Shuanghe Peng

Trust of User Using U-Key on Trusted Platform

Trusted computing based on TPM can be viewed from the following several ways, i.e. trusted on user, trusted on platform, trusted on application and trusted between platforms. Even though trusted on user was mentioned in trusted computing architecture, it does not really address security from a user point of view, as the model is centered on the security of platform. User identification and authentication mechanism, are rather rudiment. Andreas Pashalidis and Chris J. Mitchell proposed a single sign on scheme using trusted platform in 2003, where platform attestation identity key is used as user identity. User identity is bound to his/her trusted platform, which makes it inconvenient to users. Mobility and flexibility are not achieved. Based on the rule of separation of user and platform credentials, trust of user using U-key technology on trusted platform is proposed in this paper. The proposed scheme can simplify the management of user and provide portability and flexibility to users

A Trusted Bootstrap Scheme on EFI

Extensible Firmware Interface (EFI) is a new interface applied for platform firmware and the operating system. Due to providing extensibility and customization, EFI is also a new technology instead of the conventional Basic Input-Output System (BIOS). However, the issue of building trusted EFI BIOS becomes increasingly important. The key of establishing trusted EFI BIOS is based on the trust transition. Therefore, we formalize the principles of building the trust chain firstly, and then present a suggested trust transition model in this paper.

Design and implementation of UsbKey device driver based on Extensible Firmware Interface

The goal of trusted computing proposed by TCG is to enhance the security of platform by the way of integrity measurement. TPM is a tamper-resistant hardware module designed to provide robust security capabilities like remote attestation and sealed storage for the trusted platform. But TPM has its limitation. It canpsilat be directly used in common PC current in use because of its interface with PC. A UsbKey is a USB device with capabilities of smart card. Extensible firmware interface (abbreviated as EFI) is intended as a significantly improved replacement of the old legacy BIOS. How to design and implement the driver of UsbKey based on EFI is what this paper focuses on. It is a basement for the trusted application.

Membership proof and verification in authenticated skip lists based on heap

How to keep cloud data intact and available to users is a problem to be solved. Authenticated skip list is an important data structure used in cloud data integrity verification. How to get the membership proof of the element in authenticated skip list efficiently is an important part of authentication. Kaouthar Blibech and Alban Gabillon proposed a head proof and a tail proof algorithms for the membership proof of elements in the authenticated skip list. However, the proposed algorithms are uncorrelated each other and need plateau function. We propose a new algorithm for computing the membership proof for elements in the authenticated skip list by using two stacks, one is for storing traversal chain of leaf node, the other is for storing authentication path for the leaf. The proposed algorithm is simple and effective without needing plateau function. It can also be applicable for other similar binary hash trees.

Proxy cryptography for secure inter-domain information exchanges

In todays interconnected world, the need to access to services across domains is increasing. How to make inter-domain data exchanges secure is what we concerned. Kerberos protocol can be used to secure inter-domain information exchanges, but it cannot be applied directly in environment where boundary device such as firewall exists between domains. Proxy ElGamal encryption scheme is a way to protect data exchanges between two domains. However, there are two disadvantages in using this proxy cryptosystem. In this article, an improved proxy ElGamal cryptosystem is proposed and two secure inter-domain authentication and proxy keys distribution protocols based on the improved proxy ElGamal cryptosystem are designed, one is for trusted domains and the other is for untrusted domains. The proposed protocols make data exchanges between domains more secure and efficient.