Public cloud computing provides a variety of services to consumersvia high-speed internet. The consumer can access these services anytimeand anywhere on a balanced service cost. Many traditional authenticationprotocol...Public cloud computing provides a variety of services to consumersvia high-speed internet. The consumer can access these services anytimeand anywhere on a balanced service cost. Many traditional authenticationprotocols are proposed to secure public cloud computing. However, therapid development of high-speed internet and organizations’ race to developquantum computers is a nightmare for existing authentication schemes. Thesetraditional authentication protocols are based on factorization or discretelogarithm problems. As a result, traditional authentication protocols arevulnerable in the quantum computing era. Therefore, in this article, we haveproposed an authentication protocol based on the lattice technique for publiccloud computing to resist quantum attacks and prevent all known traditionalsecurity attacks. The proposed lattice-based authentication protocolis provably secure under the Real-Or-Random (ROR) model. At the sametime, the result obtained during the experiments proved that our protocol islightweight compared to the existing lattice-based authentication protocols,as listed in the performance analysis section. The comparative analysis showsthat the protocol is suitable for practical implementation in a quantum-basedenvironment.展开更多
针对云计算环境中单个计算节点可信性问题以及虚拟机迁移过程中多个节点间信任关系保持问题,基于我国可信计算技术的可信平台控制模块(trusted platform control module,TPCM)提出了一种可信虚拟执行环境构建方法.该方法通过将国产可信...针对云计算环境中单个计算节点可信性问题以及虚拟机迁移过程中多个节点间信任关系保持问题,基于我国可信计算技术的可信平台控制模块(trusted platform control module,TPCM)提出了一种可信虚拟执行环境构建方法.该方法通过将国产可信根TPCM虚拟化为云中的每个虚拟机生成了虚拟可信根,并将云信任链从物理层传递到虚拟层,实现了单个计算节点可信执行环境的构造;针对云虚拟机的动态迁移特性,基于多级认证中心设计了适合虚拟可信根迁移的证书生成及管理机制,并提出了一种虚拟可信根动态可信迁移方案,保障了迁移过程中信任关系在多个节点间的保持.实验结果表明:该方案能构造虚拟可信执行环境,实现虚拟可信根的动态可信迁移.展开更多
In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation...In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation,individual similarity function,group similarity function,direct trust assessment function,and generalized predictive control,this model can guarantee the trust of an end user and users in its network.Compared with traditional measurement model,the model considers different characteristics of various networks.The trusted measurement policies established according to different network environments have better adaptability.By constructing trusted group,the threats to trusted group will be reduced greatly.Utilizing trusted group to restrict individuals in network can ensure the fault tolerance of trustworthiness of trusted individuals and group.The simulation shows that this scheme can support behavior measurement more efficiently than traditional ones and the model resists viruses and Trojans more efficiently than older ones.展开更多
The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network...The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.展开更多
基金Korean Government (Ministry of Science and ICT)through the National Research Foundation of Korea (NRF)Grant 2021R1A2C1010481.
文摘Public cloud computing provides a variety of services to consumersvia high-speed internet. The consumer can access these services anytimeand anywhere on a balanced service cost. Many traditional authenticationprotocols are proposed to secure public cloud computing. However, therapid development of high-speed internet and organizations’ race to developquantum computers is a nightmare for existing authentication schemes. Thesetraditional authentication protocols are based on factorization or discretelogarithm problems. As a result, traditional authentication protocols arevulnerable in the quantum computing era. Therefore, in this article, we haveproposed an authentication protocol based on the lattice technique for publiccloud computing to resist quantum attacks and prevent all known traditionalsecurity attacks. The proposed lattice-based authentication protocolis provably secure under the Real-Or-Random (ROR) model. At the sametime, the result obtained during the experiments proved that our protocol islightweight compared to the existing lattice-based authentication protocols,as listed in the performance analysis section. The comparative analysis showsthat the protocol is suitable for practical implementation in a quantum-basedenvironment.
文摘针对云计算环境中单个计算节点可信性问题以及虚拟机迁移过程中多个节点间信任关系保持问题,基于我国可信计算技术的可信平台控制模块(trusted platform control module,TPCM)提出了一种可信虚拟执行环境构建方法.该方法通过将国产可信根TPCM虚拟化为云中的每个虚拟机生成了虚拟可信根,并将云信任链从物理层传递到虚拟层,实现了单个计算节点可信执行环境的构造;针对云虚拟机的动态迁移特性,基于多级认证中心设计了适合虚拟可信根迁移的证书生成及管理机制,并提出了一种虚拟可信根动态可信迁移方案,保障了迁移过程中信任关系在多个节点间的保持.实验结果表明:该方案能构造虚拟可信执行环境,实现虚拟可信根的动态可信迁移.
基金This work was supported by the National Basic Research Pro-gram of China under Crant No.2007CB311100 Funds of Key Lab of Fujlan Province University Network Security and Cryp- toll1009+3 种基金 the National Science Foundation for Young Scholars of China under Crant No.61001091 Beijing Nature Science Foundation under Crant No. 4122012 "Next-Generation Broad-band Wireless Mobile Communication Network" National Sci-ence and Technology Major Special Issue Funding under Grant No. 2012ZX03002003 Funding Program for Academic tturmn Resources Development in Institutions of Higher Learning Under the Jurisdiction of Beijing Municipality of Chi-na.
文摘In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation,individual similarity function,group similarity function,direct trust assessment function,and generalized predictive control,this model can guarantee the trust of an end user and users in its network.Compared with traditional measurement model,the model considers different characteristics of various networks.The trusted measurement policies established according to different network environments have better adaptability.By constructing trusted group,the threats to trusted group will be reduced greatly.Utilizing trusted group to restrict individuals in network can ensure the fault tolerance of trustworthiness of trusted individuals and group.The simulation shows that this scheme can support behavior measurement more efficiently than traditional ones and the model resists viruses and Trojans more efficiently than older ones.
基金ACKNOWLEDGMENT This work was supported by the National Basic Research Program of China (973 Project) (NO.2007CB311100), the National Science Foundation for Young Scholars of China (Grant No.61001091), Beijing Nature Science Foundation(No. 4122012), "next-generation broadband wireless mobile communication network" National Science and Technology major Special issue funding(No. 2012ZX03002003), Funding Program for Academic Human Resources Development in Institutions of Higher Learning Under the Jurisdiction of Beijing Municipality of China and the key technology research and validation issue for the emergency treatment telemedicine public service platform which integrates the military and civilian and bases on the broadband wireless networks(No.2013ZX03006001-005), the issue belongs to Major national science and technology projects.
文摘The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.