Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

Ming He,Aiqun Hu,Hangping Qiu

DOI: https://doi.org/10.1109/nswctc.2009.401

2009-01-01

Abstract:With the increasing development of distributed system application, distributed system security is facing the heavy challenge. To arrive at the goal of intensifying the behavior trustworthiness and controllability of distributed systems, we focus on building the trustworthy model between distributed system and user behaviors and strengthening the manageability of distributed systems. By setting up the trustworthy computing circumstance and supplying the trustworthy validation and the active protection based on identity and behavior for trustworthy distributed system, we may defend the unaware viruses and intrusion. Furthermore, the controllability of behavior trust is studied. It can be predicted trust level under the multi-trust-attribute conditions. The experiment results show the .NET framework of creating user behavior log to provide evidences for behavior trust forecast and control.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

WANG Sheng,YU Hong-fang,XU Du

DOI: https://doi.org/10.3969/j.issn.1009-6868.2008.01.008

2008-01-01

Abstract:The Internet plays increasingly important roles in everyone's life, but the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is also becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of networks and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed.

SUN Chen,LIU Dong,LING Wanshui,LU Yiming

DOI: https://doi.org/10.13335/j.1000-3673.pst.2014.03.029

2014-01-01

Abstract:To ensure the communication security of remote terminal units in distribution automation system, based on the trusted computing theory and security chips technique a hierarchical 3 level authentication mechanism suitable to polytype distribution terminal equipments is proposed, and a secure process for security message transmission of data information from telemetering, telesignaling and remote control is designed, and a mathematical model, which can quantitatively reflect the confidence level of integrity and authenticity of terminal unit status, is put forward. Based on Matlab the interactive process of data information between distribution terminals and the master station is simulated, and utilizing 10 elliptic curves with different key lengths the time expenditure for crypto-operation as well as the securities of elliptic curve cryptography and the timestamp checking mechanism utilized by trusted mechanism are analyzed, and then the confidence level of authenticity of terminal equipments are calculated. Accordingly, those are validated that the proposed trusted mechanism possesses stronger confidentiality and higher accuracy against replay attacks.

Dong Yan

2012-01-01

Abstract:A distributed database as database system and computer network organically,become the Internet under the environment of information resources sharing and application core,its important safety problems.According to the safety of distributed database system requirement,in the analysis of system structure and safety factor of the foundation,on the security policy and security mechanism of the identity authentication,communication security,access control,library,encryption,password system and key management,distribution affairs management,audit tracking,fault recovery,etc were analyses.

Xue-hai Peng,Chuang Lin

DOI: https://doi.org/10.1109/DASC.2006.20

2006-01-01

Abstract:Existing isolated and add-on secure systems are rarely robust under attack, misoperation and internal faults. Secure communication only offers little protection if one ore more components are compromised, and are not sufficient for holistic and systemic security. This paper proposes the concept of trustworthy networks, which makes advances along these traditional researches on network security in combination. We outline the key challenges in constructing trustworthy networks, and define three properties, namely security, survivability and controllability. Consulting human interactions, the abstract architecture for trustworthy networks is proposed, depicting protocols layers, topology structure, entities and components, and protocol steps

Xukai Zou,Yuan-shun Dai,Yi Pan

DOI: https://doi.org/10.1142/9789812790880

2008-01-01

Abstract:Computer networks are compromised by various unpredictable factors, such as hackers, viruses, spam, faults, and system failures, hindering the full utilization of computer systems for collaborative computing one of the objectives for the next generation of the Internet. It includes the functions of data communication, resource sharing, group cooperation, and task allocation. One popular example of collaborative computing is grid computing. This monograph considers the latest efforts to develop a trusted environment with the high security and reliability needed for collaborative computing. The important modules treated include secure group communication, access control, dependability, grid computing, key management, intrusion detection, and trace back. In addition, a real project for developing a nationwide medical information system with high dependability and security is described. Contents: Secure Group Communication (SGC); Cryptography Based Access Control; Intrusion Detection and Defence; Security in Grid Computing; Trusted and Seamless Medical Information Systems.

