A TCM-Based Remote Anonymous Attestation Protocol for Power Information System

摘要

Project development in a power enterprise always needs to authorize external devices access to the enterprise intranet for testing. In order to avoid an external device with a virus and pose a security risk to the power information system, external devices should have strict security assessment before access the enterprise intranet. But after the security assessment, the device user still be possible to change the platform configuration. Remote attestation is one of important measures when two sides need to communicate. It is concernful to attest the remote platform is trusty but not revealing the any private information of the platform. For this reason, we designed a novel remote anonymous attestation protocol based on TCM. The proposed protocol does not need extra zero knowledge proof and the involvement of the third trusted party and the composite signature scheme is proved secure against existential forgery on adaptively chosen message. So this protocol has better security and execution property.