TrustZone-based secret key use frequency management method and system in cloud storage mode

Abstract

The invention provides a TRUSTZONE-based secret key use frequency management method and system in a cloud storage mode, and the method comprises the steps: building a system environment which takes Linux as a common execution environment REE and takes OP-TEE as a trusted execution environment TEE at a data owner DO end and a data user DU end based on the TRUSTZONE technology, and enabling private information and related operations to be processed by a trusted application TA, processing other non-sensitive operations and files by a client application CA running in the REE, and the CA communicating with the TA through an API. In the aspect of secret key use, the secret key use frequency is bound with the safe file reading frequency, the secret key use frequency is subjected to safe storage and integrity verification to be prevented from being damaged, and it is ensured that the safety problem caused by unlimited use after secret key distribution is solved. In the cloud storage mode, the security storage of the secret key and the confidentiality of the file can be effectively ensured, the use frequency of the secret key by an authorized user is controlled and managed, and the situation that the confidentiality of the file is damaged due to unprotected and unlimited use of the secret key by the user is prevented.

Description

technical field [0001] The present invention relates to the technical field of computer information security, the main content is to manage the data encryption key based on TrustZone in the cloud storage mode, and use TrustZone to realize the safe storage of the key at the data user end and limit the number of times of use, thereby protecting the confidentiality of outsourced data sex. Background technique [0002] As an important part of cloud computing, cloud storage focuses on providing users with Internet-based online storage services. In the cloud storage mode, storage is a service. Users do not need to consider specific technical details such as the storage type and storage method of physical devices, data availability, reliability, etc., but can request from the cloud service provider (Cloud Service Provider, CSP) on demand. Get corresponding services and access your data anytime, anywhere. Cloud storage can bring opportunities in improving IT efficiency, cost savin...

AI Technical Summary

Problems solved by technology

[0006] However, its disadvantages are: firstly, the basis for realizing this method is the trusted platform module TPM, but the TPM is an external chip on the computer motherboard, and some user equipment may not have a TPM chip; secondly, it is subject to price and process and other factors, TPM only provides a small number of hardware counters, and the rapid and continuous update of TPM hardware counters will cause blocking and reduce program performance

Although this method solves the problem that the number of TPM hardware counters is small by using a virtual counter, each update operation to the virtual counter will still update the TPM hardware counter, and there is still a significant problem of performance degradation; third, in this method , the encryption and decryption of the data key is completed inside the TPM, but the use of the key to decrypt the ciphertext data from the cloud server is completed in the ordinary memory environment, and attacks from the operating system or programs with higher privileges may cause the key leakage

Images