With increasing demand for data circulation,ensuring data security and privacy is paramount,specifically protecting privacy while maximizing utility.Blockchain,while decentralized and transparent,faces challenges in p...With increasing demand for data circulation,ensuring data security and privacy is paramount,specifically protecting privacy while maximizing utility.Blockchain,while decentralized and transparent,faces challenges in privacy protection and data verification,especially for sensitive data.Existing schemes often suffer from inefficiency and high overhead.We propose a privacy protection scheme using BGV homomorphic encryption and Pedersen Secret Sharing.This scheme enables secure computation on encrypted data,with Pedersen sharding and verifying the private key,ensuring data consistency and immutability.The blockchain framework manages key shards,verifies secrets,and aids security auditing.This approach allows for trusted computation without revealing the underlying data.Preliminary results demonstrate the scheme's feasibility in ensuring data privacy and security,making data available but not visible.This study provides an effective solution for data sharing and privacy protection in blockchain applications.展开更多
How to build a secure architecture for network function virtualization(NFV)is an important issue.Trusted computing has the ability to provide security for NFV and it is called trusted NFV system.In this paper,we propo...How to build a secure architecture for network function virtualization(NFV)is an important issue.Trusted computing has the ability to provide security for NFV and it is called trusted NFV system.In this paper,we propose a new NFV direct anonymous attestation(NFV-DAA)scheme based on trusted NFV architecture.It is based on the Elliptic curve cryptography and transfers the computation of variable D from the trusted platform module(TPM)to the issuer.With the mutual authentication mechanism that those existing DAA schemes do not have and an efficient batch proof and verification scheme,the performance of trusted NFV system is optimized.The proposed NFV-DAA scheme was proved to have a higher security level and higher efficiency than those existing DAA schemes.We have reduced the computation load in Join protocol from 3G_1to 2G_1 exponential operation,while the time of NFV-DAA scheme's Sign protocol is reduced up to 49%.展开更多
Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like Chi...Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.展开更多
Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computi...Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computing in China are introduced in this paper, and then it analyzes some problems of trusted computing at present which are delay in theory research, some key technologies to be developed and lack of trusted software system. Some fields are worthy to be explored on are pointed out including key technology, basic theory and application in trusted computing.展开更多
Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch att...Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.展开更多
Goud computing is a new paradigm in which dynamic and virtualized computing resources are provided as services over the Internet. However, because cloud resource is open and dynamically configured, resource allocation...Goud computing is a new paradigm in which dynamic and virtualized computing resources are provided as services over the Internet. However, because cloud resource is open and dynamically configured, resource allocation and scheduling are extremely important challenges in cloud infrastructure. Based on distributed agents, this paper presents trusted data acquisition mechanism for efficient scheduling cloud resources to satisfy various user requests. Our mechanism defines, collects and analyzes multiple key trust targets of cloud service resources based on historical information of servers in a cloud data center. As a result, using our trust computing mechanism, cloud providers can utilize their resources efficiently and also provide highly trusted resources and services to many users.展开更多
The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network...The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.展开更多
In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relation...In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.展开更多
In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used ...In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.展开更多
Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled ...Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.展开更多
A new authentication algorithm for grid identity trusted computing unlimited by hardware is presented;the trusted root is made as an image data.The grid entity is trusted in the soft platform when its feature of image...A new authentication algorithm for grid identity trusted computing unlimited by hardware is presented;the trusted root is made as an image data.The grid entity is trusted in the soft platform when its feature of image root is entirely matched with that from the other entities' feature database in a scale space process.To recognize and detect the stable image root feature,the non-homogeneous linear expandable scale space is proposed.Focusing on relations between the scale parameter of the inhomogeneous Gaussian function terms and the space evolution of thermal diffusion homogeneous equations,three space evolution operators are constructed to exact and mark the feature from image root.Analysis and verification are carried on the new scale space,operators and the core of making decisions for grid entities certifications.展开更多
Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by w...Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.展开更多
With the wide application of electronic hardware in aircraft such as air-to-ground communication,satellite communication,positioning system and so on,aircraft hardware is facing great secure pressure.Focusing on the s...With the wide application of electronic hardware in aircraft such as air-to-ground communication,satellite communication,positioning system and so on,aircraft hardware is facing great secure pressure.Focusing on the secure problem of aircraft hardware,this paper proposes a supervisory control architecture based on secure System-on-a-Chip(So C)system.The proposed architecture is attack-immune and trustworthy,which can support trusted escrow application and Dynamic Integrity Measurement(DIM)without interference.This architecture is characterized by a Trusted Monitoring System(TMS)hardware isolated from the Main Processor System(MPS),a secure access channel from TMS to the running memory of the MPS,and the channel is unidirectional.Based on this architecture,the DIM program running on TMS is used to measure and call the Lightweight Measurement Agent(LMA)program running on MPS.By this method,the Operating System(OS)kernel,key software and data of the MPS can be dynamically measured without disturbance,which makes it difficult for adversaries to attack through software.Besides,this architecture has been fully verified on FPGA prototype system.Compared with the existing systems,our architecture achieves higher security and is more efficient on DIM,which can fully supervise the running of application and aircraft hardware OS.展开更多
Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent techni...Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent technique with the support of trusted computing provided by TPM,a trust-shell-based constitution model of trusted software(TSCMTS)is demonstrated,trust shell ensures the trustiness of software logically.The concept of Trust Engine is proposed,which extends the "chain of trust" of TCG into application,and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness;Data Structure called trust view is defined to represent the characteristic of software behavior.For the purpose of improving the accuracy of trustiness constraints,a strategy for determining the weights of characteristic attributes based on information entropy is proposed.Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.展开更多
Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mu...Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.展开更多
With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM...With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied.展开更多
The Trusted Platform Module (TPM) is a dedicated hardware chip designed to provide a higher level of security for computing platform. All TPM functionalities are implemented in TPM corntrends to achieve specific sec...The Trusted Platform Module (TPM) is a dedicated hardware chip designed to provide a higher level of security for computing platform. All TPM functionalities are implemented in TPM corntrends to achieve specific security goals. We attempt to analyze the security properties of these commands, especially the key management API. Our study utilizes applied pi calculus to forrmlize the commands and determine how their security properties affect TPM key rmnagement. The attacker is assumed to call TPM comrmnds without bounds and without knowing the TPM root key, expecting to obtain or replace the user key. The analysis goal in our study is to guarantee the corre- sponding property of API execution and the integrity of API data. We analyze the security properties of TPM commands with a process reduction method, identify the key-handle hijack attack on a TPM newly created key, and propose reasonable solutions to solve the problem. Then, we conduct an experiment involving a key-handle attack, which suc- cessfully replaces a user key with an attacker's key using lmlicious TPM software. This paper discloses the weakness of the relationship between the key handle and the key object. After the TPM software stack is compromised, the attacker can hunch a keyhandle attack to obtain the user key and even break into the whole storage tree of user keys.展开更多
In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store t...In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store the image of TOS in a memory card to hinder tampering. The integrity of TOS is protected by means of a trusted platform module (TPM). TOS can only be updated through a trusted third party. In addition, virtualization technology is applied to isolate TOS from normal OS. Users complete ordinary affairs in normal OS and security-sensitive affairs in TOS. TMPE can offer users a highly protected environment for mobile payment. Moreover, TMPE has good compatibility in different hardware architectures of mobile platforms. As the evaluation shows, TMPE satisfies the requirement of mobile payment well.展开更多
