Wei Feng,Yu Qin,Ai-min Yu,Dengguo Feng

DOI: https://doi.org/10.1109/trustcom.2011.55

2011-01-01

Abstract:Trusted Network Connection (TNC for short) can prevent insecure terminal from accessing protected network and thus strengthen the security of network. Existing TNC solutions face a serious problem called lying endpoint problem (LEP for short). If an attacker modifies the terminal agent software which is responsible for collecting the integrity state of an endpoint platform, Trusted Network Connection will lose its meanings. Trusted Computing Group (TCG) adds the functionality of trusted computing to prevent lying endpoint problem, but TCG's TNC relies on the traditional Static Root of Trust for Measurement (SRTM) which has too big TCB (Trusted Computing Base) and has been proved unsafe. In this paper, we design and implement an improved TNC scheme with high reliability and scalability based on trusted integrity status of terminal. While focusing on LEP problem under the context of Network Access Control (NAC), we leverage Dynamic Root of Trust for Measurement (DRTM) technology to realize desired security requirements such as smaller TCB. We also use the Logic of Secure Systems (LS2) to prove the security properties of our improved TNC system. Our experimental evaluation demonstrates that our method is feasible.

谭良,徐志伟

DOI: https://doi.org/10.3969/j.issn.1002-137x.2008.10.003

2008-01-01

Computer Science

Abstract:The issue of the transitive trusted chain is the foundation for trusted computing.This paper surveys the technologies and the theories of the transitive trusted chain,including the technology projects of the transitive trusted chain,the technologies of the trust for measurement,the theories of the transitive trusted chain and the trust for measurement.Some fields are worthy to be explored are pointed out including some key technologies,such as the static trust for measurement and the dynamic trust for measurement,and some foundation theories,such as the level model of the trusted chain,the trust loss model and the theory of the dynamic trust for measurement for software,and so on.

Ji-Ming Chen,Ting-Ting Li,John Panneerselvam

DOI: https://doi.org/10.1109/access.2018.2876153

IF: 3.9

2018-01-01

IEEE Access

Abstract:Message transmission in vehicular networks is increasing in popularity which exploits the network nodes to transmit messages using cooperative communication in a multi-hop fashion. But the increasing number of malicious nodes in the high-speed Internet of Vehicles demands additional methodologies to quickly detect the presence of such nodes to avoid serious security consequences. Early detection of malicious nodes, and accurate assessment of complex data to assess the node reliability are of absolute importance in vehicular networks. To this end, this paper proposes a security scheme that uses evidence combination method to combine local data with external evidence to evaluate the reliability of multi-dimensional data received from other peer nodes. In addition, this paper uses European Telecommunications Standards Institute standard and Decentralized Environmental Notification Message, and proposes a trust calculation method based on collaborative filtering by introducing a small-time interval to detect the changes in the node behaviors. While the former solution helps more accurate computation of the direct trust value, the latter scheme can calculate the indirect trust based on recommendations received from neighbors, ultimately to obtain the global trust value. Finally, more effective traffic data can be obtained to help traffic prediction. Experiments conducted under various network scenarios demonstrate that our proposed scheme outperforms the existing trust models, such as precision or recall and can resist bad-mouth attacks, selective-misbehavior attacks, and time-dependent attacks, especially under larger proportions of malicious nodes.

Fachao Deng,Anan Luo,Yaokun Zhang,Zhen Chen,Xuehai Peng,Xin Jiang,Dongsheng Peng

DOI: https://doi.org/10.1109/ICYCS.2008.380

2008-01-01

Abstract:This paper presents TNC-UTM, a holistic solution to secure enterprise networks from gateway to endpoints. Just as its name suggested, the TNC-UTM solution combines two popular techniques TNC and UTM together by defining an interface between them that integrates their security capacity to provide efficiently network access control and security protection for enterprise network. Not only TNC-UTM provides the features of TNC and UTM, but also it achieves stronger security and higher performance by introducing intelligent configuration decisions and RBAC mechanism. Experiment demonstrated the superior advantages of the TNC-UTM solution.

Zhen Chen,Fa-Chao Deng,An-An Luo,Xin Jiang,Guo-Dong Li,Run-hua Zhang,Chuang Lin

DOI: https://doi.org/10.1109/wcins.2010.5541863

2010-01-01

Abstract:Traditional NAC system in enterprise network is in coarse granularity (e.g. IP or MAC address) and lack of flexibility. Recently the demand in tight control of the enterprise network to defense the misuse and security issues become more and more urgent. Based on the TCG TNC standard, an application level network access control mechanism is proposed and implemented. With TNC client/server model in hand, a client is designed to enhance TNC client with the function of host flow controller (HFC), and intercepts each application network access request(ANAR) and transfer it to PDP server to authorize the access request. When a sensor (i.e. intrusion detection system) detects any malicious traffic, host flow controller and network flow controller can identify the application that origins this traffic by querying Metadata Access Point (MAP) server and block this application's network access. A prototype system is implemented to demonstrate the design and can be used to defense the anomaly network behaviors. The prototype system demonstrates that the hosts, switches, firewalls and IDS can work together to detect, diagnose and protect enterprise network from the malicious applications attack initiated inside or outside of an enterprise network, quarantine unhealthy hosts and make the enterprise network more reliable and trustworthy.

