{"title":"基于区块链的密钥管理,用于可重构平台中的可信平台模块标准","authors":"Rourab Paul, Nimisha Ghosh, Amrutanshu Panigrahi, Amlan Chakrabarti, Prasant Mohapatra","doi":"10.1002/cpe.8225","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>The growing sophistication of cyber attacks, vulnerabilities in high computing systems and increasing dependency on cryptography to protect our digital data, make it more important to keep secret keys safe and secure. A few major issues of secret keys, like incorrect use of keys, inappropriate storage of keys, inadequate protection of keys, insecure movement of keys, lack of audit logging, insider threats and nondestruction of keys can compromise the whole security system severely. In this work, we propose a field programmable gate array (FPGA)-based trusted platform module (TPM) framework for operating system companies and OS users, utilizing blockchain to address NIST-recommended secret key management issues. The security processor used in OS user machines is partitioned into three areas such that <i>processor area</i>, <i>confidential area</i>, and <i>crypto area</i>. The isolated secret key memory in <i>confidential area</i>, along with a private blockchain (BC) can log the life cycle of secret keys of TPM standard. We have also implemented a special custom bus interconnect, which receives custom crypto instructions from Processing Element (PE). During the execution of crypto instructions, the architecture ensures that secret keys are present in <i>confidential area</i> and <i>crypto area</i> but never in the <i>processor area</i>. The movements of secret keys between <i>confidential area</i>, and <i>crypto area</i> are recorded cryptographically after the proper authentication process controlled by the proposed hardware-based private BC framework. To the best of our knowledge, this work is the first attempt to implement a blockchain-based framework between OS company and OS users to address NIST recommended secret key management issues of TPM standard hardware environment. The additional cost of resource usage and timing complexity we spent to implement the proposed idea is nominal. The proposed architecture is implemented with Xilinx <span></span><math>\n <semantics>\n <mrow>\n <mi>V</mi>\n <mi>i</mi>\n <mi>v</mi>\n <mi>a</mi>\n <mi>d</mi>\n <mi>o</mi>\n </mrow>\n <annotation>$$ Vivado $$</annotation>\n </semantics></math> EDA tool using <span></span><math>\n <semantics>\n <mrow>\n <mi>A</mi>\n <mi>r</mi>\n <mi>t</mi>\n <mi>i</mi>\n <mi>x</mi>\n <mspace></mspace>\n <mn>7</mn>\n </mrow>\n <annotation>$$ Artix\\kern0.3em 7 $$</annotation>\n </semantics></math> FPGA board.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"36 22","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Blockchain based secret key management for trusted platform module standard in reconfigurable platform\",\"authors\":\"Rourab Paul, Nimisha Ghosh, Amrutanshu Panigrahi, Amlan Chakrabarti, Prasant Mohapatra\",\"doi\":\"10.1002/cpe.8225\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n \\n <p>The growing sophistication of cyber attacks, vulnerabilities in high computing systems and increasing dependency on cryptography to protect our digital data, make it more important to keep secret keys safe and secure. A few major issues of secret keys, like incorrect use of keys, inappropriate storage of keys, inadequate protection of keys, insecure movement of keys, lack of audit logging, insider threats and nondestruction of keys can compromise the whole security system severely. In this work, we propose a field programmable gate array (FPGA)-based trusted platform module (TPM) framework for operating system companies and OS users, utilizing blockchain to address NIST-recommended secret key management issues. The security processor used in OS user machines is partitioned into three areas such that <i>processor area</i>, <i>confidential area</i>, and <i>crypto area</i>. The isolated secret key memory in <i>confidential area</i>, along with a private blockchain (BC) can log the life cycle of secret keys of TPM standard. We have also implemented a special custom bus interconnect, which receives custom crypto instructions from Processing Element (PE). During the execution of crypto instructions, the architecture ensures that secret keys are present in <i>confidential area</i> and <i>crypto area</i> but never in the <i>processor area</i>. The movements of secret keys between <i>confidential area</i>, and <i>crypto area</i> are recorded cryptographically after the proper authentication process controlled by the proposed hardware-based private BC framework. To the best of our knowledge, this work is the first attempt to implement a blockchain-based framework between OS company and OS users to address NIST recommended secret key management issues of TPM standard hardware environment. The additional cost of resource usage and timing complexity we spent to implement the proposed idea is nominal. The proposed architecture is implemented with Xilinx <span></span><math>\\n <semantics>\\n <mrow>\\n <mi>V</mi>\\n <mi>i</mi>\\n <mi>v</mi>\\n <mi>a</mi>\\n <mi>d</mi>\\n <mi>o</mi>\\n </mrow>\\n <annotation>$$ Vivado $$</annotation>\\n </semantics></math> EDA tool using <span></span><math>\\n <semantics>\\n <mrow>\\n <mi>A</mi>\\n <mi>r</mi>\\n <mi>t</mi>\\n <mi>i</mi>\\n <mi>x</mi>\\n <mspace></mspace>\\n <mn>7</mn>\\n </mrow>\\n <annotation>$$ Artix\\\\kern0.3em 7 $$</annotation>\\n </semantics></math> FPGA board.</p>\\n </div>\",\"PeriodicalId\":55214,\"journal\":{\"name\":\"Concurrency and Computation-Practice & Experience\",\"volume\":\"36 22\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2024-07-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Concurrency and Computation-Practice & Experience\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8225\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8225","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
Blockchain based secret key management for trusted platform module standard in reconfigurable platform
The growing sophistication of cyber attacks, vulnerabilities in high computing systems and increasing dependency on cryptography to protect our digital data, make it more important to keep secret keys safe and secure. A few major issues of secret keys, like incorrect use of keys, inappropriate storage of keys, inadequate protection of keys, insecure movement of keys, lack of audit logging, insider threats and nondestruction of keys can compromise the whole security system severely. In this work, we propose a field programmable gate array (FPGA)-based trusted platform module (TPM) framework for operating system companies and OS users, utilizing blockchain to address NIST-recommended secret key management issues. The security processor used in OS user machines is partitioned into three areas such that processor area, confidential area, and crypto area. The isolated secret key memory in confidential area, along with a private blockchain (BC) can log the life cycle of secret keys of TPM standard. We have also implemented a special custom bus interconnect, which receives custom crypto instructions from Processing Element (PE). During the execution of crypto instructions, the architecture ensures that secret keys are present in confidential area and crypto area but never in the processor area. The movements of secret keys between confidential area, and crypto area are recorded cryptographically after the proper authentication process controlled by the proposed hardware-based private BC framework. To the best of our knowledge, this work is the first attempt to implement a blockchain-based framework between OS company and OS users to address NIST recommended secret key management issues of TPM standard hardware environment. The additional cost of resource usage and timing complexity we spent to implement the proposed idea is nominal. The proposed architecture is implemented with Xilinx EDA tool using FPGA board.
期刊介绍:
Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of:
Parallel and distributed computing;
High-performance computing;
Computational and data science;
Artificial intelligence and machine learning;
Big data applications, algorithms, and systems;
Network science;
Ontologies and semantics;
Security and privacy;
Cloud/edge/fog computing;
Green computing; and
Quantum computing.