链中使用可信平台模块提供的密码服务和安全存储功能,在应用程序模块加载执行前插入控制点实现完整性状态信息的度量验证技术。在该环境中可以避免非信任软件或者被非法篡改的信任软件执行,从而防止恶意软件的攻击或者病毒传播。
在分析完可信JVM之后,我们研究了远程认证,因为远程认证在可信计算中起着重要作用,它能提供可信环境存在的可靠证据。目前的方法是测量目标平台的二进制码、配置文件、属性或者安全策略等可信值。所有这些认证方法是静态的,缺乏动态行为认证并且没有对于实际的行为进行说明和规范。为了改进和完善这些认证方式,本文提出了一种语义远程认证策略,并对其进行了定义、规范和证明。该策略是把使用控制模型和行为结合起进行远程认证。该认证技术并不是静态的,也不是仅仅在初次连接时认证一次,而是进行持续的、动态的认证,而且它还对客户端的各个方面都进行安全性的评估,还时刻监视端点的行为。在此远程认证设计中,为了保证运行环境的可信,采用了可信JVM作为实验平台,从而实现了一种与平台无关的语义远程认证。
With the fast development of Internet, it is required safer protection. The traditional safety technologies, such as modifying loopholes, installing firewalls, defending outside attacks, are used to stand against the virus and Hacker attacks, however, But these can not fundamentally solve the security of computer networks.The real reason is that all the attacks are stem from the terminal of personal computer. Therefore, we should solve these problems from other perspectives. We should protect the terminal of personal computers directly, it means that, we use new security technology to protect the terminal to make the whole net safe. As mention above, we concern on the new safety technology in the information security field. Remote attestation which the users are used to identify themselves to connect remote communication is required in the trusted computing. As well as the users require to protect their privacy. They don’t want the others know their real identities.
Now, In the TCG specification only for the operating system describe the system loads the initial boot phase of confidence-building and transfer. In order to achieve confidence in the system and extend to the application.In this paper, we establish the software part of the chain of trust building process which is basesd on TCG specifications. A whole chain of trust from hardware to software based on java virtual machine is designed, and eventually the trustworthy java application execution environment is realized. In the thesis, current security technology and requirements for its development is analyzed, and the concept, architecture and current research progress of TCG are discussed in details. Another, also introduce the trust JVM, It modified java program's start-up and running procedure, a complete chain of trust is constructed by trustworthy personal computer platform, Linux operation system, and java runtime environment 6. And eventually an authenticated execution of java application is realized by Trusted JVM. Through the use of cryptography services and storage capabilities provided by trusted platform module, inserting control points before application module loading, the integrity information is measured and verified in the process of building, after the chain of trust system is tested under real environment, the trustworthy of this system if proved. In this environment the untrustworthy software or trustworthy software which is illegal tampered can’t be executed. And thus malicious attacks or spreading of viruses is avoided.
After analyzing the trust JVM, we study remote attestation. Because remote attestation plays an important role in trusted computing, which can provide reliable evidence for existence of a trusted environment. Existing approaches for the realization of remote attestation measure the trustworthiness of a target platform from its binaries, configurations, properties or security policies. All these approaches are static, and none of them define what a trusted behavior actually is and how to specify it. In this paper, we propose a novel attestation policy, which is based on the behavior. This policy associate usage control and behavior. The attestation technology is not static and do not verify once only at the beginning of connection, but dynamic and constant. It assesses the security of every aspect of terminal host. In the design of the remote attestation, in order to ensure the executing environment is trusted, we use trust JVM for experimental platform, so achieve a platform-independent semantic remote authentication.
