Border Gateway Protocol(BGP),as the standard inter-domain routing protocol,is a distance-vector dynamic routing protocol used for exchanging routing information between distributed Autonomous Systems(AS).BGP nodes,com...Border Gateway Protocol(BGP),as the standard inter-domain routing protocol,is a distance-vector dynamic routing protocol used for exchanging routing information between distributed Autonomous Systems(AS).BGP nodes,communicating in a distributed dynamic environment,face several security challenges,with trust being one of the most important issues in inter-domain routing.Existing research,which performs trust evaluation when exchanging routing information to suppress malicious routing behavior,cannot meet the scalability requirements of BGP nodes.In this paper,we propose a blockchain-based trust model for inter-domain routing.Our model achieves scalability by allowing the master node of an AS alliance to transmit the trust evaluation data of its member nodes to the blockchain.The BGP nodes can expedite the trust evaluation process by accessing a global view of other BGP nodes through the master node of their respective alliance.We incorporate security service evaluation before direct evaluation and indirect recommendations to assess the security services that BGP nodes provide for themselves and prioritize to guarantee their security of routing service.We forward the trust evaluation for neighbor discovery and prioritize the nodes with high trust as neighbor nodes to reduce the malicious exchange routing behavior.We use simulation software to simulate a real BGP environments and employ a comparative experimental research approach to demonstrate the performance evaluation of our trust model.Compared with the classical trust model,our trust model not only saves more storage overhead,but also provides higher security,especially reducing the impact of collusion attacks.展开更多
The core missions of IoT are to sense data,transmit data and give feedback to the real world based on the calculation of the sensed data.The trust of sensing source data and transmission network is extremely important...The core missions of IoT are to sense data,transmit data and give feedback to the real world based on the calculation of the sensed data.The trust of sensing source data and transmission network is extremely important to IoT security.5G-IoT with its low latency,wide connectivity and high-speed transmission extends the business scenarios of IoT,yet it also brings new challenges to trust proof solutions of IoT.Currently,there is a lack of efficient and reliable trust proof solutions for massive dynamically connected nodes,while the existing solutions have high computational complexity and can't adapt to time-sensitive services in 5G-IoT scenarios.In order to solve the above problems,this paper proposes an adaptive multi-dimensional trust proof solution.Firstly,the static and dynamic attributes of sensing nodes are metricized,and the historical interaction as well as the recommendation information are combined with the comprehensive metric of sensing nodes,and a multi-dimensional fine-grained trusted metric model is established in this paper.Then,based on the comprehensive metrics,the sensing nodes are logically grouped and assigned with service levels to achieve the screening and isolation of malicious nodes.At the same time,the proposed solution reduces the energy consumption of the metric process and optimizes the impact of real-time metrics on the interaction latency.Simulation experiments show that the solution can accurately and efficiently identify malicious nodes and effectively guarantee the safe and trustworthy operation of 5G-IoT nodes,while having a small impact on the latency of the 5G network.展开更多
To improve the accuracy of node trust evaluation in a distributed network, a trust model based on the experience of individuals is proposed, which establishes a new trust assessment system by introducing the experienc...To improve the accuracy of node trust evaluation in a distributed network, a trust model based on the experience of individuals is proposed, which establishes a new trust assessment system by introducing the experience factor and the comparative experience factor. The new evaluation system considers the differences between individuals and interactive histories between nodes, which solves the problem that nodes have inaccurate assessments due to the asymmetry of nodes to a certain extent. The algorithm analysis indicates that the new model uses different deviating values of tolerance evaluation for different individuals and uses different updating values embodying node individuation when updating feedback credibility of individuals, which evaluates the trust value more reasonably and more accurately. In addition, the proposed algorithm can be used in various trust models and has a good scalability.展开更多
Blockchain with these characteristics of decentralized structure, transparent and credible, time-series and immutability, has been considering as a promising technology. Consensus algorithm as one of the core techniqu...Blockchain with these characteristics of decentralized structure, transparent and credible, time-series and immutability, has been considering as a promising technology. Consensus algorithm as one of the core techniques of blockchain directly affects the scalability of blockchain systems. Existing probabilistic finality blockchain consensus algorithms such as PoW, PoS, suffer from power consumptions and low efficiency;while absolute finality blockchain consensus algorithms such as PBFT, HoneyBadgerBFT, could not meet the scalability requirement in a largescale network. In this paper, we propose a novel optimized practical Byzantine fault tolerance consensus algorithm based on EigenTrust model, namely T-PBFT, which is a multi-stage consensus algorithm. It evaluates node trust by the transactions between nodes so that the high quality of nodes in the network will be selected to construct a consensus group. To reduce the probability of view change, we propose to replace a single primary node with a primary group. By group signature and mutual supervision, we can enhance the robustness of the primary group further. Finally, we analyze T-PBFT and compare it with the other Byzantine fault tolerant consensus algorithms. Theoretical analysis shows that our T-PBFT can optimize the Byzantine fault-tolerant rate,reduce the probability of view change and communication complexity.展开更多
