Bibliographic Details
| Title: |
基于PUF的TPM架构设计与应用研究. |
| Alternate Title: |
TPM design and application based on PUF. |
| Authors: |
施江勇1, 高志远1, 刘天祎2, 刘威1, 郭振斌1, 张咏鼎1 1453713302@qq.com, 李少青1 shijiangyong@nudt.edu.cn |
| Source: |
Computer Engineering & Science / Jisuanji Gongcheng yu Kexue. Jan2026, Vol. 48 Issue 1, p51-60. 10p. |
| Subjects: |
Electronic authentication, Computer firmware, Cryptography, Security management, Design, Computer performance |
| Abstract (English): |
Existing trusted platform modules (TPMs) primarily rely on a single RSA public-private key pair as the foundation for secure trusted root, with this RSA key pair being permanently stored within the TPM chip. Consequently, this design architecture may expose the system to threats from physical-level attacks, such as physical analysis and side-channel analysis, thereby making it difficult to effectively guarantee system security. To address this issue, this paper proposes the use of a physically unclonable function (PUF) as the trusted root. By leveraging the secure characteristics of PUFs, including their physical tamper-resistance, randomness, and unpredictability, a PUF-based TPM architecture is designed and implemented. Furthermore, this paper effectively improves upon the security vulnerabilities in key generation algorithms and the inadequacies in authentication mechanisms identified in existing research. The improved design is then applied to trusted boot verification and secure firmware updates, thereby significantly enhancing the defense capabilities against security threats in trusted computing environments. The security of the proposed protocol is thoroughly analyzed using BAN logic and the protocol automated verification tool AVTSPA. Additionally, relevant experiments on trusted boot are conducted on the Zynq™ 7000 series development board. The results demonstrate that the proposed method enhances the security of key generation algorithms and effectively reduces the threats posed by adversaries tampering with bootloader and firmware update data, thereby compromising the system. Performance evaluation results indicate that the average duration of the entire authentication process in the proposed protocol is merely 0. 06 seconds, showcasing its superior performance. [ABSTRACT FROM AUTHOR] |
| Abstract (Chinese): |
现有的可信平台模块TPM主要依赖单一 RSA公私钥对作为安全的可信根基础, 该RSA密 钥对固定不变地存储于TPM芯片中。因此, 此种设计架构可能使得系统面临着物理分析与侧信道分析 等物理层面攻击的威胁, 进而导致系统的安全性难以得到有效保障。为此, 提出采用物理不可克隆函数 PUF作为可信根, 利用PUF具有的物理不可篡改性、随机性和不可预测性等安全特性, 设计并实现了基 于PUF的TPM架构。此外, 还针对现有研究中密钥生成算法存在的安全漏洞以及认证机制的不完善等 问题进行了有效的改进, 并将改进后的设计应用于可信启动验证及固件的安全更新中, 从而有效提升了可 信计算环境面临安全威胁的防御能力。通过BAN逻辑和协议自动化验证工具AVTSPA对所提协议的安 全性进行了深入分析, 并在Zynq™ 7000系列开发板上实现了可信启动的相关实验, 结果表明了所提出的 方法可增强密钥生成算法的安全性, 并有效降低了对引导程序和固件更新数据进行篡改等攻击的威胁。 性能评估结果显示, 所提协议整个认证过程平均时长仅0.06 s, 展现出了其在性能上的优越性. [ABSTRACT FROM AUTHOR] |
|
Copyright of Computer Engineering & Science / Jisuanji Gongcheng yu Kexue is the property of Computer Engineering & Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) |
| Database: |
Engineering Source |