Key management and method for virtual trusted platform module in cloud environment

Abstract

The invention discloses a key management system and method for a virtual trusted platform module in a cloud environment. A virtual machine and the virtual trusted platform module corresponding to the virtual machine are established on a trusted host. A key management function of the virtual trusted platform module is independent and is realized by hardware password device. Key management and authentication are carried out through combination of a resource management server, a certificate management server, a trusted authentication server, and the like. Other functions of the virtual trusted platform module are realized through software. The flexibility when the virtual trusted platform module is migrated is ensured. Hardware level protection for key information such as a key can be realized. An application data symmetric key is transmitted through a confidential channel between the trusted host and a password device client, so the security of the key information such as the key is improved. The key usage and management control right can be transferred from a cloud service provider to users of the virtual machine and the virtual trusted platform module, and the key management is a non-centralized management mode.

Description

technical field [0001] The invention relates to a key management system and method for a virtual trusted platform module in a cloud environment, and belongs to the technical field of information security. Background technique [0002] The main industrial implementation of trusted computing is the hardware Trusted Platform Module (TPM: Trusted Platform Module). Due to the limitations of the trusted platform module's own performance and cost, it cannot provide sufficient trusted security services to upper-layer cloud services. For this reason, the concept of a virtual trusted platform module is proposed. It assigns a virtual trusted platform module to each virtual machine by simulating the function and interface of a hardware trusted platform module, and can realize various functions equivalent to a trusted platform module. , to solve the security issues of upper cloud services. [0003] Because the virtual trusted platform module is completely based on software implementatio...

AI Technical Summary

Problems solved by technology

[0003] Because the virtual trusted platform module is completely based on software implementation, it can be migrated with the migration of the virtual machine, and is not limited by the bound hardware, so it has strong flexibility. The management cannot reach the hardware security level. Compared with the hardware trusted platform module, the key information such as the key of the virtual trusted platform module is more vulnerable to attacks and has poorer security.

Images