GS1 is an international standards organization,which focuses on product identification and product data,helping businesses and governments to improve commerce and supply chain.Why trusted data is essential to high-qua...GS1 is an international standards organization,which focuses on product identification and product data,helping businesses and governments to improve commerce and supply chain.Why trusted data is essential to high-quality development?More than 50 years ago,GS1 was initiated with the bar code,a profound transformation of the way we work and live.From then on,a simple scan connected a physical product to its digital identity.It transformed commerce,improving supply chains and enabling safer healthcare.Collaboration between industry and governments,and a strong partnership with ISO and IEC laid the foundations for the global adoption of a common product identification over the past 50 years and all around the world.展开更多
In an era where artificial intelligence(AI)is permeating many aspects of scientific research activity,what science and technology(S&T)journals can do to uphold research integrity and secure scholarly quality?What ...In an era where artificial intelligence(AI)is permeating many aspects of scientific research activity,what science and technology(S&T)journals can do to uphold research integrity and secure scholarly quality?What kind of revolution is needed in such a rapidly drifting world to hold on to the essential value of science?展开更多
With the rapid development of digital technologies such as big data,cloud computing,and the Internet of Things(loT),data security and privacy protection have become the core challenges facing modern computing systems....With the rapid development of digital technologies such as big data,cloud computing,and the Internet of Things(loT),data security and privacy protection have become the core challenges facing modern computing systems.Traditional security mechanisms are difficult to effectively deal with advanced adversarial attacks due to their reliance on a centralized trust model.In this context,the Trusted Execution Environment(TEE),as a hardware-enabled secure isolation technology,offers a potential solution to protect sensitive computations and data.This paper systematically discusses TEE's technical principle,application status,and future development trend.First,the underlying architecture of TEE and its core characteristics,including isolation,integrity,and confidentiality,are analyzed.Secondly,practical application cases of TEE in fields such as finance,the IoT,artificial intelligence,and privacy computing are studied.Finally,the future development direction of TEE is prospected.展开更多
With the recent technological developments,massive vehicular ad hoc networks(VANETs)have been established,enabling numerous vehicles and their respective Road Side Unit(RSU)components to communicate with oneanother.Th...With the recent technological developments,massive vehicular ad hoc networks(VANETs)have been established,enabling numerous vehicles and their respective Road Side Unit(RSU)components to communicate with oneanother.The best way to enhance traffic flow for vehicles and traffic management departments is to share thedata they receive.There needs to be more protection for the VANET systems.An effective and safe methodof outsourcing is suggested,which reduces computation costs by achieving data security using a homomorphicmapping based on the conjugate operation of matrices.This research proposes a VANET-based data outsourcingsystem to fix the issues.To keep data outsourcing secure,the suggested model takes cryptography models intoaccount.Fog will keep the generated keys for the purpose of vehicle authentication.For controlling and overseeingthe outsourced data while preserving privacy,the suggested approach considers the Trusted Certified Auditor(TCA).Using the secret key,TCA can identify the genuine identity of VANETs when harmful messages aredetected.The proposed model develops a TCA-based unique static vehicle labeling system using cryptography(TCA-USVLC)for secure data outsourcing and privacy preservation in VANETs.The proposed model calculatesthe trust of vehicles in 16 ms for an average of 180 vehicles and achieves 98.6%accuracy for data encryption toprovide security.The proposedmodel achieved 98.5%accuracy in data outsourcing and 98.6%accuracy in privacypreservation in fog-enabled VANETs.Elliptical curve cryptography models can be applied in the future for betterencryption and decryption rates with lightweight cryptography operations.展开更多
Due to the need for massive device connectivity,low communication latency,and various customizations in 6G architecture,a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integra...Due to the need for massive device connectivity,low communication latency,and various customizations in 6G architecture,a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integrated network scenario.However,the openness and heterogeneity of the 6G network cause the problems of network security.To improve the trustworthiness of 6G networks,we propose a trusted computing-based approach for establishing trust relationships inmulti-cloud scenarios.The proposed method shows the relationship of trust based on dual-level verification.It separates the trustworthy states of multiple complex cloud units in 6G architecture into the state within and between cloud units.Firstly,SM3 algorithm establishes the chain of trust for the system’s trusted boot phase.Then,the remote attestation server(RAS)of distributed cloud units verifies the physical servers.Meanwhile,the physical servers use a ring approach to verify the cloud servers.Eventually,the centralized RAS takes one-time authentication to the critical evidence information of distributed cloud unit servers.Simultaneously,the centralized RAS also verifies the evidence of distributed RAS.We establish our proposed approach in a natural OpenStack-based cloud environment.The simulation results show that the proposed method achieves higher security with less than a 1%system performance loss.展开更多
