远程认证是可信计算平台的一种重要功能,二进制方法和基于属性证书的认证是其两种认证方法.属性认证能隐藏平台软件和硬件的配置信息,是静态的,不能动态验证现在正在运行的平台的实时信息.结合这两种方法的优点,提出了一种基于动态组件属性的认证协议,将二进制认证、属性认证和组件认证结合到该协议中.对协议进行了详细的说明和安全性分析,实验结果表明,该认证方法是有效的、保密的和可行的.%Remote attestation is one of the important functionalities of trusted computing. Binary attestation and property-based attestation are two methods of authentication. Property-based attestation can conceal information about the configuration of a platform hardware and software or application, which is static and cannot get dynamic properties that represent runtime properties. A new method is proposed, which combines both approaches into a dynamic component-property attestation protocol, a protocol for remote attestation is demonstrated in detail, and its security is analyzed. The experimental result shows that the scheme improve the efficiency and credibility of remote attestation.
展开▼
