Hardware-rooted trust for secure key management and transient trust
作者: Jeffrey S. Dwoskin , Ruby B. Lee
关键词: Chain of trust 、 Trusted authority 、 Computer hardware 、 Key (cryptography) 、 Transient (computer programming) 、 Hash function 、 Computer science 、 Computer security 、 Information sensitivity 、 Key management 、 Revocation
摘要: We propose minimalist new hardware additions to a microprocessor chip that protect cryptographic keys in portable computing devices which are used the field but owned by central authority. Our authority-mode architecture has trust rooted two critical secrets: Device Root Key and Storage Hash, initialized device trusted protects software, bound device, can use root secrets other sensitive information for many different usage scenarios. describe detailed scenario crisis response, where first responders given transient access third-party be securely accessed during reliably revoked after is over.We leverage Concealed Execution Mode of our earlier user-mode SP (Secret-Protecting) code its execution [1]. call since it shares same architectural lineage goal roots trust. However, we completely change key management software enable remote mechanisms cannot support. In architecture, built on top shared binds together secrets, policy device. As result, provide significant functionality including with reliable revocation mechanisms, controlled transitive support policy-controlled belonging organizations, attestation secure communications
acm.org
princeton.edu
sci-hub.se 参考文章(8)
Ralph C. Merkle, Protocols for Public Key Cryptosystems ieee symposium on security and privacy. pp. 122- 122 ,(1980) , 10.1109/SP.1980.10006
G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas, AEGIS: architecture for tamper-evident and tamper-resistant processing international conference on supercomputing. pp. 357- 368 ,(2003) , 10.1145/2591635.2667184
Dan Boneh, Patrick Lincoln, Mark Horowitz, John Mitchell, Mark Mitchell, David Lie Chandramohan Thekkath, Architectural support for copy and tamper-resistant software ,(2003)
Darko Kirovski, Milenko Drinić, Miodrag Potkonjak, Enabling trusted software integrity Tenth international conference on architectural support for programming languages and operating systems on Proceedings of the 10th international conference on architectural support for programming languages and operating systems (ASPLOS-X) - ASPLOS '02. ,vol. 37, pp. 108- 120 ,(2002) , 10.1145/605397.605409
Ruby B. Lee, Peter C. S. Kwan, John P. McGregor, Jeffrey Dwoskin, Zhenghong Wang, Architecture for Protecting Critical Secrets in Microprocessors ACM SIGARCH Computer Architecture News. ,vol. 33, pp. 2- 13 ,(2005) , 10.1145/1080695.1069971
Tanguy Gilmont, Jean-Didier Legat, Jean-Jacques Quisquater, An architecture of Security Management Unit for Safe Hosting of Multiple Agents Cost #254 International Workshop on Intelligent Communication and Multimedia Terminals. ,(1998)
Hannes Tschofenig, Pasi Eronen, None, Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) RFC. ,vol. 4279, pp. 1- 15 ,(2005)
Elaine B. Barker, Quynh H. Dang, The Keyed-Hash Message Authentication Code (HMAC) | NIST Federal Inf. Process. Stds. (NIST FIPS) - 198-1. ,(2002) , 10.1002/HTTPS://DX.DOI.ORG/10.6028/NIST.FIPS.198-1