LI XIAO-ming,lIU Fang,HOU Gang

DOI: https://doi.org/10.3969/j.issn.1671-0428.2013.07.025

2013-01-01

Abstract:With the development of our country electron government affairs informationization construction,E-government network security problem is becoming more and more attention by the industry,building perfect information security guarantee system,establishing safety and reliable electronic government affair network system has become the next focus of the e-government construction,this article on how to use the concept of trusted network connect(TNC) system in the national information security infrastructure(NISI) structure in building e-government trusted access network security platform is discussed.

Xue-hai Peng,Chuang Lin

DOI: https://doi.org/10.1109/DASC.2006.20

2006-01-01

Abstract:Existing isolated and add-on secure systems are rarely robust under attack, misoperation and internal faults. Secure communication only offers little protection if one ore more components are compromised, and are not sufficient for holistic and systemic security. This paper proposes the concept of trustworthy networks, which makes advances along these traditional researches on network security in combination. We outline the key challenges in constructing trustworthy networks, and define three properties, namely security, survivability and controllability. Consulting human interactions, the abstract architecture for trustworthy networks is proposed, depicting protocols layers, topology structure, entities and components, and protocol steps

ZHANG Min,LUO Guang-chun

DOI: https://doi.org/10.3969/j.issn.1001-0548.2007.06.012

2007-01-01

Abstract:The application security problem of Internet is far from being completely solved. In this paper, some basic concepts and critical issues in trustworthy computer network are first introduced. Then an architecture of trustworthy network, and host Identity Protocol as end system identity, is proposed to make sure communicate trustworthy.

LIU Sheng-li,WANG Wen-bing,FEI Jin-long,ZHu Yue-fei

DOI: https://doi.org/10.3969/j.issn.1671-0673.2010.01.019

2010-01-01

Abstract:This paper designs and realizes a data security system for LAN based on Trusted Network Connection(TNC) Specifications.According to TNC mechanism,the new system enforces the network access control method and employs the file system filter driver to monitor and protect sensitive data.In terms of these means,the system can prevent sensitive data from being divulged or stolen and to implement all the files are controlled into the trusted network environment.

Denghui Zhang,Lijing Ren,Zhaoquan Gu

DOI: https://doi.org/10.3390/app12189191

2022-01-01

Applied Sciences

Abstract:The addressing and discovering service is a vital infrastructure of the Internet. New applications and scenarios in next-generation networks rely on the secure and stable operation of domain name services, which puts forward new security challenges for the original domain name mechanism. While previous security enhancements of network services struggled to strike a balance between security, performance, and compatibility, hindering further use of core network services, the TEE (Trusted Computing Environment) technology can provide trusted and confidential services in untrusted network environments by verifiable hardware signatures. In this paper, we present a novel trustworthy service architecture with the preservation of security and privacy for addressing messages. The scheme provides a secure enclave to generate authenticatable responses between clients and targets, thus ensuring the privacy of services. We further build a new TEE compilation model to ensure that the built resolver application can provide trusted and secure services within TEE while keeping the availability without the TEE hardware. Experimental results show that our approach can enhance the privacy and security of addressing services such as DNS (Domain Name System) without sacrificing the quality of service and breaking the infrastructures of existing services.

guoming lu,lemin li,jianming liao,yujie hao,janping li

DOI: https://doi.org/10.1142/9789812799524_0243

2008-01-01

Abstract:Over the last two decades, the Internet has transformed the life of people around the world. However, there are aspects of its design, based on decisions made in the 1970's that severely limit its security, availability, and manageability. Trusted network is the promising technology to address these problems. In this paper, we first review trusted computing, and then we study essential properties of trusted network, at last outline the key challenges in constructing trusted networks.

Xiaohu Li,T. Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/aina.2007.138

2007-01-01

Abstract:Traditional security analyses are often geared towards cryptographic primitives or protocols. Although such analyses are absolutely necessary, they do not provide much insight for answering an equally important question: what is the security assurance of a physically or logically networked system when we consider it as a whole? This question is known to be notoriously difficult, and the state-of-the-art is that we know very little about it. In this paper, we make a step towards resolving it with a new modeling approach.

阎浩,张燕,严筱永

DOI: https://doi.org/10.3969/j.issn.1006-2475.2010.01.037

2010-01-01

Abstract:The traditional campus network system uses firewall and some access control policies to ensure its security,the network of this model just can prevent the danger from external,but can not effectively guard against the internal hidden security flaws,therefore,improving the internal security is an important link for secirity of the whole campus network.This paper analyzes the principle and characteristic of trusted network,applies the trusted network into the campus network,puts forward a new campus network system based on the authentication technology,at the same time,also describes its structure and elements,and gives the network topology diagram,finally analyzes the priciple of security mechanism and the specific methods for achieving this.

