基于PUF的TPM架构设计与应用研究.

Saved in:
Bibliographic Details
Title: 基于PUF的TPM架构设计与应用研究.
Alternate Title: TPM design and application based on PUF.
Authors: 施江勇1, 高志远1, 刘天祎2, 刘威1, 郭振斌1, 张咏鼎1 1453713302@qq.com, 李少青1 shijiangyong@nudt.edu.cn
Source: Computer Engineering & Science / Jisuanji Gongcheng yu Kexue. Jan2026, Vol. 48 Issue 1, p51-60. 10p.
Subjects: Electronic authentication, Computer firmware, Cryptography, Security management, Design, Computer performance
Abstract (English): Existing trusted platform modules (TPMs) primarily rely on a single RSA public-private key pair as the foundation for secure trusted root, with this RSA key pair being permanently stored within the TPM chip. Consequently, this design architecture may expose the system to threats from physical-level attacks, such as physical analysis and side-channel analysis, thereby making it difficult to effectively guarantee system security. To address this issue, this paper proposes the use of a physically unclonable function (PUF) as the trusted root. By leveraging the secure characteristics of PUFs, including their physical tamper-resistance, randomness, and unpredictability, a PUF-based TPM architecture is designed and implemented. Furthermore, this paper effectively improves upon the security vulnerabilities in key generation algorithms and the inadequacies in authentication mechanisms identified in existing research. The improved design is then applied to trusted boot verification and secure firmware updates, thereby significantly enhancing the defense capabilities against security threats in trusted computing environments. The security of the proposed protocol is thoroughly analyzed using BAN logic and the protocol automated verification tool AVTSPA. Additionally, relevant experiments on trusted boot are conducted on the Zynq™ 7000 series development board. The results demonstrate that the proposed method enhances the security of key generation algorithms and effectively reduces the threats posed by adversaries tampering with bootloader and firmware update data, thereby compromising the system. Performance evaluation results indicate that the average duration of the entire authentication process in the proposed protocol is merely 0. 06 seconds, showcasing its superior performance. [ABSTRACT FROM AUTHOR]
Abstract (Chinese): 现有的可信平台模块TPM主要依赖单一 RSA公私钥对作为安全的可信根基础, 该RSA密 钥对固定不变地存储于TPM芯片中。因此, 此种设计架构可能使得系统面临着物理分析与侧信道分析 等物理层面攻击的威胁, 进而导致系统的安全性难以得到有效保障。为此, 提出采用物理不可克隆函数 PUF作为可信根, 利用PUF具有的物理不可篡改性、随机性和不可预测性等安全特性, 设计并实现了基 于PUF的TPM架构。此外, 还针对现有研究中密钥生成算法存在的安全漏洞以及认证机制的不完善等 问题进行了有效的改进, 并将改进后的设计应用于可信启动验证及固件的安全更新中, 从而有效提升了可 信计算环境面临安全威胁的防御能力。通过BAN逻辑和协议自动化验证工具AVTSPA对所提协议的安 全性进行了深入分析, 并在Zynq™ 7000系列开发板上实现了可信启动的相关实验, 结果表明了所提出的 方法可增强密钥生成算法的安全性, 并有效降低了对引导程序和固件更新数据进行篡改等攻击的威胁。 性能评估结果显示, 所提协议整个认证过程平均时长仅0.06 s, 展现出了其在性能上的优越性. [ABSTRACT FROM AUTHOR]
Copyright of Computer Engineering & Science / Jisuanji Gongcheng yu Kexue is the property of Computer Engineering & Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 191508600
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: 基于PUF的TPM架构设计与应用研究.
