基于区块链的密钥管理,用于可重构平台中的可信平台模块标准

IF 1.5 4区 计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING Concurrency and Computation-Practice & Experience Pub Date : 2024-07-12 DOI:10.1002/cpe.8225
Rourab Paul, Nimisha Ghosh, Amrutanshu Panigrahi, Amlan Chakrabarti, Prasant Mohapatra
{"title":"基于区块链的密钥管理,用于可重构平台中的可信平台模块标准","authors":"Rourab Paul,&nbsp;Nimisha Ghosh,&nbsp;Amrutanshu Panigrahi,&nbsp;Amlan Chakrabarti,&nbsp;Prasant Mohapatra","doi":"10.1002/cpe.8225","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>The growing sophistication of cyber attacks, vulnerabilities in high computing systems and increasing dependency on cryptography to protect our digital data, make it more important to keep secret keys safe and secure. A few major issues of secret keys, like incorrect use of keys, inappropriate storage of keys, inadequate protection of keys, insecure movement of keys, lack of audit logging, insider threats and nondestruction of keys can compromise the whole security system severely. In this work, we propose a field programmable gate array (FPGA)-based trusted platform module (TPM) framework for operating system companies and OS users, utilizing blockchain to address NIST-recommended secret key management issues. The security processor used in OS user machines is partitioned into three areas such that <i>processor area</i>, <i>confidential area</i>, and <i>crypto area</i>. The isolated secret key memory in <i>confidential area</i>, along with a private blockchain (BC) can log the life cycle of secret keys of TPM standard. We have also implemented a special custom bus interconnect, which receives custom crypto instructions from Processing Element (PE). During the execution of crypto instructions, the architecture ensures that secret keys are present in <i>confidential area</i> and <i>crypto area</i> but never in the <i>processor area</i>. The movements of secret keys between <i>confidential area</i>, and <i>crypto area</i> are recorded cryptographically after the proper authentication process controlled by the proposed hardware-based private BC framework. To the best of our knowledge, this work is the first attempt to implement a blockchain-based framework between OS company and OS users to address NIST recommended secret key management issues of TPM standard hardware environment. The additional cost of resource usage and timing complexity we spent to implement the proposed idea is nominal. The proposed architecture is implemented with Xilinx <span></span><math>\n <semantics>\n <mrow>\n <mi>V</mi>\n <mi>i</mi>\n <mi>v</mi>\n <mi>a</mi>\n <mi>d</mi>\n <mi>o</mi>\n </mrow>\n <annotation>$$ Vivado $$</annotation>\n </semantics></math> EDA tool using <span></span><math>\n <semantics>\n <mrow>\n <mi>A</mi>\n <mi>r</mi>\n <mi>t</mi>\n <mi>i</mi>\n <mi>x</mi>\n <mspace></mspace>\n <mn>7</mn>\n </mrow>\n <annotation>$$ Artix\\kern0.3em 7 $$</annotation>\n </semantics></math> FPGA board.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"36 22","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Blockchain based secret key management for trusted platform module standard in reconfigurable platform\",\"authors\":\"Rourab Paul,&nbsp;Nimisha Ghosh,&nbsp;Amrutanshu Panigrahi,&nbsp;Amlan Chakrabarti,&nbsp;Prasant Mohapatra\",\"doi\":\"10.1002/cpe.8225\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n \\n <p>The growing sophistication of cyber attacks, vulnerabilities in high computing systems and increasing dependency on cryptography to protect our digital data, make it more important to keep secret keys safe and secure. A few major issues of secret keys, like incorrect use of keys, inappropriate storage of keys, inadequate protection of keys, insecure movement of keys, lack of audit logging, insider threats and nondestruction of keys can compromise the whole security system severely. In this work, we propose a field programmable gate array (FPGA)-based trusted platform module (TPM) framework for operating system companies and OS users, utilizing blockchain to address NIST-recommended secret key management issues. The security processor used in OS user machines is partitioned into three areas such that <i>processor area</i>, <i>confidential area</i>, and <i>crypto area</i>. The isolated secret key memory in <i>confidential area</i>, along with a private blockchain (BC) can log the life cycle of secret keys of TPM standard. We have also implemented a special custom bus interconnect, which receives custom crypto instructions from Processing Element (PE). During the execution of crypto instructions, the architecture ensures that secret keys are present in <i>confidential area</i> and <i>crypto area</i> but never in the <i>processor area</i>. The movements of secret keys between <i>confidential area</i>, and <i>crypto area</i> are recorded cryptographically after the proper authentication process controlled by the proposed hardware-based private BC framework. To the best of our knowledge, this work is the first attempt to implement a blockchain-based framework between OS company and OS users to address NIST recommended secret key management issues of TPM standard hardware environment. The additional cost of resource usage and timing complexity we spent to implement the proposed idea is nominal. The proposed architecture is implemented with Xilinx <span></span><math>\\n <semantics>\\n <mrow>\\n <mi>V</mi>\\n <mi>i</mi>\\n <mi>v</mi>\\n <mi>a</mi>\\n <mi>d</mi>\\n <mi>o</mi>\\n </mrow>\\n <annotation>$$ Vivado $$</annotation>\\n </semantics></math> EDA tool using <span></span><math>\\n <semantics>\\n <mrow>\\n <mi>A</mi>\\n <mi>r</mi>\\n <mi>t</mi>\\n <mi>i</mi>\\n <mi>x</mi>\\n <mspace></mspace>\\n <mn>7</mn>\\n </mrow>\\n <annotation>$$ Artix\\\\kern0.3em 7 $$</annotation>\\n </semantics></math> FPGA board.</p>\\n </div>\",\"PeriodicalId\":55214,\"journal\":{\"name\":\"Concurrency and Computation-Practice & Experience\",\"volume\":\"36 22\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2024-07-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Concurrency and Computation-Practice & Experience\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8225\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8225","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

摘要

摘要日益复杂的网络攻击、高级计算系统中的漏洞以及对加密技术保护数字数据的日益依赖,使得密钥的安全和保密变得更加重要。密钥的几个主要问题,如密钥使用不当、密钥存储不当、密钥保护不足、密钥移动不安全、缺乏审计记录、内部威胁和密钥未销毁等,都会严重破坏整个安全系统。在这项工作中,我们为操作系统公司和操作系统用户提出了一个基于现场可编程门阵列(FPGA)的可信平台模块(TPM)框架,利用区块链来解决 NIST 推荐的密钥管理问题。操作系统用户机器使用的安全处理器分为三个区域,如处理器区、保密区和加密区。保密区中的隔离秘钥存储器与私有区块链(BC)一起,可以记录 TPM 标准秘钥的生命周期。我们还实现了一个特殊的自定义总线互连,用于接收来自处理元件(PE)的自定义加密指令。在执行加密指令期间,该架构可确保秘钥存在于保密区和加密区,但绝不会存在于处理器区。密钥在保密区和加密区之间的移动,在经过由建议的基于硬件的私有 BC 框架控制的适当验证过程后,会以加密方式记录下来。据我们所知,这项工作是首次尝试在操作系统公司和操作系统用户之间实施基于区块链的框架,以解决 TPM 标准硬件环境中 NIST 推荐的秘钥管理问题。我们为实现所提出的想法而花费的额外资源使用成本和时序复杂性微不足道。我们使用 Xilinx EDA 工具和 FPGA 板实现了所提出的架构。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Blockchain based secret key management for trusted platform module standard in reconfigurable platform

The growing sophistication of cyber attacks, vulnerabilities in high computing systems and increasing dependency on cryptography to protect our digital data, make it more important to keep secret keys safe and secure. A few major issues of secret keys, like incorrect use of keys, inappropriate storage of keys, inadequate protection of keys, insecure movement of keys, lack of audit logging, insider threats and nondestruction of keys can compromise the whole security system severely. In this work, we propose a field programmable gate array (FPGA)-based trusted platform module (TPM) framework for operating system companies and OS users, utilizing blockchain to address NIST-recommended secret key management issues. The security processor used in OS user machines is partitioned into three areas such that processor area, confidential area, and crypto area. The isolated secret key memory in confidential area, along with a private blockchain (BC) can log the life cycle of secret keys of TPM standard. We have also implemented a special custom bus interconnect, which receives custom crypto instructions from Processing Element (PE). During the execution of crypto instructions, the architecture ensures that secret keys are present in confidential area and crypto area but never in the processor area. The movements of secret keys between confidential area, and crypto area are recorded cryptographically after the proper authentication process controlled by the proposed hardware-based private BC framework. To the best of our knowledge, this work is the first attempt to implement a blockchain-based framework between OS company and OS users to address NIST recommended secret key management issues of TPM standard hardware environment. The additional cost of resource usage and timing complexity we spent to implement the proposed idea is nominal. The proposed architecture is implemented with Xilinx V i v a d o $$ Vivado $$ EDA tool using A r t i x 7 $$ Artix\kern0.3em 7 $$ FPGA board.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Concurrency and Computation-Practice & Experience
Concurrency and Computation-Practice & Experience 工程技术-计算机:理论方法
CiteScore
5.00
自引率
10.00%
发文量
664
审稿时长
9.6 months
期刊介绍: Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of: Parallel and distributed computing; High-performance computing; Computational and data science; Artificial intelligence and machine learning; Big data applications, algorithms, and systems; Network science; Ontologies and semantics; Security and privacy; Cloud/edge/fog computing; Green computing; and Quantum computing.
期刊最新文献
Issue Information Improving QoS in cloud resources scheduling using dynamic clustering algorithm and SM-CDC scheduling model Issue Information Issue Information Camellia oleifera trunks detection and identification based on improved YOLOv7
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1