目前,在TCG规范中只针对操作系统加载前系统初始引导阶段的信任的建立与传递作出了描述,为了实现在系统中将信任传递扩展到应用程序。本文在TCG规范的基础上继续构建一条完整信任链,它是基于java虚拟机设计的一条从硬件到软件的完整信任链,最终实现java程序的可信执行环境。本文分析了信息安全技术的现状和发展要求,阐明了终端安全研究的思路和技术发展方向,详细介绍了TCG提出的可信计算的概念,构成和目前的研究进展情况。另外,还介绍了可信JVM,它修改了java程序的启动执行流程,结合了可信PC硬件平台、Linux操作系统以及java程序运行时环境JRE6,构建成的一条完整的信任链。该信任链中使用可信平台模块提供的密码服务和安全存储功能,在应用程序模块加载执行前插入控制点实现完整性状态信息的度量验证技术。在该环境中可以避免非信任软件或者被非法篡改的信任软件执行,从而防止恶意软件的攻击或者病毒传播。
在分析完可信JVM之后,我们研究了远程认证,因为远程认证在可信计算中起着重要作用,它能提供可信环境存在的可靠证据。目前的方法是测量目标平台的二进制码、配置文件、属性或者安全策略等可信值。所有这些认证方法是静态的,缺乏动态行为认证并且没有对于实际的行为进行说明和规范。为了改进和完善这些认证方式,本文提出了一种语义远程认证策略,并对其进行了定义、规范和证明。该策略是把使用控制模型和行为结合起进行远程认证。该认证技术并不是静态的,也不是仅仅在初次连接时认证一次,而是进行持续的、动态的认证,而且它还对客户端的各个方面都进行安全性的评估,还时刻监视端点的行为。在此远程认证设计中,为了保证运行环境的可信,采用了可信JVM作为实验平台,从而实现了一种与平台无关的语义远程认证。
With the fast development of Internet, it is required safer protection. The traditional safety technologies, such as modifying loopholes, installing firewalls, defending outside attacks, are used to stand against the virus and Hacker attacks, however, But these can not fundamentally solve the security of computer networks.The real reason is that all the attacks are stem from the terminal of personal computer. Therefore, we should solve these problems from other perspectives. We should protect the terminal of personal computers directly, it means that, we use new security technology to protect the terminal to make the whole net safe. As mention above, we concern on the new safety technology in the information security field. Remote attestation which the users are used to identify themselves to connect remote communication is required in the trusted computing. As well as the users require to protect their privacy. They don’t want the others know their real identities.
Now, In the TCG specification only for the operating system describe the system loads the initial boot phase of confidence-building and transfer. In order to achieve confidence in the system and extend to the application.In this paper, we establish the software part of the chain of trust building process which is basesd on TCG specifications. A whole chain of trust from hardware to software based on java virtual machine is designed, and eventually the trustworthy java application execution environment is realized. In the thesis, current security technology and requirements for its development is analyzed, and the concept, architecture and current research progress of TCG are discussed in details. Another, also introduce the trust JVM, It modified java program's start-up and running procedure, a complete chain of trust is constructed by trustworthy personal computer platform, Linux operation system, and java runtime environment 6. And eventually an authenticated execution of java application is realized by Trusted JVM. Through the use of cryptography services and storage capabilities provided by trusted platform module, inserting control points before application module loading, the integrity information is measured and verified in the process of building, after the chain of trust system is tested under real environment, the trustworthy of this system if proved. In this environment the untrustworthy software or trustworthy software which is illegal tampered can’t be executed. And thus malicious attacks or spreading of viruses is avoided.
After analyzing the trust JVM, we study remote attestation. Because remote attestation plays an important role in trusted computing, which can provide reliable evidence for existence of a trusted environment. Existing approaches for the realization of remote attestation measure the trustworthiness of a target platform from its binaries, configurations, properties or security policies. All these approaches are static, and none of them define what a trusted behavior actually is and how to specify it. In this paper, we propose a novel attestation policy, which is based on the behavior. This policy associate usage control and behavior. The attestation technology is not static and do not verify once only at the beginning of connection, but dynamic and constant. It assesses the security of every aspect of terminal host. In the design of the remote attestation, in order to ensure the executing environment is trusted, we use trust JVM for experimental platform, so achieve a platform-independent semantic remote authentication.
引文
[1] Department of Defense Computer Security Center. Department of Defense Trusted Computer System Evaluation Criteria[S], USA: Department of Defense, 1985: 9-51.
[2] Jahl C.The Information Technology Security Evaluation Criteria[S].London: Department of Trade and Industry, 1991: 306-312.
[3] OpenTC. http://www.opentc.net[EB/OL]. 2010-04-01.
[4]Trusted Computing Group. TCG Specification Architecture Overview[S]. USA: Trusted Computing Group, 2007: 5-40.