– Name: TitleAlt
  Label: Alternate Title
  Group: TiAlt
  Data: TPM design and application based on PUF.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22施江勇%22">施江勇</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22高志远%22">高志远</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22刘天祎%22">刘天祎</searchLink><relatesTo>2</relatesTo><br /><searchLink fieldCode="AR" term="%22刘威%22">刘威</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22郭振斌%22">郭振斌</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22张咏鼎%22">张咏鼎</searchLink><relatesTo>1</relatesTo><i> 1453713302@qq.com</i><br /><searchLink fieldCode="AR" term="%22李少青%22">李少青</searchLink><relatesTo>1</relatesTo><i> shijiangyong@nudt.edu.cn</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Computer+Engineering+%26+Science+%2F+Jisuanji+Gongcheng+yu+Kexue%22">Computer Engineering & Science / Jisuanji Gongcheng yu Kexue</searchLink>. Jan2026, Vol. 48 Issue 1, p51-60. 10p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Electronic+authentication%22">Electronic authentication</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+firmware%22">Computer firmware</searchLink><br /><searchLink fieldCode="DE" term="%22Cryptography%22">Cryptography</searchLink><br /><searchLink fieldCode="DE" term="%22Security+management%22">Security management</searchLink><br /><searchLink fieldCode="DE" term="%22Design%22">Design</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+performance%22">Computer performance</searchLink>
– Name: Abstract
  Label: Abstract (English)
  Group: Ab
  Data: Existing trusted platform modules (TPMs) primarily rely on a single RSA public-private key pair as the foundation for secure trusted root, with this RSA key pair being permanently stored within the TPM chip. Consequently, this design architecture may expose the system to threats from physical-level attacks, such as physical analysis and side-channel analysis, thereby making it difficult to effectively guarantee system security. To address this issue, this paper proposes the use of a physically unclonable function (PUF) as the trusted root. By leveraging the secure characteristics of PUFs, including their physical tamper-resistance, randomness, and unpredictability, a PUF-based TPM architecture is designed and implemented. Furthermore, this paper effectively improves upon the security vulnerabilities in key generation algorithms and the inadequacies in authentication mechanisms identified in existing research. The improved design is then applied to trusted boot verification and secure firmware updates, thereby significantly enhancing the defense capabilities against security threats in trusted computing environments. The security of the proposed protocol is thoroughly analyzed using BAN logic and the protocol automated verification tool AVTSPA. Additionally, relevant experiments on trusted boot are conducted on the Zynq™ 7000 series development board. The results demonstrate that the proposed method enhances the security of key generation algorithms and effectively reduces the threats posed by adversaries tampering with bootloader and firmware update data, thereby compromising the system. Performance evaluation results indicate that the average duration of the entire authentication process in the proposed protocol is merely 0. 06 seconds, showcasing its superior performance. [ABSTRACT FROM AUTHOR]
– Name: Abstract
  Label: Abstract (Chinese)
  Group: Ab
  Data: 现有的可信平台模块TPM主要依赖单一 RSA公私钥对作为安全的可信根基础, 该RSA密 钥对固定不变地存储于TPM芯片中。因此, 此种设计架构可能使得系统面临着物理分析与侧信道分析 等物理层面攻击的威胁, 进而导致系统的安全性难以得到有效保障。为此, 提出采用物理不可克隆函数 PUF作为可信根, 利用PUF具有的物理不可篡改性、随机性和不可预测性等安全特性, 设计并实现了基 于PUF的TPM架构。此外, 还针对现有研究中密钥生成算法存在的安全漏洞以及认证机制的不完善等 问题进行了有效的改进, 并将改进后的设计应用于可信启动验证及固件的安全更新中, 从而有效提升了可 信计算环境面临安全威胁的防御能力。通过BAN逻辑和协议自动化验证工具AVTSPA对所提协议的安 全性进行了深入分析, 并在Zynq™ 7000系列开发板上实现了可信启动的相关实验, 结果表明了所提出的 方法可增强密钥生成算法的安全性, 并有效降低了对引导程序和固件更新数据进行篡改等攻击的威胁。 性能评估结果显示, 所提协议整个认证过程平均时长仅0.06 s, 展现出了其在性能上的优越性. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Computer Engineering & Science / Jisuanji Gongcheng yu Kexue is the property of Computer Engineering & Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=191508600
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.3969/j.issn.1007-130X.2026.01.006
    Languages:
      – Code: chi
        Text: Chinese
    PhysicalDescription:
      Pagination:
        PageCount: 10
        StartPage: 51
    Subjects:
      – SubjectFull: Electronic authentication
        Type: general
      – SubjectFull: Computer firmware
        Type: general
      – SubjectFull: Cryptography
        Type: general
      – SubjectFull: Security management
        Type: general
      – SubjectFull: Design
        Type: general
      – SubjectFull: Computer performance
        Type: general
    Titles:
      – TitleFull: 基于PUF的TPM架构设计与应用研究.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: 施江勇
      – PersonEntity:
          Name:
            NameFull: 高志远
      – PersonEntity:
          Name:
            NameFull: 刘天祎
      – PersonEntity:
          Name:
            NameFull: 刘威
      – PersonEntity:
          Name:
            NameFull: 郭振斌
      – PersonEntity:
          Name:
            NameFull: 张咏鼎
      – PersonEntity:
          Name:
            NameFull: 李少青
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 01
              Text: Jan2026
              Type: published
              Y: 2026
          Identifiers:
            – Type: issn-print
              Value: 1007130X
          Numbering:
            – Type: volume
              Value: 48
            – Type: issue
              Value: 1
          Titles:
            – TitleFull: Computer Engineering & Science / Jisuanji Gongcheng yu Kexue
              Type: main
ResultId 1