A security kernel architeclrne built on trusted computing platform in thelight of thinking about trusted computing is presented According to this architecture,a newsecurity module TCB(Trusted Computing Base)is added t...A security kernel architeclrne built on trusted computing platform in thelight of thinking about trusted computing is presented According to this architecture,a newsecurity module TCB(Trusted Computing Base)is added to the operation system kerneland twooperation interface modes are provided for the sake of self-protection.The security kernel isdivided into two parts and trusted mechanism Is separated from security functionality.Ihe TCBmodule implements the trusted mechanism such as measurement and attestation,while the othercomponents of security kernel provide security functionality based on these mechanisms.Thisarchitecture takes full advantage of functions provided by trusted platform and clearly defines thesecurity perimeter of TCB so as to assure stlf-securily from architcetmal vision.We also presentfunction description of TCB and discuss the strengths and limitations comparing with other relatedresearches.展开更多
Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cry...Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cryptology. In this paper, we analyze the key and credential mechanism which is two basic aspects in the cryptology application of trusted computing. We give an example application to illustrate that the TPM enabled key and credential mechanism can improve the security of computer system.展开更多
基金supported by the National Key Research and Development Plan in China(Grant No.2020YFB1005500)。
文摘With increasing demand for data circulation,ensuring data security and privacy is paramount,specifically protecting privacy while maximizing utility.Blockchain,while decentralized and transparent,faces challenges in privacy protection and data verification,especially for sensitive data.Existing schemes often suffer from inefficiency and high overhead.We propose a privacy protection scheme using BGV homomorphic encryption and Pedersen Secret Sharing.This scheme enables secure computation on encrypted data,with Pedersen sharding and verifying the private key,ensuring data consistency and immutability.The blockchain framework manages key shards,verifies secrets,and aids security auditing.This approach allows for trusted computation without revealing the underlying data.Preliminary results demonstrate the scheme's feasibility in ensuring data privacy and security,making data available but not visible.This study provides an effective solution for data sharing and privacy protection in blockchain applications.
基金Natural Science Foundation of China(NSFC)under grant No.61372103the ZTE Industry-Academia-Research Cooperation Funds.
文摘How to build a secure architecture for network function virtualization(NFV)is an important issue.Trusted computing has the ability to provide security for NFV and it is called trusted NFV system.In this paper,we propose a new NFV direct anonymous attestation(NFV-DAA)scheme based on trusted NFV architecture.It is based on the Elliptic curve cryptography and transfers the computation of variable D from the trusted platform module(TPM)to the issuer.With the mutual authentication mechanism that those existing DAA schemes do not have and an efficient batch proof and verification scheme,the performance of trusted NFV system is optimized.The proposed NFV-DAA scheme was proved to have a higher security level and higher efficiency than those existing DAA schemes.We have reduced the computation load in Join protocol from 3G_1to 2G_1 exponential operation,while the time of NFV-DAA scheme's Sign protocol is reduced up to 49%.
基金supported by the National Natural Science Foundation of China (Grant NO.61332019, NO.61402342, NO.61202387)the National Basic Research Program of China ("973" Program) (Grant No.2014CB340600)the National High–Tech Research and Development Program of China ("863" Program) (Grant No.2015AA016002)
文摘Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,60373087 ,60473023) Network andInformation Security Key Laboratory Programof Ministry of Educa-tion of China
文摘Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computing in China are introduced in this paper, and then it analyzes some problems of trusted computing at present which are delay in theory research, some key technologies to be developed and lack of trusted software system. Some fields are worthy to be explored on are pointed out including key technology, basic theory and application in trusted computing.
基金Supported by the National High-TechnologyResearch and Development Programof China (2002AA1Z2101)
文摘Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.
基金supported by the National Basic Research Program of China (973 Program) (No. 2012CB821200 (2012CB821206))the National Nature Science Foundation of China (No.61003281, No.91024001 and No.61070142)+1 种基金Beijing Natural Science Foundation (Study on Internet Multi-mode Area Information Accurate Searching and Mining Based on Agent, No.4111002)the Chinese Universities Scientific Fund under Grant No.BUPT 2009RC0201
文摘Goud computing is a new paradigm in which dynamic and virtualized computing resources are provided as services over the Internet. However, because cloud resource is open and dynamically configured, resource allocation and scheduling are extremely important challenges in cloud infrastructure. Based on distributed agents, this paper presents trusted data acquisition mechanism for efficient scheduling cloud resources to satisfy various user requests. Our mechanism defines, collects and analyzes multiple key trust targets of cloud service resources based on historical information of servers in a cloud data center. As a result, using our trust computing mechanism, cloud providers can utilize their resources efficiently and also provide highly trusted resources and services to many users.
