[go: up one dir, main page]

CN116502188A - Method, device and system for remote attestation - Google Patents

Method, device and system for remote attestation Download PDF

Info

Publication number
CN116502188A
CN116502188A CN202210060322.XA CN202210060322A CN116502188A CN 116502188 A CN116502188 A CN 116502188A CN 202210060322 A CN202210060322 A CN 202210060322A CN 116502188 A CN116502188 A CN 116502188A
Authority
CN
China
Prior art keywords
network device
software
baseline file
log
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210060322.XA
Other languages
Chinese (zh)
Inventor
范晓峰
范永强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202210060322.XA priority Critical patent/CN116502188A/en
Publication of CN116502188A publication Critical patent/CN116502188A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application discloses a remote proving method, equipment and a system, and belongs to the technical field of information processing. The method comprises the following steps: the first network equipment acquires a first baseline file and a measurement log, wherein the first baseline file is generated by the second network equipment, the first baseline file is used for recording a reference value of software of the second network equipment under the trusted condition, and the measurement log is used for recording a measurement value of the software. And under the condition that the first baseline file and the measurement log are confirmed to be credible, the first network equipment remotely proves the software based on the first baseline file and the measurement log to obtain a remote proving result corresponding to the software, wherein the remote proving result corresponding to the software is used for indicating whether the software is credible or not. Because the first baseline file and the measurement log acquired by the first network equipment are generated by the second network equipment, the acquisition mode is intelligent, and therefore the remote proving method provided by the application is intelligent and high in flexibility.

Description

远程证明的方法、设备及系统Method, device and system for remote attestation

技术领域technical field

本申请涉及信息处理技术领域,特别涉及远程证明的方法、设备及系统。The present application relates to the technical field of information processing, and in particular to a method, device and system for remote attestation.

背景技术Background technique

随着信息技术的不断发展,信息安全问题成为关注重点,远程证明应运而生。在远程证明过程中,由远程证明服务器(remote attestation server,RAS)向远程证明客户端(remote attestation client,RAC)发起挑战,以对RAC的软件进行远程证明。在RAS对RAC的软件进行远程证明的过程中,RAS需要使用RAC的软件对应的基线文件。With the continuous development of information technology, information security issues have become the focus of attention, and remote certification has emerged as the times require. In the process of remote attestation, a remote attestation server (remote attestation server, RAS) initiates a challenge to a remote attestation client (remote attestation client, RAC), so as to remotely attest software of the RAC. When the RAS performs remote certification on the RAC software, the RAS needs to use the baseline file corresponding to the RAC software.

现有技术中,RAC的软件对应的基线文件由软件编译人员在软件的编译过程中生成。此种基线文件的生成方式使得现有技术所提供的远程证明的方式不够智能,且灵活性较差。In the prior art, the baseline file corresponding to the RAC software is generated by a software compiler during the software compilation process. The generation method of the baseline file makes the remote attestation method provided by the prior art insufficiently intelligent and less flexible.

发明内容Contents of the invention

本申请提供了一种远程证明的方法、设备及系统,以解决现有技术提供的远程证明的方式不够智能,以及灵活性不高的问题,技术方案如下。The present application provides a remote certification method, device and system to solve the problem that the remote certification method provided by the prior art is not smart enough and has low flexibility. The technical solution is as follows.

第一方面,提供了一种远程证明的方法。该方法包括:第一网络设备获取第二网络设备生成的第一基线文件和度量日志。第一基线文件用于记录第二网络设备的软件在可信情况下的基准值,度量日志用于记录该软件的度量值。第一网络设备在确认第一基线文件和度量日志可信的情况下,基于第一基线文件和度量日志对软件进行远程证明,得到软件对应的远程证明结果。软件对应的远程证明结果用于指示软件是否可信。In the first aspect, a remote attestation method is provided. The method includes: the first network device acquires the first baseline file and the measurement log generated by the second network device. The first baseline file is used to record the baseline value of the software of the second network device in a trusted situation, and the measurement log is used to record the measurement value of the software. After confirming that the first baseline file and the measurement log are credible, the first network device performs remote certification on the software based on the first baseline file and the measurement log, and obtains a remote certification result corresponding to the software. The remote attestation result corresponding to the software is used to indicate whether the software is trustworthy.

由于第一网络设备在确认第一基线文件和度量日志可信的情况下,再基于第一基线文件和度量日志对第二网络设备的软件进行远程证明。这保证了所得到的远程证明结果的准确性。由于第一网络设备获取的第一基线文件和度量日志是由第二网络设备生成的,获取方式较为智能,因而使得本申请实施例提供的远程证明的方法也较为智能,且灵活性较高。Since the first network device confirms that the first baseline file and the measurement log are credible, it remotely certifies the software of the second network device based on the first baseline file and the measurement log. This guarantees the accuracy of the obtained remote attestation results. Since the first baseline file and measurement log obtained by the first network device are generated by the second network device, the acquisition method is relatively intelligent, so the remote attestation method provided by the embodiment of the present application is also relatively intelligent and flexible.

在一种可能的实现方式中,第一网络设备基于第一基线文件和度量日志对软件进行远程证明,得到软件对应的远程证明结果之前,方法还包括:第一网络设备接收第二网络设备发送的可信的基线文件校验值,基线文件校验值用于校验第一基线文件是否可信。第一网络设备对第一基线文件记录的基准值进行计算,得到第一数值。第一数值与基线文件校验值的计算方式相同。计算方式相同为算法相同,或者为算法和计算顺序均相同。响应于第一数值与基线文件校验值相同,第一网络设备确认第一基线文件可信。In a possible implementation manner, the first network device performs remote certification on the software based on the first baseline file and the measurement log, and before obtaining the remote certification result corresponding to the software, the method further includes: the first network device receives the information sent by the second network device credible baseline file check value, the baseline file check value is used to check whether the first baseline file is credible. The first network device calculates the reference value recorded in the first baseline file to obtain the first value. The first value is calculated in the same way as the baseline file checksum. The same calculation method means the same algorithm, or the same algorithm and calculation order. In response to the first numerical value being the same as the baseline file check value, the first network device confirms that the first baseline file is authentic.

通过基线文件校验值校验第一基线文件是否可信的方式简洁准确。在通过校验确认第一基线文件可信的情况下,第一网络设备才会执行后续的远程证明过程。保证了得到的远程证明结果的准确性。而对于第一基线文件中记录的基准值被篡改、第一基线文件中记录的不同基准值之间的顺序被篡改、基准值以及不同基准值之间的顺序均被篡改的情况,通过此种方式会确认第一基线文件不可信。第一网络设备不再执行后续的远程证明过程。The method of verifying whether the first baseline file is credible by using the check value of the baseline file is concise and accurate. The first network device will perform the subsequent remote attestation process only when it is verified that the first baseline file is credible. The accuracy of the obtained remote proof result is guaranteed. For the situation that the reference value recorded in the first baseline file is tampered with, the order between different reference values recorded in the first baseline file is tampered with, the reference value and the order between different reference values are all tampered with, through this The method will confirm that the first baseline file is not trusted. The first network device does not execute the subsequent remote attestation process.

在一种可能的实现方式中,第一网络设备基于第一基线文件和度量日志对软件进行远程证明,得到软件对应的远程证明结果之前,方法还包括:第一网络设备接收第二网络设备发送的可信的度量日志校验值,度量日志校验值用于校验度量日志是否可信。第一网络设备对度量日志记录的度量值进行计算,得到第二数值。第二数值与度量日志校验值的计算方式相同。计算方式相同为算法相同,或者为算法和计算顺序均相同。响应于第二数值与度量日志校验值相同,第一网络设备确认度量日志可信。In a possible implementation manner, the first network device performs remote certification on the software based on the first baseline file and the measurement log, and before obtaining the remote certification result corresponding to the software, the method further includes: the first network device receives the information sent by the second network device The credible measurement log verification value of the measurement log is used to verify whether the measurement log is credible. The first network device calculates the metric value recorded in the metric log to obtain the second value. The second number is calculated in the same way as the metrics log checksum. The same calculation method means the same algorithm, or the same algorithm and calculation order. In response to the second numerical value being the same as the metric log check value, the first network device confirms that the metric log is authentic.

在通过校验确认度量日志可信的情况下,第一网络设备才会执行后续的远程证明过程,保证了得到的远程证明结果的准确性。而对于度量日志中记录的度量值被篡改、度量日志中记录的不同度量值之间的顺序被篡改、度量值以及不同度量值之间的顺序均被篡改的情况,通过此种方式会确认度量日志不可信。第一网络设备不再执行后续的远程证明过程。The first network device will perform the subsequent remote attestation process only when the measurement log is confirmed to be credible through verification, which ensures the accuracy of the obtained remote attestation result. However, if the metric values recorded in the metric log are tampered with, the order of different metric values recorded in the metric log is tampered with, and the order of the metric values and different metric values is tampered with, the measurement will be confirmed in this way. Logs are not trustworthy. The first network device does not execute the subsequent remote attestation process.

在一种可能的实现方式中,第一基线文件和度量日志已通过第二网络设备的私钥加密。第一网络设备基于第一基线文件和度量日志对软件进行远程证明,得到软件对应的远程证明结果之前,方法还包括:第一网络设备获取私钥对应的公钥,通过公钥对第一基线文件和度量日志进行解密。In a possible implementation manner, the first baseline file and the measurement log have been encrypted with the private key of the second network device. The first network device remotely attests the software based on the first baseline file and the measurement log, and before obtaining the remote attestation result corresponding to the software, the method further includes: the first network device obtains the public key corresponding to the private key, and uses the public key to verify the first baseline Files and metrics logs are decrypted.

如果第一网络设备能够通过公钥对第一基线文件和度量日志进行解密,则第一网络设备能够确认第一基线文件和度量日志是通过第二网络设备的私钥加密的。进而能够确认第一基线文件和度量日志是由第二网络设备发送的。通过此种方式,能够及时发现第一基线文件和度量日志在传输过程中被恶意替换的情况,避免对后续远程证明过程造成影响。If the first network device can decrypt the first baseline file and the metric log with the public key, the first network device can confirm that the first baseline file and the metric log are encrypted with the private key of the second network device. Furthermore, it can be confirmed that the first baseline file and the measurement log are sent by the second network device. In this way, it is possible to detect in time that the first baseline file and the measurement log are maliciously replaced during the transmission process, and avoid affecting the subsequent remote attestation process.

在一种可能的实现方式中,第一网络设备基于第一基线文件和度量日志对软件进行远程证明,得到软件对应的远程证明结果之前,方法还包括:第一网络设备确定度量日志记录的度量值对应的度量目标属于第一基线文件记录的基线值对应的度量目标的子集。In a possible implementation manner, the first network device remotely certifies the software based on the first baseline file and the metric log, and before obtaining the remote certifying result corresponding to the software, the method further includes: the first network device determines the metric recorded in the metric log The metric target corresponding to the value belongs to the subset of the metric target corresponding to the baseline value recorded in the first baseline file.

该实现方式用于第一网络设备确认第二网络设备是否可信,在第二网络设备可信的情况下再执行后续的远程证明过程。而在度量日志记录的度量值对应的度量目标不属于第一基线文件记录的基线值对应的度量目标的子集的情况下,确认第二网络设备不可信。第一网络设备可以不再执行后续的远程证明过程,直接确定第二网络设备的软件不可信。This implementation is used for the first network device to confirm whether the second network device is trustworthy, and to execute the subsequent remote attestation process if the second network device is trustworthy. In a case where the metric target corresponding to the metric value recorded in the metric log does not belong to the subset of the metric target corresponding to the baseline value recorded in the first baseline file, it is confirmed that the second network device is untrustworthy. The first network device may directly determine that the software of the second network device is untrustworthy without performing the subsequent remote attestation process.

在一种可能的实现方式中,第一网络设备基于第一基线文件和度量日志对软件进行远程证明,得到软件对应的远程证明结果之前,方法还包括:第一网络设备接收第二网络设备发送的存储的第一基线文件。第一网络设备确定存储的第一基线文件和第一基线文件相同。In a possible implementation manner, the first network device performs remote certification on the software based on the first baseline file and the measurement log, and before obtaining the remote certification result corresponding to the software, the method further includes: the first network device receives the information sent by the second network device The stored first baseline file. The first network device determines that the stored first baseline file is the same as the first baseline file.

该实现方式用于第一网络设备确认第二网络设备是否可信,在第二网络设备可信的情况下再执行后续的远程证明过程。如果存储的第一基线文件和第一网络设备已获取的第一基线文件不同,则说明在第二网络设备对第一基线文件的存储过程中第一基线文件被篡改,从而说明第二网络设备不可信。第一网络设备可以不再执行后续的远程证明过程,直接确定第二网络设备的软件不可信。This implementation is used for the first network device to confirm whether the second network device is trustworthy, and to execute the subsequent remote attestation process if the second network device is trustworthy. If the stored first baseline file is different from the first baseline file acquired by the first network device, it indicates that the first baseline file has been tampered with during the storage process of the first baseline file by the second network device, thereby indicating that the second network device Not credible. The first network device may directly determine that the software of the second network device is untrustworthy without performing the subsequent remote attestation process.

在一种可能的实现方式中,第一网络设备获取第二网络设备生成的第一基线文件和度量日志,包括:第一网络设备向第二网络设备发送挑战请求,挑战请求用于请求第二网络设备发送第一基线文件和度量日志。第一网络设备接收第二网络设备发送的第一基线文件和度量日志。此种获取方式简单便捷。In a possible implementation, the first network device acquires the first baseline file and the measurement log generated by the second network device, including: the first network device sends a challenge request to the second network device, and the challenge request is used to request the second The network device sends a first baseline file and a metric log. The first network device receives the first baseline file and the metric log sent by the second network device. This method of obtaining is simple and convenient.

在一种可能的实现方式中,挑战请求包括基准挑战值。第一网络设备基于第一基线文件和度量日志对软件进行远程证明,得到软件对应的远程证明结果之前,方法还包括:第一网络设备接收第二网络设备发送的挑战值,确定挑战值与基准挑战值相同。In a possible implementation manner, the challenge request includes a reference challenge value. The first network device remotely attests the software based on the first baseline file and the measurement log, and before obtaining the remote attestation result corresponding to the software, the method further includes: the first network device receives the challenge value sent by the second network device, and determines the challenge value and the benchmark The challenge value is the same.

如果挑战值与基准挑战值相同,则第一网络设备能够确认接收到的第一基线文件和度量日志是针对挑战请求现去发送的,并非是第一网络设备曾接收过的其他基线文件和度量日志。从而能够确认不存在重放攻击,避免了重放攻击影响后续的远程证明过程,保证了远程证明过程的准确性。If the challenge value is the same as the reference challenge value, the first network device can confirm that the received first baseline file and metric log are sent in response to the challenge request, and are not other baseline files and metrics that the first network device has ever received log. Therefore, it can be confirmed that there is no replay attack, which prevents the replay attack from affecting the subsequent remote attestation process, and ensures the accuracy of the remote attestation process.

在一种可能的实现方式中,第一网络设备基于第一基线文件和度量日志对软件进行远程证明,得到软件对应的远程证明结果之前,方法还包括:第一网络设备确定发送时刻与接收时刻之间的时刻差值不大于时刻阈值。发送时刻为发送挑战请求的时刻,接收时刻为接收第一基线文件和度量日志的时刻。In a possible implementation, the first network device performs remote certification on the software based on the first baseline file and the measurement log, and before obtaining the remote certification result corresponding to the software, the method further includes: the first network device determines the sending time and the receiving time The time difference between them is not greater than the time threshold. The sending time is the time when the challenge request is sent, and the receiving time is the time when the first baseline file and the measurement log are received.

该实现方式用于第一网络设备确认第二网络设备是否可信,在第二网络设备可信的情况下再执行后续的远程证明过程。在发送时刻与接收时刻之间的时刻差值大于时刻阈值的情况下,第一网络设备可以确定第二网络设备不可信。第一网络设备可以不再执行后续的远程证明过程,直接确定第二网络设备的软件不可信。This implementation is used for the first network device to confirm whether the second network device is trustworthy, and to execute the subsequent remote attestation process if the second network device is trustworthy. In a case where the time difference between the sending time and the receiving time is greater than the time threshold, the first network device may determine that the second network device is untrustworthy. The first network device may directly determine that the software of the second network device is untrustworthy without performing the subsequent remote attestation process.

在一种可能的实现方式中,软件为运行态软件,运行态软件的数据位于第二网络设备的内存包括的多个内存页中,第一基线文件由第二网络设备查询多个内存页得到数据、拼接数据得到运行态软件后生成,运行态软件为用户态软件和内核态软件中的至少一种。In a possible implementation, the software is running state software, and the data of the running state software is located in multiple memory pages included in the memory of the second network device, and the first baseline file is obtained by querying multiple memory pages by the second network device The data and spliced data are generated after being obtained by the software in the running state, and the software in the running state is at least one of user state software and kernel state software.

运行态软件位于第二网络设备的内存中,且运行态软件的数据可能分散于内存的不同内存页中。因而第二网络设备需要查询各个内存页得到数据,拼接得到运行态软件。从而可以生成运行态软件对应的第一基线文件,进而可以实现针对运行态软件的远程证明。The software in the running state is located in the memory of the second network device, and the data of the software in the running state may be scattered in different memory pages of the memory. Therefore, the second network device needs to query each memory page to obtain data, and splicing to obtain the running state software. Therefore, the first baseline file corresponding to the software in the running state can be generated, and then the remote certification for the software in the running state can be realized.

在一种可能的实现方式中,运行态软件为内核态软件,方法还包括:第一网络设备获取第二网络设备的用户态软件对应的第二基线文件。第二基线文件在用户态软件的编译过程中生成。第一网络设备基于第二基线文件对用户态软件进行远程证明,得到用户态软件对应的远程证明结果。In a possible implementation manner, the running state software is kernel state software, and the method further includes: the first network device acquires a second baseline file corresponding to the user state software of the second network device. The second baseline file is generated during compilation of the user mode software. The first network device performs remote certification on the user state software based on the second baseline file, and obtains a remote certification result corresponding to the user state software.

如上文所述,运行态软件位于第二网络设备的内存中。其中,在内核态软件被加载至内存的过程中,内核态软件会被进行重定向改写等修改,从而使得加载前后内核态软件是不一致的。由于内核态软件被进行的修改是难以预知的,因而对于内核态软件而言,内核态软件对应的第一基线文件只能在内核态软件被加载至内存之后由第二网络设备生成。不过,在用户态软件被加载至内存的过程中,用户态软件不会被进行修改,因而加载前后用户态软件是一致的。因此,对于用户态软件而言,可以由第二网络设备生成用户态软件对应的第一基线文件。也可以在用户态软件的编译过程中就生成用户态软件对应的第二基线文件。第一基线文件和第二基线文件均可以用于对用户态软件进行远程证明。As mentioned above, the running software is located in the memory of the second network device. Wherein, during the process of loading the kernel state software into the memory, the kernel state software will be modified such as redirection and rewriting, so that the kernel state software before and after loading is inconsistent. Since the modification of the kernel state software is unpredictable, for the kernel state software, the first baseline file corresponding to the kernel state software can only be generated by the second network device after the kernel state software is loaded into the memory. However, during the process of loading the user state software into the memory, the user state software will not be modified, so the user state software is consistent before and after loading. Therefore, for the user mode software, the first baseline file corresponding to the user mode software may be generated by the second network device. The second baseline file corresponding to the user-mode software may also be generated during the compiling process of the user-mode software. Both the first baseline file and the second baseline file can be used to remotely certify the user mode software.

第二方面,提供了一种远程证明的方法。该方法包括:第二网络设备生成第二网络设备的软件对应的第一基线文件,第一基线文件用于记录软件在可信情况下的基准值。第二网络设备生成软件对应的度量日志,度量日志用于记录软件的度量值。第二网络设备向第一网络设备发送第一基线文件和度量日志。In the second aspect, a remote attestation method is provided. The method includes: the second network device generates a first baseline file corresponding to the software of the second network device, and the first baseline file is used to record a benchmark value of the software under a trusted condition. The second network device generates a measurement log corresponding to the software, where the measurement log is used to record the measurement value of the software. The second network device sends the first baseline file and the metric log to the first network device.

在一种可能的实现方式中,度量日志记录的度量值对应有度量目标。对于任一度量目标,任一度量目标在第一基线文件中对应的基准值与任一度量目标对应的度量值不同。In a possible implementation manner, the metric value recorded in the metric log corresponds to a metric target. For any measurement target, the reference value corresponding to any measurement target in the first baseline file is different from the measurement value corresponding to any measurement target.

