TPM用户密钥命令安全性形式化分析

The Trusted Platform Module (TPM) is a dedicated hardware chip designed to provide a higher level of security for computing platform. All TPM functionalities are implemented in TPM commands to achieve specific security goals. We attempt to analyze the security properties of these commands, especially the key management API. Our study utilizes applied pi calculus to formalize the commands and determine how their security properties affect TPM key management. The attacker is assumed to call TPM commands without bounds and without knowing the TPM root key, expecting to obtain or replace the user key. The analysis goal in our study is to guarantee the corresponding property of API execution and the integrity of API data. We analyze the security properties of TPM commands with a process reduction method, identify the key-handle hijack attack on a TPM newly created key, and propose reasonable solutions to solve the problem. Then, we conduct an experiment involving a key-handle attack, which successfully replaces a user key with an attacker's key using malicious TPM software. This paper discloses the weakness of the relationship between the key handle and the key object. After the TPM software stack is compromised, the attacker can launch a key-handle attack to obtain the user key and even break into the whole storage tree of user keys.     

基于属性证明的可信网络接入方案

为保证终端接入网络时的可信计算平台配置满足特定的安全要求,可信计算组织提出了可信网络接入框架,在该框架中终端向网络决策判定方请求接入网络时采用二进制证明方案进行平台证明,存在完整性管理复杂、暴露用户平台配置隐私等问题.针对上述问题,本文提出了一种基于属性的可信网络接入方案,采用基于属性的远程证明方法,将可信网络接入中的平台证明交给一个可信的安全属性证书颁发方,此属性证书颁发方根据终端平台的完整性颁发安全属性证书,负责网络接入判定的网络接入决策者根据属性证书进行网络接入判定,有效地解决了传统可信网络接入中网络接入决策者完整性管理复杂以及终端平台配置暴露等问题,并能够根据安全属性将平台接入到不同的隔离域,实现了网络中平台多域的隔离.本文在802.1X框架下实现了上述方案,实验结果显示该方案能够根据平台的安全属性实现终端平台VLAN的隔离.     

Ka波段毫米波云雷达多普勒谱降雪微物理特征分析

构建了一种基于毫米波云雷达多普勒谱的过冷水滴、冰晶、雪花的识别算法,通过对全局谱的谱峰识别,分离出了不同类型粒子的局部谱,得出了不同类型粒子的反射率因子、多普勒速度、谱宽等谱矩参数及含水量.通过对一次降雪过程Ka波段测云雷达多普勒谱的分析,结果表明:(1)混合相云中,由于雪花对毫米波雷达总回波强度贡献较大,基于总雷达反射率因子直接反演液态水含量会忽略过冷水滴的贡献,造成云中含水量的低估;(2)多普勒谱反演得到过冷水的液态水路径(LWP)与微波辐射计反演结果一致性较好,说明毫米波雷达能够有效估量云中液态水路径;(3)冰雪晶粒子在过冷水层(SWL)中下落速度随反射率因子的变化梯度(d V/d Z)比在冰雪层(ISL)中大,这主要是因为冰雪晶粒子在SWL中通过凇附增长比在ISL中通过碰并增长要增长得更快.