Yue Sun,Qiang Li,Bo Zhou,Wei Chen,Xiaotian Xu,Gangjun Gong

DOI: https://doi.org/10.1088/1742-6596/1639/1/012085

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract Performing an in-depth study on the Power Internet of Things (IoT), it is known that the distribution network faces higher security risks due to a large number of terminals, various types of equipment, and the flexible access of each device to the distribution network structure and dynamic boundary. Therefore, it is urgent to make significant research on the security control mechanism for the power distribution Internet of Things, to realize the safe access of IoT devices in the Power IoT. Firstly, this paper analyses the shortage of power system security under the background of the IoT. Secondly, trusted computing technology is represented by the TrustZone and is deeply studied, and the feasibility of its application for the security of power distribution IoT is analyzed. Furthermore, the TrustZone-based security management and control architecture for power distribution novel IoT equipment is proposed, and its integrity measurement and trusted network connection process are analyzed. Finally, the security of this architecture is analyzed briefly.

FENG Dengguo,LIU Jingbin,QIN Yu,FENG Wei,Wei FENG,Yu QIN,Jingbin LIU,Dengguo FENG

DOI: https://doi.org/10.1360/ssi-2020-0096

2020-08-01

Scientia Sinica Informationis

Abstract:Trusted computing is based on a hardware security mechanism establishing a trusted computing environment and comprehensively enhances the system and network trust from the architectural perspective. With the development of information technology and continuous emergence of new application scenarios, security threats in the cyberspace are becoming increasingly serious; hence, trusted computing is actively researched in both academia and industry to find solutions against such treats. This paper summarizes the development process of trusted computing theory from the perspective of innovation and development. The study centers around one of the authors research results in trusted computing over the past 20 years. It proposes a trusted computing technology architecture that covers two method foundations, three trust cores, and four key technologies. Furthermore, the paper summarizes important research problems in mobile trusted computing, quantum-resistant trusted computing, trusted Internet of Things (IoT), trusted cloud, and trusted blockchain, elaborating on the integration and development of trusted computing in these fields. In mobile trusted computing, the design and implementation of a trusted execution environment architecture with software/hardware co-design is the focus of research. Another two important research issues in mobile trusted computing are the runtime security isolation and protection of the mobile operating systems kernel and trusted execution environment-based mobile application security protection. Due to the characteristics of embedded environments and limitation of resources, the construction of lightweight trusted roots, efficient and secure software attestation, practical secure code update mechanism, and swarm device attestation are important issues for further research in trusted IoT. In new scenarios such as quantum-resistant trusted computing, trusted cloud, and trusted blockchain, trusted computing is also constantly expanding its application boundaries and playing an increasingly important role. Finally, this paper looks ahead and discusses the development trends in trusted computing.

Yuxia Cheng,Qing Wu,Wenzhi Chen,Bei Wang

DOI: https://doi.org/10.1016/j.jpdc.2018.07.014

IF: 4.542

2018-01-01

Journal of Parallel and Distributed Computing

Abstract:Transmissible cyber threats have become one of the most serious security issues in cyberspace. Many techniques have been proposed to model, simulate and identify threats’ sources and their propagation in large-scale distributed networks. Most techniques are based on the analysis of real networks dataset that contains sensitive information. Traditional in-memory analysis of these dataset often causes data leakage due to system vulnerabilities. If the dataset itself is compromised by adversaries, this threat cost would be even higher than the threat being analysed. In this paper, we propose a new distributed shielded execution framework (Disef) for cyber threats analysis. The Disef framework enables efficient distributed analysis of network dataset while achieves security guarantees of data confidentiality and integrity. In-memory dataset is protected by using a new encrypted key–value format and could be efficiently transferred into Intel SGX enabled enclaves for shielded execution. Our experimental results showed that the proposed framework supports secure in-memory analysis of large network dataset and has comparable performance with systems that have no confidentiality and integrity guarantees.

