信息安全研究 ›› 2017, Vol. 3 ›› Issue (4): 332-338.

• 学术论文 • 上一篇    下一篇

可信网络连接架构TCA的实现及其应用

李明   

  1. 无线网络安全技术国家工程实验室西安
  • 收稿日期:2017-04-13 出版日期:2017-04-13 发布日期:2017-04-13
  • 通讯作者: 李明
  • 作者简介:李明 硕士研究生,主要研究方向为密码学及信息安全、可信计算.

The Implementation and Application of Trusted Connect Architecture

  • Received:2017-04-13 Online:2017-04-13 Published:2017-04-13

摘要: 随着计算机网络的深度应用,最突出的威胁是:恶意代码攻击、信息非法窃取、数据和系统非法破坏,其中以用户秘密信息为目标的恶意代码攻击超过传统病毒成为最大安全威胁,这些安全威胁的根源在于缺乏体系架构层次的计算机的恶意代码攻击免疫机制,导致无法实现计算网络平台安全、可信赖地运行.可信网络连接是在此背景下提出的一种技术理念,它通过建立一种特定的完整性度量机制,使网络接入时不仅对用户的身份进行鉴别,还可提供对平台鉴别,就是基于平台完整性评估,具备对不可信平台的程序代码建立有效的防治方法和措施.根据我国已有的可信网络连接国家标准,给出可信连接架构TCA的实现及其相关的支撑技术,最后探讨了可信连接架构TCA技术的应用范围.

关键词: 可信计算, 可信网络连接, 平台鉴别, 完整性度量, 三元对等实体鉴别, 可信连接架构

Abstract: With the deep application of computer network, the main threats in network includes malicious code attacks, illegal information theft, data and system illegal destruction and so on. In these threats, malicious code attacks targeting users privacy information becomes the biggest security threat beyond traditional virus. The root of these security threats lies in the lack of architecturelevel computer malicious code attack immune mechanism which can help the computer immune system to prevent malicious code attacks, and make sure the computing network platform operate securely and reliably. Therefore, the technical concept of trusted network connection was proposed. Through establishing a specific mechanism of integrity measurement can achieve platform authentication in addition to the authentication of users identity in network access process. Platform authentication is an effective methods to prevent illegal accessing of untrustworthy platform with malicious code. This paper presents implementation and related supporting technologies of TCA specified in China national standards, and discusses the application of TCA.

Key words: trusted computing, trusted network connection, platform authentication, integrity measurement, trielement peer authentication, trusted connect architecture