[5] Trusted Computing Group. TCG TPM Specification part 1-Design Principles[S]. USA: Trusted Computing Group, 2006: 16-26.
[6]闵应骅,可信系统与网络[J],计算机工程与科学,2001,23(5):21-28.
[7]Trusted Computing Group.TCG Software Stack Specification[S]. USA: Trusted computing Group, 2007: 27-38.
[8]RSA Laboratories PKCS#11 v2.20:Cryptographic Token Interface Standard[S],2004.
[9]Microsoft RPC Technical Reference[EB/OL].http://technet2.microsoft.com/Windows server/en/library/988b4438-d83b-45t3-b930-ee92e68ac32c1033.mspx?mfr=true,2003.
[10]Trusted Computing Group.Infrastructure Specification[EB/OL].http://www.trusted computinggroup.org/specs/TWG/,2009.
[11]赵佳,可信认证关键技术研究[D],北京:北京交通大学,2008:40-57.
[12]TCG. PC Client Specific Implementation Specification for Conventional BIOS [EB/ OL].http://www.trustedcomputinggroup.org/specs/PCClient/TCG_PCClientlmplem-entation ForBIOS_l-20-1-00.pdf .2005-7-13.
[13] TCG.Software Stack Specification Version[EB/OL].http://www.trustedcomputinggroup. or#specs/TSS/TSS_Version_1.2-Level_1_FINAL.pdf,2006-1-6.
[14]陈云,彭春山,邓亚平,Kerberos认证协议的研究和改进[N],电子技术学报,2006,10,206-209.
[15]谢莹颖,基于PKI的身份认证系统的研究与实现[D],华北电子大学,2007:35-43.
[16]孙鹏,黄鑫,庄雷,认证技术在P2P网络中的应用研究[D],计算机应用与软件,2005,22(6),115-118.
[17]史创明,王立新,数字签名及技术原理与应用[J],微计算机信息,2005,21(8),122-124.
[18]刘知贵,杨立春,蒲洁等,基于PKI技术的数字签名身份认证系统[J],计算机应用研究,2004,(9),158-160.
[19]梅云红,数字证书与网络安全[M],计算机与网络,2005,5,43-45.
[20]耿方,基于可信计算的P2P技术研究与实现[D],北京科技大学,2006:20-30.
[21]鲁军,汪同庆,任莉,身份认证系统的设计与实现[J],网络安全技术与应用,2004 ,2,24-26.
[22]单晓波,语义远程认证的研究与实现[D],太原理工大学,2007:30-40.
[23]代星科,可信计算中基JVM构建完整信任链的研究与设计[D],电子科技大学,2005:29-35.
[24]Sun Microsystems.The Java HotSpot Performance Engine Architecture [EB/OL].http:// java.wun.com/products/hotspot/whitepaper.html,1999.
[25]Li Gong,Gary,Ellison.Inside Java TM2 Platform Security:Architecture,API Design,and Implementation[M],Second Edition.USA:Prentice Hall,2003,31-38.
[26]Java中的病毒[EB/OL].http:tech.it168.com/j/2006-04-11/200604111113914.Shtml,1998.
[27]病毒通报(Java.BeanHive) [EB/OL].http://www.moon-soft.com/ program/ bbs/readelite7 155.htm,1999.
[28]J2ME病毒震撼登场手机安全神化彻底破灭[EB/OL]. http://article.pchome. net/content 83800.html,2006.
[29]Bill Venners.Inside the Java Virtual Machine,Second Edition [M]. USA:McGraw-Hill, 1999,2-12.
[30]张强,朱丽娜,赵佳.可信计算中远程证明方法的研究[J].微计算机信息.2008,4.24(4-3): 54-56.
[31]Alrtlli Nagarajan,Vijay Vandharajan,Michens. Thus Management and Negotiation for Attestation in Trusted Platform usring Web Services.Eighth International Conference on Parllel and Distributed Computing,Applications and Technologies[EB/OL].http://pottal.acm. org/.2007,12:453_460.
[2] Jahl C.The Information Technology Security Evaluation Criteria[S].London: Department of Trade and Industry, 1991: 306-312.