Zhongyuan QIN,Aiqun HU

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.14.041

2006-01-01

Abstract:Trusted computing is the new stage of information security. It brings security chip architecture in the computing hardware platform, and the whole system's security is greatly improved correspondingly. The origin and development of trusted computing are introduced, especially its architecture and the key components such as the trusted platform module, root of trust, etc. The current research has also been concluded.

ZHANG Min,LUO Guang-chun

DOI: https://doi.org/10.3969/j.issn.1001-0548.2007.06.012

2007-01-01

Abstract:The application security problem of Internet is far from being completely solved. In this paper, some basic concepts and critical issues in trustworthy computer network are first introduced. Then an architecture of trustworthy network, and host Identity Protocol as end system identity, is proposed to make sure communicate trustworthy.

Li-ming Hao,Shu-tang Yang,Song-nian Lu,Gong-liang Chen

DOI: https://doi.org/10.1007/s12204-008-0086-8

2008-01-01

Abstract:Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers’ identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer’s identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%, the service selection failure rate is less than 0.15.

Yunhao Liu,Jinsong Han

DOI: https://doi.org/10.14711/thesis-b987542

2007-01-01

Abstract:Peer-to-Peer (P2P) model has become the mainstream of the applications in current and future Internet. Being effective in utilizing and managing globally distributed information over Internet, however, most current P2P systems do not provide protection to their users against the increasing threat from selfish peers or malicious adversaries. Anonymous and trustworthy computing hereby has continuously gained importance because it meets the users’ demands of privacy, fairness, trust, and reliability. In order to construct anonymous and trustworthy P2P systems, we must address several crucial challenges including (1) reliably and efficiently anonymizing the P2P network; (2) authenticating users’ identities; (3) enabling trust management in anonymous environments. Most existing approaches achieve anonymity via fixed paths, which are unreliable and inefficient in dynamic P2P systems. We propose two non-path based protocols to anonymize P2P systems. The results of trace driven simulations show that our proposed protocols are reliable, scalable and effective, and significantly reduce cryptographic overhead. The second issue is that the current authentication approaches face a dilemma in anonymous environments: authenticating other users needs their real identities; while the anonymity requires those users to hide their real identities. We propose a Zero-knowledge based protocol to allow users authenticate with each other without exposing their real identities. We show the effectiveness of our proposed protocol by simulation studies and prototype implementation. We solve the third issue by constructing a reputation based trust management architecture. We particularly focus on the feedback quality problem. In shorting of trusted authority centers in P2P systems, the feedback quality are easily wrecked by the dishonest feedback from malicious peers, which further degrades the computation accuracy of users’ reputation. Our proposed architecture effectively alleviates the damage on computing reputation caused by the feedback cheating. We believe that widely employing above proposed approaches will make P2P systems more secure and reliable. We also extend our study to other distributed systems and propose a privacy-preserving authentication protocol for RFID systems. Keywords: Peer-to-Peer, Anonymity, Privacy-Preserving, Authentication, Key Updating, Secret Sharing, Random Walk, Selected Flooding, Trustworthy Computing, Feedback Quality, Trust Management, Trace Driven Simulation, Zero-Knowledge Proof, Man-in-middle-attack

JIA Deli,FANG Yong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.02.035

2007-01-01

Abstract:For the openness, anonymity and dynamic characters in P2P systems. It is very hard for the entities in the system to identify mutual dependency, The introducing of the concept of Trust Value has settled this problem, and made Trust Value be one of the most important roles in the P2P systems. This Article has put forward a protocol which can securely manage the Trust Value in Decentralized P2P systems, consequently guaranteed the secure storage, distribute, access and modify of Trust Value.

WANG Yuan,XU Feng,CAO Chun

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.08.069

2005-01-01

Computer Science

Abstract:The security problems of the open coordination software environment make great influence on the develop- ment and application of the software systems. Trust management is a new approach to solve these security problems ef- fectively. By analyzing the security problems of the open coordination software systems and the limitations of the tradi- tional trust management systems, this paper designs and implements a distributed access control system, DACBTM, based on trust management, which is suitable for the application system in the open coordination software environment. The system can evaluate the trust relationship between software entities by the approach of trust-evaluation. We also present an improved, effective algorithm for the collection of the security information, which provides a reasonable mechanism to solve the shortness of the security information in the open coordination software environment.

Jinshu Su,Xiaofeng Wang,Wei Shi,Indrakshi Ray

DOI: https://doi.org/10.1002/sec.1276

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:The rapid growth of distributed and networking technologies has made our information system more vulnerable to attack threats, malicious behaviors, and unpredictable failures. As the emergence of botnets and advanced persistent threat attacks, the traditional defense technology cannot cope well with the new large-scale and obfuscated malwares. In distributed and virtualized environments, the trust risk of applications has been increased considerably, which made it vital to propose new trust access control technologies. In addition, the complicated system usually comprises a large number of components that are susceptible to unpredictable failures. We need new designs of resilient infrastructure and dependable services. The papers in this special issue focus on the security, trust, and resilience management for distributed and networking computing paradigms, such as wireless sensor network, P2P network, ad hoc networks, virtualized network, and software-defined network. The contributions of these papers are outlined next. To locate the real source of the Internet attacks, existing work is easy to be evaded by attackers and difficult to justify the stepping stones. Sheng Wen et al. introduce the consistent causality probability to detect the stepping stones. They formulate the ranges of abnormal causality probabilities according to the different network conditions and further implement self-adaptive methods to capture stepping stones. To extract signatures for malwares, most existing string-based signatures extracting methods have the problem of inaccuracy and time consuming. Sun Hao et al. present a system for automatically extracting signatures from large-scale malwares, named AutoMal. The system can extract both byte signatures and hashed signatures from the malware network flows with high accuracy. Multi-interface multi-channel can reduce the channel interference and improve the network capacity for multi-hop wireless ad hoc networks. Tong Zhao et al. design a dynamic channel assignment algorithm that can dynamically switch the channels to the less busy ones by monitoring the channel usages. Moreover, the algorithm is designed in a fully distributed way with low overhead For the task allocation in wireless sensor networks (WSNs), traditional solutions for high-performance computing cannot be directly used in WSNs because of limitations of resource availability and shared communication medium. Wenzhong Guo et al. design a discrete particle swarm optimization to generate a structure of the parallel coalitions, and then introduce the game theory and

Yi Luo,Qiong Li,Hao-Kun Mao

2024-02-01

Abstract:Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network. Most researches on relay-based QKD network assume that all relays or nodes are completely trustworthy. However, the malicious behavior of any single node can undermine security of QKD networks. Current research on QKD networks primarily addresses passive attacks conducted by malicious nodes such as eavesdropping. We suggest a novel paradigm, inspired by distributed systems, to address the active attack by collaborate malicious nodes in QKD networks. Firstly, regarding security, we introduce the ITS distributed authentication scheme, which additionally offers two crucial security properties to QKD networks: identity unforgeability and non-repudiation. Secondly, concerning correctness, our ITS fault-tolerant consensus method, ensures ITS and global consistency with fixed classical broadcast rounds, contrasting with the exponentially message-intensive Byzantine agreement method. Through our simulation, we have shown that our scheme exhibits a significantly lower growth trend in authentication key consumption compared to the original end-to-end pre-shared keys scheme.

Quantum Physics

Chuang Lin,Xue-Hai Peng

DOI: https://doi.org/10.1007/s11390-006-0732-2

IF: 1.871

2006-01-01

Journal of Computer Science and Technology

Abstract:In this paper, the architecture of trustworthy and controllable networks is discussed to meet arising application requirements. After reviewing the lessons and experiences of success and failure in the Internet and summarizing related work, we analyze the basic targets of providing trustworthiness and controllability. Then, the anticipant architecture is introduced. Based on the resulting design, several trustworthy and controllable mechanisms are also discussed.