在该实现方式中,第二网络设备会对比第一基线文件和各个度量目标的度量值。仅记录与第一基线文件中的基准值不同的度量值,得到度量日志。相比于记录所有度量目标的度量值得到度量日志的方式,对比之后再记录的方式能够减少度量日志的数据量,减小度量日志所需占用的存储空间。In this implementation manner, the second network device compares the first baseline file with the measurement values of each measurement target. Log only metrics that differ from the baseline in the first baseline file, resulting in a metrics log. Compared with the method of recording the measurement values of all measurement objects to obtain the measurement log, the method of recording after comparison can reduce the data volume of the measurement log and reduce the storage space required for the measurement log.

在一种可能的实现方式中,第二网络设备生成软件对应的度量日志,包括:响应于确认第一基线文件可信,第二网络设备生成软件对应的度量日志。In a possible implementation manner, the second network device generating the metric log corresponding to the software includes: in response to confirming that the first baseline file is authentic, the second network device generating the metric log corresponding to the software.

第二网络设备在确认第一基线文件可信的情况下,再对第一基线文件和各个度量目标的度量值进行对比。能够避免第一基线文件不可信的情况影响对比过程,保证了通过对比得到的度量日志的准确性。从而保证了后续的远程证明过程的准确性。After confirming that the first baseline file is credible, the second network device compares the first baseline file with the measurement values of each measurement target. The comparison process can be prevented from being affected by the fact that the first baseline file is untrustworthy, and the accuracy of the measurement log obtained through the comparison is ensured. Therefore, the accuracy of the subsequent remote attestation process is guaranteed.

在一种可能的实现方式中,方法还包括:第二网络设备对第一基线文件记录的基准值进行计算,得到基线文件校验值。基线文件校验值用于校验第一基线文件是否可信。第二网络设备向第一网络设备发送可信的基线文件校验值。In a possible implementation manner, the method further includes: the second network device calculates the reference value recorded in the first baseline file to obtain the check value of the baseline file. The check value of the baseline file is used to check whether the first baseline file is credible. The second network device sends the credible baseline file check value to the first network device.

在一种可能的实现方式中,方法还包括:第二网络设备对度量日志记录的度量值进行计算,得到度量日志校验值。度量日志校验值用于校验度量日志是否可信。第二网络设备向第一网络设备发送可信的度量日志校验值。In a possible implementation manner, the method further includes: the second network device calculates the metric value recorded in the metric log to obtain a verification value of the metric log. The measurement log verification value is used to verify whether the measurement log is credible. The second network device sends the credible metric log check value to the first network device.

在一种可能的实现方式中,第二网络设备向第一网络设备发送第一基线文件和度量日志,包括:第二网络设备向第一网络设备发送通过第二网络设备的私钥加密的第一基线文件和度量日志。In a possible implementation manner, the second network device sending the first baseline file and the metric log to the first network device includes: the second network device sending the first baseline file and the measurement log encrypted by the private key of the second network device to the first network device. A baseline file and metrics log.

在一种可能的实现方式中,方法还包括:第二网络设备向第一网络设备发送存储的第一基线文件。In a possible implementation manner, the method further includes: the second network device sending the stored first baseline file to the first network device.

在一种可能的实现方式中,第二网络设备向第一网络设备发送第一基线文件和度量日志之前,方法还包括:第二网络设备接收第一网络设备发送的挑战请求。挑战请求用于请求第二网络设备发送第一基线文件和度量日志。In a possible implementation manner, before the second network device sends the first baseline file and the measurement log to the first network device, the method further includes: the second network device receives a challenge request sent by the first network device. The challenge request is used to request the second network device to send the first baseline file and the measurement log.

在一种可能的实现方式中,挑战请求包括基准挑战值,方法还包括:第二网络设备向第一网络设备发送挑战值,挑战值为基准挑战值。In a possible implementation manner, the challenge request includes a reference challenge value, and the method further includes: the second network device sends the challenge value to the first network device, where the challenge value is the reference challenge value.

在一种可能的实现方式中,软件为运行态软件。运行态软件为用户态软件和内核态软件中的至少一种。第二网络设备生成第二网络设备的软件对应的第一基线文件,包括:第二网络设备查询第二网络设备的内存包括的多个内存页,得到运行态软件的数据。第二网络设备拼接数据得到运行态软件,生成运行态软件对应的第一基线文件。In a possible implementation manner, the software is running state software. The running state software is at least one of user state software and kernel state software. The second network device generates the first baseline file corresponding to the software of the second network device, including: the second network device queries multiple memory pages included in the memory of the second network device to obtain the data of the running state software. The second network device splices the data to obtain the software in the running state, and generates a first baseline file corresponding to the software in the running state.

第三方面,提供了一种远程证明的装置,该装置包括获取模块和远程证明模块。其中,获取模块用于获取第二网络设备的软件对应的第一基线文件和度量日志。第一基线文件和度量日志由第二网络设备生成。第一基线文件用于记录软件在可信情况下的基准值,度量日志用于记录软件的度量值。远程证明模块用于响应于确认第一基线文件和度量日志可信,基于第一基线文件和度量日志对软件进行远程证明,得到软件对应的远程证明结果,软件对应的远程证明结果用于指示软件是否可信。In a third aspect, a device for remote attestation is provided, and the device includes an acquisition module and a remote attestation module. Wherein, the acquiring module is configured to acquire the first baseline file and the measurement log corresponding to the software of the second network device. The first baseline file and the metric log are generated by the second network device. The first baseline file is used to record the benchmark value of the software in a credible situation, and the measurement log is used to record the measurement value of the software. The remote attestation module is configured to perform remote attestation on the software based on the first baseline file and the metric log in response to confirming that the first baseline file and the metric log are credible, and obtain a remote attestation result corresponding to the software, and the remote attestation result corresponding to the software is used to instruct the software Is it credible.

在一种可能的实现方式中,远程证明模块还用于接收第二网络设备发送的可信的基线文件校验值,基线文件校验值用于校验第一基线文件是否可信。对第一基线文件记录的基准值进行计算,得到第一数值。第一数值与基线文件校验值的计算方式相同。计算方式相同为算法相同,或者为算法和计算顺序均相同。响应于第一数值与基线文件校验值相同,确认第一基线文件可信。In a possible implementation manner, the remote attestation module is further configured to receive a credible baseline file check value sent by the second network device, and the baseline file check value is used to check whether the first baseline file is credible. The reference value recorded in the first baseline file is calculated to obtain the first value. The first value is calculated in the same way as the baseline file checksum. The same calculation method means the same algorithm, or the same algorithm and calculation order. In response to the first value being the same as the check value of the baseline file, it is confirmed that the first baseline file is authentic.

在一种可能的实现方式中,远程证明模块还用于接收第二网络设备发送的可信的度量日志校验值。度量日志校验值用于校验度量日志是否可信。对度量日志记录的度量值进行计算,得到第二数值。第二数值与度量日志校验值的计算方式相同。计算方式相同为算法相同,或者为算法和计算顺序均相同。响应于第二数值与度量日志校验值相同,确认度量日志可信。In a possible implementation manner, the remote attestation module is further configured to receive a credible metric log verification value sent by the second network device. The measurement log verification value is used to verify whether the measurement log is credible. A calculation is performed on the metric value recorded in the metric log to obtain the second value. The second number is calculated in the same way as the metrics log checksum. The same calculation method means the same algorithm, or the same algorithm and calculation order. In response to the second value being the same as the metric log check value, it is confirmed that the metric log is authentic.

在一种可能的实现方式中,第一基线文件和度量日志已通过第二网络设备的私钥加密。远程证明模块还用于获取私钥对应的公钥,通过公钥对第一基线文件和度量日志进行解密。In a possible implementation manner, the first baseline file and the measurement log have been encrypted with the private key of the second network device. The remote certification module is also used to obtain the public key corresponding to the private key, and decrypt the first baseline file and the measurement log through the public key.

在一种可能的实现方式中,远程证明模块还用于确定度量日志记录的度量值对应的度量目标属于第一基线文件记录的基线值对应的度量目标的子集。In a possible implementation manner, the remote attestation module is further configured to determine that the metric target corresponding to the metric value recorded in the metric log belongs to a subset of the metric target corresponding to the baseline value recorded in the first baseline file.

在一种可能的实现方式中,远程证明模块还用于接收第二网络设备发送的存储的第一基线文件。确定存储的第一基线文件和第一基线文件相同。In a possible implementation manner, the remote attestation module is further configured to receive the stored first baseline file sent by the second network device. It is determined that the stored first baseline file is the same as the first baseline file.

在一种可能的实现方式中,获取模块用于向第二网络设备发送挑战请求。挑战请求用于请求第二网络设备发送第一基线文件和度量日志。接收第二网络设备发送的第一基线文件和度量日志。In a possible implementation manner, the acquiring module is configured to send a challenge request to the second network device. The challenge request is used to request the second network device to send the first baseline file and the measurement log. The first baseline file and the measurement log sent by the second network device are received.

在一种可能的实现方式中,远程证明模块还用于接收第二网络设备发送的挑战值,确定挑战值与基准挑战值相同。In a possible implementation manner, the remote attestation module is further configured to receive a challenge value sent by the second network device, and determine that the challenge value is the same as the reference challenge value.

在一种可能的实现方式中,远程证明模块还用于确定发送时刻与接收时刻之间的时刻差值不大于时刻阈值。发送时刻为发送挑战请求的时刻,接收时刻为接收第一基线文件和度量日志的时刻。In a possible implementation manner, the remote attestation module is further configured to determine that the time difference between the sending time and the receiving time is not greater than the time threshold. The sending time is the time when the challenge request is sent, and the receiving time is the time when the first baseline file and the measurement log are received.

在一种可能的实现方式中,软件为运行态软件。运行态软件的数据位于第二网络设备的内存包括的多个内存页中。第一基线文件由第二网络设备查询多个内存页得到数据、拼接数据得到运行态软件后生成。运行态软件为用户态软件和内核态软件中的至少一种。In a possible implementation manner, the software is running state software. The data of the software in the running state is located in multiple memory pages included in the memory of the second network device. The first baseline file is generated by the second network device after querying multiple memory pages to obtain data, splicing the data to obtain running software. The running state software is at least one of user state software and kernel state software.

在一种可能的实现方式中,运行态软件为内核态软件。获取模块还用于获取第二网络设备的用户态软件对应的第二基线文件,第二基线文件在用户态软件的编译过程中生成。远程证明模块还用于基于第二基线文件对用户态软件进行远程证明,得到用户态软件对应的远程证明结果。In a possible implementation manner, the running state software is kernel state software. The acquiring module is also used to acquire a second baseline file corresponding to the user-mode software of the second network device, and the second baseline file is generated during the compiling process of the user-mode software. The remote attestation module is also used to perform remote attestation on the user state software based on the second baseline file, and obtain a remote attestation result corresponding to the user state software.

第四方面,提供了一种远程证明的装置,该装置包括生成模块和发送模块。其中,生成模块用于生成第二网络设备的软件对应的第一基线文件,第一基线文件用于记录软件在可信情况下的基准值。生成模块还用于生成软件对应的度量日志,度量日志用于记录软件的度量值。发送模块用于向第一网络设备发送第一基线文件和度量日志。In a fourth aspect, a device for remote attestation is provided, and the device includes a generating module and a sending module. Wherein, the generation module is used to generate the first baseline file corresponding to the software of the second network device, and the first baseline file is used to record the reference value of the software under the credible condition. The generation module is also used to generate a measurement log corresponding to the software, and the measurement log is used to record the measurement value of the software. The sending module is used to send the first baseline file and the measurement log to the first network device.

在一种可能的实现方式中,度量日志记录的度量值对应有度量目标。对于任一度量目标,任一度量目标在第一基线文件中对应的基准值与任一度量目标对应的度量值不同。In a possible implementation manner, the metric value recorded in the metric log corresponds to a metric target. For any measurement target, the reference value corresponding to any measurement target in the first baseline file is different from the measurement value corresponding to any measurement target.

在一种可能的实现方式中,生成模块用于响应于确认第一基线文件可信,生成软件对应的度量日志。In a possible implementation manner, the generating module is configured to generate a metric log corresponding to the software in response to confirming that the first baseline file is credible.

在一种可能的实现方式中,发送模块还用于对第一基线文件记录的基准值进行计算,得到基线文件校验值。基线文件校验值用于校验第一基线文件是否可信。向第一网络设备发送可信的基线文件校验值。In a possible implementation manner, the sending module is further configured to calculate the reference value recorded in the first baseline file to obtain the check value of the baseline file. The check value of the baseline file is used to check whether the first baseline file is credible. The credible baseline file check value is sent to the first network device.

在一种可能的实现方式中,发送模块还用于对度量日志记录的度量值进行计算,得到度量日志校验值。度量日志校验值用于校验度量日志是否可信。向第一网络设备发送可信的度量日志校验值。In a possible implementation manner, the sending module is further configured to calculate the measurement value recorded in the measurement log to obtain the verification value of the measurement log. The measurement log verification value is used to verify whether the measurement log is credible. The trusted metric log check value is sent to the first network device.

在一种可能的实现方式中,发送模块用于向第一网络设备发送通过第二网络设备的私钥加密的第一基线文件和度量日志。In a possible implementation manner, the sending module is configured to send the first baseline file and the measurement log encrypted by the private key of the second network device to the first network device.

在一种可能的实现方式中,发送模块还用于向第一网络设备发送存储的第一基线文件。In a possible implementation manner, the sending module is further configured to send the stored first baseline file to the first network device.

在一种可能的实现方式中,发送模块还用于接收第一网络设备发送的挑战请求。挑战请求用于请求第二网络设备发送第一基线文件和度量日志。In a possible implementation manner, the sending module is further configured to receive the challenge request sent by the first network device. The challenge request is used to request the second network device to send the first baseline file and the measurement log.

在一种可能的实现方式中,挑战请求包括基准挑战值。发送模块还用于向第一网络设备发送挑战值,挑战值为基准挑战值。In a possible implementation manner, the challenge request includes a reference challenge value. The sending module is further configured to send a challenge value to the first network device, where the challenge value is a reference challenge value.

在一种可能的实现方式中,软件为运行态软件。运行态软件为用户态软件和内核态软件中的至少一种。生成模块用于查询第二网络设备的内存包括的多个内存页,得到运行态软件的数据。拼接数据得到运行态软件。生成运行态软件对应的第一基线文件。In a possible implementation manner, the software is running state software. The running state software is at least one of user state software and kernel state software. The generation module is used to query multiple memory pages included in the memory of the second network device to obtain the data of the software in the running state. Splicing data to get running software. Generate the first baseline file corresponding to the running state software.

第五方面,提供了一种远程证明的设备,该设备包括:包括网络接口、存储器及处理器。网络接口用于接收或发送数据,存储器中存储有数据及至少一条指令,至少一条指令由处理器加载并执行,以使远程证明的设备实现第一方面或第一方面的任一可能的实现方式,或第二方面或第二方面的任一可能的实现方式所提供的远程证明的方法。In a fifth aspect, a device for remote attestation is provided, and the device includes: a network interface, a memory, and a processor. The network interface is used to receive or send data, the memory stores data and at least one instruction, and at least one instruction is loaded and executed by the processor, so that the remote attestation device implements the first aspect or any possible implementation of the first aspect , or the remote attestation method provided by the second aspect or any possible implementation manner of the second aspect.

第六方面,提供了一种远程证明的系统。该系统包括第一网络设备和至少一个第二网络设备。第一网络设备用于实现第一方面或第一方面的任一可能的实现方式所提供的远程证明的方法,至少一个第二网络设备中的任一第二网络设备用于实现第二方面或第二方面的任一可能的实现方式所提供的远程证明的方法。In a sixth aspect, a remote attestation system is provided. The system includes a first network device and at least one second network device. The first network device is used to implement the remote attestation method provided by the first aspect or any possible implementation of the first aspect, and any second network device in at least one second network device is used to implement the second aspect or The remote attestation method provided by any possible implementation of the second aspect.

第七方面,提供了一种计算机程序(产品)。计算机程序(产品)包括:计算机程序代码。当计算机程序代码被计算机运行时,使得计算机执行上述各方面中的方法。In a seventh aspect, a computer program (product) is provided. Computer programs (products) include: computer program codes. When the computer program code is executed by the computer, it causes the computer to execute the methods in the above aspects.

第八方面,提供了一种计算机可读存储介质。计算机可读存储介质存储程序或指令。当程序或指令在计算机上运行时,上述各方面中的方法被执行。In an eighth aspect, a computer-readable storage medium is provided. A computer-readable storage medium stores programs or instructions. The methods in the above aspects are performed when programs or instructions are run on a computer.

第九方面,提供了一种芯片,包括处理器。用于从存储器中调用并运行存储器中存储的指令,使得安装有芯片的通信设备执行上述各方面中的方法。In a ninth aspect, a chip including a processor is provided. The method is used for invoking and executing instructions stored in the memory from the memory, so that the communication device installed with the chip executes the methods in the above aspects.

第十方面,提供另一种芯片,包括:输入接口、输出接口、处理器和存储器。输入接口、输出接口、处理器以及存储器之间通过内部连接通路相连。处理器用于执行存储器中的代码,当代码被执行时,处理器用于执行上述各方面中的方法。In a tenth aspect, another chip is provided, including: an input interface, an output interface, a processor, and a memory. The input interface, the output interface, the processor and the memory are connected through internal connection paths. The processor is used to execute codes in the memory, and when the codes are executed, the processor is used to execute the methods in the above aspects.

附图说明Description of drawings

图1为本申请实施例提供的一种远程证明的系统的结构示意图;FIG. 1 is a schematic structural diagram of a remote attestation system provided by an embodiment of the present application;

图2为本申请实施例提供的又一种远程证明的系统的结构示意图;FIG. 2 is a schematic structural diagram of another remote attestation system provided by the embodiment of the present application;

图3为本申请实施例提供的一种对数据进行可信存储的示意图;Fig. 3 is a schematic diagram of trustworthy storage of data provided by the embodiment of the present application;

图4为本申请实施例提供的一种静态软件转换至运行态软件的示意图;FIG. 4 is a schematic diagram of conversion of static software to running software provided by the embodiment of the present application;

图5为本申请实施例提供的一种远程证明的方法的流程图;FIG. 5 is a flow chart of a remote attestation method provided by an embodiment of the present application;

图6为本申请实施例提供的又一种远程证明的方法的流程图;FIG. 6 is a flowchart of another remote attestation method provided by the embodiment of the present application;

图7为本申请实施例提供的一种远程证明的装置的结构示意图;FIG. 7 is a schematic structural diagram of a remote attestation device provided by an embodiment of the present application;

图8为本申请实施例提供的又一种远程证明的装置的结构示意图;Fig. 8 is a schematic structural diagram of another remote attestation device provided by the embodiment of the present application;

图9为本申请实施例提供的一种远程证明的设备的结构示意图。FIG. 9 is a schematic structural diagram of a remote attestation device provided by an embodiment of the present application.

具体实施方式Detailed ways

本申请的实施方式部分使用的术语仅用于对本申请的具体实施例进行解释,而非旨在限定本申请。The terms used in the embodiments of the present application are only used to explain specific embodiments of the present application, and are not intended to limit the present application.

图1为本申请实施例提供的一种远程证明的系统的结构示意图。本申请实施例提供了一种远程证明的方法,该方法应用于图1所示的实施环境中。图1所示的系统包括第一网络设备11和至少一个第二网络设备12。第一网络设备11和各个第二网络设备12分别通信连接。第一网络设备11用于作为远程证明的RAS。作为RAS的第一网络设备11执行的步骤包括获取第二网络设备的软件对应的第一基线文件和度量日志。响应于确认第一基线文件和度量日志可信,基于第一基线文件和度量日志对软件进行远程证明。其中,第一基线文件用于记录软件在可信情况下的基准值。度量日志用于记录软件的度量值。此外,各个第二网络设备12分别用于作为远程证明的RAC。作为RAC的第二网络设备12执行的步骤包括生成第一基线文件和度量日志。向第一网络设备发送第一基线文件和度量日志。第二网络设备12的数量可以根据实际需求进行设置。对此,本申请不做限定。FIG. 1 is a schematic structural diagram of a remote attestation system provided by an embodiment of the present application. The embodiment of the present application provides a remote attestation method, which is applied in the implementation environment shown in FIG. 1 . The system shown in FIG. 1 includes a first network device 11 and at least one second network device 12 . The first network device 11 and each second network device 12 are connected in communication respectively. The first network device 11 is used for RAS as remote authentication. The steps performed by the first network device 11 serving as the RAS include acquiring the first baseline file and measurement log corresponding to the software of the second network device. In response to confirming that the first baseline file and the metric log are authentic, the software is remotely attested based on the first baseline file and the metric log. Wherein, the first baseline file is used to record the benchmark value of the software in a credible situation. Metric logs are used to record software metrics. In addition, each second network device 12 is used as a RAC for remote certification. The steps performed by the second network device 12 acting as a RAC include generating a first baseline file and a metric log. A first baseline file and a metric log are sent to a first network device. The number of second network devices 12 can be set according to actual needs. In this regard, this application does not make a limitation.