[3] OpenTC. http://www.opentc.net[EB/OL]. 2010-04-01.
[4]Trusted Computing Group. TCG Specification Architecture Overview[S]. USA: Trusted Computing Group, 2007: 5-40.
[5] Trusted Computing Group. TCG TPM Specification part 1-Design Principles[S]. USA: Trusted Computing Group, 2006: 16-26.
[6]闵应骅,可信系统与网络[J],计算机工程与科学,2001,23(5):21-28.
[7]Trusted Computing Group.TCG Software Stack Specification[S]. USA: Trusted computing Group, 2007: 27-38.
[8]RSA Laboratories PKCS#11 v2.20:Cryptographic Token Interface Standard[S],2004.
[9]Microsoft RPC Technical Reference[EB/OL].http://technet2.microsoft.com/Windows server/en/library/988b4438-d83b-45t3-b930-ee92e68ac32c1033.mspx?mfr=true,2003.
[10]Trusted Computing Group.Infrastructure Specification[EB/OL].http://www.trusted computinggroup.org/specs/TWG/,2009.
[11]赵佳,可信认证关键技术研究[D],北京:北京交通大学,2008:40-57.
[12]TCG. PC Client Specific Implementation Specification for Conventional BIOS [EB/ OL].http://www.trustedcomputinggroup.org/specs/PCClient/TCG_PCClientlmplem-entation ForBIOS_l-20-1-00.pdf .2005-7-13.
[13] TCG.Software Stack Specification Version[EB/OL].http://www.trustedcomputinggroup. or#specs/TSS/TSS_Version_1.2-Level_1_FINAL.pdf,2006-1-6.
[14]陈云,彭春山,邓亚平,Kerberos认证协议的研究和改进[N],电子技术学报,2006,10,206-209.
[15]谢莹颖,基于PKI的身份认证系统的研究与实现[D],华北电子大学,2007:35-43.
[16]孙鹏,黄鑫,庄雷,认证技术在P2P网络中的应用研究[D],计算机应用与软件,2005,22(6),115-118.
[17]史创明,王立新,数字签名及技术原理与应用[J],微计算机信息,2005,21(8),122-124.
[18]刘知贵,杨立春,蒲洁等,基于PKI技术的数字签名身份认证系统[J],计算机应用研究,2004,(9),158-160.
[19]梅云红,数字证书与网络安全[M],计算机与网络,2005,5,43-45.
[20]耿方,基于可信计算的P2P技术研究与实现[D],北京科技大学,2006:20-30.
[21]鲁军,汪同庆,任莉,身份认证系统的设计与实现[J],网络安全技术与应用,2004 ,2,24-26.
[22]单晓波,语义远程认证的研究与实现[D],太原理工大学,2007:30-40.
[23]代星科,可信计算中基JVM构建完整信任链的研究与设计[D],电子科技大学,2005:29-35.
[24]Sun Microsystems.The Java HotSpot Performance Engine Architecture [EB/OL].http:// java.wun.com/products/hotspot/whitepaper.html,1999.
[25]Li Gong,Gary,Ellison.Inside Java TM2 Platform Security:Architecture,API Design,and Implementation[M],Second Edition.USA:Prentice Hall,2003,31-38.
[26]Java中的病毒[EB/OL].http:tech.it168.com/j/2006-04-11/200604111113914.Shtml,1998.
[27]病毒通报(Java.BeanHive) [EB/OL].http://www.moon-soft.com/ program/ bbs/readelite7 155.htm,1999.
[28]J2ME病毒震撼登场手机安全神化彻底破灭[EB/OL]. http://article.pchome. net/content 83800.html,2006.
[29]Bill Venners.Inside the Java Virtual Machine,Second Edition [M]. USA:McGraw-Hill, 1999,2-12.
[30]张强,朱丽娜,赵佳.可信计算中远程证明方法的研究[J].微计算机信息.2008,4.24(4-3): 54-56.
[31]Alrtlli Nagarajan,Vijay Vandharajan,Michens. Thus Management and Negotiation for Attestation in Trusted Platform usring Web Services.Eighth International Conference on Parllel and Distributed Computing,Applications and Technologies[EB/OL].http://pottal.acm. org/.2007,12:453_460.