基于Linux系统的嵌入式终端可信安全方案Trusted security solution based on Linux system for embedded terminals
李俊彦,董增寿
摘要(Abstract):
针对嵌入式平台的安全问题,提出一种基于Linux系统的嵌入式终端可信安全方案。可信计算的协议层和应用层不涉及硬件部分,因此首先设计一种可信计算仿真试验环境,接着采用Atmel公司的可信平台模块(TPM),将其可移动的启动存储介质作为核心可信度量根,简化并移植PC平台上的可信软件协议栈(TSS),从而实现了嵌入式终端可信环境的建立。实验结果表明,在ARM平台上可以实现可信启动,建立可信环境,因此可基本上保证终端的安全性。
关键词(KeyWords): 可信计算;嵌入式终端;可信平台模块;AT97SC3205T;安全方案;Linux
基金项目(Foundation): 山西省青年科技研究基金项目(201601D021065);; 太原科技大学校博士科研启动项目(20152022);; 晋城市科技计划项目(201501004-4)~~
作者(Author): 李俊彦,董增寿
DOI: 10.16652/j.issn.1004-373x.2018.18.015
参考文献(References):
- [1]Trusted Computing Group.TPM main part 1:design principles(specification version 1.2)[EB/OL].[2011-03-01].http://www.doc88.com/p-9965172136692.html.
- [2]Trusted Computing Group.TPM main part 2:structures of the TPM(specification version 1.2)[EB/OL].[2011-03-01].https://trustedcomputinggroup.org/.
- [3]邹德清,羌卫中,金海.可信计算技术原理与应用[M].北京:科学出版社,2011.ZOU Deqing,QIANG Weizhong,JIN Hai.Principle and application of trusted computing technology[M].Beijing:Science Press,2011.
- [4]王镇道,郑荣浩,张立军,等.一种适用于嵌入式终端的可信安全方案[J].计算机应用与软件,2016,33(1):230-234.WANG Zhendao,ZHENG Ronghao,ZHANG Lijun,et al.A trusted security solution for embedded terminals[J].Computer applications and software,2016,33(1):230-234.
- [5]FURTAK J,CHUDZIKIEWICZ J.Securing transmissions between nodes of WSN using TPM[J].Computer science&information systems,2015:1059-1068.
- [6]Atmel.AT97SC3205T:summary datasheet[EB/OL].[2014-02-01].http://101.96.10.63/ww1.microchip.com/downloads/en/Device Doc/Atmel-8883S-TPM-AT97SC3205T-Datasheet-Summary.pdf.
- [7]罗洪达,董增寿,杨威.基于TPM仿真器的可信计算实验平台设计[J].太原科技大学学报,2013,34(5):337-341.LUO Hongda,DONG Zengshou,YANG Wei.Design of trusted computing experimental platform based on TPM emulator[J].Journal of Taiyuan University of Science and Technology,2013,34(5):337-341.
- [8]HENNEBERT C,SANTOS J D.Security protocols and privacy issues into 6Lo WPAN stack:a synthesis[J].IEEE Internet of Things journal,2014,1(5):384-398.
- [9]蔡一新,朱嘉钢.基于Android系统嵌入式移动可信网关设计[J].传感器与微系统,2016,35(10):105-108.CAI Yixin,ZHU Jiagang.Design of embedded mobile trusted gateway based on Android system[J].Transducer and microsystem technologies,2016,35(10):105-108.
- [10]刘川,李志伟,沈卫康.基于云计算及SDN的电力数据中心安全问题分析和防护策略[J].电子设计工程,2016,24(9):136-138.LIU Chuan,LI Zhiwei,SHEN Weikang.Analysis and protection strategy of power data center security based on cloud computing and SDN technology[J].Electronic design engineering,2016,24(9):136-138.