In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relation...In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.展开更多
Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of truste...Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module (TPM) technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author's research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.展开更多
It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen who...It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM (trusted platform module) context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM (virtual machine) configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG (trusted computing group) static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.展开更多
In recent years,the Industrial Internet and Industry 4.0 came into being.With the development of modern industrial intelligent manufacturing technology,digital twins,Web3 and many other digital entity applications are...In recent years,the Industrial Internet and Industry 4.0 came into being.With the development of modern industrial intelligent manufacturing technology,digital twins,Web3 and many other digital entity applications are also proposed.These applications apply architectures such as distributed learning,resource sharing,and arithmetic trading,which make high demands on identity authentication,asset authentication,resource addressing,and service location.Therefore,an efficient,secure,and trustworthy Industrial Internet identity resolution system is needed.However,most of the traditional identity resolution systems follow DNS architecture or tree structure,which has the risk of a single point of failure and DDoS attack.And they cannot guarantee the security and privacy of digital identity,personal assets,and device information.So we consider a decentralized approach for identity management,identity authentication,and asset verification.In this paper,we propose a distributed trusted active identity resolution system based on the inter-planetary file system(IPFS)and non-fungible token(NFT),which can provide distributed identity resolution services.And we have designed the system architecture,identity service process,load balancing strategy and smart contract service.In addition,we use Jmeter to verify the performance of the system,and the results show that the system has good high concurrent performance and robustness.展开更多
The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network...The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.展开更多
Internet of things has been widely applied to industrial control, smart city and environmental protection, in these applica- tion scenarios, sensing node needs to make real-time response to the feedback control of the...Internet of things has been widely applied to industrial control, smart city and environmental protection, in these applica- tion scenarios, sensing node needs to make real-time response to the feedback control of the application layer. Therefore, it is nec- essary to monitor whether or not awareness nodes are trusted in real time, but the existing mechanisms for trusted certification lack the real-time measurement and tracking of the sensing node. To solve the above problems, this paper proposes a dynamic metric based authentication mechanism for sensing nodes of Internet of things. Firstly, the dynamic trustworthiness measure of the sensing nodes is carried out by introducing the computational function such as the trust function, the trust- worthiness risk assessment function, the feed- back control function and the active function of the sensing node. The dynamic trustworthi- ness measure of sensing nodes from multiple dimensions can effectively describe the change of trusted value of sensing nodes. Then, on the basis of this, a trusted attestation based on node trusted measure is realized by using the revocable group signature mechanism of local verifier. The mechanism has anonymity, un- forgeability and traceability, which is proved the security in the standard model. Simulationexperiments show that the proposed trusted attestation mechanism is flexible, practical and ef|Scient and has better attack resistance. It can effectively guarantee the reliable data transmission of nodes and realize the dynamic tracking of node reliability, which has a lower impact on system performance.展开更多
In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used ...In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.展开更多
Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled ...Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.展开更多