WANG Sheng,YU Hong-fang,XU Du

DOI: https://doi.org/10.3969/j.issn.1009-6868.2008.01.008

2008-01-01

Abstract:The Internet plays increasingly important roles in everyone's life, but the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is also becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of networks and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed.

Lin Chuang,Wang Yuanzhuo,Tian Liqin

2020-01-01

Abstract:As the information network plays a more and more important role globally, the traditional network theories and technologies, especially those related to network security, can no longer meet the network development requirements. Offering the system with secure and trusted services has become a new focus in network research. This paper first discusses the meaning of and aspects involved in the trusted network. According to this paper, the trusted network should be a network where the network’s and users’ behaviors and their results are always predicted and manageable. The trustworthiness of a network mainly involves three aspects: service provider, information transmission and terminal user. This paper also analyzes the trusted network in terms of trusted model for network/user behaviors, architecture of trusted network, service survivability and network manageability, which is designed to give ideas on solving the problems that may be faced in developing the trusted network.

Fujun Feng,Chuang Lin,Junshan Li

DOI: https://doi.org/10.1109/NSWCTC.2009.405

2009-01-01

Abstract:Trustworthy network is the inevitable trend in the development of high trusted computing and Internet. It is beyond the traditional information security including confidentiality, integrity and availability, but on the survivability and controllability. Trustworthiness of users on identity and behaviors is very important for trustworthy network, which can be realized by access control technology. Firstly, we discuss the security requirements of access control in trustworthy network. Then we propose a Trust and Context based Access Control (TCAC) model, and describe the core, hierarchical and constrained TCAC in detail. Finally, a trust evaluation mechanism is presented.

Qiong Li,Yaxing Wang,Haokun Mao,Jiameng Yao,Qi Han

DOI: https://doi.org/10.1364/oe.387697

2019-01-01

Abstract:Due to the intrinsic point-to-point feature of quantum key distribution system, it is inevitable to study and develop the Quantum Secure Communication Network (QSCN) technology to provide security communication service for a large-scale of nodes over a large spatial area. Considering the quality assurance and expense control, building an effective analytical model of QSCN becomes a critical task. In this paper, the first analytical model of QSCN is proposed, which is called flow-based QSCN (F-QSCN) analytical model. In addition, based on the F-QSCN analytical model, the research on QSCN topology evaluation is conducted by proposing a unique QSCN performance indicator, named Information-Theoretic Secure communication bound, and the corresponding linear programming based calculation algorithm. Plentiful experimental results based on the topologies of SECOQC network and Tokyo network validate the effectivity of the proposed analytical model and the performance indicator.

Lingbo Wei,Chi Zhang

DOI: https://doi.org/10.1109/VTCSpring.2016.7504512

2016-01-01

Abstract:In vehicular ad hoc networks (VANETs), vehicles communicate with each other and with roadside units (RSUs) in order to enhance road safety, improve traffic management and provide infotainment services. Along with the growth of VANETs, some challenges are emerging. Although there are many research work on VANETs, cheating attacks are still not well resolved such as selective message relaying attack, faked information reporting attack and resource-consuming attack launched by selfish or malicious participants. To deal with this kind of attacks, we present two novel lightweight security mechanisms by equipped each vehicle's On-Board Unit (OBU) with a small elegant module called TrInc, which is a trusted hardware and composed of only a non-decreasing counter and a key. We observe that TrInc-based method not only can effectively resist against cheating attacks in safety-oriented, convenience-oriented, and commercial-oriented VANET applications, but also significantly defend various aspects of security and privacy in VANETs. Compared with previous works, our proposal features low communication and computation overhead, less memory requirements, and good network scalability.

Yu Wang,Wenfang Zhang,Xiaomin Wang,Muhammad Khurram Khan,Pingzhi Fan

DOI: https://doi.org/10.1109/tits.2023.3307453

IF: 8.5

2023-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:The Software Defined Network (SDN)-based space-ground integrated railway communication networks have attracted widespread attention from academia and industry. In such environments, the security of initial authentication and handover authentication for moving trains are two important challenges that need to be addressed. In this paper, a secure and efficient authentication key agreement scheme is proposed for the SDN-based space-ground integrated railway networks. Specifically, a lightweight mutual authentication mechanism based on the Number Theory Research Unit (NTRU) is proposed for the initial authentication process, which effectively prevents the unauthorized On-Board Unit (OBU) accessing networks. Then, according to the predictable path, we propose a key generation algorithm based on the hash chain and a fast key distribution mechanism based on the Chinese Remainder Theorem (CRT), which greatly reduce the calculation and communication burden of the key transmission process. On this basis, we adopt a hash-based message authentication code to achieve unified handover authentication in heterogeneous integrated railway networks. The Burrows-Abadi-Needham (BAN) logic proof and informal security analysis demonstrate that the proposed scheme can provide several robust security properties, including forward/backward security, universality, traceability, and resistance against quantum attacks. The performance evaluations show that our scheme outperforms other related schemes in computation cost, communication overhead, and performance under unknown attacks while guaranteeing higher security.

engineering, electrical & electronic,transportation science & technology, civil