As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure ...As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.展开更多
To describe the dynamic propcrty of trust relationship, wt propose atime-related trust model and extend Joang's subjective logic to fit for time-related trust model.The extension includes prepositional conjunction...To describe the dynamic propcrty of trust relationship, wt propose atime-related trust model and extend Joang's subjective logic to fit for time-related trust model.The extension includes prepositional conjunction, disjunction and negation for traditional logic anddiscounting and consensus operators that are evidential operators specially designed for thepropagation and computation of trust relationships. With the extension of subjective logic fortime-related trust, our time-related trust modelis suitable to model the dynamic trust relationshipin practice. Finally an example of reputation assessment is offered to demonstrate the usage of ourtrust model.展开更多
This paper summarizes the state of art in quantum communication networks and trust management in recent years.As in the classical networks,trust management is the premise and foundation of quantum secure communication...This paper summarizes the state of art in quantum communication networks and trust management in recent years.As in the classical networks,trust management is the premise and foundation of quantum secure communication and cannot simply be attributed to security issues,therefore the basic and importance of trust management in quantum communication networks should be taken more seriously.Compared with other theories and techniques in quantum communication,the trust of quantum communication and trust management model in quantum communication network environment is still in its initial stage.In this paper,the core technologies of establishing secure and reliable quantum communication networks are categorized and summarized,and the trends of each direction in trust management of quantum communication network are discussed in depth.展开更多
Based on fuzzy set theory, a fuzzy trust model is established by using membership function to describe the fuzziness of trust. The trust vectors of subjective trust are obtained based on a mathematical model of fuzzy ...Based on fuzzy set theory, a fuzzy trust model is established by using membership function to describe the fuzziness of trust. The trust vectors of subjective trust are obtained based on a mathematical model of fuzzy synthetic evaluation. Considering the complicated and changeable relationships between various subjects, the multi-level mathematical model of fuzzy synthetic evaluation is introduced. An example of a two-level fuzzy synthetic evaluation model confirms the feasibility of the multi-level fuzzy synthesis evaluation model. The proposed fuzzy model for trust evaluation may provide a promising method for research of trust model in open networks.展开更多
Container virtual technology aims to provide program independence and resource sharing.The container enables flexible cloud service.Compared with traditional virtualization,traditional virtual machines have difficulty...Container virtual technology aims to provide program independence and resource sharing.The container enables flexible cloud service.Compared with traditional virtualization,traditional virtual machines have difficulty in resource and expense requirements.The container technology has the advantages of smaller size,faster migration,lower resource overhead,and higher utilization.Within container-based cloud environment,services can adopt multi-target nodes.This paper reports research results to improve the traditional trust model with consideration of cooperation effects.Cooperation trust means that in a container-based cloud environment,services can be divided into multiple containers for different container nodes.When multiple target nodes work for one service at the same time,these nodes are in a cooperation state.When multi-target nodes cooperate to complete the service,the target nodes evaluate each other.The calculation of cooperation trust evaluation is used to update the degree of comprehensive trust.Experimental simulation results show that the cooperation trust evaluation can help solving the trust problem in the container-based cloud environment and can improve the success rate of following cooperation.展开更多
With the rapid development of the sixth generation(6G)network and Internet of Things(IoT),it has become extremely challenging to efficiently detect and prevent the distributed denial of service(DDoS)attacks originatin...With the rapid development of the sixth generation(6G)network and Internet of Things(IoT),it has become extremely challenging to efficiently detect and prevent the distributed denial of service(DDoS)attacks originating from IoT devices.In this paper we propose an innovative trust model for IoT devices to prevent potential DDoS attacks by evaluating their trustworthiness,which can be deployed in the access network of 6G IoT.Based on historical communication behaviors,this model combines spatial trust and temporal trust values to comprehensively characterize the normal behavior patterns of IoT devices,thereby effectively distinguishing attack traffic.Experimental results show that the proposed method can efficiently distinguish normal traffic from DDoS traffic.Compared with the benchmark methods,our method has advantages in terms of both accuracy and efficiency in identifying attack flows.展开更多