图2为本申请实施例提供的又一种远程证明的系统的结构示意图。如图2所示,第一网络设备11中安装有具有RAS功能的软件,使得第一网络设备11可以作为远程证明的RAS。RAS功能用于实现上文说明中第一网络设备11执行的步骤。示例性地,第一网络设备11可以对可信的第一基线文件进行存储,以便在后续的远程证明过程中进行使用。第二网络设备12中的用户空间中具有RAC功能的软件,使得第二网络设备12可以作为远程证明的RAC。RAC功能用于实现上文说明中第二网络设备12执行的步骤。Fig. 2 is a schematic structural diagram of another remote attestation system provided by the embodiment of the present application. As shown in FIG. 2 , software with RAS function is installed in the first network device 11 , so that the first network device 11 can serve as a RAS for remote certification. The RAS function is used to implement the steps performed by the first network device 11 in the above description. Exemplarily, the first network device 11 may store the credible first baseline file, so as to be used in a subsequent remote attestation process. The user space in the second network device 12 has software with the RAC function, so that the second network device 12 can serve as a RAC for remote certification. The RAC function is used to implement the steps performed by the second network device 12 in the above description.

此外,第二网络设备12还包括富计算环境(rich execution environment,REE)内核。REE内核包括第一度量模块。第一度量模块用于生成需要进行远程证明的软件对应的第一基线文件和度量日志。第一度量模块将第一基线文件存储于REE内核中,将度量日志存储于用户空间中。例如,软件为图2所示的文件系统中的静态软件,或者图2所示的内存中的运行态软件。具有RAS功能的软件可以从REE内核中获取第一基线文件,并从用户空间中获取度量日志。在一些实施方式中,REE内核存储有度量目标列表,REE内核基于该度量目标列表生成第一基线文件。度量目标列表又称完整性度量架构(integrity measurementarchitecture,IMA)列表,度量目标列表以及基于度量目标列表生成第一基线文件的方式参见下文方法实施例。In addition, the second network device 12 also includes a rich execution environment (REE) kernel. The REE kernel includes a first metric module. The first measurement module is configured to generate a first baseline file and a measurement log corresponding to software requiring remote certification. The first measurement module stores the first baseline file in the REE kernel, and stores the measurement log in the user space. For example, the software is the static software in the file system shown in FIG. 2 , or the running software in the memory shown in FIG. 2 . RAS-capable software can fetch first baseline files from the REE kernel and metrics logs from user space. In some embodiments, the REE kernel stores a list of metric objects, and the REE kernel generates the first baseline file based on the list of metric objects. The measurement target list is also called the integrity measurement architecture (integrity measurement architecture, IMA) list, and the method embodiment below refers to the method embodiment for the measurement target list and the manner of generating the first baseline file based on the measurement target list.

示例性地,第二网络设备12还包括可信计算环境(trusted executionenvironment,TEE)内核。TEE内核包括第二度量模块。第二度量模块用于生成基线文件校验值。基线文件校验值用于校验第一基线文件是否可信。示例性地,第二度量模块将基线文件校验值写入可信平台模块(trusted platform module,TPM)芯片的平台配置寄存器(platform configuration register,PCR)中,以保证基线文件校验值不被篡改。示例性地,TPM芯片具有接口。例如,接口为tpm_pcr_extend()接口。第二度量模块通过接口将基线文件校验值写入TPM芯片的PCR中。Exemplarily, the second network device 12 further includes a trusted computing environment (trusted execution environment, TEE) kernel. The TEE core includes a second metrics module. The second measurement module is used to generate a baseline file check value. The check value of the baseline file is used to check whether the first baseline file is credible. Exemplarily, the second measurement module writes the check value of the baseline file into the platform configuration register (platform configuration register, PCR) of the trusted platform module (trusted platform module, TPM) chip, so as to ensure that the check value of the baseline file is not tamper. Exemplarily, the TPM chip has an interface. For example, the interface is the tpm_pcr_extend() interface. The second measurement module writes the check value of the baseline file into the PCR of the TPM chip through the interface.

示例性地,在生成基线文件校验值的过程中,TEE内核包括的第二度量模块按照一定的算法和计算顺序对第一基线文件包括的基准值进行叠加计算,得到基线文件校验值。通过TPM芯片的接口将基线文件校验值写入TPM芯片的PCR中。其中,算法为用于进行计算的数学方法。例如,如图3所示,计算顺序为基准值1、基准值2、……、基准值N。第二度量模块首先将基准值1写入一个PCR。按照一定的算法对基准值1进行计算,得到计算结果1。之后,再将基准值2写入同一个PCR。按照一定的算法对计算结果1和基准值2进行计算,得到计算结果2。以此类推,将基准值N(N为不小于1的整数)写入同一个PCR。按照一定的算法对计算结果(N-1)和基准值N进行计算,得到计算结果N。该计算结果即为基线文件校验值。Exemplarily, in the process of generating the check value of the baseline file, the second measurement module included in the TEE kernel performs superimposed calculation on the reference value included in the first baseline file according to a certain algorithm and calculation sequence to obtain the check value of the baseline file. Write the check value of the baseline file into the PCR of the TPM chip through the interface of the TPM chip. Wherein, an algorithm is a mathematical method for performing calculations. For example, as shown in FIG. 3 , the calculation sequence is reference value 1, reference value 2, . . . , reference value N. The second measurement module first writes the reference value 1 into a PCR. The reference value 1 is calculated according to a certain algorithm, and the calculation result 1 is obtained. After that, the reference value 2 is written into the same PCR. The calculation result 1 and the reference value 2 are calculated according to a certain algorithm, and the calculation result 2 is obtained. By analogy, the reference value N (N is an integer not less than 1) is written into the same PCR. Calculate the calculation result (N−1) and the reference value N according to a certain algorithm to obtain the calculation result N. The calculation result is the baseline file checksum.

此外,示例性地,REE内核包括的第一度量模块还用于生成度量日志校验值。度量日志校验值用于校验度量日志是否可信。其中,第一度量模块按照一定的算法和计算顺序对可信的度量日志记录的基准值进行叠加计算。通过TPM芯片的接口将计算得到的度量日志校验值写入TPM芯片的PCR中。存储有度量日志校验值的PCR与存储有基线文件校验值的PCR为两个不同的PCR。其中,第一度量模块将度量日志校验值写入PCR的方式参见上文第二度量模块将基线文件校验值写入PCR的方式即可,在此不再重复。In addition, for example, the first measurement module included in the REE kernel is also used to generate a measurement log check value. The measurement log verification value is used to verify whether the measurement log is credible. Wherein, the first measurement module superimposes and calculates the benchmark values of credible measurement log records according to a certain algorithm and calculation sequence. Write the calculated measurement log verification value into the PCR of the TPM chip through the interface of the TPM chip. The PCR storing the check value of the metric log and the PCR storing the check value of the baseline file are two different PCRs. Wherein, the method for the first measurement module to write the verification value of the measurement log into the PCR can refer to the method for writing the verification value of the baseline file into the PCR by the second measurement module above, and will not be repeated here.

在示例性实施例中,第二网络设备中的需要进行远程证明的软件为静态软件和运行态软件中的至少一种。静态软件存储于第二网络设备的文件系统中。示例性地,静态软件包括但不限于可执行与可链接格式(executable and linkable format,ELF)文件、内核镜像(kernel image,KI)文件和内核对象(kernel object,KO)文件。参见图4,通过链接过程和加载过程,可以使得静态软件转换为运行态软件。其中,链接过程是指第二网络设备的操作系统的动态连接器在运行过程中,根据静态文件记录的共享对象的符号定义加载共享库,然后完成重定向。加载过程是指第二网络设备的操作系统的加载器将静态软件拷贝到内存并运行的过程。由此,可以得到位于内存中的运行态软件。内存与静态软件所在的文件系统是第二网络设备中的两个不同的存储位置。In an exemplary embodiment, the software in the second network device that requires remote attestation is at least one of static software and running software. The static software is stored in the file system of the second network device. Exemplarily, the static software includes, but is not limited to, executable and linkable format (ELF) files, kernel image (kernel image, KI) files, and kernel object (kernel object, KO) files. Referring to Fig. 4, static software can be transformed into running software through linking process and loading process. Wherein, the linking process means that the dynamic linker of the operating system of the second network device loads the shared library according to the symbol definition of the shared object recorded in the static file during the running process, and then completes the redirection. The loading process refers to a process in which the loader of the operating system of the second network device copies the static software to the memory and runs it. Thus, the running state software located in the memory can be obtained. The file systems where the memory and the static software are located are two different storage locations in the second network device.

示例性地,运行态软件为用户态软件和内核态软件中的至少一种。用户态软件位于内存的用户态地址空间中,内核态软件位于内存的内核态地址空间中。Exemplarily, the running state software is at least one of user state software and kernel state software. The user mode software is located in the user mode address space of the memory, and the kernel mode software is located in the kernel mode address space of the memory.

基于以上的图1-2所示的系统,本申请实施例提供了一种远程证明的方法。该方法应用于第一网络设备和第二网络设备。第一网络设备用于作为远程证明的RAS,第二网络设备用于作为远程证明的RAC。如图5所示,该方法包括如下的步骤501-505。Based on the above systems shown in Figures 1-2, this embodiment of the present application provides a remote attestation method. The method is applied to the first network device and the second network device. The first network device is used for RAS as remote attestation, and the second network device is used for RAC as remote attestation. As shown in Fig. 5, the method includes the following steps 501-505.

步骤501,第二网络设备生成第二网络设备的软件对应的第一基线文件,第一基线文件用于记录软件在可信情况下的基准值。In step 501, the second network device generates a first baseline file corresponding to the software of the second network device, and the first baseline file is used to record a benchmark value of the software under a trusted condition.

其中,第二网络设备中存储有软件对应的度量目标列表。度量目标列表用于记录至少一个度量目标标识,度量目标标识用于指示软件对应的度量目标。软件对应的度量目标也即是对软件进行远程证明时需要度量的目标。示例性地,软件具有一定的度量范围。软件对应的度量模块基于度量范围确定。对于静态软件而言,度量范围为静态软件本身。度量目标为静态软件包括的所有二进制数据。对于用户态软件而言,度量范围包括但不限于进程(process)和共享库(library)。度量目标包括但不限于进程的代码段(text)、进程的只读数据段(read only data)、共享库的代码段和共享库的只读数据段。对于内核态软件而言,度量范围包括但不限于线程(thread)、KI和KO,度量目标包括但不限于线程的代码段、线程的只读数据段、KI的代码段、KI的只读数据段、KO的代码段和KO的只读数据段。Wherein, a measurement object list corresponding to the software is stored in the second network device. The measurement target list is used to record at least one measurement target ID, and the measurement target ID is used to indicate the measurement target corresponding to the software. The measurement target corresponding to the software is also the target that needs to be measured when performing remote certification on the software. Exemplarily, software has a certain range of measurements. The measurement module corresponding to the software is determined based on the measurement range. For static software, the scope of measurement is the static software itself. The measurement target is all binary data included with static software. For user mode software, the measurement scope includes but not limited to process (process) and shared library (library). The measurement target includes but not limited to the code segment (text) of the process, the read-only data segment (read only data) of the process, the code segment of the shared library, and the read-only data segment of the shared library. For kernel state software, the scope of measurement includes but not limited to thread (thread), KI and KO, and the measurement target includes but not limited to code segment of thread, read-only data segment of thread, code segment of KI, read-only data of KI segment, KO's code segment, and KO's read-only data segment.

示例性地,第二网络设备生成第二网络设备的软件对应的第一基线文件,包括:第二网络设备在软件可信的情况下,基于软件对应的度量目标列表生成软件对应的第一基线文件。示例性地,第二网络设备在第二网络设备可信的情况下,基于度量目标列表确定需要度量的至少一个度量目标。对各个度量目标进行一次遍历,以对各个度量目标进行度量,从而得到各个度量目标对应的基准值。之后,记录各个度量目标对应的基准值,得到第一基线文件。该第一基线文件包括度量目标标识以及度量目标标识所指示的度量目标对应的基准值。度量目标标识与基准值一一对应。其中,在第二网络设备可信的情况下,软件也可信。第一基线文件所记录的各个度量目标对应的基准值,也即是软件在可信情况下的基准值。Exemplarily, the second network device generates the first baseline file corresponding to the software of the second network device, including: the second network device generates the first baseline file corresponding to the software based on the metric target list corresponding to the software when the software is trusted document. Exemplarily, the second network device determines at least one measurement target that needs to be measured based on the measurement target list when the second network device is trusted. A traversal is performed on each measurement target to measure each measurement target, so as to obtain the reference value corresponding to each measurement target. Afterwards, the benchmark values corresponding to each measurement target are recorded to obtain the first baseline file. The first baseline file includes a measurement target identifier and a reference value corresponding to the measurement target indicated by the measurement target identifier. There is a one-to-one correspondence between the metric target ID and the benchmark value. Wherein, when the second network device is credible, the software is also credible. The benchmark value corresponding to each measurement target recorded in the first baseline file is the benchmark value of the software in a credible situation.

对于第二网络设备确认第二网络设备可信的方式,示例性地,第二网络设备进行可信启动。在第二网络设备可信的情况下,第二网络设备才能够完成可信启动。因而如果第二网络设备能够完成可信启动,则可以确认第二网络设备可信。示例性地,在完成可信启动之后的第一时段内,也确认第二网络设备可信。本申请实施例不对第一时段的时长加以限定,第一时段的时长可以根据经验或者实际需求灵活设置。在一些实施方式中,进行可信启动的方式包括但不限于安全启动或者度量启动。For the manner in which the second network device confirms that the second network device is authentic, for example, the second network device performs trusted startup. Only when the second network device is trusted can the second network device be able to complete trusted startup. Therefore, if the second network device can complete trusted startup, it can be confirmed that the second network device is trustworthy. Exemplarily, within a first period of time after the trusted startup is completed, it is also confirmed that the second network device is trusted. The embodiment of the present application does not limit the duration of the first period, and the duration of the first period may be flexibly set according to experience or actual needs. In some implementations, trusted booting methods include but are not limited to secure booting or measured booting.

对于第二网络设备对度量目标进行度量的方式,示例性地,第二网络设备对各个度量目标进行度量是指第二网络设备按照一定的算法对各个度量目标进行计算,得到各个度量目标对应的值。例如,在软件可信的情况下,计算得到的各个度量目标对应的值即为上文说明中的各个度量目标对应的基准值。需要说明的是,通过计算得到的各个度量目标对应的值相当于度量目标的指纹信息。如果一个度量目标被篡改,则计算得到的该度量目标对应的值与该度量目标对应的基准值不同。本申请实施例不对算法加以限定。在一些实施方式中,该算法为哈希(hash)算法。按照哈希算法计算得到的各个度量目标对应的值称为哈希值,哈希值又称散列值。As for the manner in which the second network device measures the measurement target, for example, the measurement of each measurement target by the second network device means that the second network device calculates each measurement target according to a certain algorithm, and obtains the corresponding value. For example, when the software is credible, the calculated values corresponding to each measurement target are the reference values corresponding to each measurement target in the above description. It should be noted that the calculated values corresponding to each measurement target are equivalent to the fingerprint information of the measurement target. If a measurement target is tampered with, the calculated value corresponding to the measurement target is different from the base value corresponding to the measurement target. The embodiment of this application does not limit the algorithm. In some embodiments, the algorithm is a hash algorithm. The value corresponding to each measurement target calculated according to the hash algorithm is called a hash value, and the hash value is also called a hash value.

示例性地,对于软件为静态软件的情况,从文件系统中直接获取静态软件。之后,即可按照上述说明中的方式生成静态软件对应的第一基线文件。或者,示例性地,对于软件为运行态软件的情况,第二网络设备生成第二网络设备的软件对应的第一基线文件,包括:第二网络设备查询第二网络设备的内存包括的多个内存页,得到运行态软件的数据。第二网络设备拼接数据得到运行态软件,生成运行态软件对应的第一基线文件。Exemplarily, for the case that the software is static software, the static software is directly obtained from the file system. Afterwards, the first baseline file corresponding to the static software can be generated in the manner described above. Or, as an example, for the case that the software is software in the running state, the second network device generates the first baseline file corresponding to the software of the second network device, including: the second network device queries multiple files included in the memory of the second network device Memory page, get the data of the running state software. The second network device splices the data to obtain the software in the running state, and generates a first baseline file corresponding to the software in the running state.

根据上文图4对应的说明可知,运行态软件位于内存中。由于内存包括多个内存页,因而第二网络设备需要查询多个内存页。从多个内存页中的至少一个内存页中获得数据。第二网络设备拼接数据得到运行态软件,从而形成运行态软件的度量目标。之后,第二网络设备便可以按照上文说明中的方式,对各个度量目标进行度量,得到第一基线文件。得到第一基线文件的过程在此不再进行赘述。According to the description corresponding to FIG. 4 above, it can be seen that the software in the running state is located in the memory. Since the memory includes multiple memory pages, the second network device needs to query multiple memory pages. Data is obtained from at least one of the plurality of memory pages. The second network device splices the data to obtain the software in the running state, so as to form the measurement target of the software in the running state. Afterwards, the second network device can measure each measurement target in the manner described above to obtain the first baseline file. The process of obtaining the first baseline file will not be repeated here.

以上生成第一基线文件的方式均为举例,不用于对第二网络设备生成第一基线文件的方式造成限定。示例性地,在第二网络设备生成第一基线文件之后,第二网络设备可以对第一基线文件进行存储。在后续需要使用第一基线文件时,读取已存储的第一基线文件。The foregoing manners of generating the first baseline file are examples, and are not intended to limit the manner of generating the first baseline file by the second network device. Exemplarily, after the second network device generates the first baseline file, the second network device may store the first baseline file. When the first baseline file needs to be used subsequently, the stored first baseline file is read.

需要说明的是,虽然第二网络设备生成的第一基线文件是可信的,但在第一基线文件的存储过程中,第一基线文件可能被篡改。第一基线文件被篡改包括:第一基线文件中记录的基准值以及基准值在第一基线文件中的排列顺序中的至少一种被篡改。如果第一基线文件被篡改,则读取到的第一基线文件与第二网络设备生成的可信的第一基线文件不同。或者说读取到的第一基线文件不可信。因此,本申请实施例需要针对读取到的第一基线文件提供校验方式。以便校验读取到的第一基线文件是否可信。避免由于读取到的第一基线文件不可信而影响后续远程证明过程的准确性。示例性地,第二网络设备对可信的第一基线文件记录的基准值进行计算,得到基线文件校验值。该基线文件校验值用于校验第一基线文件是否可信。在计算过程中,第二网络设备按照一定的算法和计算顺序对各个基准值进行叠加计算,从而得到基线文件校验值。It should be noted that although the first baseline file generated by the second network device is authentic, the first baseline file may be tampered with during the storage process of the first baseline file. The tampering of the first baseline file includes: at least one of the reference value recorded in the first baseline file and the arrangement order of the reference value in the first baseline file is tampered with. If the first baseline file is tampered with, the read first baseline file is different from the credible first baseline file generated by the second network device. Or the read first baseline file is not credible. Therefore, the embodiment of the present application needs to provide a verification method for the read first baseline file. In order to check whether the read first baseline file is credible. Avoid affecting the accuracy of the subsequent remote attestation process due to the untrustworthy first baseline file read. Exemplarily, the second network device calculates the benchmark value recorded in the credible first baseline file to obtain the check value of the baseline file. The check value of the baseline file is used to check whether the first baseline file is credible. During the calculation process, the second network device superimposes and calculates each benchmark value according to a certain algorithm and calculation sequence, so as to obtain the baseline file verification value.