Cloud computing is very useful for big data owner who doesn't want to manage IT infrastructure and big data technique details. However, it is hard for big data owner to trust multi-layer outsourced big data system...Cloud computing is very useful for big data owner who doesn't want to manage IT infrastructure and big data technique details. However, it is hard for big data owner to trust multi-layer outsourced big data system in cloud environment and to verify which outsourced service leads to the problem. Similarly, the cloud service provider cannot simply trust the data computation applications. At last,the verification data itself may also leak the sensitive information from the cloud service provider and data owner. We propose a new three-level definition of the verification, threat model, corresponding trusted policies based on different roles for outsourced big data system in cloud. We also provide two policy enforcement methods for building trusted data computation environment by measuring both the Map Reduce application and its behaviors based on trusted computing and aspect-oriented programming. To prevent sensitive information leakage from verification process,we provide a privacy-preserved verification method. Finally, we implement the TPTVer, a Trusted third Party based Trusted Verifier as a proof of concept system. Our evaluation and analysis show that TPTVer can provide trusted verification for multi-layered outsourced big data system in the cloud with low overhead.展开更多
Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent techni...Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent technique with the support of trusted computing provided by TPM,a trust-shell-based constitution model of trusted software(TSCMTS)is demonstrated,trust shell ensures the trustiness of software logically.The concept of Trust Engine is proposed,which extends the "chain of trust" of TCG into application,and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness;Data Structure called trust view is defined to represent the characteristic of software behavior.For the purpose of improving the accuracy of trustiness constraints,a strategy for determining the weights of characteristic attributes based on information entropy is proposed.Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.展开更多
Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by w...Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.展开更多
A security kernel architeclrne built on trusted computing platform in thelight of thinking about trusted computing is presented According to this architecture,a newsecurity module TCB(Trusted Computing Base)is added t...A security kernel architeclrne built on trusted computing platform in thelight of thinking about trusted computing is presented According to this architecture,a newsecurity module TCB(Trusted Computing Base)is added to the operation system kerneland twooperation interface modes are provided for the sake of self-protection.The security kernel isdivided into two parts and trusted mechanism Is separated from security functionality.Ihe TCBmodule implements the trusted mechanism such as measurement and attestation,while the othercomponents of security kernel provide security functionality based on these mechanisms.Thisarchitecture takes full advantage of functions provided by trusted platform and clearly defines thesecurity perimeter of TCB so as to assure stlf-securily from architcetmal vision.We also presentfunction description of TCB and discuss the strengths and limitations comparing with other relatedresearches.展开更多
Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cry...Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cryptology. In this paper, we analyze the key and credential mechanism which is two basic aspects in the cryptology application of trusted computing. We give an example application to illustrate that the TPM enabled key and credential mechanism can improve the security of computer system.展开更多
The Chinese specification for trusted computing, which has similar functions with those defined by the Trusted Computing Group (TCG), has adopted a different cryptography scheme. Applications designed for the TCG sp...The Chinese specification for trusted computing, which has similar functions with those defined by the Trusted Computing Group (TCG), has adopted a different cryptography scheme. Applications designed for the TCG specifications cannot directly function on platforms complying with Chinese specifications because the two cryptography schemes are not compatible with each other. In order to transplant those applications with little to no modification, the paper presents a formal compatibility model based on Zaremski and Wing's type system. Our model is concerned not only on the syntactic compatibility for data type, but also on the semantic compatibility for cryptographic attributes according to the feature of trusted computing. A compatibility algorithm is proposed based on the model to generate adapters for trusted computing applications.展开更多
With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM...With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied.展开更多
文摘GS1 is an international standards organization,which focuses on product identification and product data,helping businesses and governments to improve commerce and supply chain.Why trusted data is essential to high-quality development?More than 50 years ago,GS1 was initiated with the bar code,a profound transformation of the way we work and live.From then on,a simple scan connected a physical product to its digital identity.It transformed commerce,improving supply chains and enabling safer healthcare.Collaboration between industry and governments,and a strong partnership with ISO and IEC laid the foundations for the global adoption of a common product identification over the past 50 years and all around the world.
文摘In an era where artificial intelligence(AI)is permeating many aspects of scientific research activity,what science and technology(S&T)journals can do to uphold research integrity and secure scholarly quality?What kind of revolution is needed in such a rapidly drifting world to hold on to the essential value of science?