Large-scale mobile social networks(MSNs)facilitate communications through mobile devices.The users of these networks can use mobile devices to access,share and distribute information.With the increasing number of user...Large-scale mobile social networks(MSNs)facilitate communications through mobile devices.The users of these networks can use mobile devices to access,share and distribute information.With the increasing number of users on social networks,the large volume of shared information and its propagation has created challenges for users.One of these challenges is whether users can trust one another.Trust can play an important role in users'decision making in social networks,so that,most people share their information based on their trust on others,or make decisions by relying on information provided by other users.However,considering the subjective and perceptive nature of the concept of trust,the mapping of trust in a computational model is one of the important issues in computing systeins of social networks.Moreover,in social networks,various communities may exist regarding the relationships between users.These connections and communities can affect trust among users and its complexity.In this paper,using user characteristics on social networks,a fuzzy clustering method is proposed and the trust between users in a cluster is computed using a computational model.Moreover,through the processes of combination,transition and aggregation of trust,the trust value is calculated between users who are not directly connected.Results show the high performance of the proposed trust inference method.展开更多
In big data of business service or transaction,it is impossible to provide entire information to both of services from cyber system,so some service providers made use of maliciously services to get more interests.Trus...In big data of business service or transaction,it is impossible to provide entire information to both of services from cyber system,so some service providers made use of maliciously services to get more interests.Trust management is an effective solution to deal with these malicious actions.This paper gave a trust computing model based on service-recommendation in big data.This model takes into account difference of recommendation trust between familiar node and stranger node.Thus,to ensure accuracy of recommending trust computing,paper proposed a fine-granularity similarity computing method based on the similarity of service concept domain ontology.This model is more accurate in computing trust value of cyber service nodes and prevents better cheating and attacking of malicious service nodes.Experiment results illustrated our model is effective.展开更多
It is necessary to construct an effective trust model to build trust relationship between peers in peer-to-peer (P2P) network and enhance the security and reliability of P2P systems. The current trust models only fo...It is necessary to construct an effective trust model to build trust relationship between peers in peer-to-peer (P2P) network and enhance the security and reliability of P2P systems. The current trust models only focus on the consumers' evaluation to a transaction, which may be abused by malicious peers to exaggerate or slander the provider deliberately. In this paper, we propose a novel trust model based on mutual evaluation, called METrust, to suppress the peers' malicious behavior, such as dishonest evaluation and strategic attack. METrust considers the factors including mutual evaluation, similarity risk, time window, incentive, and punishment mechanism. The trust value is composed of the direct trust value and the recommendation trust value. In order to inhibit dishonest evaluation, both participants should give evaluation information based on peers' own experiences about the transaction while computing the direct trust value. In view of this, the mutual evaluation consistency factor and its time decay function are proposed. Besides, to reduce the risk of computing the recommendation trust based on the recommendations of friend peers, the similarity risk is introduced to measure the uncertainty of the similarity computing, while similarity is used to measure credibility. The experimental results show that METrust is effective, and it has advantages in the inhibition of the various malicious behaviors.展开更多
This paper proposes a trust ant colony routing algorithm by introducing a node trust evaluation model based on the D-S evidence theory into the ant colony routing protocol to improve the security of wireless sensor ne...This paper proposes a trust ant colony routing algorithm by introducing a node trust evaluation model based on the D-S evidence theory into the ant colony routing protocol to improve the security of wireless sensor networks. To reduce the influence of conflict evidences caused by malicious nods, the consistent intensity is introduced to preprocess conflict evidences before using the D-S combination rule to improve the reliability of the D-S based trust evaluation. The nodes with high trust values will be selected as the routing nodes to insure the routing security, and the trust values are used as heuristic functions of the ant colony routing algorithm. The simulation tests are conducted by using the network simulator NS2 to observe the outcomes of performance metrics of packets loss rate and average end-to-end delay etc. to indirectly evaluate the security issue under the attack of inside malicious nodes. The simulation results show that the proposed trust routing algorithm can efficiently resist malicious attacks in terms of keeping performances of the average end-to-end delay, the throughtput and the routing packet overhead under attacking from malicious nodes.展开更多
In view of the security weakness in resisting the active attacks by malicious nodes in mobile ad hoc networks,the trust metric is introduced to defend those attacks by loading a trust model on the previously proposed ...In view of the security weakness in resisting the active attacks by malicious nodes in mobile ad hoc networks,the trust metric is introduced to defend those attacks by loading a trust model on the previously proposed Distance-Based LAR.The improved Secure Trust-based Location-Aided Routing algorithm utilizes direct trust and recommendation trust to prevent malicious nodes with low trust values from joining the forwarding.Simulation results reveal that ST-LAR can resist attacks by malicious nodes effectively;furthermore,it also achieves better performance than DBLAR in terms of average end-to-end delay,packet delivery success ratio and throughput.展开更多
Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworth...Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer's identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%7 the service selection failure rate is less than 0.15.展开更多
Dispersed computing is a new resourcecentric computing paradigm.Due to its high degree of openness and decentralization,it is vulnerable to attacks,and security issues have become an important challenge hindering its ...Dispersed computing is a new resourcecentric computing paradigm.Due to its high degree of openness and decentralization,it is vulnerable to attacks,and security issues have become an important challenge hindering its development.The trust evaluation technology is of great significance to the reliable operation and security assurance of dispersed computing networks.In this paper,a dynamic Bayesian-based comprehensive trust evaluation model is proposed for dispersed computing environment.Specifically,in the calculation of direct trust,a logarithmic decay function and a sliding window are introduced to improve the timeliness.In the calculation of indirect trust,a random screening method based on sine function is designed,which excludes malicious nodes providing false reports and multiple malicious nodes colluding attacks.Finally,the comprehensive trust value is dynamically updated based on historical interactions,current interactions and momentary changes.Simulation experiments are introduced to verify the performance of the model.Compared with existing model,the proposed trust evaluation model performs better in terms of the detection rate of malicious nodes,the interaction success rate,and the computational cost.展开更多
The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistic...The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistics.In these existing mechanisms,the identification of malicious flows depends on the IP address.However,the IP address is easy to be changed by attacks.Comparedwith the IP address,the certificate ismore challenging to be tampered with or forged.Moreover,the traffic trend in the network is towards encryption.The certificates are popularly utilized by IoT devices for authentication in encryption protocols.DTLShps proposed a new way to verify certificates for resource-constrained IoT devices by using the SDN controller.Based on DTLShps,the SDN controller can collect statistics on certificates.In this paper,we proposeCertrust,a framework based on the trust of certificates,tomitigate the Crossfire attack by using SDN for IoT.Our goal is threefold.First,the trust model is built based on the Bayesian trust system with the statistics on the participation of certificates in each Crossfire attack.Moreover,the forgetting curve is utilized instead of the traditional decay method in the Bayesian trust system for achieving a moderate decay rate.Second,for detecting the Crossfire attack accurately,a method based on graph connectivity is proposed.Third,several trust-based routing principles are proposed tomitigate the Crossfire attack.These principles can also encourage users to use certificates in communication.The performance evaluation shows that Certrust is more effective in mitigating the Crossfire attack than the traditional rerouting schemes.Moreover,our trust model has a more appropriate decay rate than the traditional methods.展开更多
Varieties of trusted computing products usually follow the mechanism of liner-style chain of trust according to the specifications of TCG.The distinct advantage is that the compatibility with the existing computing pl...Varieties of trusted computing products usually follow the mechanism of liner-style chain of trust according to the specifications of TCG.The distinct advantage is that the compatibility with the existing computing platform is preferable,while the shortcomings are obvious simultaneously.A new star-style trust model with the ability of data recovery is proposed in this paper.The model can enhance the hardware-based root of trust in platform measurement,reduce the loss of trust during transfer process,extend the border of trust flexibly,and have the ability of data backup and recovery.The security and reliability of system is much more improved.It is proved that the star-style trust model is much better than the liner-style trust model in trust transfer and boundary extending etc.using formal methods in this paper.We illuminate the design and implementation of a kind of trusted PDA acting on star-style trust model.展开更多
Trustworthy service composition is an extremely important task when service composition becomes infeasible or even fails in an environment which is open,autonomic,uncertain and deceptive.This paper presents a trustwor...Trustworthy service composition is an extremely important task when service composition becomes infeasible or even fails in an environment which is open,autonomic,uncertain and deceptive.This paper presents a trustworthy service composition method based on an improved Cross generation elitist selection,Heterogeneous recombination,Catacly-smic mutation(CHC) Trustworthy Service Composition Method(CHC-TSCM) genetic algorithm.CHCTSCM firstly obtains the total trust degree of the individual service using a trust degree measurement and evaluation model proposed in previous research.Trust combination and computation then are performed according to the structural relation of the composite service.Finally,the optimal trustworthy service composition is acquired by the improved CHC genetic algorithm.Experimental results show that CHC-TSCM can effectively solve the trustworthy service composition problem.Comparing with GODSS and TOCSS,this new method has several advantages:1) a higher service composition successrate;2) a smaller decline trend of the service composition success-rate,and 3) enhanced stability.展开更多
基金funded by the National Natural Science Foundation of China,grant numbers(62272007,62001007)the Natural Science Foundation of Beijing,grant numbers(4234083,4212018)The authors also extend their appreciation to King Khalid University for funding this work through the Large Group Project under grant number RGP.2/373/45.