示例性地,本申请实施例在计算得到基线文件校验值之后,还对基线文件校验值进行存储,在需要使用基线文件校验值时再进行读取。例如,第二网络设备将基线文件校验值存储于TPM芯片的一个PCR中。此种存储方式能够保证基线文件校验值不被篡改。又例如,第二网络设备将基线文件校验值存储于TEE内核中。虽然TEE内核不能够保证基线文件校验值不被篡改,但TEE内核的读取速度高于PCR的读取速度,可以减少读取基线文件校验值所需消耗的时间,提高远程证明过程的效率。且能够避免读取PCR所造成的PCR的性能损耗。此外,该基线文件校验值的使用过程参见后文说明,此处暂不进行赘述。Exemplarily, in the embodiment of the present application, after the baseline file check value is calculated, the baseline file check value is stored, and then read when the baseline file check value needs to be used. For example, the second network device stores the check value of the baseline file in a PCR of the TPM chip. This storage method can ensure that the check value of the baseline file is not tampered with. For another example, the second network device stores the check value of the baseline file in the TEE kernel. Although the TEE core cannot guarantee that the check value of the baseline file will not be tampered with, the reading speed of the TEE core is higher than that of the PCR, which can reduce the time required to read the check value of the baseline file and improve the reliability of the remote certification process. efficiency. And the performance loss of the PCR caused by reading the PCR can be avoided. In addition, the process of using the check value of the baseline file can be found later in the description, and will not be repeated here.

步骤502,第二网络设备生成软件对应的度量日志,度量日志用于记录软件的度量值。In step 502, the second network device generates a metric log corresponding to the software, and the metric log is used to record the metric value of the software.

随着第二网络设备的运行,第二网络设备的软件可能被篡改,则软件的可信情况未知。也就是说,第二网络设备不能确认软件是否可信。在不能确认软件是否可信的情况下,第二网络设备基于软件对应的度量目标列表生成软件对应的度量日志。其中,第二网络设备基于度量目标列表确定需要度量的至少一个度量目标。对至少一个度量目标进行至少一次遍历,以对各个度量目标进行至少一次度量,得到各个度量目标对应的度量值。之后,基于各个度量目标对应的度量值生成软件对应的度量日志。该度量日志包括度量目标标识和度量目标标识所指示的度量目标对应的度量值,度量目标标识与度量值一一对应。With the operation of the second network device, the software of the second network device may be tampered with, and the trustworthiness of the software is unknown. That is to say, the second network device cannot confirm whether the software is authentic. If it cannot be confirmed whether the software is credible, the second network device generates a measurement log corresponding to the software based on the measurement target list corresponding to the software. Wherein, the second network device determines at least one measurement target that needs to be measured based on the measurement target list. At least one traversal is performed on at least one measurement target to perform at least one measurement on each measurement target to obtain a measurement value corresponding to each measurement target. Afterwards, a measurement log corresponding to the software is generated based on the measurement value corresponding to each measurement target. The measurement log includes a measurement target ID and a measurement value corresponding to the measurement target indicated by the measurement target ID, and the measurement target ID corresponds to the measurement value one by one.

在一些实施方式中,第二网络设备记录各个度量目标对应的度量值,得到软件对应的度量日志。例如,度量目标的数量为10个,第二网络设备对各个度量目标进行了2次遍历。则度量日志包括一一对应的10个度量目标标识和第1次遍历过程中的10个度量值,以及一一对应的10个度量目标标识和第2次遍历过程中的10个度量值。In some implementation manners, the second network device records the measurement values corresponding to each measurement target to obtain a measurement log corresponding to the software. For example, the number of measurement targets is 10, and the second network device traverses each measurement target twice. Then the measurement log includes a one-to-one correspondence between 10 measurement target identifiers and 10 measurement values in the first traversal process, and a one-to-one correspondence between 10 measurement target identifications and 10 measurement values in the second traversal process.

在另一些实施方式中,对于任一度量目标,任一度量目标在第一基线文件中对应的基准值与任一度量日志对应的度量值不同。也就是说,第二网络设备在得到各个度量目标对应的度量值之后,会与第一基线文件进行对比。即对各个度量目标对应的度量值和各个度量目标在第一基线文件中对应的基准值进行对比。如果存在不同,再记录存在不同的度量目标对应的度量值,得到软件对应的度量日志。仍以度量目标的数量为10个、第二网络设备对各个度量目标进行了2次遍历为例。如果在2次遍历的过程中,10个度量目标中仅有1个度量目标对应的度量值不同于该度量目标在第一基线文件中对应的基准值,则度量日志仅包括相对应的1个度量目标标识和第1次遍历过程中的1个度量值,以及相对应的1个度量目标标识和第2次遍历过程中的1个度量值。In some other implementation manners, for any metric target, the benchmark value corresponding to any metric target in the first baseline file is different from the metric value corresponding to any metric log. That is to say, after the second network device obtains the measurement value corresponding to each measurement target, it will compare it with the first baseline file. That is, the measurement value corresponding to each measurement target is compared with the corresponding reference value of each measurement target in the first baseline file. If there is a difference, then record the measurement values corresponding to the different measurement targets, and obtain the measurement log corresponding to the software. Still taking the example that the number of measurement targets is 10 and the second network device traverses each measurement target twice. If during the two traversals, the metric value corresponding to only 1 of the 10 metric targets is different from the corresponding baseline value of the metric target in the first baseline file, the metric log only includes the corresponding 1 The metric target ID and 1 metric value in the first traversal process, and the corresponding metric target ID and 1 metric value in the 2nd traversal process.

相比于直接记录各个度量目标对应的度量值的方式,仅记录存在不同的度量目标对应的度量值的方式可以使得度量日志的数据量较少。降低了度量日志所需占用的存储空间的增长速度,延缓了存储空间爆炸现象的发生。其中,存储空间爆炸现象是指随着第二网络设备的运行时间的累积,度量日志所需占用的存储空间不断增大,导致存储空间的占用率大于占用率阈值,从而产生故障。Compared with the way of directly recording the metric values corresponding to each metric target, the way of only recording the metric values corresponding to different metric targets can reduce the amount of data in the metric log. This reduces the growth rate of the storage space occupied by the measurement log, and delays the occurrence of storage space explosion. Wherein, the storage space explosion phenomenon refers to that with the accumulation of the running time of the second network device, the storage space occupied by the measurement log continues to increase, resulting in an occupancy rate of the storage space being greater than an occupancy rate threshold, thereby causing a fault.

在示例性实施例中,对于仅记录存在不同的度量目标对应的度量值的方式,响应于确认第一基线文件可信,第二网络设备再生成软件对应的度量日志。也就是说,第二网络设备在确认第一基线文件可信的情况下,再对比各个度量目标对应的度量值与第一基线文件,从而生成软件对应的度量日志。根据上文步骤501中的说明可知,本申请实施例可以对第一基线文件进行存储。第一基线文件在存储过程中可能被篡改,从而导致读取到的第一基线文件不可信。如果将各个度量目标对应的度量值与不可信的第一基线文件进行了对比,则会导致度量日志有误。由于远程证明过程需要使用度量日志,因而度量日志有误会导致远程证明过程得到的远程证明结果也有误。因此,在对比各个度量目标对应的度量值与第一基线文件之前,第二网络设备需要确认读取到的第一基线文件可信。避免度量日志有误,保证后续得到的远程证明结果的准确性。In an exemplary embodiment, for the method of only recording metric values corresponding to different metric targets, in response to confirming that the first baseline file is credible, the second network device regenerates a metric log corresponding to the software. That is to say, after confirming that the first baseline file is credible, the second network device compares the measurement value corresponding to each measurement target with the first baseline file, thereby generating a measurement log corresponding to the software. According to the description in step 501 above, it can be known that the embodiment of the present application may store the first baseline file. The first baseline file may be tampered with during the storage process, thus causing the read first baseline file to be untrustworthy. If the measurement value corresponding to each measurement target is compared with the untrusted first baseline file, the measurement log will be wrong. Since the remote attestation process needs to use the measurement log, an error in the measurement log will lead to an error in the remote attestation result obtained by the remote attestation process. Therefore, before comparing the metric value corresponding to each metric target with the first baseline file, the second network device needs to confirm that the read first baseline file is authentic. Avoid errors in measurement logs and ensure the accuracy of subsequent remote attestation results.

对于第二网络设备确认读取到的第一基线文件可信的方式,示例性地,第二网络设备对读取到的第一基线文件记录的基准值进行计算,得到第一参考数值。第一参考数值与基线文件校验值的计算方式相同。计算方式相同为算法相同,或者为算法和计算顺序均相同。响应于第一参考数值与基线文件校验值相同,第二网络设备确认读取到的第一基线文件可信。响应于第一参考数值与基线文件校验值不同,第二网络设备确认读取到的第一基线文件不可信。示例性地,在确认读取到的第一基线文件不可信的情况下,第二网络设备还可以向第一网络设备进行告警。在一些实施方式中,此处使用的基线文件校验值是存储于TEE内核中的基线文件校验值。As for the manner in which the second network device confirms that the read first baseline file is authentic, for example, the second network device calculates the reference value recorded in the read first baseline file to obtain the first reference value. The calculation method of the first reference value is the same as that of the check value of the baseline file. The same calculation method means the same algorithm, or the same algorithm and calculation order. In response to the fact that the first reference value is the same as the check value of the baseline file, the second network device confirms that the read first baseline file is authentic. In response to the difference between the first reference value and the check value of the baseline file, the second network device confirms that the read first baseline file is not credible. Exemplarily, when it is confirmed that the read first baseline file is untrustworthy, the second network device may also send an alarm to the first network device. In some embodiments, the baseline file checksum used herein is the baseline file checksum stored in the TEE kernel.

在一些实施方式中,计算方式相同为算法相同。此种方式中使用的算法不受计算顺序的影响。例如,算法为乘法。在第一基线文件记录的基准值可能被篡改而基准值的排列顺序不会被篡改的情况下,适用此种方式。In some implementations, the same calculation method means the same algorithm. Algorithms used in this manner are not affected by the order of computation. For example, the algorithm is multiplication. This method is applicable when the reference value recorded in the first baseline file may be tampered with but the arrangement order of the reference value will not be tampered with.

例如,第一基线文件包括一一对应的10个度量目标标识和10个基准值。10个基准值分别为基准值1、基准值2、……、基准值10。第二网络设备对可信的第一基线文件中的基准值1至基准值10依次相乘,得到基线文件校验值。第一网络设备可以按照任意计算顺序对读取的第一基线文件中的基准值1至基准值10相乘,得到第一参考数值。如果第一参考数值与基线文件校验值相同,说明读取的第一基线文件中的基准值均未被篡改,读取的第一基线文件可信。如果第一参考数值与基线文件校验值不同,说明读取的第一基线文件中的至少一个基准值被篡改,读取的第一基线文件不可信。For example, the first baseline file includes 10 metric target identifiers and 10 benchmark values in one-to-one correspondence. The ten reference values are respectively reference value 1, reference value 2, . . . , reference value 10. The second network device sequentially multiplies the reference value 1 to the reference value 10 in the credible first baseline file to obtain the baseline file check value. The first network device may multiply the reference value 1 to the reference value 10 in the read first baseline file according to any calculation sequence to obtain the first reference value. If the first reference value is the same as the check value of the baseline file, it means that none of the reference values in the read first baseline file has been tampered with, and the read first baseline file is credible. If the first reference value is different from the check value of the baseline file, it indicates that at least one reference value in the read first baseline file has been tampered with, and the read first baseline file is not credible.

在一些实施方式中,计算方式相同为算法和计算顺序均相同。此种方式中使用的算法受计算顺序的影响。例如,算法为哈希算法。在第一基线文件记录的基准值和/或基准值的排列顺序可能被篡改的情况下适用此种方式。In some implementations, the same calculation means that both the algorithm and the calculation sequence are the same. Algorithms used in this manner are affected by the order of computation. For example, the algorithm is a hash algorithm. This method is applicable when the reference value and/or the arrangement order of the reference value recorded in the first baseline file may be tampered with.

例如,第一基线文件包括一一对应的10个度量目标标识和10个基准值。10个基准值分别为基准值1、基准值2、……、基准值10。第二网络设备按照哈希算法依次对可信的第一基线文件中的基准值1至基准值10进行叠加计算,得到基线文件校验值。第一网络设备也按照哈希算法依次对读取的第一基线文件中的基准值1至基准值10进行叠加计算,得到第一参考数值。如果第一参考数值与基线文件校验值相同,说明读取的第一基线文件中的基准值和基准值的排列顺序均未被篡改,读取的第一基线文件可信。如果第一参考数值与基线文件校验值不同,说明读取的第一基线文件中的基准值和/或基准值的排列顺序被篡改,读取的第一基线文件不可信。For example, the first baseline file includes 10 metric target identifiers and 10 benchmark values in one-to-one correspondence. The ten reference values are respectively reference value 1, reference value 2, . . . , reference value 10. The second network device sequentially superimposes and calculates the reference value 1 to the reference value 10 in the credible first baseline file according to the hash algorithm to obtain the check value of the baseline file. The first network device also sequentially superimposes and calculates the reference value 1 to the reference value 10 in the read first baseline file according to the hash algorithm to obtain the first reference value. If the first reference value is the same as the check value of the baseline file, it means that neither the reference value nor the sequence of the reference values in the read first baseline file has been tampered with, and the read first baseline file is credible. If the first reference value is different from the check value of the baseline file, it means that the reference value and/or the arrangement order of the reference values in the read first baseline file has been tampered with, and the read first baseline file is not credible.

此外,无论采用何种方式生成度量日志,第二网络设备均可以按照度量顺序将用于指示度量目标的度量目标标识和该度量目标对应的度量值相对应的写入度量日志。则度量目标标识在度量日志中的排列顺序(也即是度量值在度量日志中的排列顺序)即为度量顺序。例如,度量日志中依次包括:相对应的度量目标标识1和度量值1,相对应的度量目标标识2和度量值2。则通过度量日志可以确定,第二网络设备是先对度量目标标识1指示的度量目标进行了度量。再对度量目标标识2指示的度量目标进行了度量。由此,使得度量日志不仅用于记录各个度量目标的度量值,还用于记录度量顺序。从而,使得度量日志能够体现出第二网络设备进行度量的流程。In addition, no matter which method is used to generate the measurement log, the second network device may write the measurement target identifier used to indicate the measurement target and the measurement value corresponding to the measurement target into the measurement log corresponding to the measurement sequence. Then, the order in which the measurement target identifiers are arranged in the measurement log (that is, the order in which the measurement values are arranged in the measurement log) is the measurement order. For example, the measurement log includes in sequence: the corresponding measurement target ID 1 and the measurement value 1, and the corresponding measurement target ID 2 and the measurement value 2. Then, it can be determined through the measurement log that the second network device has first performed measurement on the measurement target indicated by the measurement target identifier 1 . Then the measurement target indicated by the measurement target identification 2 is measured. Thus, the measurement log is not only used to record the measurement value of each measurement target, but also used to record the measurement sequence. Therefore, the measurement log can reflect the measurement process of the second network device.

以上生成度量日志的方式仅为举例,不用对第二网络设备生成度量日志的方式造成限定。示例性地,在第二网络设备生成度量日志之后,对度量日志进行存储。在后续需要使用度量日志时,再读取已存储的度量日志。The above manner of generating the measurement log is only an example, and does not limit the manner of generating the measurement log by the second network device. Exemplarily, after the second network device generates the metric log, the metric log is stored. When the measurement log needs to be used later, the stored measurement log is read.

需要说明的是,虽然第二网络设备生成的度量日志可信,但是度量日志在存储过程中也可能被篡改。度量日志被篡改包括:度量日志中记录的度量值以及度量值在度量日志中的排列顺序中的至少一种被篡改。如果度量日志被篡改,则读取到的度量日志与第二网络设备生成的可信的度量日志不同。也即度量日志不可信。从而导致使用度量日志的远程证明过程得到的远程证明结果也有误。因此,本申请实施例需要针对读取到的度量日志提供校验方式,以便校验读取到的度量日志是否可信,避免影响到后续的远程证明过程的准确性。在示例性实施例中,第二网络设备对可信的度量日志记录的度量值进行计算,得到度量日志校验值。该度量日志校验值用于校验度量日志是否可信。在计算过程中,第二网络设备按照一定的算法和计算顺序对各个度量值进行叠加计算,从而得到度量日志校验值。It should be noted that although the metric log generated by the second network device is credible, the metric log may also be tampered with during the storage process. The tampering of the metric log includes: at least one of the metric value recorded in the metric log and the arrangement order of the metric value in the metric log is tampered with. If the metric log is tampered with, the read metric log is different from the credible metric log generated by the second network device. That is, the metric log cannot be trusted. As a result, the remote attestation result obtained by the remote attestation process using the metric log is also wrong. Therefore, the embodiment of the present application needs to provide a verification method for the read metric log, so as to verify whether the read metric log is credible, and avoid affecting the accuracy of the subsequent remote attestation process. In an exemplary embodiment, the second network device calculates the metric value recorded in the credible metric log to obtain the metric log verification value. The measurement log verification value is used to verify whether the measurement log is credible. During the calculation process, the second network device superimposes and calculates each measurement value according to a certain algorithm and calculation sequence, so as to obtain the measurement log verification value.

示例性地,本申请实施例在计算得到度量日志校验值之后,还对度量日志校验值进行存储。在需要使用度量日志校验值时再进行读取。例如,第二网络设备将度量日志校验值存储于TEE内核中。又例如,第二网络设备将度量日志校验值存储于TPM芯片的一个PCR中,此种存储方式能够保证度量日志校验值不被篡改。需要说明的是,在基线文件校验值和度量日志校验值均存储于TPM芯片中的情况下,基线文件校验值和度量日志校验值需要位于TPM芯片中的两个不同的PCR中,以避免基线文件校验值和度量日志校验值发生混淆。例如,TPM芯片包括PCR_X和PCR_Y,基线文件校验值位于PCR_X中,度量日志校验值位于PCR_Y中。Exemplarily, in the embodiment of the present application, after the verification value of the measurement log is calculated, the verification value of the measurement log is further stored. Read it when you need to check the value using the metric log. For example, the second network device stores the metric log check value in the TEE kernel. For another example, the second network device stores the metric log check value in a PCR of the TPM chip, and this storage method can ensure that the metric log check value is not tampered with. It should be noted that, when both the baseline file check value and the measurement log check value are stored in the TPM chip, the baseline file check value and the measurement log check value need to be located in two different PCRs in the TPM chip , to avoid confusion between baseline file checksums and metric log checksums. For example, the TPM chip includes PCR_X and PCR_Y, the check value of the baseline file is located in PCR_X, and the check value of the measurement log is located in PCR_Y.

此外,还需要说明的是,本申请实施例不对步骤501和步骤502的执行顺序加以限定。步骤501和步骤502的执行顺序可以根据经验或实际需求确定。In addition, it should be noted that the execution sequence of step 501 and step 502 is not limited in this embodiment of the present application. The execution sequence of step 501 and step 502 may be determined according to experience or actual requirements.

步骤503,第二网络设备向第一网络设备发送第一基线文件和度量日志。Step 503, the second network device sends the first baseline file and the measurement log to the first network device.

由于第二网络设备已通过上述步骤501和步骤502生成第一基线文件和度量日志,因而第二网络设备可以向第一网络设备发送第一基线文件和度量日志。本申请实施例不对第一基线文件和度量日志的发送顺序加以限定。Since the second network device has generated the first baseline file and the metric log through the above steps 501 and 502, the second network device may send the first baseline file and the metric log to the first network device. The embodiment of the present application does not limit the sending order of the first baseline file and the measurement log.

在示例性实施例中,第二网络设备向第一网络设备发送第一基线文件和度量日志,包括但不限于如下的三种方式。In an exemplary embodiment, the second network device sends the first baseline file and the measurement log to the first network device, including but not limited to the following three ways.

发送方式一,第一网络设备向第二网络设备发送挑战请求。挑战请求用于请求第二网络设备发送第一基线文件和度量日志。第二网络设备接收第一网络设备发送的挑战请求,向第二网络设备发送第一基线文件和度量日志。也就是说,第二网络设备是基于第一网络设备发送的挑战请求向第一网络设备发送第一基线文件和度量日志的。In a first sending manner, the first network device sends a challenge request to the second network device. The challenge request is used to request the second network device to send the first baseline file and the measurement log. The second network device receives the challenge request sent by the first network device, and sends the first baseline file and the measurement log to the second network device. That is to say, the second network device sends the first baseline file and the measurement log to the first network device based on the challenge request sent by the first network device.

其中,第一网络设备可以向第二网络设备发送一个挑战请求。第二网络设备基于这一个挑战请求,既向第一网络设备发送读取到的第一基线文件,又向第一网络设备发送读取到的度量日志。或者,第一网络设备可以向第二网络设备发送两个不同的挑战请求。其中一个挑战请求用于请求第二网络设备发送第一基线文件,另一个挑战请求用于请求第二网络设备发送度量日志。第二网络设备基于这两个挑战请求分别向第一网络设备发送读取到的第一基线文件和读取到的度量日志。Wherein, the first network device may send a challenge request to the second network device. Based on the challenge request, the second network device not only sends the read first baseline file to the first network device, but also sends the read metric log to the first network device. Alternatively, the first network device may send two different challenge requests to the second network device. One of the challenge requests is used to request the second network device to send the first baseline file, and the other challenge request is used to request the second network device to send the measurement log. Based on the two challenge requests, the second network device respectively sends the read first baseline file and the read metric log to the first network device.