文摘With the rapid development of digital technologies such as big data,cloud computing,and the Internet of Things(loT),data security and privacy protection have become the core challenges facing modern computing systems.Traditional security mechanisms are difficult to effectively deal with advanced adversarial attacks due to their reliance on a centralized trust model.In this context,the Trusted Execution Environment(TEE),as a hardware-enabled secure isolation technology,offers a potential solution to protect sensitive computations and data.This paper systematically discusses TEE's technical principle,application status,and future development trend.First,the underlying architecture of TEE and its core characteristics,including isolation,integrity,and confidentiality,are analyzed.Secondly,practical application cases of TEE in fields such as finance,the IoT,artificial intelligence,and privacy computing are studied.Finally,the future development direction of TEE is prospected.
文摘With the recent technological developments,massive vehicular ad hoc networks(VANETs)have been established,enabling numerous vehicles and their respective Road Side Unit(RSU)components to communicate with oneanother.The best way to enhance traffic flow for vehicles and traffic management departments is to share thedata they receive.There needs to be more protection for the VANET systems.An effective and safe methodof outsourcing is suggested,which reduces computation costs by achieving data security using a homomorphicmapping based on the conjugate operation of matrices.This research proposes a VANET-based data outsourcingsystem to fix the issues.To keep data outsourcing secure,the suggested model takes cryptography models intoaccount.Fog will keep the generated keys for the purpose of vehicle authentication.For controlling and overseeingthe outsourced data while preserving privacy,the suggested approach considers the Trusted Certified Auditor(TCA).Using the secret key,TCA can identify the genuine identity of VANETs when harmful messages aredetected.The proposed model develops a TCA-based unique static vehicle labeling system using cryptography(TCA-USVLC)for secure data outsourcing and privacy preservation in VANETs.The proposed model calculatesthe trust of vehicles in 16 ms for an average of 180 vehicles and achieves 98.6%accuracy for data encryption toprovide security.The proposedmodel achieved 98.5%accuracy in data outsourcing and 98.6%accuracy in privacypreservation in fog-enabled VANETs.Elliptical curve cryptography models can be applied in the future for betterencryption and decryption rates with lightweight cryptography operations.
基金This work was supported by the Ministry of Education and China Mobile Research Fund Project(MCM20200102)the 173 Project(No.2019-JCJQ-ZD-342-00)+2 种基金the National Natural Science Foundation of China(No.U19A2081)the Fundamental Research Funds for the Central Universities(No.2023SCU12129)the Science and Engineering Connotation Development Project of Sichuan University(No.2020SCUNG129).
文摘Due to the need for massive device connectivity,low communication latency,and various customizations in 6G architecture,a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integrated network scenario.However,the openness and heterogeneity of the 6G network cause the problems of network security.To improve the trustworthiness of 6G networks,we propose a trusted computing-based approach for establishing trust relationships inmulti-cloud scenarios.The proposed method shows the relationship of trust based on dual-level verification.It separates the trustworthy states of multiple complex cloud units in 6G architecture into the state within and between cloud units.Firstly,SM3 algorithm establishes the chain of trust for the system’s trusted boot phase.Then,the remote attestation server(RAS)of distributed cloud units verifies the physical servers.Meanwhile,the physical servers use a ring approach to verify the cloud servers.Eventually,the centralized RAS takes one-time authentication to the critical evidence information of distributed cloud unit servers.Simultaneously,the centralized RAS also verifies the evidence of distributed RAS.We establish our proposed approach in a natural OpenStack-based cloud environment.The simulation results show that the proposed method achieves higher security with less than a 1%system performance loss.
基金Supported by the National High-Technology Re-search and Development Program ( 863 Program)China(2004AA113020)
文摘In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.
基金Supported by the National Natural Science Foun-dation of China (60373054)
文摘Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module (TPM) technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author's research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.
基金the National High Technology Research and Development Program of China (2007AA01Z412)
文摘It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM (trusted platform module) context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM (virtual machine) configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG (trusted computing group) static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.
基金supported by the National Natural Science Foundation of China(No.92267301).