基金ACKNOWLEDGMENT This work was supported by the National Basic Research Program of China (973 Project) (NO.2007CB311100), the National Science Foundation for Young Scholars of China (Grant No.61001091), Beijing Nature Science Foundation(No. 4122012), "next-generation broadband wireless mobile communication network" National Science and Technology major Special issue funding(No. 2012ZX03002003), Funding Program for Academic Human Resources Development in Institutions of Higher Learning Under the Jurisdiction of Beijing Municipality of China and the key technology research and validation issue for the emergency treatment telemedicine public service platform which integrates the military and civilian and bases on the broadband wireless networks(No.2013ZX03006001-005), the issue belongs to Major national science and technology projects.
文摘The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.
基金Supported by the National High-Technology Re-search and Development Program ( 863 Program)China(2004AA113020)
文摘In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.
基金Acknowledgements This work was supported by Research Funds of Information Security Key Laboratory of Beijing Electronic Science & Technology Institute National Natural Science Foundation of China(No. 61070219) Building Together Specific Project from Beijing Municipal Education Commission.
文摘In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.
基金Supported by the National Natural Science Foun-dation of China (60373087 ,60473023 and 90104005)HP Labo-ratories of China
文摘Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.
基金Foundation item: Supported by the National Natural Science Foundation (61070151,60903203,61103246)the Natural Science Foundation of Fujian Province (2010J01353)+1 种基金the Xiamen University of Technology Scientific Research Foundation (YKJ11024R)Xiamen Scientific Research Foundation (3502Z20123037)
文摘A new authentication algorithm for grid identity trusted computing unlimited by hardware is presented;the trusted root is made as an image data.The grid entity is trusted in the soft platform when its feature of image root is entirely matched with that from the other entities' feature database in a scale space process.To recognize and detect the stable image root feature,the non-homogeneous linear expandable scale space is proposed.Focusing on relations between the scale parameter of the inhomogeneous Gaussian function terms and the space evolution of thermal diffusion homogeneous equations,three space evolution operators are constructed to exact and mark the feature from image root.Analysis and verification are carried on the new scale space,operators and the core of making decisions for grid entities certifications.
基金Supported by the National High Technology Research and Development Program of China (2005AA145110)
文摘Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.
基金supported by the National Key Research and Development Program of China(No.2017YFB0802502)by the Aeronautical Science Foundation(No.2017ZC51038)+4 种基金by the National Natural Science Foundation of China(Nos.62002006,61702028,61672083,61370190,61772538,61532021,61472429,and 61402029)by the Foundation of Science and Technology on Information Assurance Laboratory(No.1421120305162112006)by the National Cryptography Development Fund(No.MMJJ20170106)by the Defense Industrial Technology Development Program(No.JCKY2016204A102)by the Liaoning Collaboration Innovation Center For CSLE,China。
文摘With the wide application of electronic hardware in aircraft such as air-to-ground communication,satellite communication,positioning system and so on,aircraft hardware is facing great secure pressure.Focusing on the secure problem of aircraft hardware,this paper proposes a supervisory control architecture based on secure System-on-a-Chip(So C)system.The proposed architecture is attack-immune and trustworthy,which can support trusted escrow application and Dynamic Integrity Measurement(DIM)without interference.This architecture is characterized by a Trusted Monitoring System(TMS)hardware isolated from the Main Processor System(MPS),a secure access channel from TMS to the running memory of the MPS,and the channel is unidirectional.Based on this architecture,the DIM program running on TMS is used to measure and call the Lightweight Measurement Agent(LMA)program running on MPS.By this method,the Operating System(OS)kernel,key software and data of the MPS can be dynamically measured without disturbance,which makes it difficult for adversaries to attack through software.Besides,this architecture has been fully verified on FPGA prototype system.Compared with the existing systems,our architecture achieves higher security and is more efficient on DIM,which can fully supervise the running of application and aircraft hardware OS.