文摘Border Gateway Protocol(BGP),as the standard inter-domain routing protocol,is a distance-vector dynamic routing protocol used for exchanging routing information between distributed Autonomous Systems(AS).BGP nodes,communicating in a distributed dynamic environment,face several security challenges,with trust being one of the most important issues in inter-domain routing.Existing research,which performs trust evaluation when exchanging routing information to suppress malicious routing behavior,cannot meet the scalability requirements of BGP nodes.In this paper,we propose a blockchain-based trust model for inter-domain routing.Our model achieves scalability by allowing the master node of an AS alliance to transmit the trust evaluation data of its member nodes to the blockchain.The BGP nodes can expedite the trust evaluation process by accessing a global view of other BGP nodes through the master node of their respective alliance.We incorporate security service evaluation before direct evaluation and indirect recommendations to assess the security services that BGP nodes provide for themselves and prioritize to guarantee their security of routing service.We forward the trust evaluation for neighbor discovery and prioritize the nodes with high trust as neighbor nodes to reduce the malicious exchange routing behavior.We use simulation software to simulate a real BGP environments and employ a comparative experimental research approach to demonstrate the performance evaluation of our trust model.Compared with the classical trust model,our trust model not only saves more storage overhead,but also provides higher security,especially reducing the impact of collusion attacks.
基金supported by National Key R&D Program of China (2019YFB2102303)National Natural Science Foundation of China (NSFC61971014,NSFC11675199)+2 种基金Beijing Postdoctoral Research Foundation (2021-ZZ-079)Young Backbone Teacher Training Program of Henan Colleges and Universities (2021GGJS170)Henan Province Higher Education Key Research Project (23B520014)。
文摘The core missions of IoT are to sense data,transmit data and give feedback to the real world based on the calculation of the sensed data.The trust of sensing source data and transmission network is extremely important to IoT security.5G-IoT with its low latency,wide connectivity and high-speed transmission extends the business scenarios of IoT,yet it also brings new challenges to trust proof solutions of IoT.Currently,there is a lack of efficient and reliable trust proof solutions for massive dynamically connected nodes,while the existing solutions have high computational complexity and can't adapt to time-sensitive services in 5G-IoT scenarios.In order to solve the above problems,this paper proposes an adaptive multi-dimensional trust proof solution.Firstly,the static and dynamic attributes of sensing nodes are metricized,and the historical interaction as well as the recommendation information are combined with the comprehensive metric of sensing nodes,and a multi-dimensional fine-grained trusted metric model is established in this paper.Then,based on the comprehensive metrics,the sensing nodes are logically grouped and assigned with service levels to achieve the screening and isolation of malicious nodes.At the same time,the proposed solution reduces the energy consumption of the metric process and optimizes the impact of real-time metrics on the interaction latency.Simulation experiments show that the solution can accurately and efficiently identify malicious nodes and effectively guarantee the safe and trustworthy operation of 5G-IoT nodes,while having a small impact on the latency of the 5G network.
文摘To improve the accuracy of node trust evaluation in a distributed network, a trust model based on the experience of individuals is proposed, which establishes a new trust assessment system by introducing the experience factor and the comparative experience factor. The new evaluation system considers the differences between individuals and interactive histories between nodes, which solves the problem that nodes have inaccurate assessments due to the asymmetry of nodes to a certain extent. The algorithm analysis indicates that the new model uses different deviating values of tolerance evaluation for different individuals and uses different updating values embodying node individuation when updating feedback credibility of individuals, which evaluates the trust value more reasonably and more accurately. In addition, the proposed algorithm can be used in various trust models and has a good scalability.
基金supported by Nature Key Research and Development Program of China (2017YFB1400700)the National Natural Science Foundation of China (61602537, U1509214)+1 种基金the Central University of Finance and Economics Funds for the Youth Talent Support Plan (QYP1808)First-Class Discipline Construction in 2019,open fund of Key Laboratory of Grain Information Processing and Control (KFJJ-2018-202)
文摘Blockchain with these characteristics of decentralized structure, transparent and credible, time-series and immutability, has been considering as a promising technology. Consensus algorithm as one of the core techniques of blockchain directly affects the scalability of blockchain systems. Existing probabilistic finality blockchain consensus algorithms such as PoW, PoS, suffer from power consumptions and low efficiency;while absolute finality blockchain consensus algorithms such as PBFT, HoneyBadgerBFT, could not meet the scalability requirement in a largescale network. In this paper, we propose a novel optimized practical Byzantine fault tolerance consensus algorithm based on EigenTrust model, namely T-PBFT, which is a multi-stage consensus algorithm. It evaluates node trust by the transactions between nodes so that the high quality of nodes in the network will be selected to construct a consensus group. To reduce the probability of view change, we propose to replace a single primary node with a primary group. By group signature and mutual supervision, we can enhance the robustness of the primary group further. Finally, we analyze T-PBFT and compare it with the other Byzantine fault tolerant consensus algorithms. Theoretical analysis shows that our T-PBFT can optimize the Byzantine fault-tolerant rate,reduce the probability of view change and communication complexity.
基金ACKNOWLEDGEMENT This paper is supported by the Opening Project of State Key Laboratory for Novel Software Technology of Nanjing University, China (Grant No.KFKT2012B25) and National Science Foundation of China (Grant No.61303263).
文摘As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.
文摘To describe the dynamic propcrty of trust relationship, wt propose atime-related trust model and extend Joang's subjective logic to fit for time-related trust model.The extension includes prepositional conjunction, disjunction and negation for traditional logic anddiscounting and consensus operators that are evidential operators specially designed for thepropagation and computation of trust relationships. With the extension of subjective logic fortime-related trust, our time-related trust modelis suitable to model the dynamic trust relationshipin practice. Finally an example of reputation assessment is offered to demonstrate the usage of ourtrust model.
基金This work is supported by the National Natural Science Foundation of China(No.61572086)the Innovation Team of Quantum Security Communication of Sichuan Province(No.17TD0009)+1 种基金the Academic and Technical Leaders Training Funding Support Projects of Sichuan Province(No.2016120080102643)the Application Foundation Project of Sichuan Province(No.2017JY0168).
文摘This paper summarizes the state of art in quantum communication networks and trust management in recent years.As in the classical networks,trust management is the premise and foundation of quantum secure communication and cannot simply be attributed to security issues,therefore the basic and importance of trust management in quantum communication networks should be taken more seriously.Compared with other theories and techniques in quantum communication,the trust of quantum communication and trust management model in quantum communication network environment is still in its initial stage.In this paper,the core technologies of establishing secure and reliable quantum communication networks are categorized and summarized,and the trends of each direction in trust management of quantum communication network are discussed in depth.
文摘Based on fuzzy set theory, a fuzzy trust model is established by using membership function to describe the fuzziness of trust. The trust vectors of subjective trust are obtained based on a mathematical model of fuzzy synthetic evaluation. Considering the complicated and changeable relationships between various subjects, the multi-level mathematical model of fuzzy synthetic evaluation is introduced. An example of a two-level fuzzy synthetic evaluation model confirms the feasibility of the multi-level fuzzy synthesis evaluation model. The proposed fuzzy model for trust evaluation may provide a promising method for research of trust model in open networks.
基金This research work was supported by the National Natural Science Foundation of China(Grant No.61762031)Guangxi Key Research and Development Plan(No.2017AB51024)Guangxi key Laboratory of Embedded Technology and Intelligent System,Guangxi Fundamental Laboratory for Embedded Technology and Intelligent Systems.
文摘Container virtual technology aims to provide program independence and resource sharing.The container enables flexible cloud service.Compared with traditional virtualization,traditional virtual machines have difficulty in resource and expense requirements.The container technology has the advantages of smaller size,faster migration,lower resource overhead,and higher utilization.Within container-based cloud environment,services can adopt multi-target nodes.This paper reports research results to improve the traditional trust model with consideration of cooperation effects.Cooperation trust means that in a container-based cloud environment,services can be divided into multiple containers for different container nodes.When multiple target nodes work for one service at the same time,these nodes are in a cooperation state.When multi-target nodes cooperate to complete the service,the target nodes evaluate each other.The calculation of cooperation trust evaluation is used to update the degree of comprehensive trust.Experimental simulation results show that the cooperation trust evaluation can help solving the trust problem in the container-based cloud environment and can improve the success rate of following cooperation.
基金This work was supported in part by the National Key R&D Program of China under Grant 2020YFA0711301in part by the National Natural Science Foundation of China under Grant 61922049,and Grant 61941104in part by the Tsinghua University-China Mobile Communications Group Company Ltd.,Joint Institute.
文摘With the rapid development of the sixth generation(6G)network and Internet of Things(IoT),it has become extremely challenging to efficiently detect and prevent the distributed denial of service(DDoS)attacks originating from IoT devices.In this paper we propose an innovative trust model for IoT devices to prevent potential DDoS attacks by evaluating their trustworthiness,which can be deployed in the access network of 6G IoT.Based on historical communication behaviors,this model combines spatial trust and temporal trust values to comprehensively characterize the normal behavior patterns of IoT devices,thereby effectively distinguishing attack traffic.Experimental results show that the proposed method can efficiently distinguish normal traffic from DDoS traffic.Compared with the benchmark methods,our method has advantages in terms of both accuracy and efficiency in identifying attack flows.
文摘Large-scale mobile social networks(MSNs)facilitate communications through mobile devices.The users of these networks can use mobile devices to access,share and distribute information.With the increasing number of users on social networks,the large volume of shared information and its propagation has created challenges for users.One of these challenges is whether users can trust one another.Trust can play an important role in users'decision making in social networks,so that,most people share their information based on their trust on others,or make decisions by relying on information provided by other users.However,considering the subjective and perceptive nature of the concept of trust,the mapping of trust in a computational model is one of the important issues in computing systeins of social networks.Moreover,in social networks,various communities may exist regarding the relationships between users.These connections and communities can affect trust among users and its complexity.In this paper,using user characteristics on social networks,a fuzzy clustering method is proposed and the trust between users in a cluster is computed using a computational model.Moreover,through the processes of combination,transition and aggregation of trust,the trust value is calculated between users who are not directly connected.Results show the high performance of the proposed trust inference method.
文摘In big data of business service or transaction,it is impossible to provide entire information to both of services from cyber system,so some service providers made use of maliciously services to get more interests.Trust management is an effective solution to deal with these malicious actions.This paper gave a trust computing model based on service-recommendation in big data.This model takes into account difference of recommendation trust between familiar node and stranger node.Thus,to ensure accuracy of recommending trust computing,paper proposed a fine-granularity similarity computing method based on the similarity of service concept domain ontology.This model is more accurate in computing trust value of cyber service nodes and prevents better cheating and attacking of malicious service nodes.Experiment results illustrated our model is effective.
基金supported by National Natural Science Foundation of China (No.60873231)Research Fund for the Doctoral Program of Higher Education (No.20093223120001)+2 种基金Science and Technology Support Program of Jiangsu Province (No.BE2009158)Natural Science Fund of Higher Education of Jiangsu Province(No.09KJB520010)Special Fund for Fast Sharing of Science Paper in Net Era by CSTD (No.2009117)
文摘It is necessary to construct an effective trust model to build trust relationship between peers in peer-to-peer (P2P) network and enhance the security and reliability of P2P systems. The current trust models only focus on the consumers' evaluation to a transaction, which may be abused by malicious peers to exaggerate or slander the provider deliberately. In this paper, we propose a novel trust model based on mutual evaluation, called METrust, to suppress the peers' malicious behavior, such as dishonest evaluation and strategic attack. METrust considers the factors including mutual evaluation, similarity risk, time window, incentive, and punishment mechanism. The trust value is composed of the direct trust value and the recommendation trust value. In order to inhibit dishonest evaluation, both participants should give evaluation information based on peers' own experiences about the transaction while computing the direct trust value. In view of this, the mutual evaluation consistency factor and its time decay function are proposed. Besides, to reduce the risk of computing the recommendation trust based on the recommendations of friend peers, the similarity risk is introduced to measure the uncertainty of the similarity computing, while similarity is used to measure credibility. The experimental results show that METrust is effective, and it has advantages in the inhibition of the various malicious behaviors.
基金supported by the National Natural Science Foundation of China(NSFC)under Grant No.61373126the Natural Science Foundation of Jiangsu Province of China under Grant No.BK20131107the Fundamental Research Funds for the Central Universities under Grant No.JUSRP51510
文摘This paper proposes a trust ant colony routing algorithm by introducing a node trust evaluation model based on the D-S evidence theory into the ant colony routing protocol to improve the security of wireless sensor networks. To reduce the influence of conflict evidences caused by malicious nods, the consistent intensity is introduced to preprocess conflict evidences before using the D-S combination rule to improve the reliability of the D-S based trust evaluation. The nodes with high trust values will be selected as the routing nodes to insure the routing security, and the trust values are used as heuristic functions of the ant colony routing algorithm. The simulation tests are conducted by using the network simulator NS2 to observe the outcomes of performance metrics of packets loss rate and average end-to-end delay etc. to indirectly evaluate the security issue under the attack of inside malicious nodes. The simulation results show that the proposed trust routing algorithm can efficiently resist malicious attacks in terms of keeping performances of the average end-to-end delay, the throughtput and the routing packet overhead under attacking from malicious nodes.
基金supported by National Key Basic Research Program(973 Program) under Grant No.2011CB302903National Natural Science Foundation under Grant No.60873231+1 种基金Key Program of Natural Science for Universities of Jiangsu Province under Grant No.10KJA510035Scientific Research Foundation of NJUPT under Grant No.NY209016,China
文摘In view of the security weakness in resisting the active attacks by malicious nodes in mobile ad hoc networks,the trust metric is introduced to defend those attacks by loading a trust model on the previously proposed Distance-Based LAR.The improved Secure Trust-based Location-Aided Routing algorithm utilizes direct trust and recommendation trust to prevent malicious nodes with low trust values from joining the forwarding.Simulation results reveal that ST-LAR can resist attacks by malicious nodes effectively;furthermore,it also achieves better performance than DBLAR in terms of average end-to-end delay,packet delivery success ratio and throughput.
基金The National High-Tech Research and Development (863) Program of China (No. 2005AA145110, No. 2006AA01Z436) The Natural Science Foundation of Shanghai (No. 05ZR14083) The Pudong New Area Technology Innovation Public Service Platform of China (No. PDPT2005-04)
文摘Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer's identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%7 the service selection failure rate is less than 0.15.
基金supported in part by the National Science Foundation Project of P.R.China (No.61931001)the Fundamental Research Funds for the Central Universities under Grant (No.FRFAT-19-010)the Scientific and Technological Innovation Foundation of Foshan,USTB (No.BK20AF003)。
文摘Dispersed computing is a new resourcecentric computing paradigm.Due to its high degree of openness and decentralization,it is vulnerable to attacks,and security issues have become an important challenge hindering its development.The trust evaluation technology is of great significance to the reliable operation and security assurance of dispersed computing networks.In this paper,a dynamic Bayesian-based comprehensive trust evaluation model is proposed for dispersed computing environment.Specifically,in the calculation of direct trust,a logarithmic decay function and a sliding window are introduced to improve the timeliness.In the calculation of indirect trust,a random screening method based on sine function is designed,which excludes malicious nodes providing false reports and multiple malicious nodes colluding attacks.Finally,the comprehensive trust value is dynamically updated based on historical interactions,current interactions and momentary changes.Simulation experiments are introduced to verify the performance of the model.Compared with existing model,the proposed trust evaluation model performs better in terms of the detection rate of malicious nodes,the interaction success rate,and the computational cost.
基金supported by Joint Funds of the National Natural Science Foundation of China and Xinjiang under Project U1603261.
文摘The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistics.In these existing mechanisms,the identification of malicious flows depends on the IP address.However,the IP address is easy to be changed by attacks.Comparedwith the IP address,the certificate ismore challenging to be tampered with or forged.Moreover,the traffic trend in the network is towards encryption.The certificates are popularly utilized by IoT devices for authentication in encryption protocols.DTLShps proposed a new way to verify certificates for resource-constrained IoT devices by using the SDN controller.Based on DTLShps,the SDN controller can collect statistics on certificates.In this paper,we proposeCertrust,a framework based on the trust of certificates,tomitigate the Crossfire attack by using SDN for IoT.Our goal is threefold.First,the trust model is built based on the Bayesian trust system with the statistics on the participation of certificates in each Crossfire attack.Moreover,the forgetting curve is utilized instead of the traditional decay method in the Bayesian trust system for achieving a moderate decay rate.Second,for detecting the Crossfire attack accurately,a method based on graph connectivity is proposed.Third,several trust-based routing principles are proposed tomitigate the Crossfire attack.These principles can also encourage users to use certificates in communication.The performance evaluation shows that Certrust is more effective in mitigating the Crossfire attack than the traditional rerouting schemes.Moreover,our trust model has a more appropriate decay rate than the traditional methods.
基金Supported by the National Natural Science Foundation of China(61303024)the Natural Science Foundation of Hubei Province(2013CFB441)+1 种基金the Foundation of Science and Technology on Information Assurance Laboratory(KJ-13-106)the Natural Science Foundation of Jiangsu Province(BK20130372)
文摘Varieties of trusted computing products usually follow the mechanism of liner-style chain of trust according to the specifications of TCG.The distinct advantage is that the compatibility with the existing computing platform is preferable,while the shortcomings are obvious simultaneously.A new star-style trust model with the ability of data recovery is proposed in this paper.The model can enhance the hardware-based root of trust in platform measurement,reduce the loss of trust during transfer process,extend the border of trust flexibly,and have the ability of data backup and recovery.The security and reliability of system is much more improved.It is proved that the star-style trust model is much better than the liner-style trust model in trust transfer and boundary extending etc.using formal methods in this paper.We illuminate the design and implementation of a kind of trusted PDA acting on star-style trust model.
基金supported by the National Natural Science Foundation of China under Grants No.61272063,No.61300129,No.61273216,No.61202048,No.61100054the Excellent Youth Foundation of Hunan Scientific Committee under Grant No.11JJ1011+2 种基金the Hunan Provincial Natural Science Foundation of China under Grant No.12JJB009Scientific Research Fund of Hunan Provincial Education Department of China under Grants No.09K085,No.12K105the Zhejiang Provincial Natural Science Foundation of China under Grant No.LQ12F02011
文摘Trustworthy service composition is an extremely important task when service composition becomes infeasible or even fails in an environment which is open,autonomic,uncertain and deceptive.This paper presents a trustworthy service composition method based on an improved Cross generation elitist selection,Heterogeneous recombination,Catacly-smic mutation(CHC) Trustworthy Service Composition Method(CHC-TSCM) genetic algorithm.CHCTSCM firstly obtains the total trust degree of the individual service using a trust degree measurement and evaluation model proposed in previous research.Trust combination and computation then are performed according to the structural relation of the composite service.Finally,the optimal trustworthy service composition is acquired by the improved CHC genetic algorithm.Experimental results show that CHC-TSCM can effectively solve the trustworthy service composition problem.Comparing with GODSS and TOCSS,this new method has several advantages:1) a higher service composition successrate;2) a smaller decline trend of the service composition success-rate,and 3) enhanced stability.