文摘In recent years,the Industrial Internet and Industry 4.0 came into being.With the development of modern industrial intelligent manufacturing technology,digital twins,Web3 and many other digital entity applications are also proposed.These applications apply architectures such as distributed learning,resource sharing,and arithmetic trading,which make high demands on identity authentication,asset authentication,resource addressing,and service location.Therefore,an efficient,secure,and trustworthy Industrial Internet identity resolution system is needed.However,most of the traditional identity resolution systems follow DNS architecture or tree structure,which has the risk of a single point of failure and DDoS attack.And they cannot guarantee the security and privacy of digital identity,personal assets,and device information.So we consider a decentralized approach for identity management,identity authentication,and asset verification.In this paper,we propose a distributed trusted active identity resolution system based on the inter-planetary file system(IPFS)and non-fungible token(NFT),which can provide distributed identity resolution services.And we have designed the system architecture,identity service process,load balancing strategy and smart contract service.In addition,we use Jmeter to verify the performance of the system,and the results show that the system has good high concurrent performance and robustness.
基金ACKNOWLEDGMENT This work was supported by the National Basic Research Program of China (973 Project) (NO.2007CB311100), the National Science Foundation for Young Scholars of China (Grant No.61001091), Beijing Nature Science Foundation(No. 4122012), "next-generation broadband wireless mobile communication network" National Science and Technology major Special issue funding(No. 2012ZX03002003), Funding Program for Academic Human Resources Development in Institutions of Higher Learning Under the Jurisdiction of Beijing Municipality of China and the key technology research and validation issue for the emergency treatment telemedicine public service platform which integrates the military and civilian and bases on the broadband wireless networks(No.2013ZX03006001-005), the issue belongs to Major national science and technology projects.
文摘The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.
基金supported by the National Natural Science Foundation of China (The key trusted running technologies for the sensing nodes in Internet of things: 61501007, The research of the trusted and security environment for high energy physics scientific computing system: 11675199)General Project of science and technology project of Beijing Municipal Education Commission: KM201610005023+2 种基金the outstanding personnel training program of Beijing municipal Party Committee Organization Department (The Research of Trusted Computing environment for Internet of things in Smart City: 2014000020124G041)The key technology research and validation issue for the emergency treatment telemedicine public service platform which integrates the military and civilian and bases on the broadband wireless networks (No.2013ZX03006001-005)the issue belongs to Major national science and technology projects
文摘Internet of things has been widely applied to industrial control, smart city and environmental protection, in these applica- tion scenarios, sensing node needs to make real-time response to the feedback control of the application layer. Therefore, it is nec- essary to monitor whether or not awareness nodes are trusted in real time, but the existing mechanisms for trusted certification lack the real-time measurement and tracking of the sensing node. To solve the above problems, this paper proposes a dynamic metric based authentication mechanism for sensing nodes of Internet of things. Firstly, the dynamic trustworthiness measure of the sensing nodes is carried out by introducing the computational function such as the trust function, the trust- worthiness risk assessment function, the feed- back control function and the active function of the sensing node. The dynamic trustworthi- ness measure of sensing nodes from multiple dimensions can effectively describe the change of trusted value of sensing nodes. Then, on the basis of this, a trusted attestation based on node trusted measure is realized by using the revocable group signature mechanism of local verifier. The mechanism has anonymity, un- forgeability and traceability, which is proved the security in the standard model. Simulationexperiments show that the proposed trusted attestation mechanism is flexible, practical and ef|Scient and has better attack resistance. It can effectively guarantee the reliable data transmission of nodes and realize the dynamic tracking of node reliability, which has a lower impact on system performance.
基金Acknowledgements This work was supported by Research Funds of Information Security Key Laboratory of Beijing Electronic Science & Technology Institute National Natural Science Foundation of China(No. 61070219) Building Together Specific Project from Beijing Municipal Education Commission.
文摘In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.
基金Supported by the National Natural Science Foun-dation of China (60373087 ,60473023 and 90104005)HP Labo-ratories of China
文摘Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.
基金partially supported by grants from the China 863 High-tech Program (Grant No. 2015AA016002)the Specialized Research Fund for the Doctoral Program of Higher Education (Grant No. 20131103120001)+2 种基金the National Key Research and Development Program of China (Grant No. 2016YFB0800204)the National Science Foundation of China (No. 61502017)the Scientific Research Common Program of Beijing Municipal Commission of Education (KM201710005024)
文摘Cloud computing is very useful for big data owner who doesn't want to manage IT infrastructure and big data technique details. However, it is hard for big data owner to trust multi-layer outsourced big data system in cloud environment and to verify which outsourced service leads to the problem. Similarly, the cloud service provider cannot simply trust the data computation applications. At last,the verification data itself may also leak the sensitive information from the cloud service provider and data owner. We propose a new three-level definition of the verification, threat model, corresponding trusted policies based on different roles for outsourced big data system in cloud. We also provide two policy enforcement methods for building trusted data computation environment by measuring both the Map Reduce application and its behaviors based on trusted computing and aspect-oriented programming. To prevent sensitive information leakage from verification process,we provide a privacy-preserved verification method. Finally, we implement the TPTVer, a Trusted third Party based Trusted Verifier as a proof of concept system. Our evaluation and analysis show that TPTVer can provide trusted verification for multi-layered outsourced big data system in the cloud with low overhead.
基金National Natural Science Foundation of China under Grant No. 60873203Foundation of Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education under Grant No. AISTC2009_03+1 种基金Hebei National Funds for Distinguished Young Scientists under Grant No. F2010000317National Science Foundation of Hebei Province under Grant No. F2010000319
文摘Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent technique with the support of trusted computing provided by TPM,a trust-shell-based constitution model of trusted software(TSCMTS)is demonstrated,trust shell ensures the trustiness of software logically.The concept of Trust Engine is proposed,which extends the "chain of trust" of TCG into application,and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness;Data Structure called trust view is defined to represent the characteristic of software behavior.For the purpose of improving the accuracy of trustiness constraints,a strategy for determining the weights of characteristic attributes based on information entropy is proposed.Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.
基金Supported by the National High Technology Research and Development Program of China (2005AA145110)
文摘Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.
基金Supported by the National Basic Research Programof China(G1999035801)
文摘A security kernel architeclrne built on trusted computing platform in thelight of thinking about trusted computing is presented According to this architecture,a newsecurity module TCB(Trusted Computing Base)is added to the operation system kerneland twooperation interface modes are provided for the sake of self-protection.The security kernel isdivided into two parts and trusted mechanism Is separated from security functionality.Ihe TCBmodule implements the trusted mechanism such as measurement and attestation,while the othercomponents of security kernel provide security functionality based on these mechanisms.Thisarchitecture takes full advantage of functions provided by trusted platform and clearly defines thesecurity perimeter of TCB so as to assure stlf-securily from architcetmal vision.We also presentfunction description of TCB and discuss the strengths and limitations comparing with other relatedresearches.
基金Supported by the National Natural Science Foun-dation of China (60373087 ,60473023 ,90104005) HP Laborato-ry of China
文摘Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cryptology. In this paper, we analyze the key and credential mechanism which is two basic aspects in the cryptology application of trusted computing. We give an example application to illustrate that the TPM enabled key and credential mechanism can improve the security of computer system.
基金Supported by the National High Technology Research and Development Plan of China (863 Program) (2006AA01Z440)the National Basic Research Program of China (973 Program) (2007CB311100)
文摘The Chinese specification for trusted computing, which has similar functions with those defined by the Trusted Computing Group (TCG), has adopted a different cryptography scheme. Applications designed for the TCG specifications cannot directly function on platforms complying with Chinese specifications because the two cryptography schemes are not compatible with each other. In order to transplant those applications with little to no modification, the paper presents a formal compatibility model based on Zaremski and Wing's type system. Our model is concerned not only on the syntactic compatibility for data type, but also on the semantic compatibility for cryptographic attributes according to the feature of trusted computing. A compatibility algorithm is proposed based on the model to generate adapters for trusted computing applications.
基金Supported by the National Program on Key Basic Re-search Project of China (G1999035801)
文摘With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied.