基金National Natural Science Foundation of China under Grant No. 60873203Foundation of Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education under Grant No. AISTC2009_03+1 种基金Hebei National Funds for Distinguished Young Scientists under Grant No. F2010000317National Science Foundation of Hebei Province under Grant No. F2010000319
文摘Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent technique with the support of trusted computing provided by TPM,a trust-shell-based constitution model of trusted software(TSCMTS)is demonstrated,trust shell ensures the trustiness of software logically.The concept of Trust Engine is proposed,which extends the "chain of trust" of TCG into application,and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness;Data Structure called trust view is defined to represent the characteristic of software behavior.For the purpose of improving the accuracy of trustiness constraints,a strategy for determining the weights of characteristic attributes based on information entropy is proposed.Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.
基金the National Natural Science Foundation of China (60673071, 60743003,90718005,90718006)the National High Technology Research and Development Program of China (2006AA01Z442,2007AA01Z411)
文摘Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.
基金Supported by the National Program on Key Basic Re-search Project of China (G1999035801)
文摘With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied.
基金This paper was supported by the National Natural Science Foundation of China under Grants No.91118006, No. 61202414 the Knowledge Innovation Project of Chinese Academy of Science under Grant No. ISCAS2009-DR14.
文摘The Trusted Platform Module (TPM) is a dedicated hardware chip designed to provide a higher level of security for computing platform. All TPM functionalities are implemented in TPM corntrends to achieve specific security goals. We attempt to analyze the security properties of these commands, especially the key management API. Our study utilizes applied pi calculus to forrmlize the commands and determine how their security properties affect TPM key rmnagement. The attacker is assumed to call TPM comrmnds without bounds and without knowing the TPM root key, expecting to obtain or replace the user key. The analysis goal in our study is to guarantee the corre- sponding property of API execution and the integrity of API data. We analyze the security properties of TPM commands with a process reduction method, identify the key-handle hijack attack on a TPM newly created key, and propose reasonable solutions to solve the problem. Then, we conduct an experiment involving a key-handle attack, which suc- cessfully replaces a user key with an attacker's key using lmlicious TPM software. This paper discloses the weakness of the relationship between the key handle and the key object. After the TPM software stack is compromised, the attacker can hunch a keyhandle attack to obtain the user key and even break into the whole storage tree of user keys.
基金Supported by the National Basic Research Program of China(973 Program)(2014CB340600)the National Natural Science Foundation of China(61173138,61103628,61103220)the Intel Collaborative Research Project
文摘In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store the image of TOS in a memory card to hinder tampering. The integrity of TOS is protected by means of a trusted platform module (TPM). TOS can only be updated through a trusted third party. In addition, virtualization technology is applied to isolate TOS from normal OS. Users complete ordinary affairs in normal OS and security-sensitive affairs in TOS. TMPE can offer users a highly protected environment for mobile payment. Moreover, TMPE has good compatibility in different hardware architectures of mobile platforms. As the evaluation shows, TMPE satisfies the requirement of mobile payment well.
基金Supported by the National Basic Research Programof China(G1999035801)
文摘A security kernel architeclrne built on trusted computing platform in thelight of thinking about trusted computing is presented According to this architecture,a newsecurity module TCB(Trusted Computing Base)is added to the operation system kerneland twooperation interface modes are provided for the sake of self-protection.The security kernel isdivided into two parts and trusted mechanism Is separated from security functionality.Ihe TCBmodule implements the trusted mechanism such as measurement and attestation,while the othercomponents of security kernel provide security functionality based on these mechanisms.Thisarchitecture takes full advantage of functions provided by trusted platform and clearly defines thesecurity perimeter of TCB so as to assure stlf-securily from architcetmal vision.We also presentfunction description of TCB and discuss the strengths and limitations comparing with other relatedresearches.
基金Supported by the National Natural Science Foun-dation of China (60373087 ,60473023 ,90104005) HP Laborato-ry of China
文摘Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cryptology. In this paper, we analyze the key and credential mechanism which is two basic aspects in the cryptology application of trusted computing. We give an example application to illustrate that the TPM enabled key and credential mechanism can improve the security of computer system.