在示例性实施例中,由于读取到的第一基线文件和读取到的度量日志均有可能是不可信的,因而除了读取到的第一基线文件和读取到的度量日志之外,第二网络设备还向第一网络设备发送可信的基线文件校验值和可信的度量日志校验值中的至少一个。以便于第一网络设备使用接收到基线文件校验值来校验接收到的第一基线文件是否可信,以及使用接收到的度量日志校验值来校验接收到的度量日志是否可信。在一些实施方式中,第二网络设备从TPM芯片的一个PCR中读取基线文件校验值并发送,从TPM芯片的另一个PCR中读取度量日志校验值并发送,以保证发送的基线文件校验值和度量日志校验值是可信的。另外,第一网络设备进行校验的方式参见下文步骤505中的说明,此处暂不进行赘述。In an exemplary embodiment, since both the read first baseline file and the read metric log may be untrustworthy, in addition to the read first baseline file and the read metric log , the second network device further sends at least one of the credible baseline file check value and the credible metric log check value to the first network device. In order for the first network device to use the received baseline file check value to check whether the received first baseline file is credible, and use the received metric log check value to check whether the received metric log is credible. In some embodiments, the second network device reads the baseline file check value from one PCR of the TPM chip and sends it, and reads the measurement log check value from another PCR of the TPM chip and sends it to ensure the sent baseline File checksums and metrics log checksums are trusted. In addition, for the manner in which the first network device performs verification, refer to the description in step 505 below, which will not be repeated here.

发送方式二,第二网络设备在确认第一基线文件和度量日志可信的情况下,向第一网络设备推送第一基线文件和度量日志。In the second sending manner, the second network device pushes the first baseline file and the measurement log to the first network device after confirming that the first baseline file and the measurement log are credible.

在一些实施方式中,第二网络设备在生成可信的第一基线文件和可信的度量日志之后,对可信的第一基线文件和可信的度量日志进行可信存储。也即是将可信的第一基线文件和可信的度量日志存储于第二网络设备中不会被篡改的存储位置。则第二网络设备可以确认从该存储位置读取的第一基线文件和度量日志均是可信的。因此,第二网络设备在读取得到第一基线文件和度量日志之后,向第一网络设备推送所读取的第一基线文件和度量日志即可。In some implementation manners, after the second network device generates the trusted first baseline file and the trusted metric log, it trustably stores the trusted first baseline file and the trusted metric log. That is, the credible first baseline file and the credible measurement log are stored in a tamper-proof storage location in the second network device. Then the second network device can confirm that both the first baseline file and the measurement log read from the storage location are authentic. Therefore, after the second network device reads and obtains the first baseline file and the measurement log, it only needs to push the read first baseline file and the measurement log to the first network device.

在另一些实施方式中,第二网络设备在生成第一基线文件之后的第二时段内确认第一基线文件可信。在生成度量日志之后的第三时段内确认度量日志可信。本申请实施例不对第二时段的时长和第三时段的时长进行限定。因此,第二网络设备在生成第一基线文件之后的第二时段内向第一网络设备推送第一基线文件,在生成度量日志之后的第三时段内向第一网络设备推送度量日志,从而保证所推送的第一基线文件和度量日志均是可信的。In some other implementation manners, the second network device confirms that the first baseline file is authentic within a second period of time after the first baseline file is generated. Verify that the metrics log is credible within a third time period after generating the metrics log. The embodiment of the present application does not limit the duration of the second period of time and the duration of the third period of time. Therefore, the second network device pushes the first baseline file to the first network device within a second period after generating the first baseline file, and pushes the metric log to the first network device within a third period after generating the metric log, thereby ensuring that the pushed Both the first baseline file and the metrics log are trusted.

在又一些实施方式中,第二网络设备基于基线文件校验值校验读取的第一基线文件是否可信,基于度量日志校验值校验读取的度量日志是否可信。在确认可信的情况下,再向第一网络设备推送读取到的第一基线文件和读取到的度量日志。In some other implementation manners, the second network device verifies whether the read first baseline file is authentic based on the baseline file verification value, and verifies whether the read metric log is authentic based on the metric log verification value. If it is confirmed to be credible, then push the read first baseline file and the read metric log to the first network device.

其中,第二网络设备基于基线文件校验值校验读取的第一基线文件是否可信的方式,参见上文步骤502中的说明,此处不再赘述。在第二网络设备基于度量日志校验值校验读取的度量日志是否可信的过程中,第二网络设备对读取到的度量日志记录的度量值进行计算,得到第二参考数值。第二参考数值与度量日志校验值的计算方式相同,计算方式相同为算法相同,或者算法和计算顺序均相同。响应于第二参考数值与度量日志校验值相同,第二网络设备确认读取到的度量日志可信。响应于第二参考数值与度量日志校验值不同,第二网络设备确认读取到的度量日志不可信。在确认读取到的度量日志不可信的情况下,第二网络设备可以向第一网络设备进行告警。示例性地,此处使用的度量日志校验值是存储于TEE内核中的度量日志校验值。Wherein, the second network device verifies whether the read first baseline file is credible based on the check value of the baseline file, refer to the description in step 502 above, and will not be repeated here. During the process of the second network device verifying whether the read metric log is authentic based on the metric log verification value, the second network device calculates the metric value recorded in the read metric log to obtain a second reference value. The calculation method of the second reference value is the same as that of the measurement log verification value, and the same calculation method means the same algorithm, or the algorithm and the calculation sequence are the same. In response to the fact that the second reference value is the same as the check value of the metric log, the second network device confirms that the read metric log is authentic. In response to the fact that the second reference value is different from the check value of the metric log, the second network device confirms that the read metric log is not credible. If it is confirmed that the read metric log is not credible, the second network device may send an alarm to the first network device. Exemplarily, the metric log check value used here is the metric log check value stored in the TEE kernel.

示例性地,计算方式相同为算法相同。算法例如为乘法。则,计算第二参考数值时所使用的算法与计算度量日志校验值时所使用的算法相同,计算顺序可以不同。或者,计算方式相同为算法和计算顺序均相同。则,在计算第二参考数值时所使用的算法和计算顺序均与计算度量日志校验值时使用的算法和计算顺序相同。示例性地,所使用的计算顺序为度量值在度量日志中的排列顺序。Exemplarily, the same calculation method refers to the same algorithm. The algorithm is, for example, multiplication. Then, the algorithm used when calculating the second reference value is the same as the algorithm used when calculating the metric log verification value, and the calculation sequence may be different. Alternatively, the same calculation method means that both the algorithm and the calculation sequence are the same. Then, the algorithm and the calculation order used when calculating the second reference value are the same as the algorithm and calculation order used when calculating the verification value of the metric log. Exemplarily, the calculation order used is the order in which the measurement values are arranged in the measurement log.

发送方式三,第二网络设备在确认第一基线文件和度量日志可信的情况下,向其他网络设备推送第一基线文件和度量日志。由其他网络设备对第一基线文件和度量日志进行可信存储,并由其他网络设备向第一网络设备发送第一基线文件和度量日志。其中,其他网络设备为第一网络设备和第二网络设备之外的网络设备。In the third sending manner, the second network device pushes the first baseline file and the measurement log to other network devices after confirming that the first baseline file and the measurement log are credible. The first baseline file and the measurement log are credibly stored by other network devices, and the first baseline file and the measurement log are sent to the first network device by the other network device. Wherein, other network devices are network devices other than the first network device and the second network device.

其中,其他网络设备进行可信存储的方式参见上文发送方式二的说明。示例性地,第一网络设备向其他网络设备发送挑战请求。其他网络设备基于该挑战请求向第一网络设备发送第一基线文件和度量日志。挑战请求以及其他网络设备基于挑战请求进行发送的方式参见上文发送方式一中的说明,此处不再进行赘述。或者,其他网络设备向第一网络设备推送第一基线文件和度量日志。其他网络设备进行推送的方式参见上文发送方式二中的说明,此处不再进行赘述。Among them, for the trusted storage method of other network devices, please refer to the description of the second sending method above. Exemplarily, the first network device sends challenge requests to other network devices. Other network devices send the first baseline file and the metric log to the first network device based on the challenge request. For the way of sending the challenge request and other network devices based on the challenge request, please refer to the description in the first way of sending above, and will not repeat it here. Alternatively, other network devices push the first baseline file and the measurement log to the first network device. For the push method of other network devices, please refer to the description in the second sending method above, and will not repeat them here.

步骤504,第一网络设备获取第二网络设备的软件对应的第一基线文件和度量日志。Step 504, the first network device acquires the first baseline file and the measurement log corresponding to the software of the second network device.

由于第二网络设备向第一网络设备发送了第一基线文件和度量日志,因而第一网络设备会获取到第一基线文件和度量日志。其中,第二网络设备采用的发送方式不同,则第一网络设备采用的获取方式也不同。在示例性实施例中,获取方式包括如下的三种。Since the second network device sends the first baseline file and the metric log to the first network device, the first network device will obtain the first baseline file and the metric log. Wherein, the sending mode adopted by the second network device is different, and the obtaining mode adopted by the first network device is also different. In an exemplary embodiment, the acquisition methods include the following three methods.

对应于发送方式一的获取方式一,第一网络设备接收第二网络设备基于挑战请求发送的第一基线文件和度量日志。此外,第一网络设备还接收第二网络设备发送的可信的基线文件校验值和可信的度量日志校验值中的至少一个。Corresponding to the acquisition manner 1 of the sending manner 1, the first network device receives the first baseline file and the measurement log sent by the second network device based on the challenge request. In addition, the first network device also receives at least one of the credible baseline file check value and the credible metric log check value sent by the second network device.

对应于发送方式二的获取方式二,第一网络设备接收第二网络设备推送的第一基线文件和度量日志。Corresponding to the acquisition manner 2 of the sending manner 2, the first network device receives the first baseline file and the measurement log pushed by the second network device.

对应于发送方式三的获取方式三,第一网络设备接收其他网络设备基于挑战请求发送的第一基线文件和度量日志。或者,第一网络设备接收其他网络设备推送的第一基线文件和度量日志。Corresponding to the obtaining manner 3 of the sending manner 3, the first network device receives the first baseline file and the measurement log sent by other network devices based on the challenge request. Alternatively, the first network device receives the first baseline file and the measurement log pushed by other network devices.

步骤505,响应于确认第一基线文件和度量日志可信,第一网络设备基于第一基线文件和度量日志对软件进行远程证明,得到软件对应的远程证明结果,软件对应的远程证明结果用于指示软件是否可信。Step 505, in response to confirming that the first baseline file and the metric log are credible, the first network device remotely certifies the software based on the first baseline file and the metric log, and obtains a remote attestation result corresponding to the software, and the remote attestation result corresponding to the software is used for Indicates whether the software is trusted.

由于在第一基线文件和度量日志可信的情况下,第一网络设备才会基于第一基线文件和度量日志对软件进行远程证明。因此,在示例性实施例中,在第一网络设备基于第一基线文件和度量日志对软件进行远程证明之前,第一网络设备首先需要确认第一基线文件和度量日志是否可信,参见如下的步骤5051。Only when the first baseline file and the measurement log are credible, the first network device will remotely certify the software based on the first baseline file and the measurement log. Therefore, in an exemplary embodiment, before the first network device remotely certifies the software based on the first baseline file and the metric log, the first network device first needs to confirm whether the first baseline file and the metric log are trustworthy, see the following Step 5051.

步骤5051,第一网络设备确认第一基线文件和度量日志可信。Step 5051, the first network device confirms that the first baseline file and the measurement log are credible.

其中,第二网络设备采用的发送方式不同,则第一网络设备采用的确认方式也不同。在示例性实施例中,确认方式包括如下的三种。Wherein, the sending mode adopted by the second network device is different, and the confirmation mode adopted by the first network device is also different. In an exemplary embodiment, the confirmation manners include the following three types.

对应于发送方式一的确认方式一,第一网络设备基于基线文件校验值和度量日志校验值中的至少一个确认第一基线文件和度量日志可信。Corresponding to the confirmation mode one of the sending mode one, the first network device confirms that the first baseline file and the measurement log are credible based on at least one of the baseline file verification value and the measurement log verification value.

在第一网络设备接收到第二网络设备发送的可信的基线文件校验值的情况下,第一网络设备对接收到的第一基线文件记录的基准值进行计算,得到第一数值。第一数值与基线文件校验值的计算方式相同,计算方式相同为算法相同,或者算法和计算顺序均相同。其中,第一网络设备计算得到第一数值的方式,参见上文步骤502中第二网络设备计算得到第一参考数值的方式,在此不再赘述。When the first network device receives the credible baseline file verification value sent by the second network device, the first network device calculates the reference value recorded in the received first baseline file to obtain the first value. The calculation method of the first value is the same as that of the check value of the baseline file, and the same calculation method means the same algorithm, or the algorithm and the calculation sequence are the same. For the manner in which the first network device calculates and obtains the first value, refer to the manner in which the second network device calculates and obtains the first reference value in step 502 above, and details are not repeated here.

响应于第一数值与基线文件校验值相同,第一网络设备确认第一基线文件可信。则在远程证明过程中可以使用该第一基线文件。或者,响应于第一数值与基线文件校验值不同,第一网络设备确认第一基线文件不可信。则在远程证明过程中不再使用该第一基线文件。In response to the first numerical value being the same as the baseline file check value, the first network device confirms that the first baseline file is authentic. This first baseline file can then be used in the remote attestation process. Or, in response to the fact that the first value is different from the check value of the baseline file, the first network device confirms that the first baseline file is not credible. Then the first baseline file is no longer used in the remote attestation process.

在第一网络设备接收到第二网络设备发送的可信的度量日志校验值的情况下,第一网络设备对接收到的度量日志记录的度量值进行计算,得到第二数值。第二数值与度量日志校验值的计算方式相同,计算方式相同为算法相同,或者算法和计算顺序均相同。第一网络设备计算得到第二数值的方式,参见上文步骤503中第二网络设备计算得到第二参考数值的方式,在此不再赘述。When the first network device receives the credible metric log verification value sent by the second network device, the first network device calculates the metric value recorded in the received metric log to obtain the second value. The calculation method of the second value is the same as that of the measurement log verification value, and the same calculation method means the same algorithm, or the same algorithm and the same calculation sequence. For the manner in which the first network device calculates and obtains the second value, refer to the manner in which the second network device calculates and obtains the second reference value in step 503 above, and details are not repeated here.

响应于第二数值与度量日志校验值相同,第一网络设备确认度量日志可信。则可以使用度量日志进行后续的远程证明过程。响应于第二数值与度量日志校验值不同,第一网络设备确认度量日志不可信。则不再使用度量日志进行后续的远程证明过程。In response to the second numerical value being the same as the metric log check value, the first network device confirms that the metric log is authentic. Then the metric log can be used for the subsequent remote attestation process. In response to the second value being different from the metric log check value, the first network device confirms that the metric log is not authentic. Then the measurement log is no longer used for the subsequent remote attestation process.

能够理解的是,基于基线文件校验值对第一基线文件进行校验的方式,以及基于度量日志校验值对度量日志进行校验的方式均为举例,不用于对校验方式造成限定。第一网络设备也可以采用其他方式来校验第一基线文件和度量日志是否可信。It can be understood that the manner of verifying the first baseline file based on the verification value of the baseline file and the manner of verifying the measurement log based on the verification value of the measurement log are examples and are not intended to limit the verification manner. The first network device may also use other methods to verify whether the first baseline file and the measurement log are credible.

在示例性实施例中,除了通过步骤5051确认第一基线文件和度量日志可信之外,第一网络设备在基于第一基线文件和度量日志对软件进行远程证明之前,还执行如下的步骤5052-5056中的至少一个,以下分别进行说明。In an exemplary embodiment, in addition to confirming that the first baseline file and the metric log are authentic by step 5051, the first network device further performs the following step 5052- At least one of 5056 will be described below.

步骤5052,第一网络设备向第二网络设备发送的挑战请求包括基准挑战值,第一网络设备接收第二网络设备发送的挑战值,确定挑战值与基准挑战值相同。Step 5052, the challenge request sent by the first network device to the second network device includes a reference challenge value, the first network device receives the challenge value sent by the second network device, and determines that the challenge value is the same as the reference challenge value.

在挑战请求包括基准挑战值的情况下,第二网络设备通过挑战请求获得基准挑战值后,将该基准挑战值作为挑战值。在第二网络设备向第一网络设备发送第一基线文件和度量日志时,会一并发送挑战值,则第一网络设备会接收到第二网络设备发送的挑战值。示例性地,该基准挑战值是随机生成的数值。In the case that the challenge request includes a reference challenge value, after the second network device obtains the reference challenge value through the challenge request, the reference challenge value is used as the challenge value. When the second network device sends the first baseline file and the measurement log to the first network device, it will also send the challenge value, and then the first network device will receive the challenge value sent by the second network device. Exemplarily, the baseline challenge value is a randomly generated value.

其中,第一网络设备对比挑战值与基准挑战值的作用在于:确定是否存在重放攻击。重放攻击是指恶意攻击的网络设备窃取第二网络设备已向第一网络设备发送过的数据。当第一网络设备向第二网络设备发送了新的挑战请求之后,恶意攻击的网络设备再向第一网络设备发送窃取到的数据,从而将窃取到的数据伪装成第二网络设备基于新的挑战请求向第一网络设备发送的数据。在挑战请求中携带基准挑战值的情况下,仅有基于新的挑战请求向第一网络设备发送的数据中能够携带与基准挑战值相同的挑战值。恶意攻击的网络设备窃取的已向第一网络设备发送过的数据,则不会携带与基准挑战值相同的挑战值。因此,通过对比挑战值与基准挑战值,可以确定是否存在重放攻击。Wherein, the function of the first network device comparing the challenge value with the reference challenge value is to determine whether there is a replay attack. A replay attack refers to a maliciously attacked network device stealing data that a second network device has sent to a first network device. After the first network device sends a new challenge request to the second network device, the maliciously attacked network device sends the stolen data to the first network device, thereby disguising the stolen data as the second network device based on the new challenge request. The challenge requests data sent to the first network device. In the case that the challenge request carries the reference challenge value, only the data sent to the first network device based on the new challenge request can carry the same challenge value as the reference challenge value. The data stolen by the maliciously attacked network device and sent to the first network device will not carry the same challenge value as the reference challenge value. Therefore, by comparing the challenge value with the baseline challenge value, it can be determined whether there is a replay attack.

则,响应于该挑战值与基准挑战值相同,第一网络设备确定第一基线文件和度量日志是第二网络设备基于挑战请求发送的,不存在重放攻击。可以继续基于第一基线文件和度量日志对软件进行远程证明。响应于该挑战值与基准挑战值不同,则存在重放攻击。第一网络设备不再基于第一基线文件和度量日志对软件进行远程证明。Then, in response to the challenge value being the same as the reference challenge value, the first network device determines that the first baseline file and the measurement log are sent by the second network device based on the challenge request, and there is no replay attack. The software can continue to be remotely attested based on the first baseline files and metrics logs. In response to the challenge value being different from the baseline challenge value, there is a replay attack. The first network device no longer remotely attests to the software based on the first baseline file and the metric log.

另外,根据上文步骤502的发送方式一中的说明可知,第一网络设备向第二网络设备发送的挑战请求的数量为一个或两个。响应于第一网络设备仅向第二网络设备发送一个挑战请求,则第二网络设备将该挑战请求中的基准挑战值作为挑战值。向第一网络设备发送该挑战值、第一基线文件和度量日志。或者,响应于第一网络设备向第二网络设备发送两个挑战请求,则第二网络设备将其中一个挑战请求中的基准挑战值作为第一挑战值。向第一网络设备发送第一挑战值和第一基线文件。第二网络设备还将另一个挑战请求中的基准挑战值作为第二挑战值,向第一网络设备发送第二挑战值和度量日志。In addition, according to the description in the first sending manner in step 502 above, it can be known that the number of challenge requests sent by the first network device to the second network device is one or two. In response to the first network device sending only one challenge request to the second network device, the second network device uses the reference challenge value in the challenge request as the challenge value. The challenge value, the first baseline file and the metric log are sent to the first network device. Or, in response to the first network device sending two challenge requests to the second network device, the second network device uses the reference challenge value in one of the challenge requests as the first challenge value. Send the first challenge value and the first baseline file to the first network device. The second network device also uses the reference challenge value in another challenge request as the second challenge value, and sends the second challenge value and the measurement log to the first network device.

步骤5053,第一网络设备确定发送时刻与接收时刻之间的时刻差值不大于时刻阈值,发送时刻为第一网络设备向第二网络设备发送挑战请求的时刻,接收时刻为第一网络设备接收第二网络设备发送的第一基线文件和度量日志的时刻。Step 5053, the first network device determines that the time difference between the sending time and the receiving time is not greater than the time threshold, the sending time is the time when the first network device sends the challenge request to the second network device, and the receiving time is when the first network device receives the challenge request. The moment of the first baseline file and the metric log sent by the second network device.

第一网络设备确定该时刻差值不大于时刻阈值的作用在于:确定第二网络设备是否可信。响应于该时刻差值不大于时刻阈值,则说明第二网络设备可信。第一网络设备可以继续基于第一基线文件和度量日志对软件进行远程证明。响应于该时刻差值大于时刻阈值,说明第二网络设备不可信。第一网络设备不再基于第一基线文件和度量日志对软件进行远程证明。示例性地,第一网络设备可以在第二网络设备不可信的情况下,认为第二网络设备的软件也不可信。示例性地,还可以认为第二网络设备发送的第一基线文件和度量日志也不可信。The function of the first network device determining that the time difference is not greater than the time threshold is to determine whether the second network device is trustworthy. In response to the time difference being not greater than the time threshold, it indicates that the second network device is trusted. The first network device can continue to remotely attest the software based on the first baseline file and the metrics log. In response to the time difference being greater than the time threshold, it indicates that the second network device is untrustworthy. The first network device no longer remotely attests to the software based on the first baseline file and the metric log. Exemplarily, the first network device may consider that the software of the second network device is not trustworthy when the second network device is not trustworthy. Exemplarily, it may also be considered that the first baseline file and the measurement log sent by the second network device are also not credible.

步骤5054,第一网络设备确定度量日志记录的度量值对应的度量目标属于第一基线文件记录的基线值对应的度量目标的子集。Step 5054, the first network device determines that the metric target corresponding to the metric value recorded in the metric log belongs to the subset of the metric target corresponding to the baseline value recorded in the first baseline file.

其中,度量日志包括相对应的度量目标标识和度量值。度量值对应的度量目标即为度量值对应的度量目标标识所指示的度量目标。第一基线文件包括相对应的度量目标标识和基准值。基准值对应的度量目标即为基准值对应的度量目标标识所指示的度量目标。第一网络设备确定是否属于子集的作用在于:确定第二网络设备是否可信。响应于属于子集,则说明第二网络设备上的度量目标列表和度量日志均未被篡改,第二网络设备可信。第一网络设备可以继续基于第一基线文件和度量日志对软件进行远程证明。响应于不属于子集,则说明第二网络设备上的度量目标列表和度量日志中的至少一个被篡改,第二网络设备不可信。第一网络设备不再基于第一基线文件和度量日志对软件进行远程证明。示例性地,第一网络设备可以在第二网络设备不可信的情况下,认为第二网络设备的软件也不可信。示例性地,还可以认为第二网络设备发送的第一基线文件和度量日志也不可信。Wherein, the measurement log includes a corresponding measurement target identifier and a measurement value. The measurement target corresponding to the measurement value is the measurement target indicated by the measurement target identifier corresponding to the measurement value. The first baseline file includes corresponding metric target identifiers and baseline values. The measurement target corresponding to the reference value is the measurement target indicated by the measurement target identifier corresponding to the reference value. The function of determining whether the first network device belongs to the subset is to determine whether the second network device is trustworthy. If the response belongs to the subset, it means that neither the measurement target list nor the measurement log on the second network device has been tampered with, and the second network device is trustworthy. The first network device can continue to remotely attest the software based on the first baseline file and the metrics log. If the response does not belong to the subset, it indicates that at least one of the measurement target list and the measurement log on the second network device has been tampered with, and the second network device is not trustworthy. The first network device no longer remotely attests to the software based on the first baseline file and the metric log. Exemplarily, the first network device may consider that the software of the second network device is not trustworthy when the second network device is not trustworthy. Exemplarily, it may also be considered that the first baseline file and the measurement log sent by the second network device are also not credible.

步骤5055,第一网络设备接收第二网络设备发送的存储的第一基线文件,确定存储的第一基线文件与第一基线文件相同。此种情况下,第二网络设备除了向第一网络设备发送第一基线文件和度量日志之外,还需要向第一网络设备发送存储的第一基线文件。Step 5055, the first network device receives the stored first baseline file sent by the second network device, and determines that the stored first baseline file is the same as the first baseline file. In this case, in addition to sending the first baseline file and the measurement log to the first network device, the second network device also needs to send the stored first baseline file to the first network device.

第一网络设备确定存储的第一基线文件与第一基线文件相同的作用在于:确定第二网络设备是否可信。响应于相同,则说明第一基线文件存储于第二网络设备的过程中未被篡改,第二网络设备可信。第一网络设备可以继续基于第一基线文件和度量日志对软件进行远程证明。响应于不同,则说明第一基线文件存储于第二网络设备的过程中被篡改,第二网络设备不可信。第一网络设备不再基于第一基线文件和度量日志对软件进行远程证明。示例性地,第一网络设备可以在第二网络设备不可信的情况下,认为第二网络设备的软件也不可信。示例性地,还可以认为第二网络设备发送的第一基线文件和度量日志也不可信。The function of the first network device determining that the stored first baseline file is the same as that of the first baseline file is to determine whether the second network device is trustworthy. If the response is the same, it indicates that the first baseline file has not been tampered with during storage in the second network device, and the second network device is trustworthy. The first network device can continue to remotely attest the software based on the first baseline file and the metrics log. If the response is different, it indicates that the first baseline file has been tampered with during storage in the second network device, and the second network device is not trustworthy. The first network device no longer remotely attests to the software based on the first baseline file and the metric log. Exemplarily, the first network device may consider that the software of the second network device is not trustworthy when the second network device is not trustworthy. Exemplarily, it may also be considered that the first baseline file and the measurement log sent by the second network device are also not credible.

步骤5056,第一基线文件和度量日志已通过第二网络设备的私钥加密。第一网络设备获取私钥对应的公钥,通过公钥对第一基线文件和度量日志进行解密。Step 5056, the first baseline file and the measurement log have been encrypted by the private key of the second network device. The first network device obtains the public key corresponding to the private key, and decrypts the first baseline file and the measurement log by using the public key.

其中,第一网络设备通过公钥进行解密的作用在于:确定第一基线文件和度量日志在传输过程中是否被恶意攻击的网络设备替换。由于第二网络设备的私钥由第二网络设备使用,且通过第二网络设备的私钥加密的数据仅能够通过该私钥对应的公钥进行解密。因而响应于第一网络设备可以通过公钥进行解密,则说明第一基线文件和度量日志是第二网络设备发送的,第一基线文件和度量日志在传输过程中未被替换。可以继续基于第一基线文件和度量日志对软件进行远程证明。响应于第一网络设备不可以通过公钥进行解密,则说明第一网络设备和度量日志在传输过程中已被替换。第一网络设备不再基于第一基线文件和度量日志对软件进行远程证明。Wherein, the function of the decryption by the first network device using the public key is to determine whether the first baseline file and the measurement log are replaced by a maliciously attacked network device during the transmission process. Since the private key of the second network device is used by the second network device, the data encrypted by the private key of the second network device can only be decrypted by the public key corresponding to the private key. Therefore, in response to the fact that the first network device can decrypt using the public key, it means that the first baseline file and the metric log are sent by the second network device, and the first baseline file and the metric log are not replaced during the transmission. The software can continue to be remotely attested based on the first baseline files and metrics logs. In response to the fact that the first network device cannot decrypt using the public key, it indicates that the first network device and the metric log have been replaced during transmission. The first network device no longer remotely attests to the software based on the first baseline file and the metric log.

能够理解的是,除了第一基线文件和度量日志之外,在第二网络设备还需要向第一网络设备发送其他数据(包括但不限于上述挑战值、存储的第一基线文件、基线文件校验值和度量日志校验值)的情况下,其他数据也已通过第二网络设备的私钥加密。It can be understood that, in addition to the first baseline file and the measurement log, the second network device also needs to send other data to the first network device (including but not limited to the above-mentioned challenge value, stored first baseline file, baseline file calibration verification value and metric log verification value), other data has also been encrypted by the private key of the second network device.

本申请实施例不对上述步骤5051-5056的执行顺序进行限定。示例性地,第一网络设备先执行步骤5052-5056,再通过步骤5051确认第一基线文件和度量日志可信。之后,基于第一基线文件和度量日志对软件进行远程证明。The embodiment of the present application does not limit the execution order of the above steps 5051-5056. Exemplarily, the first network device first executes steps 5052-5056, and then confirms that the first baseline file and the measurement log are credible through step 5051. Afterwards, the software is remotely attested based on the first baseline files and metrics logs.

对应于发送方式二的确认方式二,响应于第一网络设备确认第一基线文件和度量日志由第二网络设备发送,则第一网络设备确认第一基线文件和度量日志可信。例如,第一基线文件和度量日志可以通过第二网络设备的私钥加密。如果第一网络设备可以通过私钥对应的公钥进行解密,则第一网络设备确认第一基线文件和度量日志由第二网络设备发送。其原因参见上文步骤5056中的说明,在此不再重复。Corresponding to the confirmation mode 2 of the sending mode 2, in response to the first network device confirming that the first baseline file and the metric log are sent by the second network device, the first network device confirms that the first baseline file and the metric log are credible. For example, the first baseline file and the metrics log may be encrypted by the private key of the second network device. If the first network device can decrypt using the public key corresponding to the private key, the first network device confirms that the first baseline file and the measurement log are sent by the second network device. For the reason, refer to the description in step 5056 above, which will not be repeated here.

对应于发送方式三的确认方式三,响应于第一网络设备确认第一基线文件和度量日志由其他网络设备发送,则第一网络设备确认第一基线文件和度量日志可信。例如,第一基线文件和度量日志可以通过其他网络设备的私钥加密。如果第一网络设备可以通过私钥对应的公钥进行解密,则第一网络设备确认第一基线文件和度量日志由其他网络设备发送。其原因参见上文步骤5056中的说明,在此不再重复。Confirmation mode three corresponding to sending mode three, in response to the first network device confirming that the first baseline file and the metric log are sent by other network devices, the first network device confirms that the first baseline file and the metric log are credible. For example, first baseline files and metric logs may be encrypted by private keys of other network devices. If the first network device can decrypt using the public key corresponding to the private key, the first network device confirms that the first baseline file and the measurement log are sent by other network devices. For the reason, refer to the description in step 5056 above, which will not be repeated here.

在第一网络设备通过以上任一确认方式确认第一基线文件和度量日志可信之后,第一网络设备便可以基于第一基线文件和度量日志对软件进行远程证明,所得到的软件对应的远程证明结果用于指示软件是否可信。After the first network device confirms that the first baseline file and measurement log are credible through any of the above confirmation methods, the first network device can remotely certify the software based on the first baseline file and measurement log, and the corresponding remote Attestation results are used to indicate whether software is trustworthy.

在远程证明过程中,第一网络设备对比第一基线文件记录的基准值和度量日志记录的度量值。响应于任一个度量目标标识在度量日志中对应的度量值与该度量目标标识在第一基线文件中对应的基准值不同,第一网络设备得到指示软件不可信的远程证明结果。或者,响应于各个度量目标标识在度量日志中对应的度量值均与该度量目标标识在第一基线文件中对应的基准值相同,第一网络设备得到指示软件可信的远程证明结果。During the remote attestation process, the first network device compares the baseline value recorded in the first baseline file with the metric value recorded in the metric log. In response to the fact that the metric value corresponding to any metric target identifier in the metric log is different from the reference value corresponding to the metric target identifier in the first baseline file, the first network device obtains a remote attestation result indicating that the software is untrustworthy. Alternatively, in response to the fact that the metric values corresponding to each metric target identifier in the metric log are the same as the reference value corresponding to the metric target identifier in the first baseline file, the first network device obtains a remote attestation result indicating that the software is trustworthy.

由于本申请实施例中的软件可以为运行态软件,因而本申请实施例能够实现对运行态软件的远程证明,从而可以及时检测到针对运行态软件的攻击方法。由此,便可以及时采取相应的措施,从而避免了针对运行态软件的攻击方法影响到运行态软件及第二网络设备的安全性。在一些实施方式中,针对运行态软件的攻击方法包括但不限于高级持续威胁(advanced persistent threat,APT)。APT是一种通过缓冲区溢出漏洞注入恶意代码到内存的攻击方法。由于APT会通过技术手段对恶意代码进行隐藏,而这种隐藏可以避免恶意代码被第二网络设备的安全机制检测到,因而APT可以达到持久化入侵第二网络设备的目的。可以看出,APT隐蔽性较强、危害较大。通过本申请实施例提供的远程证明的方法对运行态软件进行远程证明,则可以及时发现APT攻击,以保证安全性。Since the software in the embodiment of the present application may be the software in the running state, the embodiment of the present application can realize the remote certification of the software in the running state, so that the attack method against the running state software can be detected in time. Therefore, corresponding measures can be taken in time, thereby preventing the attack method against the software in the running state from affecting the security of the software in the running state and the second network device. In some implementations, the attack method against running state software includes but not limited to advanced persistent threat (advanced persistent threat, APT). APT is an attack method that injects malicious code into memory through a buffer overflow vulnerability. Because the APT will hide the malicious code through technical means, and this concealment can prevent the malicious code from being detected by the security mechanism of the second network device, so the APT can achieve the purpose of persistently invading the second network device. It can be seen that APT is highly concealed and harmful. Through the remote attestation method provided by the embodiment of the present application, the running state software is remotely attested, so that APT attacks can be discovered in time to ensure security.

此外,在示例性实施例中,在第二网络设备的使用过程中,可能需要对第二网络设备进行运维(例如打热补丁),从而导致第二网络设备的软件发生更新。相应地,第二网络设备也需要对第一基线文件和基线文件校验值进行更新。第二网络设备向第一网络设备发送更新基线文件和更新的基线文件校验值。在后续对更新的软件进行远程证明的过程中,第一网络设备会使用更新基线文件和更新的基线文件校验值。In addition, in an exemplary embodiment, during the use of the second network device, it may be necessary to perform operation and maintenance (for example, hot patching) on the second network device, thereby causing the software of the second network device to be updated. Correspondingly, the second network device also needs to update the first baseline file and the check value of the baseline file. The second network device sends the updated baseline file and the updated baseline file check value to the first network device. In the subsequent remote attestation process for the updated software, the first network device will use the updated baseline file and the updated baseline file check value.

示例性地,在第二网络设备进行更新之前,第二网络设备通过安全机制确定所进行的更新是否来自于被允许的管理员或程序。安全机制包括但不限于补丁签名校验或者管理员身份认证。在确定所进行的更新来自于被允许的管理员或程序的情况下,再进行更新。Exemplarily, before the second network device performs the update, the second network device determines whether the update is from a permitted administrator or program through a security mechanism. Security mechanisms include but are not limited to patch signature verification or administrator identity authentication. Make sure that the update is from an authorized administrator or program, and then perform the update.

在一些实施方式中,软件发生更新例如为软件所具有的度量范围更新。此种更新可能使得软件对应的度量目标增加和/或度量目标对应的基准值发生改变。示例性地,如果此种更新使得度量目标对应的基准值发生改变,则第二网络设备基于更新的软件生成更新基线文件和更新的基线文件校验值。更新的基线文件校验值用于校验更新基线文件是否可信。生成方式参见上文步骤501中的说明。示例性地,如果此种更新仅使得软件对应的度量目标增加,则第二网络设备也可以不重新生成更新基线文件和更新的基线文件校验值。第二网络设备可以基于增加的度量目标生成新的基准值,将用于指示增加的度量目标的度量目标标识和新的基准值相对应的记录在第一基线文件中,得到更新基线文件。此外,第二网络设备在基线文件校验值的基础上,结合新的基准值进行叠加计算得到更新的基线文件校验值。In some implementations, the software is updated, for example, the metric range of the software is updated. Such an update may increase the metric target corresponding to the software and/or change the baseline value corresponding to the metric target. Exemplarily, if such an update causes a change in the baseline value corresponding to the measurement target, the second network device generates an updated baseline file and an updated baseline file check value based on the updated software. The updated baseline file check value is used to verify whether the updated baseline file is credible. For the generation method, refer to the description in step 501 above. Exemplarily, if the update only increases the metric target corresponding to the software, the second network device may not regenerate the updated baseline file and the updated baseline file check value. The second network device may generate a new benchmark value based on the added metric target, and record the metric target identifier indicating the added metric target corresponding to the new benchmark value in the first baseline file to obtain an updated baseline file. In addition, on the basis of the check value of the baseline file, the second network device performs superposition calculation in combination with the new reference value to obtain an updated check value of the baseline file.

在示例性实施例中,上述软件为运行态软件包括的内核态软件,方法还包括:第一网络设备获取第二网络设备的用户态软件对应的第二基线文件,第二基线文件基于用户态软件的编译过程生成。第一网络设备基于第二基线文件对用户态软件进行远程证明,得到用户态软件对应的远程证明结果。In an exemplary embodiment, the above-mentioned software is the kernel state software included in the running state software, and the method further includes: the first network device obtains the second baseline file corresponding to the user state software of the second network device, and the second baseline file is based on the user state software. Generated by the compilation process of the software. The first network device performs remote certification on the user state software based on the second baseline file, and obtains a remote certification result corresponding to the user state software.

如上文所述,运行态软件位于第二网络设备的内存中。其中,在内核态软件被链接、加载至内存的过程中,内核态软件会被编译器修改(修改包括但不限于重定向改写,且此种修改与恶意篡改不同,此种修改是被允许的),从而使得加载前后内核态软件不一致。并且,此种修改是难以预知的。因而对于内核态软件而言,内核态软件对应的第一基线文件只能在内核态软件被链接、加载至内存之后,再由第二网络设备生成。不过,在用户态软件被链接、加载至内存的过程中,用户态软件不会被进行修改,因而加载前后用户态软件是一致的。则对于用户态软件而言,可以由第二网络设备生成用户态软件对应的第一基线文件。也可以在用户态软件的编译过程中就生成用户态软件对应的第二基线文件。第一基线文件和第二基线文件均可以用于对用户态软件进行远程证明。As mentioned above, the running software is located in the memory of the second network device. Among them, during the process of the kernel state software being linked and loaded into the memory, the kernel state software will be modified by the compiler (modification includes but not limited to redirection and rewriting, and such modification is different from malicious tampering, and such modification is allowed ), thus making the kernel mode software inconsistent before and after loading. Also, such modifications are unpredictable. Therefore, for the kernel state software, the first baseline file corresponding to the kernel state software can only be generated by the second network device after the kernel state software is linked and loaded into the memory. However, during the process of linking and loading the user state software into the memory, the user state software will not be modified, so the user state software is consistent before and after loading. Then, for the user mode software, the first baseline file corresponding to the user mode software may be generated by the second network device. The second baseline file corresponding to the user-mode software may also be generated during the compiling process of the user-mode software. Both the first baseline file and the second baseline file can be used to remotely certify the user state software.

其中,在用户态软件的编译过程中生成第二基线文件的方式,可以参见上文步骤502中第二网络设备生成第一基线文件的方式,此处不再进行赘述。在生成第二基线文件之后,可以通过人工配置等方式,将第二基线文件配置于第一网络设备。该配置过程可以在第一网络设备进行远程证明之前完成。此外,对于软件为静态软件的情况,静态软件对应的基线文件可以由第二网络设备生成,也可以在静态软件的编译过程中生成。Wherein, the manner of generating the second baseline file during the compiling process of the user state software may refer to the manner of generating the first baseline file by the second network device in step 502 above, and details are not repeated here. After the second baseline file is generated, the second baseline file may be configured on the first network device by means of manual configuration or the like. This configuration process may be completed prior to remote attestation by the first network device. In addition, for the case that the software is static software, the baseline file corresponding to the static software may be generated by the second network device, or may be generated during the compiling process of the static software.

接下来,参见图6,对本申请实施例提供的远程证明的方法的整体流程进行举例说明,整体流程包括如下的四个阶段。Next, referring to FIG. 6 , an example is given to illustrate the overall process of the remote attestation method provided by the embodiment of the present application. The overall process includes the following four stages.

第一阶段,第二网络设备生成第一基线文件。In the first stage, the second network device generates a first baseline file.

步骤601,REE内核中的第一度量模块基于REE内核存储的度量目标列表对软件进行度量,得到第一基线文件。在REE内核中存储第一基线文件。Step 601 , the first measurement module in the REE kernel measures the software based on the measurement object list stored in the REE kernel, and obtains a first baseline file. Store the first baseline file in the REE kernel.

步骤602,REE内核中的第一度量模块向TEE内核中的第二度量模块发送第一基线文件。Step 602, the first measurement module in the REE kernel sends the first baseline file to the second measurement module in the TEE kernel.

步骤603,TEE内核中的第二度量模块基于第一基线文件生成基线文件校验值。将基线文件校验值写入TPM芯片的PCR_X中。In step 603, the second measurement module in the TEE kernel generates a check value of the baseline file based on the first baseline file. Write the checksum value of the baseline file into PCR_X of the TPM chip.

步骤604,TEE内核中的第二度量模块告知REE内核中的第一度量模块已生成基线文件校验值。In step 604, the second measurement module in the TEE kernel informs the first measurement module in the REE kernel that the baseline file check value has been generated.

第二阶段,第一网络设备获取第一基线文件。In the second stage, the first network device acquires the first baseline file.

步骤605,第一网络设备的RAS向第二网络设备的RAC发送挑战请求1。该挑战请求1包括基准挑战值1。Step 605, the RAS of the first network device sends a challenge request 1 to the RAC of the second network device. The challenge request 1 includes a reference challenge value 1 .

步骤606,第二网络设备的RAC获取REE内核存储的第一基线文件(步骤6061),获取PCR_X存储的基线文件校验值(步骤6062)。将基准挑战值1作为挑战值1。通过第二网络设备的私钥对第一基线文件、基线文件校验值和挑战值1进行加密,得到加密结果1。Step 606, the RAC of the second network device acquires the first baseline file stored in the REE kernel (step 6061), and acquires the check value of the baseline file stored in PCR_X (step 6062). Let the benchmark challenge value 1 be the challenge value 1. The first baseline file, the check value of the baseline file, and the challenge value 1 are encrypted with the private key of the second network device, and an encryption result 1 is obtained.

步骤607,第二网络设备的RAC向第一网络设备的RAS发送加密结果1。Step 607, the RAC of the second network device sends the encryption result 1 to the RAS of the first network device.

步骤608,第一网络设备的RAS对加密结果1进行校验,得到可信的第一基线文件。之后,存储可信的第一基线文件。Step 608, the RAS of the first network device verifies the encryption result 1 to obtain a credible first baseline file. Afterwards, the trusted first baseline file is stored.

其中,校验过程包括第一网络设备的RAS通过第二网络设备的私钥对加密结果1进行解密。得到第一基线文件、基线文件校验值和挑战值1。在确认挑战值1与基准挑战值1相同之后,基于基线文件校验值确认第一基线文件是否可信。如果确认第一基线文件可信,则得到可信的第一基线文件。Wherein, the verification process includes that the RAS of the first network device decrypts the encrypted result 1 through the private key of the second network device. Obtain the first baseline file, baseline file check value and challenge value 1. After confirming that the challenge value 1 is the same as the reference challenge value 1, it is determined whether the first baseline file is credible based on the check value of the baseline file. If it is confirmed that the first baseline file is credible, a credible first baseline file is obtained.

步骤609,第一网络设备接收配置的第一基线文件,该第一基线文件在软件的编译过程中生成。Step 609, the first network device receives the configured first baseline file, and the first baseline file is generated during software compilation.

需要说明的是,第一网络设备可以选择通过步骤605-608获取第一基线文件。或者,第一网络设备选择通过步骤609获取第一基线文件。It should be noted that the first network device may choose to obtain the first baseline file through steps 605-608. Alternatively, the first network device chooses to obtain the first baseline file through step 609 .

第三阶段,第二网络设备生成度量日志。In the third stage, the second network device generates a metric log.

步骤610,REE内核的第一度量模块基于REE内核存储的度量目标列表再次对软件进行度量,得到多个度量值。In step 610, the first measurement module of the REE core measures the software again based on the measurement object list stored in the REE core to obtain multiple measurement values.

步骤611,REE内核的第一度量模块对比第一基线文件和多个度量值。记录与第一基线文件不同的度量值得到度量日志,向用户空间发送度量日志。Step 611 , the first measurement module of the REE kernel compares the first baseline file with multiple measurement values. Record the measurement value different from the first baseline file to obtain the measurement log, and send the measurement log to the user space.

步骤612,用户空间存储度量日志。Step 612, the user space stores the metric log.

步骤613,REE内核的第一度量模块基于度量日志生成度量日志校验值,将度量日志校验值写入TPM芯片的PCR_Y中。Step 613 , the first measurement module of the REE core generates a measurement log check value based on the measurement log, and writes the measurement log check value into PCR_Y of the TPM chip.

第四阶段,第一网络设备获取度量日志,基于第一基线文件和度量日志进行远程证明。In the fourth stage, the first network device obtains the measurement log, and performs remote certification based on the first baseline file and the measurement log.

步骤614,第一网络设备的RAS向第二网络设备的RAC发送挑战请求2。该挑战请求2包括基准挑战值2。Step 614, the RAS of the first network device sends a challenge request 2 to the RAC of the second network device. The challenge request 2 includes a reference challenge value 2 .

步骤615,第二网络设备的RAC获取用户空间存储的度量日志(步骤6151),获取PCR_Y存储的度量日志校验值(步骤6152),从REE内核获取存储的第一基线文件(步骤6153)。再将基准挑战值2作为挑战值2。通过第二网络设备的私钥对度量日志、度量日志校验值、存储的第一基线文件、挑战值2进行加密,得到加密结果2。Step 615, the RAC of the second network device obtains the metric log stored in the user space (step 6151), obtains the check value of the metric log stored in PCR_Y (step 6152), and obtains the stored first baseline file from the REE kernel (step 6153). Then take the benchmark challenge value 2 as the challenge value 2. The measurement log, the verification value of the measurement log, the stored first baseline file, and the challenge value 2 are encrypted by using the private key of the second network device to obtain an encryption result 2 .

步骤616,第二网络设备的RAC向第一网络设备的RAS发送加密结果2。Step 616, the RAC of the second network device sends the encryption result 2 to the RAS of the first network device.

步骤617,第一网络设备的RAS对加密结果2进行校验,得到可信的度量日志。对比度量日志与第一基线文件,得到远程证明结果,从而完成远程证明。Step 617, the RAS of the first network device verifies the encryption result 2 to obtain a credible measurement log. Compare the measurement log with the first baseline file to obtain the remote attestation result, thereby completing the remote attestation.

其中,校验过程包括第一网络设备的RAS通过第二网络设备的私钥对加密结果2进行解密。得到度量日志、度量日志校验值、存储的第一基线文件、挑战值2。第一网络设备确认挑战请求2的发送时刻与加密结果2的接收时刻之间的时刻差值不大于时刻阈值、存储的第一基线文件与可信的第一基线文件相同、挑战值2与基准挑战值相同2(确认顺序不进行限定)。之后,第一网络设备基于度量日志校验值确认度量日志是否可信。如果确认度量日志可信,则可以完成远程证明。Wherein, the verification process includes that the RAS of the first network device decrypts the encrypted result 2 through the private key of the second network device. Obtain the measurement log, the verification value of the measurement log, the stored first baseline file, and the challenge value 2. The first network device confirms that the time difference between the sending time of the challenge request 2 and the receiving time of the encrypted result 2 is not greater than the time threshold, the stored first baseline file is the same as the credible first baseline file, and the challenge value 2 is the same as the reference The challenge value is the same as 2 (the order of confirmation is not limited). Afterwards, the first network device confirms whether the metric log is credible based on the metric log check value. Remote attestation can be done if the metrics logs are confirmed to be trustworthy.

综上所述,本申请实施例中第一网络设备在确认第一基线文件和度量日志可信的情况下,基于第一基线文件和度量日志对第二网络设备的软件进行远程证明,保证了所得到的远程证明结果的准确性。由于第一网络设备获取的第一基线文件和度量日志是由第二网络设备生成的,获取方式较为智能,因而使得本申请实施例提供的远程证明的方法也较为智能,具有较高的灵活性。To sum up, in the embodiment of the present application, the first network device remotely certifies the software of the second network device based on the first baseline file and the measurement log after confirming that the first baseline file and the measurement log are credible, ensuring The resulting remote attests to the accuracy of the results. Since the first baseline file and measurement log obtained by the first network device are generated by the second network device, the acquisition method is relatively intelligent, so the remote attestation method provided by the embodiment of the present application is also relatively intelligent and has high flexibility .

以上介绍了本申请实施例提供的远程证明的方法,与上述方法对应,本申请实施例还提供了一种远程证明的装置。其中,该装置应用于第一网络设备。该装置用于通过图7所示的各个模块执行上述图5或图6中第一网络设备所执行的远程证明的方法。如图7所示,本申请实施例提供的远程证明的装置包括如下的获取模块701和远程证明模块702。The above describes the remote attestation method provided by the embodiment of the present application. Corresponding to the above method, the embodiment of the present application also provides a remote attestation device. Wherein, the apparatus is applied to the first network device. The apparatus is used to execute the remote attestation method executed by the first network device in FIG. 5 or FIG. 6 through various modules shown in FIG. 7 . As shown in FIG. 7 , the remote attestation device provided by the embodiment of the present application includes an acquisition module 701 and a remote attestation module 702 as follows.

其中,获取模块701用于执行上文的步骤504。远程证明模块702用于执行上文的步骤505。Wherein, the acquisition module 701 is used to execute the above step 504 . The remote attestation module 702 is used to execute step 505 above.

在一些实施方式中,获取模块701用于执行步骤605和步骤614。远程证明模块702用于执行步骤608和步骤616。在另一些实施方式中,获取模块701还用于执行步骤609,远程证明模块702用于执行步骤616。In some implementations, the acquiring module 701 is used to execute step 605 and step 614 . The remote attestation module 702 is configured to perform step 608 and step 616 . In some other implementation manners, the obtaining module 701 is further configured to execute step 609 , and the remote certification module 702 is configured to execute step 616 .

图7所示的远程证明的装置应用于第一网络设备,所具备的结构,与第二网络设备交互的详细过程,以及完成远程证明的详细过程,请参照前面图1-6相关的各实施例的描述,在这里不再重复。The remote attestation device shown in Figure 7 is applied to the first network device. For the structure, the detailed process of interacting with the second network device, and the detailed process of completing remote attestation, please refer to the previous implementations related to Figures 1-6. The description of the example is not repeated here.

本申请实施例还提供了另一种远程证明的装置。该装置应用于第二网络设备,该装置用于通过图8所示的各个模块执行上述图5或图6中第二网络设备所执行的远程证明的方法。如图8所示,本申请实施例提供的远程证明的装置包括如下的生成模块801和发送模块802。The embodiment of the present application also provides another remote attestation device. The device is applied to the second network device, and the device is used to execute the remote attestation method performed by the second network device in FIG. 5 or FIG. 6 through various modules shown in FIG. 8 . As shown in FIG. 8 , the remote attestation device provided by the embodiment of the present application includes the following generating module 801 and sending module 802 .

其中,生成模块801用于执行上文的步骤501和步骤502,发送模块802用于执行上文的步骤503。Wherein, the generation module 801 is used to execute the above step 501 and step 502, and the sending module 802 is used to execute the above step 503.

在一些实施方式中,生成模块801用于执行步骤601-604、步骤606、步骤610-613和步骤615。发送模块802用于执行步骤607和步骤616。在另一些实施方式中,生成模块810用于执行步骤610-613和步骤615,发送模块802用于执行步骤616。In some implementations, the generating module 801 is used to perform steps 601-604, 606, 610-613 and 615. The sending module 802 is configured to execute step 607 and step 616 . In some other implementation manners, the generating module 810 is configured to execute steps 610-613 and step 615, and the sending module 802 is configured to execute step 616.

图8所示的远程证明的装置应用于第二网络设备,所具备的结构,与第一网络设备交互的详细过程,请参照前面图1-6相关的各实施例的描述,在这里不再重复。The remote attestation device shown in FIG. 8 is applied to the second network device. For the structure and the detailed process of interacting with the first network device, please refer to the descriptions of the various embodiments related to FIGS. 1-6 above, which will not be repeated here. repeat.

综上所述,本申请实施例中第一网络设备在确认第一基线文件和度量日志可信的情况下,基于第一基线文件和度量日志对第二网络设备的软件进行远程证明,保证了所得到的远程证明结果的准确性。由于第一网络设备获取的第一基线文件和度量日志是由第二网络设备生成的,获取方式较为智能,因而使得本申请实施例提供的远程证明的方式也较为智能,灵活性较高。To sum up, in the embodiment of the present application, the first network device remotely certifies the software of the second network device based on the first baseline file and the measurement log after confirming that the first baseline file and the measurement log are credible, ensuring The resulting remote attests to the accuracy of the results. Since the first baseline file and measurement log obtained by the first network device are generated by the second network device, the acquisition method is relatively intelligent, so the remote attestation method provided by the embodiment of the present application is also relatively intelligent and flexible.

应理解的是,上述图7以及图8提供的装置在实现其功能时,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将设备的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。另外,上述实施例提供的装置与方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be understood that, when the above-mentioned devices provided in Fig. 7 and Fig. 8 implement their functions, they are only illustrated by dividing the above-mentioned functional modules. In practical applications, the above-mentioned function allocation can be completed by different functional modules according to needs. , which divides the internal structure of the device into different functional modules to complete all or part of the functions described above. In addition, the device and the method embodiment provided by the above embodiment belong to the same idea, and the specific implementation process thereof is detailed in the method embodiment, and will not be repeated here.

图9示出了本申请一示例性的远程证明的设备900的结构示意图。如图9所示,该远程证明的设备900包括至少一个处理器901、存储器903以及至少一个网络接口904。FIG. 9 shows a schematic structural diagram of an exemplary remote attestation device 900 of the present application. As shown in FIG. 9 , the remote attestation device 900 includes at least one processor 901 , a memory 903 and at least one network interface 904 .

处理器901例如是通用中央处理器(Central Processing Unit,CPU)、数字信号处理器(digital signal processor,DSP)、网络处理器(network processer,NP)、GPU、神经网络处理器(neural-network processing units,NPU)、数据处理单元(Data ProcessingUnit,DPU)、微处理器或者一个或多个用于实现本申请方案的集成电路或专用集成电路(application-specific integrated circuit,ASIC)、可编程逻辑器件(programmablelogic device,PLD)、其他通用处理器或者其他可编程逻辑器件、分立门、晶体管逻辑器件、分立硬件部件或者其任意组合。PLD例如是复杂可编程逻辑器件(complex programmablelogic device,CPLD)、现场可编程逻辑门阵列(field-programmable gate array,FPGA)、通用阵列逻辑(generic array logic,GAL)或其任意组合。通用处理器可以是微处理器或者是任何常规的处理器等。值得说明的是,处理器可以是支持进阶精简指令集机器(advanced RISC machines,ARM)架构的处理器。其可以实现或执行结合本申请公开内容所描述的各种逻辑方框、模块和电路。处理器也可以是实现计算功能的组合,例如包括一个或多个微处理器组合,DSP和微处理器的组合等等。The processor 901 is, for example, a general-purpose central processing unit (Central Processing Unit, CPU), a digital signal processor (digital signal processor, DSP), a network processor (network processor, NP), a GPU, a neural network processor (neural-network processing units, NPU), data processing unit (Data Processing Unit, DPU), microprocessor or one or more integrated circuits or application-specific integrated circuits (application-specific integrated circuit, ASIC) for implementing the scheme of this application, programmable logic devices (programmable logic device, PLD), other general-purpose processors or other programmable logic devices, discrete gates, transistor logic devices, discrete hardware components, or any combination thereof. The PLD is, for example, a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL) or any combination thereof. A general purpose processor may be a microprocessor or any conventional processor or the like. It should be noted that the processor may be a processor supporting advanced RISC machines (ARM) architecture. It can implement or execute the various logical blocks, modules and circuits described in connection with the present disclosure. The processor can also be a combination of computing functions, for example, a combination of one or more microprocessors, a combination of DSP and a microprocessor, and so on.

可选的,远程证明的设备900还包括总线902。总线902用于在远程证明的设备900的各组件之间传送信息。总线902可以是外设部件互连标准(peripheral componentinterconnect,PCI)总线或扩展工业标准结构(extended industry standardarchitecture,EISA)总线等。总线902可以分为地址总线、数据总线、控制总线等。为便于表示,图9中仅用一条线表示,但并不表示仅有一根总线或一种类型的总线。Optionally, the remote attestation device 900 further includes a bus 902 . Bus 902 is used to communicate information between the various components of remote attestation device 900 . The bus 902 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus or the like. The bus 902 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one line is used in FIG. 9 , but it does not mean that there is only one bus or one type of bus.

存储器903可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(read-only memory,ROM)、可编程只读存储器(programmable ROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically EPROM,EEPROM)或闪存。易失性存储器可以是随机存取存储器(random access memory,RAM),其用作外部高速缓存。Memory 903 may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. Among them, the non-volatile memory can be read-only memory (read-only memory, ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically programmable Erases programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (RAM), which acts as external cache memory.

通过示例性但不是限制性说明,许多形式的ROM和RAM可用。例如,ROM为只读光盘(compact disc read-only memory,CD-ROM)。RAM包括但不限于静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(dynamic random access memory,DRAM)、同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data date SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhancedSDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。By way of illustration and not limitation, many forms of ROM and RAM are available. For example, the ROM is a compact disc read-only memory (CD-ROM). RAM includes but not limited to static random access memory (static RAM, SRAM), dynamic random access memory (dynamic random access memory, DRAM), synchronous dynamic random access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic Random access memory (double data date SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhancedSDRAM, ESDRAM), synchronous connection dynamic random access memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory ( direct rambus RAM, DR RAM).

存储器903还可以是可存储静态信息和指令的其它类型的存储设备。或者可以是可存储信息和指令的其它类型的动态存储设备。或者可以是其它光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其它磁存储设备,或者是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其它介质,但不限于此。存储器903例如是独立存在,并通过总线902与处理器901相连接。存储器903也可以和处理器901集成在一起。Memory 903 may also be other types of storage devices that may store static information and instructions. Or other types of dynamic storage devices that can store information and instructions. Or it may be other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, Blu-ray disc, etc.), magnetic disc storage medium or other magnetic storage device, or can be used to carry or store instructions or data structure program code in the form of a program and any other medium that can be accessed by a computer, but is not limited thereto. The memory 903 exists independently, for example, and is connected to the processor 901 through the bus 902 . The memory 903 can also be integrated with the processor 901.

网络接口904使用任何收发器一类的装置,用于与其它设备或通信网络通信。通信网络可以为以太网、无线接入网(radio access network,RAN)或无线局域网(wirelesslocal area network,WLAN)等。网络接口904可以包括有线网络接口,还可以包括无线网络接口。具体的,网络接口904可以为以太(Ethernet)接口,如:快速以太(Fast Ethernet,FE)接口、千兆以太(Gigabit Ethernet,GE)接口,异步传输模式(Asynchronous TransferMode,ATM)接口,WLAN接口,蜂窝网络接口或其组合。以太网接口可以是光接口,电接口或其组合。在本申请的一些实施方式中,网络接口904可以用于远程证明的设备900与其他设备进行通信。Network interface 904 uses any transceiver-like device for communicating with other devices or a communication network. The communication network may be an Ethernet, a radio access network (radio access network, RAN), or a wireless local area network (wireless local area network, WLAN), or the like. The network interface 904 may include a wired network interface, and may also include a wireless network interface. Specifically, the network interface 904 may be an Ethernet (Ethernet) interface, such as: Fast Ethernet (Fast Ethernet, FE) interface, Gigabit Ethernet (Gigabit Ethernet, GE) interface, Asynchronous Transfer Mode (Asynchronous TransferMode, ATM) interface, WLAN interface , the cellular network interface, or a combination thereof. The Ethernet interface can be an optical interface, an electrical interface or a combination thereof. In some embodiments of the present application, network interface 904 may be used for remote attestation device 900 to communicate with other devices.

在具体实现中,作为一些实施方式,处理器901可以包括一个或多个CPU,如图9中所示的CPU0和CPU1。这些处理器中的每一个可以是一个单核处理器,也可以是一个多核处理器。这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。In a specific implementation, as some implementation manners, the processor 901 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 9 . Each of these processors can be a single-core processor or a multi-core processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).

在具体实现中,作为一些实施方式,远程证明的设备900可以包括多个处理器。如图9中所示的处理器901和处理器905。这些处理器中的每一个可以是一个单核处理器,也可以是一个多核处理器。这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(如计算机程序指令)的处理核。In a specific implementation, as some implementation manners, the remote attestation device 900 may include multiple processors. Processor 901 and processor 905 as shown in FIG. 9 . Each of these processors can be a single-core processor or a multi-core processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data such as computer program instructions.

