信息网络安全 ›› 2020, Vol. 20 ›› Issue (4): 21-30.doi: 10.3969/j.issn.1671-1122.2020.04.003

• 技术研究 • 上一篇    下一篇

物联网环境下基于DICE的设备度量方案

陈璐1, 孙亚杰1, 张立强2(), 陈云1   

  1. 1.海军工程大学信息安全系,武汉 430033
    2.武汉大学国家网络安全学院,武汉 430079
  • 收稿日期:2020-01-22 出版日期:2020-04-10 发布日期:2020-05-11
  • 通讯作者: 张立强 E-mail:zhanglq@whu.edu.cn
  • 作者简介:

    作者简介:陈璐(1979—),女,广东,副教授,博士,主要研究方向为可信计算、网络安全;孙亚杰(1997—),男,河南,本科,主要研究方向为可信计算、网络安全;张立强(1979—),男,黑龙江,讲师,博士,主要研究方向为可信计算、云计算安全;陈云(1978—),男,湖北,讲师,博士,主要研究方向为信息安全。

  • 基金资助:
    国家自然科学基金[11202239];海军工程大学自然科学基金引导项目[425317Q063]

A Scheme of Measurement for Terminal Equipment Based on DICE in IoT

CHEN Lu1, SUN Yajie1, ZHANG Liqiang2(), CHEN Yun1   

  1. 1. Department of Information Security, Naval University of Engineering, Wuhan 430033, China
    2. School of Cyber Science and Engineering, Wuhan University, Wuhan 430079, China
  • Received:2020-01-22 Online:2020-04-10 Published:2020-05-11
  • Contact: Liqiang ZHANG E-mail:zhanglq@whu.edu.cn

摘要:

物联网设备的安全防护较为薄弱、安全事件层出不穷,只有从设备系统底层采取安全措施,才能有效提高物联网安全。DICE技术作为可信计算技术发展的最新成果,为解决物联网终端安全提供了新思路,不仅能够提供设备身份保护、数据加密和身份认证等功能,还可通过更新恢复机制来应对复杂多变的物联网环境。文章以DICE技术为基础,将物联网设备RFID读写器作为研究对象,通过分析系统启动过程,设计了信任链的建立和扩展方法,提出了物联网环境下基于DICE的设备度量和更新方案,通过对设备计算环境进行度量保证RFID读写器标签读写操作和数据上传操作的安全可信。最后在C语言编译环境下实现了基于DICE的信任链传递和可信度量方案。

关键词: 物联网, 可信计算, DICE, TPM

Abstract:

With the widespread applications of the IoT, the security protection of terminal device is weak and the security events occurr frequently. Only effective measures are taken from the bottom of the system, the security of IoT can be improved. As the latest achievement of the trusted computing, DICE technology applies a new solution for security problems of IoT terminal. It can provide not only device identity protection, data encryption and identity authentication, but also the updating mechanism coping with the complex IoT environment. Based on the DICE technology, it takes the RFID reader as the research object in this paper. By analyzing the startup process of this device, an approach of the establishment and extension of the chain of trust is designed and the scheme of DICE-based mesurement and updating for IoT terminal is proposed, which can ensure the security of read-write operation and data uploading of the RFID reader. In the C compiler environment, the scheme of chain of trust transfer and measurement based on DICE are implemented.

Key words: IoT, trusted computing, DICE, TPM

中图分类号: