While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of runni...While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of running software. Our approach is to use a behavior-based monitoring agent to make remote attestation more flexible, dynamic, and trustworthy. This approach was mostly made possible by extensive use of process information which is readily available in Unix. We also made use of a behavior tree to effectively record predictable behaviors of each process. In this paper, we primarily focus on building a prototype implementation of such framework, presenting one example built on it, successfully find potential security risks in the run time of a ftp program and then evaluate the performance of this model.展开更多
Internet of things has been widely applied to industrial control, smart city and environmental protection, in these applica- tion scenarios, sensing node needs to make real-time response to the feedback control of the...Internet of things has been widely applied to industrial control, smart city and environmental protection, in these applica- tion scenarios, sensing node needs to make real-time response to the feedback control of the application layer. Therefore, it is nec- essary to monitor whether or not awareness nodes are trusted in real time, but the existing mechanisms for trusted certification lack the real-time measurement and tracking of the sensing node. To solve the above problems, this paper proposes a dynamic metric based authentication mechanism for sensing nodes of Internet of things. Firstly, the dynamic trustworthiness measure of the sensing nodes is carried out by introducing the computational function such as the trust function, the trust- worthiness risk assessment function, the feed- back control function and the active function of the sensing node. The dynamic trustworthi- ness measure of sensing nodes from multiple dimensions can effectively describe the change of trusted value of sensing nodes. Then, on the basis of this, a trusted attestation based on node trusted measure is realized by using the revocable group signature mechanism of local verifier. The mechanism has anonymity, un- forgeability and traceability, which is proved the security in the standard model. Simulationexperiments show that the proposed trusted attestation mechanism is flexible, practical and ef|Scient and has better attack resistance. It can effectively guarantee the reliable data transmission of nodes and realize the dynamic tracking of node reliability, which has a lower impact on system performance.展开更多
In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used ...In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.展开更多
Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by w...Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.展开更多
In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anony...In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.展开更多
The Binary-based attestation (BA) mechanism presented by the Trusted Computing Group can equip the application with the capability of genuinely identifying configurations of remote system. However, BA only supports ...The Binary-based attestation (BA) mechanism presented by the Trusted Computing Group can equip the application with the capability of genuinely identifying configurations of remote system. However, BA only supports the attestation for specific patterns of binary codes defined by a trusted party, mostly the software vendor, for a particular version of a software. In this paper, we present a Source-Code Oriented Attestation (SCOA) framework to enable custom built application to be attested to in the TCG attestation architecture. In SCOA, security attributes are bond with the source codes of an application instead of its binaries codes. With a proof chain generated by a Trusted Building System to record the building procedure, the challengers can determine whether the binary interacted with is genuinely built from a particular set of source codes. Moreover, with the security attribute certificates assigned to the source codes, they can determine the trustworthiness of the binary. In this paper, we present a TBS implementation with virtualization.展开更多
Security is one of the major challenges that devices connected to the Internet of Things(IoT)face today.Remote attestation is used to measure these devices’trustworthiness on the network by measuring the device platf...Security is one of the major challenges that devices connected to the Internet of Things(IoT)face today.Remote attestation is used to measure these devices’trustworthiness on the network by measuring the device platform’s integrity.Several software-based attestation mechanisms have been proposed,but none of them can detect runtime attacks.Although some researchers have attempted to tackle these attacks,the proposed techniques require additional secured hardware parts to be integrated with the attested devices to achieve their aim.These solutions are expensive and not suitable in many cases.This paper proposes a dual attestation process,SAPEM,with two phases:static and dynamic.The static attestation phase examines the program memory of the attested device.The dynamic program ow attestation examines the execution correctness of the application code.It can detect code injection and runtime attacks that hijack the control-ow,including data attacks that affect the program control-ow.The main aim is to minimize attestation overhead while maintaining our ability to detect the specied attacks.We validated SAPEM by implementing it on Raspberry Pi using its TrustZone extension.We attested it against the specied attacks and compared its performance with the related work in the literature.The results show that SAPEM signicantly minimizes performance overhead while reliably detecting runtime attacks at the binary level.展开更多
In order to ensure the security of the property-based remote attestation scheme, an improved, more efficient, forrml security model of property-based remote attestation is proposed, with which we prove that the user p...In order to ensure the security of the property-based remote attestation scheme, an improved, more efficient, forrml security model of property-based remote attestation is proposed, with which we prove that the user platform satis- fies the security property requirements predefmed by a remote relying party. Under the co-Corrtautational Diffie-Helknan (CDH) assumption, the proposed scheme is proved to be secure in the random oracle model. Compared with the existing schemes, the proposed scheme has a short property certificate and signature size, and requires less computational cost.展开更多
Due to the need for massive device connectivity,low communication latency,and various customizations in 6G architecture,a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integra...Due to the need for massive device connectivity,low communication latency,and various customizations in 6G architecture,a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integrated network scenario.However,the openness and heterogeneity of the 6G network cause the problems of network security.To improve the trustworthiness of 6G networks,we propose a trusted computing-based approach for establishing trust relationships inmulti-cloud scenarios.The proposed method shows the relationship of trust based on dual-level verification.It separates the trustworthy states of multiple complex cloud units in 6G architecture into the state within and between cloud units.Firstly,SM3 algorithm establishes the chain of trust for the system’s trusted boot phase.Then,the remote attestation server(RAS)of distributed cloud units verifies the physical servers.Meanwhile,the physical servers use a ring approach to verify the cloud servers.Eventually,the centralized RAS takes one-time authentication to the critical evidence information of distributed cloud unit servers.Simultaneously,the centralized RAS also verifies the evidence of distributed RAS.We establish our proposed approach in a natural OpenStack-based cloud environment.The simulation results show that the proposed method achieves higher security with less than a 1%system performance loss.展开更多
Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing. How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service (laaS) platform is ...Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing. How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service (laaS) platform is a problem that must be solved. The laaS platform provides the Virtual Machine (VM), and the Trusted VM, equipped with a virtual Trusted Platform Module (vTPM), is the foundation of the trusted laaS platform. We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes, and manage the information centrally on a cloud management platform. The architecture verifies the laaS's trusted attestation by apprising the VM, Hypervisor, and host Operating System's (OS) trusted status. The theory and the technology roadmap were introduced, and the key technologies were analyzed. The key technologies include dynamic measurement of the Hypervisor at the process level, the protection of vTPM instances, the reinforcement of Hypervisor security, and the verification of the laaS trusted attestation. A prototype was deployed to verify the feasibility of the system. The advantages of the prototype system were compared with the Open CIT (Intel Cloud attestation solution). A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range.展开更多
It is essential to design a protocol to allow sensor nodes to attest to their trustworthiness for mission- critical applications based on Wireless Sensor Networks (WSNs). However, it is a challenge to evaluate the t...It is essential to design a protocol to allow sensor nodes to attest to their trustworthiness for mission- critical applications based on Wireless Sensor Networks (WSNs). However, it is a challenge to evaluate the trustworthiness without appropriate hardware support. Hence, we present a hardware-based remote attestation protocol to tackle the problem within WSNs. In our design, each sensor node is equipped with a Trusted Platform Module (TPM) which plays the role of a trusted anchor. We start with the formulation of remote attestation and its security. The complete protocol for both single-hop and multi-hop attestations is then demonstrated. Results show the new protocol is effective, efficient, and secure.展开更多
For the problem of the original direct anonymous attestation (DAA) scheme's complexity and great time consumption, a new DAA scheme based on symmetric bilinear pairings is presented, which gives a practical solutio...For the problem of the original direct anonymous attestation (DAA) scheme's complexity and great time consumption, a new DAA scheme based on symmetric bilinear pairings is presented, which gives a practical solution to ECC-based TPM in protecting the privacy of the TPM. The scheme still includes five procedures or algorithms: Setup, Join, Sign, Verify and Rogue tagging, but gets rid of zero-knowledge proof and takes on a new process and framework, of which the main operations are addition, scalar multiplication and bilinear maps on supersingular elliptic curve systems. Moreover, the scheme adequately utilizes the properties of bilinear maps as well as the signature and verification of the ecliptic curve system itself. Compared with other schemes, the new DAA scheme not only satis- fies the same properties, and shows better simplicity and high effi- ciency. This paper gives not only a detailed security proof of the proposed scheme, but also a careful performance analysis by comparing with the existing DAA schemes.展开更多
The main function of Internet of Things is to collect and transmit data.At present,the data transmission in Internet of Things lacks effective trust attestation mechanism and trust traceability mechanism of data sourc...The main function of Internet of Things is to collect and transmit data.At present,the data transmission in Internet of Things lacks effective trust attestation mechanism and trust traceability mechanism of data source.To solve the above problems,a trust attestation mechanism for sensing layer nodes is presented.First a trusted group is established,and the node which is going to join the group needs to attest its identity and key attributes to the higher level node.Then the dynamic trust measurement value of the node can be obtained by measuring the node data transmission behavior.Finally the node encapsulates the key attributes and trust measurement value to use short message group signature to attest its trust to the challenger.This mechanism can measure the data sending and receiving behaviors of sensing nodes and track the data source,and it does not expose the privacy information of nodes and the sensing nodes can be traced effectively.The trust measurement for sensing nodes and verification is applicable to Internet of Things and the simulation experiment shows the trust attestation mechanism is flexible,practical and efficient.Besides,it can accurately and quickly identify the malicious nodes at the same time.The impact on the system performance is negligible.展开更多
Existing remote attestation schemes based on trusted computing have some merits on enhancing security assurance level, but they usually do not integrate tightly with the classical system security mechanism. In this pa...Existing remote attestation schemes based on trusted computing have some merits on enhancing security assurance level, but they usually do not integrate tightly with the classical system security mechanism. In this paper, we present a component named remote attestation-based access controller (RABAC), which is based on a combination of techniques, such as random number, Bell-La Padula (BLP) model, user identity combined with his security properties and so on. The component can validate the current hardware and software integrity of the remote platform, and implement access control with different security policy. We prove that the RABAC can not only improve the security of transferred information in remote attestation process but also integrate remote attestation and classical system security mechanism effectively.展开更多
We examine what determines a firm's decision to disclose a self-assessment report on its internal control (IC) system and to further attain an auditor's attestation on the report, using a sample of firms from the ...We examine what determines a firm's decision to disclose a self-assessment report on its internal control (IC) system and to further attain an auditor's attestation on the report, using a sample of firms from the Shanghai Stock Exchange during the period 2006-2010. We hypothesize and find supporting evidence that the likelihood of having voluntary disclosure of IC self-assessment with an auditor's attestation is positively related to future equity refinancing, mutuM-fund shareholding, and whether the firm is controlled by the government, especially the central government. Our study also takes the identification problem into consideration, as our sample includes firms with IC weaknesses/deficiencies. Our study not only makes an incremental contribution to the literature, but also has practical implications, especially for regulators and investors in China.展开更多
With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,mal...With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,malware attacks such as Doki and Symbiote threaten the container runtime’s security.Malware initiates various types of runtime anomalies based on process form(e.g.,modifying the process of a container,and opening the external ports).Fortunately,dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime.Nevertheless,the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions.As a result,the existing dynamicmonitoringmechanismis still not practical enough.To ensure the trustworthiness of the baseline value data and,simultaneously,to achieve the integrity verification of the monitored process,we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS.Firstly,the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature.Then,design a new format for storing measurement logs,easily distinguishing files with the same name in different containers from log information.Meanwhile,the baseline value data is stored on the blockchain to avoidmalicious damage.Finally,trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container,detect abnormal containers in time and control them.We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS.Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.展开更多
with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this...with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead.展开更多
Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworth...Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer's identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%7 the service selection failure rate is less than 0.15.展开更多
Web-based e-commerce applications need a trusted channel,which provides confidential communication,identity authentication and integrity assurance of endpoints,to guarantee the security of electronic transactions.A us...Web-based e-commerce applications need a trusted channel,which provides confidential communication,identity authentication and integrity assurance of endpoints,to guarantee the security of electronic transactions.A user-oriented trusted computing system based on Portable Trusted Module(PTM)is presented.Remote attestation is incorporated into Transport Layer Security(TLS)handshake protocol based on PTM so as to establish a trusted channel between two endpoints in network.This protocol can resist masquerading,trusted path and runtime attacks and propagate the trust in the computing system to the end user effectively.The test results of our proof-of-concept prototype show that our protocol for trusted channel is feasible for deployment in e-commerce applications on the Internet.展开更多
A new multi-signature scheme was proposed with the extension of the direct anonymous attestation (DAA) protocol supported by trusted computing (TC) technology. Analysis and simulation results show that the signer...A new multi-signature scheme was proposed with the extension of the direct anonymous attestation (DAA) protocol supported by trusted computing (TC) technology. Analysis and simulation results show that the signer's privacy is well protected with dynamic anonymity, the public key and signatures have length independent of the number of signature members, new signers are allowed to join the signature without modifying the public key, and attacks caused by secret key dumping or leaking can be avoided.展开更多
基金Supported by the National Natural Science Foun-dation of China (90104005 ,60373087 ,60473023)
文摘While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of running software. Our approach is to use a behavior-based monitoring agent to make remote attestation more flexible, dynamic, and trustworthy. This approach was mostly made possible by extensive use of process information which is readily available in Unix. We also made use of a behavior tree to effectively record predictable behaviors of each process. In this paper, we primarily focus on building a prototype implementation of such framework, presenting one example built on it, successfully find potential security risks in the run time of a ftp program and then evaluate the performance of this model.
基金supported by the National Natural Science Foundation of China (The key trusted running technologies for the sensing nodes in Internet of things: 61501007, The research of the trusted and security environment for high energy physics scientific computing system: 11675199)General Project of science and technology project of Beijing Municipal Education Commission: KM201610005023+2 种基金the outstanding personnel training program of Beijing municipal Party Committee Organization Department (The Research of Trusted Computing environment for Internet of things in Smart City: 2014000020124G041)The key technology research and validation issue for the emergency treatment telemedicine public service platform which integrates the military and civilian and bases on the broadband wireless networks (No.2013ZX03006001-005)the issue belongs to Major national science and technology projects
文摘Internet of things has been widely applied to industrial control, smart city and environmental protection, in these applica- tion scenarios, sensing node needs to make real-time response to the feedback control of the application layer. Therefore, it is nec- essary to monitor whether or not awareness nodes are trusted in real time, but the existing mechanisms for trusted certification lack the real-time measurement and tracking of the sensing node. To solve the above problems, this paper proposes a dynamic metric based authentication mechanism for sensing nodes of Internet of things. Firstly, the dynamic trustworthiness measure of the sensing nodes is carried out by introducing the computational function such as the trust function, the trust- worthiness risk assessment function, the feed- back control function and the active function of the sensing node. The dynamic trustworthi- ness measure of sensing nodes from multiple dimensions can effectively describe the change of trusted value of sensing nodes. Then, on the basis of this, a trusted attestation based on node trusted measure is realized by using the revocable group signature mechanism of local verifier. The mechanism has anonymity, un- forgeability and traceability, which is proved the security in the standard model. Simulationexperiments show that the proposed trusted attestation mechanism is flexible, practical and ef|Scient and has better attack resistance. It can effectively guarantee the reliable data transmission of nodes and realize the dynamic tracking of node reliability, which has a lower impact on system performance.
基金Acknowledgements This work was supported by Research Funds of Information Security Key Laboratory of Beijing Electronic Science & Technology Institute National Natural Science Foundation of China(No. 61070219) Building Together Specific Project from Beijing Municipal Education Commission.
文摘In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.
基金Supported by the National High Technology Research and Development Program of China (2005AA145110)
文摘Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.
基金supported in part by the European Commission Marie Curie IRSES project "AdvIOT"the National Natural Science Foundation of China (NSFC) under grant No.61372103
文摘In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.
基金This work is under support of National Natural Science Foundation of China under grant No. 60873238.
文摘The Binary-based attestation (BA) mechanism presented by the Trusted Computing Group can equip the application with the capability of genuinely identifying configurations of remote system. However, BA only supports the attestation for specific patterns of binary codes defined by a trusted party, mostly the software vendor, for a particular version of a software. In this paper, we present a Source-Code Oriented Attestation (SCOA) framework to enable custom built application to be attested to in the TCG attestation architecture. In SCOA, security attributes are bond with the source codes of an application instead of its binaries codes. With a proof chain generated by a Trusted Building System to record the building procedure, the challengers can determine whether the binary interacted with is genuinely built from a particular set of source codes. Moreover, with the security attribute certificates assigned to the source codes, they can determine the trustworthiness of the binary. In this paper, we present a TBS implementation with virtualization.
文摘Security is one of the major challenges that devices connected to the Internet of Things(IoT)face today.Remote attestation is used to measure these devices’trustworthiness on the network by measuring the device platform’s integrity.Several software-based attestation mechanisms have been proposed,but none of them can detect runtime attacks.Although some researchers have attempted to tackle these attacks,the proposed techniques require additional secured hardware parts to be integrated with the attested devices to achieve their aim.These solutions are expensive and not suitable in many cases.This paper proposes a dual attestation process,SAPEM,with two phases:static and dynamic.The static attestation phase examines the program memory of the attested device.The dynamic program ow attestation examines the execution correctness of the application code.It can detect code injection and runtime attacks that hijack the control-ow,including data attacks that affect the program control-ow.The main aim is to minimize attestation overhead while maintaining our ability to detect the specied attacks.We validated SAPEM by implementing it on Raspberry Pi using its TrustZone extension.We attested it against the specied attacks and compared its performance with the related work in the literature.The results show that SAPEM signicantly minimizes performance overhead while reliably detecting runtime attacks at the binary level.
基金This work was supported by the National Natural Science Foundation of China under Crants No. 60842002, No. 61272542, No. 60903018, No. 61103183, No. 61103184 the National High- Tech Research and Development Plan of China under Ca'ant No. 2007AA01Z409+1 种基金 the Fundamental Research Funds for the Central Universities under Crants No. 2009B21114, No. 20101307114 the "Six Talent Peaks Program" of Jiangsu Province of China under Crant No. 2009182 and Program for New Century Excellent Talents in Hohai University.
文摘In order to ensure the security of the property-based remote attestation scheme, an improved, more efficient, forrml security model of property-based remote attestation is proposed, with which we prove that the user platform satis- fies the security property requirements predefmed by a remote relying party. Under the co-Corrtautational Diffie-Helknan (CDH) assumption, the proposed scheme is proved to be secure in the random oracle model. Compared with the existing schemes, the proposed scheme has a short property certificate and signature size, and requires less computational cost.
基金This work was supported by the Ministry of Education and China Mobile Research Fund Project(MCM20200102)the 173 Project(No.2019-JCJQ-ZD-342-00)+2 种基金the National Natural Science Foundation of China(No.U19A2081)the Fundamental Research Funds for the Central Universities(No.2023SCU12129)the Science and Engineering Connotation Development Project of Sichuan University(No.2020SCUNG129).
文摘Due to the need for massive device connectivity,low communication latency,and various customizations in 6G architecture,a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integrated network scenario.However,the openness and heterogeneity of the 6G network cause the problems of network security.To improve the trustworthiness of 6G networks,we propose a trusted computing-based approach for establishing trust relationships inmulti-cloud scenarios.The proposed method shows the relationship of trust based on dual-level verification.It separates the trustworthy states of multiple complex cloud units in 6G architecture into the state within and between cloud units.Firstly,SM3 algorithm establishes the chain of trust for the system’s trusted boot phase.Then,the remote attestation server(RAS)of distributed cloud units verifies the physical servers.Meanwhile,the physical servers use a ring approach to verify the cloud servers.Eventually,the centralized RAS takes one-time authentication to the critical evidence information of distributed cloud unit servers.Simultaneously,the centralized RAS also verifies the evidence of distributed RAS.We establish our proposed approach in a natural OpenStack-based cloud environment.The simulation results show that the proposed method achieves higher security with less than a 1%system performance loss.
基金supported by the National Natural Science Foundation of China (No.61272447)
文摘Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing. How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service (laaS) platform is a problem that must be solved. The laaS platform provides the Virtual Machine (VM), and the Trusted VM, equipped with a virtual Trusted Platform Module (vTPM), is the foundation of the trusted laaS platform. We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes, and manage the information centrally on a cloud management platform. The architecture verifies the laaS's trusted attestation by apprising the VM, Hypervisor, and host Operating System's (OS) trusted status. The theory and the technology roadmap were introduced, and the key technologies were analyzed. The key technologies include dynamic measurement of the Hypervisor at the process level, the protection of vTPM instances, the reinforcement of Hypervisor security, and the verification of the laaS trusted attestation. A prototype was deployed to verify the feasibility of the system. The advantages of the prototype system were compared with the Open CIT (Intel Cloud attestation solution). A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range.
基金supported by the outstanding graduate student innovation project of Shanxi Province (No.20123030)
文摘It is essential to design a protocol to allow sensor nodes to attest to their trustworthiness for mission- critical applications based on Wireless Sensor Networks (WSNs). However, it is a challenge to evaluate the trustworthiness without appropriate hardware support. Hence, we present a hardware-based remote attestation protocol to tackle the problem within WSNs. In our design, each sensor node is equipped with a Trusted Platform Module (TPM) which plays the role of a trusted anchor. We start with the formulation of remote attestation and its security. The complete protocol for both single-hop and multi-hop attestations is then demonstrated. Results show the new protocol is effective, efficient, and secure.
基金Supported by the National Natural Science Foundation of China (60970113)Sichuan Youth Science and Technology Foundation (2011JQ0038)
文摘For the problem of the original direct anonymous attestation (DAA) scheme's complexity and great time consumption, a new DAA scheme based on symmetric bilinear pairings is presented, which gives a practical solution to ECC-based TPM in protecting the privacy of the TPM. The scheme still includes five procedures or algorithms: Setup, Join, Sign, Verify and Rogue tagging, but gets rid of zero-knowledge proof and takes on a new process and framework, of which the main operations are addition, scalar multiplication and bilinear maps on supersingular elliptic curve systems. Moreover, the scheme adequately utilizes the properties of bilinear maps as well as the signature and verification of the ecliptic curve system itself. Compared with other schemes, the new DAA scheme not only satis- fies the same properties, and shows better simplicity and high effi- ciency. This paper gives not only a detailed security proof of the proposed scheme, but also a careful performance analysis by comparing with the existing DAA schemes.
基金Supported by the National Natural Science Foundation of China(61501007)General Project of Science and Technology Project of Beijing Municipal Education Commission(KM201610005023)
文摘The main function of Internet of Things is to collect and transmit data.At present,the data transmission in Internet of Things lacks effective trust attestation mechanism and trust traceability mechanism of data source.To solve the above problems,a trust attestation mechanism for sensing layer nodes is presented.First a trusted group is established,and the node which is going to join the group needs to attest its identity and key attributes to the higher level node.Then the dynamic trust measurement value of the node can be obtained by measuring the node data transmission behavior.Finally the node encapsulates the key attributes and trust measurement value to use short message group signature to attest its trust to the challenger.This mechanism can measure the data sending and receiving behaviors of sensing nodes and track the data source,and it does not expose the privacy information of nodes and the sensing nodes can be traced effectively.The trust measurement for sensing nodes and verification is applicable to Internet of Things and the simulation experiment shows the trust attestation mechanism is flexible,practical and efficient.Besides,it can accurately and quickly identify the malicious nodes at the same time.The impact on the system performance is negligible.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2006AA01Z440)the National Basic Research Program of China (973 Program) (2007CB311100)
文摘Existing remote attestation schemes based on trusted computing have some merits on enhancing security assurance level, but they usually do not integrate tightly with the classical system security mechanism. In this paper, we present a component named remote attestation-based access controller (RABAC), which is based on a combination of techniques, such as random number, Bell-La Padula (BLP) model, user identity combined with his security properties and so on. The component can validate the current hardware and software integrity of the remote platform, and implement access control with different security policy. We prove that the RABAC can not only improve the security of transferred information in remote attestation process but also integrate remote attestation and classical system security mechanism effectively.
基金We would like to thank Steven Wang, Clive Lennox, Charles Chen, Yaw Mensah, Linda Myers, Yue Heng and workshop participants at Beijing University, Nanjing University, Fudan University, University of International Business and Economics, California State University at Northridge, the Chinese Accounting Professors Association of North American annual conference, and the AAA annual meeting for helpful comments. We acknowledges the financial support of the National Natural Science Foundation of China (No. 71172035, 71272074 and 71572046).
文摘We examine what determines a firm's decision to disclose a self-assessment report on its internal control (IC) system and to further attain an auditor's attestation on the report, using a sample of firms from the Shanghai Stock Exchange during the period 2006-2010. We hypothesize and find supporting evidence that the likelihood of having voluntary disclosure of IC self-assessment with an auditor's attestation is positively related to future equity refinancing, mutuM-fund shareholding, and whether the firm is controlled by the government, especially the central government. Our study also takes the identification problem into consideration, as our sample includes firms with IC weaknesses/deficiencies. Our study not only makes an incremental contribution to the literature, but also has practical implications, especially for regulators and investors in China.
基金supported by China’s National Natural Science Foundation (U19A2081,61802270,61802271)Ministry of Education and China Mobile Research Fund Project (MCM20200102,CM20200409)Sichuan University Engineering Characteristic Team Project 2020SCUNG129.
文摘With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,malware attacks such as Doki and Symbiote threaten the container runtime’s security.Malware initiates various types of runtime anomalies based on process form(e.g.,modifying the process of a container,and opening the external ports).Fortunately,dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime.Nevertheless,the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions.As a result,the existing dynamicmonitoringmechanismis still not practical enough.To ensure the trustworthiness of the baseline value data and,simultaneously,to achieve the integrity verification of the monitored process,we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS.Firstly,the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature.Then,design a new format for storing measurement logs,easily distinguishing files with the same name in different containers from log information.Meanwhile,the baseline value data is stored on the blockchain to avoidmalicious damage.Finally,trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container,detect abnormal containers in time and control them.We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS.Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.
基金Supported by the National Natural Science Foundation of China under Grant No. 61370068
文摘with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead.
基金The National High-Tech Research and Development (863) Program of China (No. 2005AA145110, No. 2006AA01Z436) The Natural Science Foundation of Shanghai (No. 05ZR14083) The Pudong New Area Technology Innovation Public Service Platform of China (No. PDPT2005-04)
文摘Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer's identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%7 the service selection failure rate is less than 0.15.
基金partially supported by the Fundamental Research Funds for the Central Universities under Grant No.2011JBM228the Ministry of Education Innovation Research Team under Grant No.IRT201206+1 种基金the Program for New Century Excellent Talents in University under Grant No.NCET-11-0565the Research Fund for the Doctoral Program of Higher Education of China under Grant No.2012000911007
文摘Web-based e-commerce applications need a trusted channel,which provides confidential communication,identity authentication and integrity assurance of endpoints,to guarantee the security of electronic transactions.A user-oriented trusted computing system based on Portable Trusted Module(PTM)is presented.Remote attestation is incorporated into Transport Layer Security(TLS)handshake protocol based on PTM so as to establish a trusted channel between two endpoints in network.This protocol can resist masquerading,trusted path and runtime attacks and propagate the trust in the computing system to the end user effectively.The test results of our proof-of-concept prototype show that our protocol for trusted channel is feasible for deployment in e-commerce applications on the Internet.
基金the National High Technology Research and Development Program of China(863 Program) (2005AA145110, 2006AA01Z436)the Natural Science Foundation of Shanghai (05ZR14083)the Pudong New Area Technology Innovation Public Service Platform of China (PDPT2005-04)
文摘A new multi-signature scheme was proposed with the extension of the direct anonymous attestation (DAA) protocol supported by trusted computing (TC) technology. Analysis and simulation results show that the signer's privacy is well protected with dynamic anonymity, the public key and signatures have length independent of the number of signature members, new signers are allowed to join the signature without modifying the public key, and attacks caused by secret key dumping or leaking can be avoided.
