To meet the trust requirements of complex environments such as cloud platforms, physical trust modules are often virtualized into virtual Trusted Platform Module (vTPM) to function as the root of trust for each virtual machine or container. In remote attestation, vTPM utilize hardware-TPM-based certificate chain extension schemes to ensure its trustworthiness. Existing vTPM certificate chain extension schemes must turn to Privacy Certificates Authority (PCA) for new certificate during every attestation, however, result in excessive computational and communication overheads. To address this issue, this paper proposes a vTPM certificate chain extension scheme based on Multi-Certificate Public Key Infrastructure (MCPKI). This scheme allows unsigned sub-certificates to have the same legitimacy and identity as the root certificate through certificates correlation. In this way, vTPM can have multiple certificates with valid identity and only need to apply to PCA once, which reduces the performance loss caused by repetitive validation in traditional certificate chain extension schemes and enhances the efficiency of Privacy CA certificate issuance. Furthermore, certificate generation is handled by the local vTPM, reducing communication overheads. A new trusted third-party Verification Certificate Authority (VCA) is introduced to share the validation workload of Privacy CA and reduce the reliance on Privacy CA in certificate chain extension. The experiment results demonstrate that this scheme outperforms traditional certificate chain extension schemes in scenarios with multiple certificates requirement.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.