在一些实施方式中,存储器903用于存储执行本申请方案的程序指令910,处理器901可以执行存储器903中存储的程序指令910。也即是,远程证明的设备900可以通过处理器901以及存储器903中的程序指令910,来实现方法实施例提供的方法,即图5或6中第一网络设备或第二网络设备所执行的方法。程序指令910中可以包括一个或多个软件模块。可选地,处理器901自身也可以存储执行本申请方案的程序指令。In some implementations, the memory 903 is used to store program instructions 910 for implementing the solution of the present application, and the processor 901 can execute the program instructions 910 stored in the memory 903 . That is, the remote attestation device 900 can implement the method provided by the method embodiment through the processor 901 and the program instructions 910 in the memory 903, that is, the method performed by the first network device or the second network device in FIG. 5 or 6 method. One or more software modules may be included in the program instructions 910 . Optionally, the processor 901 itself may also store program instructions for executing the solutions of the present application.

在具体实施过程中,本申请的远程证明的设备900可对应于用于执行上述方法的第一网络设备,远程证明的设备900中的处理器901读取存储器903中的指令,使图9所示的远程证明的设备900能够执行方法实施例中的全部或部分步骤。In the specific implementation process, the remote attestation device 900 of the present application may correspond to the first network device for performing the above method, and the processor 901 in the remote attestation device 900 reads the instructions in the memory 903, so that the The shown remote attestation device 900 can execute all or part of the steps in the method embodiments.

远程证明的设备900还可以对应于上述图7或图8所示的装置,图7或图8所示的装置中的每个功能模块采用远程证明的设备900的软件实现。换句话说,图7或图8所示的装置包括的功能模块为远程证明的设备900的处理器901读取存储器903中存储的程序指令910后生成的。The remote attestation device 900 may also correspond to the apparatus shown in FIG. 7 or FIG. 8 above, and each functional module in the apparatus shown in FIG. 7 or FIG. 8 is implemented by the software of the remote attestation device 900 . In other words, the functional modules included in the apparatus shown in FIG. 7 or FIG. 8 are generated after the processor 901 of the remote attestation device 900 reads the program instructions 910 stored in the memory 903 .

其中,图5或6所示的方法的各步骤通过远程证明的设备900的处理器中的硬件的集成逻辑电路或者软件形式的指令完成。结合本申请所公开的方法实施例的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,处理器读取存储器中的信息,结合其硬件完成上述方法实施例的步骤,为避免重复,这里不再详细描述。Wherein, each step of the method shown in FIG. 5 or 6 is completed by an integrated logic circuit of hardware in the processor of the remote attestation device 900 or an instruction in the form of software. The steps combined with the method embodiments disclosed in this application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor. The software module can be located in the random access memory, and the processor reads the information in the memory, and completes the steps of the above-mentioned method embodiments in combination with its hardware. To avoid repetition, no detailed description is given here.

在示例性实施例中,本申请实施例提供了一种远程证明的设备。该设备包括:包括网络接口、存储器及处理器。网络接口用于接收或发送数据,存储器中存储数据及至少一条指令。至少一条指令由处理器加载并执行,以使远程证明的设备实现图5或6中第一网络设备或第二网络设备执行的远程证明的方法。其中,网络接口接收或发送的数据及存储器中存储的数据可以参见上文图1-6对应的说明,在此不再赘述。In an exemplary embodiment, the embodiment of the present application provides a device for remote attestation. The device includes: including network interface, memory and processor. The network interface is used to receive or send data, and the memory stores data and at least one instruction. At least one instruction is loaded and executed by the processor, so that the remote attestation device implements the remote attestation method performed by the first network device or the second network device in FIG. 5 or 6 . Wherein, the data received or sent by the network interface and the data stored in the memory may refer to the descriptions corresponding to FIGS. 1-6 above, and will not be repeated here.

在示例性实施例中,本申请实施例提供了一种远程证明的系统。该系统包括第一网络设备和至少一个第二网络设备。第一网络设备与至少一个第二网络设备通信连接。第一网络设备用于执行图5或6中第一网络设备所执行的方法,第二网络设备用于执行图5或6中第二网络设备所执行的方法。In an exemplary embodiment, the embodiment of the present application provides a remote attestation system. The system includes a first network device and at least one second network device. The first network device is communicatively connected to at least one second network device. The first network device is configured to execute the method executed by the first network device in FIG. 5 or 6 , and the second network device is configured to execute the method executed by the second network device in FIG. 5 or 6 .

在示例性实施例中,本申请实施例提供了一种计算机程序(产品)。计算机程序(产品)包括:计算机程序代码。当计算机程序代码被计算机运行时,使得计算机执行图5或6中第一网络设备所执行的远程证明的方法。或者,使得计算机执行图5或6中第二网络设备所执行的方法。In an exemplary embodiment, an embodiment of the present application provides a computer program (product). Computer programs (products) include: computer program codes. When the computer program code is run by the computer, it causes the computer to execute the remote attestation method executed by the first network device in FIG. 5 or 6 . Or, make the computer execute the method executed by the second network device in FIG. 5 or 6 .

在示例性实施例中,本申请实施例提供了一种计算机可读存储介质。计算机可读存储介质存储程序或指令。当程序或指令在计算机上运行时,计算机执行上述图5或6中第一网络设备所执行的方法。或者,计算机执行上述图5或6中第二网络设备所执行的方法。In an exemplary embodiment, an embodiment of the present application provides a computer-readable storage medium. A computer-readable storage medium stores programs or instructions. When the program or instruction runs on the computer, the computer executes the method executed by the first network device in FIG. 5 or 6 above. Alternatively, the computer executes the method executed by the second network device in FIG. 5 or 6 above.

在示例性实施例中,本申请实施例提供了一种芯片。该芯片包括处理器。处理器用于从存储器中调用并运行存储器中存储的指令,使得安装有芯片的设备执行图5或6中第一网络设备所执行的方法。或者,使得安装有芯片的设备执行图5或6中第二网络设备所执行的方法。In an exemplary embodiment, the embodiment of the present application provides a chip. The chip includes a processor. The processor is used to call from the memory and execute the instructions stored in the memory, so that the device installed with the chip executes the method executed by the first network device in FIG. 5 or 6 . Or, make the device installed with the chip execute the method executed by the second network device in FIG. 5 or 6 .

在示例性实施例中,本申请实施例提供另一种芯片。该芯片包括输入接口、输出接口、处理器和存储器。输入接口、输出接口、处理器以及存储器之间通过内部连接通路相连。处理器用于执行存储器中的代码。当代码被执行时,处理器用于执行图5或6中第一网络设备所执行的方法。或者,处理器用于执行图5或6中第二网络设备所执行的方法。In an exemplary embodiment, the embodiment of the present application provides another chip. The chip includes input interface, output interface, processor and memory. The input interface, the output interface, the processor and the memory are connected through internal connection paths. The processor is used to execute code in the memory. When the code is executed, the processor is configured to execute the method executed by the first network device in FIG. 5 or 6 . Alternatively, the processor is configured to execute the method executed by the second network device in FIG. 5 or 6 .

在上述实施例中,计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。计算机可读存储介质存储的指令可以从一个计算机可读存储介质向另一个计算机可读存储介质传输。例如,指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘Solid State Disk)等。In the above embodiments, the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. Instructions stored by computer-readable storage media may be transferred from one computer-readable storage medium to another computer-readable storage medium. For example, instructions may be transmitted from one web site, computer, server, or data center to another web site, computer, server, or or data center for transmission. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a Solid State Disk).

本申请中术语“第一”、“第二”等字样用于对作用和功能基本相同的相同项或相似项进行区分。应理解,“第一”、“第二”、“第n”之间不具有逻辑或时序上的依赖关系,也不对数量和执行顺序进行限定。还应理解,尽管以下描述使用术语第一、第二等来描述各种元素,但这些元素不应受术语的限制。这些术语只是用于将一元素与另一元素区别分开。In this application, terms such as "first" and "second" are used to distinguish the same or similar items with substantially the same effect and function. It should be understood that "first", "second", and "nth" do not have a logical or sequential dependency relationship, and the quantity and execution sequence are not limited. It should also be understood that although the following description uses the terms first, second, etc. to describe various elements, these elements should not be limited by the terms. These terms are only used to distinguish one element from another.

还应理解,在本申请的各个实施例中,各个过程的序号的大小并不意味着执行顺序的先后。各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should also be understood that in each embodiment of the present application, the sequence numbers of the various processes do not mean the order of execution. The execution sequence of each process should be determined by its function and internal logic, and should not constitute any limitation to the implementation process of the embodiment of the present application.

本申请中术语“至少一个”的含义是指一个或多个。本申请中术语“多个”的含义是指两个或两个以上。例如,多个第二设备是指两个或两个以上的第二设备。本文中术语“系统”和“网络”经常可互换使用。The term "at least one" in this application means one or more. The meaning of the term "plurality" in this application refers to two or more than two. For example, multiple second devices refer to two or more second devices. The terms "system" and "network" are often used interchangeably herein.

还应理解,本文中所使用的术语“和/或”是指并且涵盖相关联的所列出的项目中的一个或多个项目的任何和全部可能的组合。术语“和/或”是一种描述关联对象的关联关系,表示可以存在三种关系。例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本申请中的字符“/”一般表示前后关联对象是一种“或”的关系。It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. The term "and/or" is an associative relationship describing associated objects, indicating that there may be three kinds of relationships. For example, A and/or B may mean that A exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this application generally indicates that the contextual objects are an "or" relationship.

应理解,在本文中对各种所述示例的描述中所使用的术语只是为了描述特定示例,而并非旨在进行限制。如在对各种所述示例的描述和所附权利要求书中所使用的那样,单数形式“一个(“a”,“an”)”和“该”旨在也包括复数形式,除非上下文另外明确地指示。It is to be understood that the terminology used in describing the various described examples herein is for the purpose of describing particular examples only and is not intended to be limiting. As used in the description of the various described examples and in the appended claims, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context dictates otherwise Clearly instruct.

还应理解,术语“若”和“如果”可被解释为意指“当...时”(“when”或“upon”)或“响应于确定”或“响应于检测到”。类似地,根据上下文,短语“若确定...”或“若检测到[所陈述的条件或事件]”可被解释为意指“在确定...时”或“响应于确定...”或“在检测到[所陈述的条件或事件]时”或“响应于检测到[所陈述的条件或事件]”。It should also be understood that the terms "if" and "if" may be construed to mean "when" ("when" or "upon") or "in response to determining" or "in response to detecting". Similarly, depending on the context, the phrases "if it is determined..." or "if [the stated condition or event] is detected" may be construed to mean "when determining" or "in response to determining... ” or “upon detection of [stated condition or event]” or “in response to detection of [stated condition or event]”.

以上所述仅为本申请的实施例,并不用以限制本申请。凡在本申请的原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above descriptions are only examples of the present application, and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the principles of this application shall be included within the scope of protection of this application.

Claims (23)

1. A method of remote attestation, the method comprising:
the method comprises the steps that a first network device obtains a first baseline file and a measurement log corresponding to software of a second network device, the first baseline file and the measurement log are generated by the second network device, the first baseline file is used for recording a reference value of the software under a trusted condition, and the measurement log is used for recording a measurement value of the software;
And in response to confirming that the first baseline file and the measurement log are trusted, the first network device remotely proves the software based on the first baseline file and the measurement log to obtain a remote proving result corresponding to the software, wherein the remote proving result corresponding to the software is used for indicating whether the software is trusted or not.
2. The method of claim 1, wherein the first network device remotely attests to the software based on the first baseline file and the metric log, and wherein prior to obtaining a remote attestation result corresponding to the software, the method further comprises:
the first network device receives a trusted baseline file check value sent by the second network device, wherein the baseline file check value is used for checking whether the first baseline file is trusted or not;
the first network equipment calculates the reference value recorded by the first baseline file to obtain a first numerical value, wherein the first numerical value and the baseline file check value are calculated in the same mode, and the same calculation mode is the same algorithm or the same algorithm and calculation sequence;
in response to the first value being the same as the baseline file verification value, the first network device validates that the first baseline file is authentic.
3. The method according to claim 1 or 2, wherein the first network device performs remote attestation on the software based on the first baseline file and the measurement log, and before obtaining a remote attestation result corresponding to the software, the method further comprises:
the first network equipment receives a trusted measurement log check value sent by the second network equipment, wherein the measurement log check value is used for checking whether the measurement log is trusted or not;
the first network equipment calculates the measurement value recorded by the measurement log to obtain a second numerical value, wherein the second numerical value and the measurement log check value are calculated in the same mode, and the same calculation mode is the same algorithm or the same algorithm and calculation sequence;
in response to the second value being the same as the metric log check value, the first network device confirms that the metric log is authentic.
4. A method according to any of claims 1-3, wherein the first baseline file and the metric log have been encrypted by a private key of the second network device, the first network device remotely proving the software based on the first baseline file and the metric log, and before obtaining a remote proving result corresponding to the software, the method further comprises:
And the first network equipment acquires a public key corresponding to the private key, and decrypts the first baseline file and the measurement log through the public key.
5. The method of any of claims 1-4, wherein the first network device remotely attests to the software based on the first baseline file and the metric log, and before obtaining a remote attestation result corresponding to the software, the method further comprises:
the first network device determines that a metrology target corresponding to a metrology value of the metrology log record belongs to a subset of metrology targets corresponding to a baseline value of the first baseline file record.
6. The method according to any one of claims 1-5, wherein the first network device performs remote attestation on the software based on the first baseline file and the measurement log, and before obtaining a remote attestation result corresponding to the software, the method further comprises:
the first network device receives a stored first baseline file sent by the second network device;
the first network device determines that the stored first baseline file is the same as the first baseline file.
7. The method of any of claims 1-6, wherein the first network device obtaining a first baseline file and a metrics log generated by a second network device comprises:
The first network device sends a challenge request to the second network device, the challenge request being used to request the second network device to send the first baseline file and the metric log;
the first network device receives the first baseline file and the measurement log sent by the second network device.
8. The method of claim 7, wherein the challenge request includes a benchmark challenge value; the first network device performs remote certification on the software based on the first baseline file and the measurement log, and before obtaining a remote certification result corresponding to the software, the method further includes:
the first network device receives the challenge value sent by the second network device, and determines that the challenge value is the same as the reference challenge value.
9. The method according to claim 7 or 8, wherein the first network device performs remote attestation on the software based on the first baseline file and the measurement log, and before obtaining a remote attestation result corresponding to the software, the method further comprises:
the first network device determines that a time difference value between a sending time and a receiving time is not greater than a time threshold, wherein the sending time is a time for sending the challenge request, and the receiving time is a time for receiving the first baseline file and the measurement log.
10. The method according to any one of claims 1 to 9, wherein the software is running software, data of the running software is located in a plurality of memory pages included in a memory of the second network device, the first baseline file is generated after the second network device queries the plurality of memory pages to obtain the data, and splices the data to obtain the running software, and the running software is at least one of user mode software and kernel mode software.
11. The method of claim 10, wherein the running software is the kernel mode software, the method further comprising:
the first network device obtains a second baseline file corresponding to user mode software of the second network device, wherein the second baseline file is generated in the compiling process of the user mode software;
and the first network equipment remotely proves the user mode software based on the second baseline file to obtain a remote proving result corresponding to the user mode software.
12. A method of remote attestation, the method comprising:
the method comprises the steps that a second network device generates a first baseline file corresponding to software of the second network device, wherein the first baseline file is used for recording a reference value of the software under a trusted condition;
The second network equipment generates a measurement log corresponding to the software, wherein the measurement log is used for recording the measurement value of the software;
the second network device sends the first baseline file and the metrics log to a first network device.
13. The method of claim 12, wherein the metric values of the metric log record correspond to metric targets, and wherein for any metric target, the reference value corresponding to any metric target in the first baseline file is different from the metric value corresponding to any metric target.
14. The method of claim 13, wherein the second network device generating the software-corresponding metric log comprises:
in response to confirming that the first baseline file is authentic, the second network device generates a metrics log corresponding to the software.
15. The method according to any one of claims 12-14, further comprising:
the second network equipment calculates a reference value of the first baseline file record to obtain a baseline file check value, wherein the baseline file check value is used for checking whether the first baseline file is credible or not;
The second network device sends a trusted baseline file check value to the first network device.
16. The method according to any one of claims 12-15, wherein the method further comprises:
the second network equipment calculates the measurement value recorded by the measurement log to obtain a measurement log check value, wherein the measurement log check value is used for checking whether the measurement log is credible or not;
the second network device sends a trusted metric log check value to the first network device.
17. The method of any of claims 12-16, wherein the second network device sending the first baseline file and the metrics log to a first network device comprises:
the second network device sends a first baseline file and a metrics log encrypted by a private key of the second network device to the first network device.
18. The method according to any one of claims 12-17, further comprising:
the second network device sends a stored first baseline file to the first network device.
19. The method of any of claims 12-18, wherein prior to the second network device sending the first baseline file and the metrics log to the first network device, the method further comprises:
The second network device receives a challenge request sent by the first network device, where the challenge request is used to request the second network device to send the first baseline file and the measurement log.
20. The method of claim 19, wherein the challenge request includes a benchmark challenge value, the method further comprising:
the second network device sends a challenge value to the first network device, the challenge value being the reference challenge value.
21. The method according to any one of claims 12-20, wherein the software is running software, the running software is at least one of user mode software and kernel mode software, and the second network device generates a first baseline file corresponding to the software of the second network device, including:
the second network device queries a plurality of memory pages included in a memory of the second network device to obtain data of the running state software;
and the second network equipment splices the data to obtain the running state software, and generates the first baseline file corresponding to the running state software.
22. A device for remote attestation, the device comprising a network interface, a memory, and a processor; the network interface is configured to receive or transmit data, and the memory stores data and at least one instruction that is loaded and executed by the processor to cause the remote attestation device to implement the method of remote attestation of any of claims 1-21.
23. A system for remote attestation, the system comprising a first network device for implementing the method of remote attestation of any of claims 1-11 and at least one second network device for implementing the method of remote attestation of any of claims 12-21.
CN202210060322.XA 2022-01-19 2022-01-19 Method, device and system for remote attestation Pending CN116502188A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210060322.XA CN116502188A (en) 2022-01-19 2022-01-19 Method, device and system for remote attestation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210060322.XA CN116502188A (en) 2022-01-19 2022-01-19 Method, device and system for remote attestation

Publications (1)

Publication Number Publication Date
CN116502188A true CN116502188A (en) 2023-07-28

Family

ID=87329032

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210060322.XA Pending CN116502188A (en) 2022-01-19 2022-01-19 Method, device and system for remote attestation

Country Status (1)

Country Link
CN (1) CN116502188A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117834627A (en) * 2023-12-29 2024-04-05 北京字跳网络技术有限公司 Remote certification method, device, electronic device and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117834627A (en) * 2023-12-29 2024-04-05 北京字跳网络技术有限公司 Remote certification method, device, electronic device and storage medium

Similar Documents

Publication Publication Date Title
US8364973B2 (en) Dynamic generation of integrity manifest for run-time verification of software program
CN103093150B (en) A kind of dynamic integrity protection method based on credible chip
EP3479282B1 (en) Targeted secure software deployment
US7953980B2 (en) Signed manifest for run-time verification of software program identity and integrity
US9363087B2 (en) End-to-end security for hardware running verified software
CN105608386A (en) Trusted computing terminal integrity measuring and proving method and device
CN113468535B (en) Trust measurement method and related device
CN110334515B (en) Method and device for generating measurement report based on trusted computing platform
US11829464B2 (en) Apparatus and method for authentication of software
US11886581B1 (en) Rapid verification of executing processes
US20240419795A1 (en) Dynamic code segment measurement method and apparatus and electronic device
US11816202B2 (en) Run-time code execution validation
CN116842517A (en) Trusted verification method and device
EP3229164B1 (en) Devices for measuring and verifying system states
EP3494509A1 (en) Sequence verification
CN116502188A (en) Method, device and system for remote attestation
US20200310776A1 (en) Over-the-air update validation
CN117834627B (en) Remote certification method, device, electronic device and storage medium
US20220200807A1 (en) Device attestation
US10242195B2 (en) Integrity values for beginning booting instructions
KR101893504B1 (en) A file integrity test in linux environment device and method
CN115878122B (en) Method, system and storage medium for corruption determination of data items
CN115618362B (en) A computer system, access control method and storage medium
CN114201761B (en) Enhancing metric agent security in trusted computing systems
CN119249405A (en) Security protection mechanism and implementation method for smart measurement terminal APP applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination