Ji-Ming Chen,Ting-Ting Li,John Panneerselvam

DOI: https://doi.org/10.1109/access.2018.2876153

IF: 3.9

2018-01-01

IEEE Access

Abstract:Message transmission in vehicular networks is increasing in popularity which exploits the network nodes to transmit messages using cooperative communication in a multi-hop fashion. But the increasing number of malicious nodes in the high-speed Internet of Vehicles demands additional methodologies to quickly detect the presence of such nodes to avoid serious security consequences. Early detection of malicious nodes, and accurate assessment of complex data to assess the node reliability are of absolute importance in vehicular networks. To this end, this paper proposes a security scheme that uses evidence combination method to combine local data with external evidence to evaluate the reliability of multi-dimensional data received from other peer nodes. In addition, this paper uses European Telecommunications Standards Institute standard and Decentralized Environmental Notification Message, and proposes a trust calculation method based on collaborative filtering by introducing a small-time interval to detect the changes in the node behaviors. While the former solution helps more accurate computation of the direct trust value, the latter scheme can calculate the indirect trust based on recommendations received from neighbors, ultimately to obtain the global trust value. Finally, more effective traffic data can be obtained to help traffic prediction. Experiments conducted under various network scenarios demonstrate that our proposed scheme outperforms the existing trust models, such as precision or recall and can resist bad-mouth attacks, selective-misbehavior attacks, and time-dependent attacks, especially under larger proportions of malicious nodes.

Haojie Lu

2009-01-01

Abstract:User authentication is mostly carried out by sending a pair of username and password to the server in insecure network,since most users have not a certificate.Just based on this fact,some attacks are achieved.The method of phishing and the common mechanism of protecting key are analyzed,and an authentication scheme employing trusted computing technology is proposed.Since the scheme combines protected storage,authentication chain,and password partition etc,thieving only the password will not have an affect on user security.In the end,the proposed approach is proven to protect against phishing attacks.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Yanan Sun,Xiaohong Guan,Ting Liu,Yu Qu

DOI: https://doi.org/10.1109/trustcom.2012.80

2012-01-01

Abstract:In the identity authentication, many advanced encryption techniques are applied to confirm and protect the user identity. Although the identity information is transmitted as cipher text in the Internet, the attackers can theft and fraud the identity by eavesdropping, cryptanalysis and forging. In this paper, a new identity authentication mechanism is proposed, which exploits the Timing Covert Channel (TCC) to transmit the identity information. TCC was originally a hacker technique to leak information under supervising, which uses the sending time of packets to indicate the information. In our method, the intervals between packets are applied to indicate the authentication tags. It is difficult for the attackers to eavesdrop, crack and forge the TCC identity, since the packets are too huge to analyze and the noise is different between the users and the attackers. A platform is designed to verify our proposed method. The experiment shows that the intervals and the thresholds are the key factors on the accuracy and efficiency. And it also proves our method is a secure way for identity information, which could be implanted on various network applications.

J Tang,Jz Li,Kh Wang,Yr Cai

DOI: https://doi.org/10.1007/3-540-39205-X_122

2003-01-01

Abstract:Atomicity and anonymity are the two important requirements for application in electronic commerce. However absolutely anonymity may lead to confliction with law enforcement, e.g. blackmailing or money laundering. Therefore, it is important to design systems satisfying both atomicity and revocable anonymity. Based on the concept of two-phase commitment, we realize atomicity in electronic transaction with the Trusted Third Part as coordinator. Also we develops Brands' fair signature model, propose a method to enable not only anonymity but also owner-trace and money-trace.

Qi Li,Xinwen Zhang,Jean-Pierre Seifer,Hulin Zhong

DOI: https://doi.org/10.1109/aptc.2008.24

2008-01-01

Abstract:Mobile payment (m-payment) received significant attention because it enables an easy payment mechanism and becomes an important complement to traditional payment means. However, m-payment over open devices and networks poses security challenges of a new dimension. Although many researchers address security issues in m-payment, there are still some security problems that are not well resolved, such as platform integrity and user privacy protection. In this paper, we propose a general payment architecture with Trusted Computing (TC) technologies to secure mobile payment. Using only a simple mobile payment infrastructure, a platform integrity protection solution is proposed to secure payment software downloading, application initialization, and secure payment transactions. We further propose two schemes to enhance the performance and flexibility of our solution. The first scheme provides platform attestation using an identity-based signature (IBS) algorithm instead of a traditional credential-based public-key signature algorithm within Trusted Computing Group (TCG) technologies, which fully utilizes the merits of the mobile computing infrastructure and improves the flexibility and performance of the payment solution. The second scheme provides attestation caching without sacrificing security achievements. We have implemented a real prototype system based on an emulated payment environment. Our security analysis and experimental results prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance.

罗安安,林闯,王元卓,邓法超,陈震

DOI: https://doi.org/10.3724/SP.J.1016.2009.00887

2009-01-01

Chinese Journal of Computers

Abstract:Trusted Network Connect (TNC) is considered as an important part of trusted network architecture, and with its deeper research and application development, whether it is enough trustworthy during TNC platform authentication and access control becomes a key problem. In the paper, we mainly focus on the trustworthy problem of TNC. First, we proposed a novel security quantifying method which is based on semi-Markov processes. And then, according to the potential threat and security holes during typical message flow and access authorization process in TNC specification, we proposed a set of trustworthy enhanced mechanisms, which is verified by our security quantifying method. Finally a TNC prototype system framework based on IXP2400 network processor is built to be a performance evaluation and trustworthy verification platform.

Yalin Chen,Jue-Sam Chou,Hung-Min Sun,Ming-Hsun Cho

DOI: https://doi.org/10.1016/j.elerap.2011.06.002

IF: 6

2011-01-01

Electronic Commerce Research and Applications

Abstract:Untraceable electronic cash is an attractive payment tool for electronic-commerce because its anonymity property can ensure the privacy of payers. However, this anonymity property is easily abused by criminals. In this paper, several recent untraceable e-cash systems are examined. Most of these provide identity revealing only when the e-cash is double spent. Only two of these systems can disclose the identity whenever there is a need, and only these two systems can prevent crime. We propose a novel e-cash system based on identity-based bilinear pairing to create an anonymity revocation function. We construct an identity-based blind signature scheme, in which a bank can blindly sign on a message containing a trustee-approved token that includes the user's identity. On demand, the trustee can disclose the identity for e-cash using only one symmetric operation. Our scheme is the first attempt to incorporate mutual authentication and key agreement into e-cash protocols. This allows the proposed system to attain improvement in communication efficiency when compared to previous works.

Hongbo Sun,Yi Liu,Yueting Chai,Xiao Sun

DOI: https://doi.org/10.1109/ICeLeTE.2012.6333393

2012-01-01

Abstract:This paper presents a novel architecture for trusted e-commerce cloud, which integrates trusted system and cloud computing technology together to solve the credibility and resources reuse problem of e-commerce. The key different between other e-commerce architectures and this proposed architecture is the introduction of trusted e-commerce infrastructure, which ensure the regulation of e-commerce market players, information and transactions. This paper discusses the basic rules for trusted e-commerce systems, which includes trusted e-commerce market player rules, information rules and transaction rules. The proposed architecture is described in this paper from user view, integration view, conceptual view and implementation view separately. The regulated and public services of this proposed architecture have great potential to govern e-market access, purify e-commerce market information, ensure e-commerce transactions, protect rights of e-commerce participants and improve the credibility of e-commerce players, information and transactions processes.

黄少寅,陈勇,高传善

DOI: https://doi.org/10.3321/j.issn:1000-436x.2003.12.024

2003-01-01

Abstract:Traditional secure electronic transaction protocols such as SET adopts across identity certification strategy, thus has the followed flaws: protocol is very complex and efficiency of protocol is very low. Due to these flaws, we present a new secure electronic transaction protocol named SETBOC which based on one-way certification technique. Through the analysis the process flow of SETBOC, we prove that SETBOC can finish the identity certification among client, merchant and pay-gateway, keep respective information secret, satisfy the money atomicity, and has the characteristic of high run efficiency and easy to implement. SETBOC also provides a arbitrate strategy for the conflict between client and merchant.

沈炜,陈纯

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.01.019

2002-01-01

Abstract:As a kind of low cost device of tamper resistance, the smart card has been used for many purposes. But, a number of techniques for attacking smart cards are also known and they show that building secure and effective issuing architecture is much harder than it looks. In this paper, we analyze trust relationship among entities in issuing architecture and classify possible attacks. Furthermore a set of protocols have been presented and on the basis of them, a secure scheme is given.

E. Ghazizadeh,Z. S. Shams Dolatabadi,R. Khaleghparast,M. Zamani,A. A. Manaf,M. S. Abdullah

DOI: https://doi.org/10.1155/2014/561487

2014-01-01

Abstract and Applied Analysis

Abstract:The growth of Internet online services has been very quick in recent years. Each online service requires Internet users to create a new account to use the service. The problem can be seen when each user usually needs more than one service and, consequently, has numerous accounts. These numerous accounts have to be managed in a secure and simple way to be protected against identity theft. Single sign-on (SSO) and OpenID have been used to decrease the complexity of managing numerous accounts required in the Internet identity environment. Trusted Platform Module (TPM) and Trust Multitenancy are great trusted computing-based technologies to solve security concerns in the Internet identity environment. Since trust is one of the pillars of security in the cloud, this paper analyzes the existing cloud identity techniques in order to investigate their strengths and weaknesses. This paper proposes a model in which One Time Password (OTP), TPM, and OpenID are used to provide a solution against phishing as a common identity theft in cloud environment.

Carlton Shepherd,Raja N. Akram,Konstantinos Markantonakis

DOI: https://doi.org/10.48550/arXiv.1804.10707

2018-11-26

Abstract:Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.

Cryptography and Security

Yao Liu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/icebe.2015.76

2015-01-01

Abstract:In the current Internet environment, security incidents occur frequently and the potential safety problems are highlighted. In this case, we propose "Internet trusted identity authentication system". The system changes the previous conventional mode of identity authentication, changes the mode of username/password to the relationship bound between net ID and password rule and replaces the traditional dead-password mode with the mode of dynamic password and password rule. At the same time, we should establish the repository of trusted identity to store and manage the net ID and password rule. With the tools of USBKEY, SMS and digital certificates, the system can achieve the function of implementing the real-name network in the Internet, making remembering passwords more convenience, simplifying users' operations online and strengthening the security of personal identification information online, which can improve the safety, reliability and efficiency of the Internet, on the premise that it won't change the Internet functions or the operation habits.

Xiao Yu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.4028/www.scientific.net/aef.2-3.583

2011-01-01

Advanced Engineering Forum

Abstract:Absence of trusted online transaction environment (TOTE) becomes the biggest obstacle to e-commerce development, which embodies three key problems: unauthentic identity information, false product information and insecure transaction process. In order to present a systematic method to build trusted online transaction environment with identity. authentic information, accurate product information and secure transaction process, this article puts forward a framework composed of three information infrastructures: Identity Authentication Service (IAS), Product Information Service (PIS) and Electronic Contracts Service (ECS). They have been implemented in online pharmaceutical transaction field in China, and have facilitated all online transaction participants such as pharmaceutical manufactures, dealers, consumers, online market operators and government regulators.

Jing Zou,Peizhe Xin,Zhihong Xiao,Jiang Fang,Ting Li,Haonan He,Shangyuan Zhuang,Yinlong Liu

DOI: https://doi.org/10.3390/electronics12081882

IF: 2.9

2023-04-18

Electronics

Abstract:A vehicle charging network system has to access large-scale heterogeneous terminals to collect charging pile status information, which may also give malicious terminals an opportunity to access. Though some general access authentication solutions aimed at only allowing trusted terminals have been proposed, they are difficult to work with in a vehicle charging network system. First, among various heterogeneous terminals with significant differences in computing capabilities, there are inevitably terminals that cannot support computations required for cryptography-based access authentication schemes. Second, though access authentication schemes based on device fingerprints are independent of terminal computing capabilities, their authentication performance is weak in robustness and high in overhead. Third, the access authentication delay is huge since the system cannot withstand heavy concurrent access requests from large-scale terminals. To address the above problems, we propose a reliable and lightweight trusted access authentication solution for terminals in the vehicle charging network system. By cloud, edge, and local servers cooperating to execute authentication tasks, our Cloud-Edge-End Collaborative architecture effectively alleviates the authentication delay caused by high concurrent requests. Each server in the architecture deploys our well-designed unified trusted access authentication (UATT) model based on device fingerprints. With ingenious data construction and the powerful swin-transformer network, the UATT model can provide robust and low-overhead authentication services for heterogeneous terminals. To minimize authentication latency, we further design an A2C-based authentication task scheduling scheme to decide which server executes the current task. Comprehensive experiments demonstrate our solution can authenticate terminals with an accuracy higher than 98% while reducing the required data packets by two orders of magnitude, and it can effectively reduce authentication latency.

engineering, electrical & electronic,computer science, information systems,physics, applied

Orhio Mark Creado,Bala Srinivasan,Phu Dung Le,Jefferson Tan

DOI: https://doi.org/10.5121/csit.2014.4212

2014-03-03

Abstract:Trust is an absolute necessity for digital communications; but is often viewed as an implicit singular entity. The use of the internet as the primary vehicle for information exchange has made accountability and verifiability of system code almost obsolete. This paper proposes a novel approach towards enforcing system security by requiring the explicit definition of trust for all operating code. By identifying the various classes and levels of trust required within a computing system; trust is defined as a combination of individual characteristics. Trust is then represented as a calculable metric obtained through the collective enforcement of each of these characteristics to varying degrees. System Security is achieved by facilitating trust to be a constantly evolving aspect for each operating code segment capable of getting stronger or weaker over time.

Cryptography and Security

Qiwei Lu,Wenchao Huang,Xudong Gong,Xingfu Wang,Yan Xiong,Fuyou Miao

DOI: https://doi.org/10.48550/arXiv.1307.2977

2013-07-11

Abstract:With the rapid development of MANET, secure and practical authentication is becoming increasingly important. The existing works perform the research from two aspects, i.e., (a)secure key division and distributed storage, (b)secure distributed authentication. But there still exist several unsolved problems. Specifically, it may suffer from cheating problems and fault authentication attack, which can result in authentication failure and DoS attack towards authentication service. Besides, most existing schemes are not with satisfactory efficiency due to exponential arithmetic based on Shamir's scheme. In this paper, we explore the property of verifiable secret sharing(VSS) schemes with Chinese Remainder Theorem (CRT), then propose a secret key distributed storage scheme based on CRT-VSS and trusted computing for MANET. Specifically, we utilize trusted computing technology to solve two existing cheating problems in secret sharing area before. After that, we do the analysis of homomorphism property with CRT-VSS and design the corresponding shares-product sharing scheme with better concision. On such basis, a secure distributed Elliptic Curve-Digital Signature Standard signature (ECC-DSS) authentication scheme based on CRT-VSS scheme and trusted computing is proposed. Furthermore, as an important property of authentication scheme, we discuss the refreshing property of CRT-VSS and do thorough comparisons with Shamir's scheme. Finally, we provide formal guarantees towards our schemes proposed in this paper.

Cryptography and Security

Denghui Zhang,Lijing Ren,Zhaoquan Gu

DOI: https://doi.org/10.3390/app12189191

2022-01-01

Applied Sciences

Abstract:The addressing and discovering service is a vital infrastructure of the Internet. New applications and scenarios in next-generation networks rely on the secure and stable operation of domain name services, which puts forward new security challenges for the original domain name mechanism. While previous security enhancements of network services struggled to strike a balance between security, performance, and compatibility, hindering further use of core network services, the TEE (Trusted Computing Environment) technology can provide trusted and confidential services in untrusted network environments by verifiable hardware signatures. In this paper, we present a novel trustworthy service architecture with the preservation of security and privacy for addressing messages. The scheme provides a secure enclave to generate authenticatable responses between clients and targets, thus ensuring the privacy of services. We further build a new TEE compilation model to ensure that the built resolver application can provide trusted and secure services within TEE while keeping the availability without the TEE hardware. Experimental results show that our approach can enhance the privacy and security of addressing services such as DNS (Domain Name System) without sacrificing the quality of service and breaking the infrastructures of existing services.