With the recent technological developments,massive vehicular ad hoc networks(VANETs)have been established,enabling numerous vehicles and their respective Road Side Unit(RSU)components to communicate with oneanother.Th...With the recent technological developments,massive vehicular ad hoc networks(VANETs)have been established,enabling numerous vehicles and their respective Road Side Unit(RSU)components to communicate with oneanother.The best way to enhance traffic flow for vehicles and traffic management departments is to share thedata they receive.There needs to be more protection for the VANET systems.An effective and safe methodof outsourcing is suggested,which reduces computation costs by achieving data security using a homomorphicmapping based on the conjugate operation of matrices.This research proposes a VANET-based data outsourcingsystem to fix the issues.To keep data outsourcing secure,the suggested model takes cryptography models intoaccount.Fog will keep the generated keys for the purpose of vehicle authentication.For controlling and overseeingthe outsourced data while preserving privacy,the suggested approach considers the Trusted Certified Auditor(TCA).Using the secret key,TCA can identify the genuine identity of VANETs when harmful messages aredetected.The proposed model develops a TCA-based unique static vehicle labeling system using cryptography(TCA-USVLC)for secure data outsourcing and privacy preservation in VANETs.The proposed model calculatesthe trust of vehicles in 16 ms for an average of 180 vehicles and achieves 98.6%accuracy for data encryption toprovide security.The proposedmodel achieved 98.5%accuracy in data outsourcing and 98.6%accuracy in privacypreservation in fog-enabled VANETs.Elliptical curve cryptography models can be applied in the future for betterencryption and decryption rates with lightweight cryptography operations.展开更多
Due to the need for massive device connectivity,low communication latency,and various customizations in 6G architecture,a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integra...Due to the need for massive device connectivity,low communication latency,and various customizations in 6G architecture,a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integrated network scenario.However,the openness and heterogeneity of the 6G network cause the problems of network security.To improve the trustworthiness of 6G networks,we propose a trusted computing-based approach for establishing trust relationships inmulti-cloud scenarios.The proposed method shows the relationship of trust based on dual-level verification.It separates the trustworthy states of multiple complex cloud units in 6G architecture into the state within and between cloud units.Firstly,SM3 algorithm establishes the chain of trust for the system’s trusted boot phase.Then,the remote attestation server(RAS)of distributed cloud units verifies the physical servers.Meanwhile,the physical servers use a ring approach to verify the cloud servers.Eventually,the centralized RAS takes one-time authentication to the critical evidence information of distributed cloud unit servers.Simultaneously,the centralized RAS also verifies the evidence of distributed RAS.We establish our proposed approach in a natural OpenStack-based cloud environment.The simulation results show that the proposed method achieves higher security with less than a 1%system performance loss.展开更多
Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for s...Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security.However,for Android,TEE technologies still contain restrictions and limitations.The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE.Another issue of hardware-based TEE is the cross-platform problem.Since every mobile device supports different TEE vendors,it becomes an obstacle for developers to migrate their trusted applications to other Android devices.A software-based TEE solution is a potential approach that allows developers to customize,package and deliver the product efficiently.Motivated by that idea,this paper introduces a VTEE model,a software-based TEE solution,on Android devices.This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics:computing performance and security.The experiment shows that the VTEE model can host other software-based TEE services and deliver various cryptography TEE functions on theAndroid environment.The security evaluation shows that adding the VTEE model to the existing Android does not addmore security issues to the traditional design.Overall,this paper shows applicable solutions to adjust the balance between computing performance and security.展开更多
A key requirement of today’s fast changing business outcome and innovation environment is the ability of organizations to adapt dynamically in an effective and efficient manner. Becoming a data-driven decision-making...A key requirement of today’s fast changing business outcome and innovation environment is the ability of organizations to adapt dynamically in an effective and efficient manner. Becoming a data-driven decision-making organization plays a crucially important role in addressing such adaptation requirements. The notion of “data democratization” has emerged as a mechanism with which organizations can address data-driven decision-making process issues and cross-pollinate data in ways that uncover actionable insights. We define data democratization as an attitude focused on curiosity, learning, and experimentation for delivering trusted data for trusted insights to a broad range of authorized stakeholders. In this paper, we propose a general indicator framework for data democratization by highlighting success factors that should not be overlooked in today’s data driven economy. In this practice-based research, these enablers are grouped into six broad building blocks: 1) “ethical guidelines, business context and value”, 2) “data leadership and data culture”, 3) “data literacy and business knowledge”, 4) “data wrangling, trustworthy & standardization”, 5) “sustainable data platform, access, & analytical tool”, 6) “intelligent data governance and privacy”. As an attitude, once it is planned and built, data democratization will need to be maintained. The utility of the approach is demonstrated through a case study for a Cameroon based start-up company that has ongoing data analytics projects. Our findings advance the concepts of data democratization and contribute to data free flow with trust.展开更多
The mobile transient and sensor network’s routing algorithm detects available multi-hop paths between source and destination nodes.However,some methods are not as reliable or trustworthy as expected.Therefore,finding...The mobile transient and sensor network’s routing algorithm detects available multi-hop paths between source and destination nodes.However,some methods are not as reliable or trustworthy as expected.Therefore,finding a reliable method is an important factor in improving communication security.For further enhancement of protected communication,we suggest a trust cluster based secure routing(TCSR)framework for wireless sensor network(WSN)using optimization algorithms.First,we introduce an efficient cluster formation using a modified tug of war optimization(MTWO)algorithm,which provides loadbalanced clusters for energy-efficient data transmission.Second,we illustrate the optimal head selection using multiple design constraints received signal strength,congestion rate,data loss rate,and throughput of the node.Those parameters are optimized by a butterfly optimal deep neural network(BO-DNN),which provides first-level security towards the selection of the best head node.Third,we utilize the lightweight signcryption to encrypt the data between two nodes during data transmission,which provides second-level security.The model provides an estimation of the trust level of each route to help a source node to select the most secure one.The nodes of the network improve reliability and security by maintaining the reliability component.Simulation results showed that the proposed scheme achieved 45.6%of delivery ratio.展开更多
The ongoing research on secure and trustworthy issues in next generation Internet technology is still insufficient. China has achieved some progress in the field of the trusted next generation Internet. Under the supp...The ongoing research on secure and trustworthy issues in next generation Internet technology is still insufficient. China has achieved some progress in the field of the trusted next generation Internet. Under the support of the National High Technology Research and Development Program of China (863 Program), Tsinghua University and other units have completed the program named "Research on Critical Technologies and Demonstration Applications of the Trusted Next Generation Internet", which targets the secure and trustworthy problems existing in the current Internet. With focus on tackling the technical problem of authentic address access in the Internet, a prototype system for trusted Internet infrastructure, security service and typical applications are designed and implemented. It is expected that the trusted next generation Internet will support the trusted computer network, trusted telecom network and trusted broadcast & TV network applications.展开更多
As the information network plays a more and more important role globally, the traditional network theories and technologies, especially those related to network security, can no longer meet the network development req...As the information network plays a more and more important role globally, the traditional network theories and technologies, especially those related to network security, can no longer meet the network development requirements. Offering the system with secure and trusted services has become a new focus in network research. This paper first discusses the meaning of and aspects involved in the trusted network. According to this paper, the trusted network should be a network where the network's and users' behaviors and their results are always predicted and manageable. The trustworthiness of a network mainly involves three aspects: service provider, information transmission and terminal user. This paper also analyzes the trusted network in terms of trusted model for network/user behaviors, architecture of trusted network, service survivability and network manageability, which is designed to give ideas on solving the problems that may be faced in developing the trusted network.展开更多
In cloud computing environment, as the infrastructure not owned by users, it is desirable that its security and integrity must be protected and verified time to time. In Hadoop based scalable computing setup, malfunct...In cloud computing environment, as the infrastructure not owned by users, it is desirable that its security and integrity must be protected and verified time to time. In Hadoop based scalable computing setup, malfunctioning nodes generate wrong output during the run time. To detect such nodes, we create collaborative network between worker node (i.e. data node of Hadoop) and Master node (i.e. name node of Hadoop) with the help of trusted heartbeat framework (THF). We propose procedures to register node and to alter status of node based on reputation provided by other co-worker nodes.展开更多
Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reduc...Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.展开更多
Cloud storage represents the trend of intensive,scale and specialization of information technology,which has changed the technical architecture and implementation method of electronic records management.Moreover,it wi...Cloud storage represents the trend of intensive,scale and specialization of information technology,which has changed the technical architecture and implementation method of electronic records management.Moreover,it will provide a convenient way to generate more advanced and efficient management of the electronic data records.However,in cloud storage environment,it is difficult to guarantee the trustworthiness of electronic records,which results in a series of severe challenges to electronic records management.Starting from the definition and specification of electronic records,this paper firstly analyzes the requirements of the trustworthiness in cloud storage during their long-term preservation according to the information security theory and subdivides the trustworthiness into the authenticity,integrity,usability,and reliability of electronic records in cloud storage.Moreover,this paper proposes the technology framework of preservation for trusted electronic records.Also,the technology of blockchain,proofs of retrievability,the open archival information system model and erasure code are adopted to protect these four security attributes,to guarantee the credibility of the electronic record.展开更多
Pervasive schemes are the significant techniques that allow intelligent communication among the devices without any human intervention.Recently Internet of Vehicles(IoVs)has been introduced as one of the applications ...Pervasive schemes are the significant techniques that allow intelligent communication among the devices without any human intervention.Recently Internet of Vehicles(IoVs)has been introduced as one of the applications of pervasive computing that addresses the road safety challenges.Vehicles participating within the IoV are embedded with a wide range of sensors which operate in a real time environment to improve the road safety issues.Various mechanisms have been proposed which allow automatic actions based on uncertainty of sensory and managed data.Due to the lack of existing transportation integration schemes,IoV has not been completely explored by business organizations.In order to tackle this problem,we have proposed a novel trusted mechanism in IoV during communication,sensing,and record storing.Our proposed method uses trust based analysis and subjective logic functions with the aim of creating a trust environment for vehicles to communicate.In addition,the subjective logic function is integrated with multi-attribute SAW scheme to improve the decision metrics of authenticating nodes.The trust analysis depends on a variety of metrics to ensure an accurate identification of legitimate vehicles embedded with IoT devices ecosystem.The proposed scheme is determined and verified rigorously through various IoT devices and decision making metrics against a baseline solution.The simulation results show that the proposed scheme leads to 88%improvement in terms of better identification of legitimate nodes,road accidents and message alteration records during data transmission among vehicles as compared to the baseline approach.展开更多
The important issues of network TCP congestion control are how to compute the link price according to the link status and regulate the data sending rate based on link congestion pricing feedback information.However,it...The important issues of network TCP congestion control are how to compute the link price according to the link status and regulate the data sending rate based on link congestion pricing feedback information.However,it is difficult to predict the congestion state of the link-end accurately at the source.In this paper,we presented an improved NUMFabric algorithm for calculating the overall congestion price.In the proposed scheme,the whole network structure had been obtained by the central control server in the Software Defined Network,and a kind of dual-hierarchy algorithm for calculating overall network congestion price had been demonstrated.In this scheme,the first hierarchy algorithm was set up in a central control server like Opendaylight and the guiding parameter B is obtained based on the intelligent data of global link state information.Based on the historical data,the congestion state of the network and the guiding parameter B is accurately predicted by the machine learning algorithm.The second hierarchy algorithm was installed in the Openflow link and the link price was calculated based on guiding parameter B given by the first algorithm.We evaluate this evolved NUMFabric algorithm in NS3,which demonstrated that the proposed NUMFabric algorithm could efficiently increase the link bandwidth utilization of cloud computing IoT datacenters.展开更多
According to the high operating costs and a large number of energy waste in the current data center network architectures, we propose a kind of trusted flow preemption scheduling combining the energy-saving routing me...According to the high operating costs and a large number of energy waste in the current data center network architectures, we propose a kind of trusted flow preemption scheduling combining the energy-saving routing mechanism based on typical data center network architecture. The mechanism can make the network flow in its exclusive network link bandwidth and transmission path, which can improve the link utilization and the use of the network energy efficiency. Meanwhile, we apply trusted computing to guarantee the high security, high performance and high fault-tolerant routing forwarding service, which helps improving the average completion time of network flow.展开更多
A centralized trusted execution environment(TEE)has been extensively studied to provide secure and trusted computing.However,a TEE might become a throughput bottleneck if it is used to evaluate data quality when colle...A centralized trusted execution environment(TEE)has been extensively studied to provide secure and trusted computing.However,a TEE might become a throughput bottleneck if it is used to evaluate data quality when collecting large-scale data in a crowdsourcing system.It may also have security problems compromised by attackers.Here,we propose a scheme,named dTEE,for building a platform for providing distributed trusted computing by leveraging TEEs.The platform is used as an infrastructure of trusted computations for blockchain-based crowdsourcing systems,especially to securely evaluate data quality and manage remuneration:these operations are handled by a TEE group.First,dTEE uses a public blockchain with smart contracts to manage TEEs without reliance on any trusted third parties.Second,to update TEE registration information and rule out zombie TEEs,dTEE uses a reporting mechanism.To attract TEE owners to join in and provide service of trusted computations,it uses a fair monetary incentive mechanism.Third,to account for malicious attackers,we design a model with Byzantine fault tolerance,not limited to a crash-failure model.Finally,we conduct an extensive evaluation of our design on a local cluster.The results show that dTEE finishes evaluating 10,000 images within one minute and achieves about 65 tps throughput when evaluating Sudoku solution data with collective signatures both in a group of 120 TEEs.展开更多
How to build a secure architecture for network function virtualization(NFV)is an important issue.Trusted computing has the ability to provide security for NFV and it is called trusted NFV system.In this paper,we propo...How to build a secure architecture for network function virtualization(NFV)is an important issue.Trusted computing has the ability to provide security for NFV and it is called trusted NFV system.In this paper,we propose a new NFV direct anonymous attestation(NFV-DAA)scheme based on trusted NFV architecture.It is based on the Elliptic curve cryptography and transfers the computation of variableD from the trusted platform module(TPM)to the issuer.With the mutual authentication mechanism that those existing DAA schemes do not have and an efficient batch proof and verification scheme,the performance of trusted NFV system is optimized.The proposed NFV-DAA scheme was proved to have a higher security level and higher efficiency than those existing DAA schemes.We have reduced the computation load in Join protocol from 3G1 to 2G1 exponential operation,while the time of NFV-DAA scheme’s Sign protocol is reduced up to 49%.展开更多
Extending the lifetime of the wireless sensor networks (WSNs), where recharging sensors is not always possible, has been a major concern for researchers for the past decade. In this paper, we study the cooperation bet...Extending the lifetime of the wireless sensor networks (WSNs), where recharging sensors is not always possible, has been a major concern for researchers for the past decade. In this paper, we study the cooperation between nodes in wireless sensor networks in forwarding packets to others, and we propose a new collaboration technique which stimulates intermediate nodes to forward packets toward their destination. Some nodes show selfish behavior by denying the forwarding packets to other nodes in commercial networks in an effort to preserve their own energy. This paper applies a technique which is used to prolong the network lifetime, based on a node’s energy and trust value, and additionally incorporates fuzzy logic, which stimulates nodes to forward packets by rewarding cooperation. According to simulation results, the proposed approach surpasses the Nuglets (virtual currency) approach and the Reputation approach in network energy and thus prolongs the network lifetime. Additionally, our proposed approach demonstrates better results in the number of dropped packets, PDR and forwarded packets to neighboring nodes.展开更多
With the rapid development of intelligent transportation, carpooling with the help of Vehicular Networks plays an important role in improving transportati<span>on efficiency and solving environmental problems. H...With the rapid development of intelligent transportation, carpooling with the help of Vehicular Networks plays an important role in improving transportati<span>on efficiency and solving environmental problems. However, attackers us</span>ually launch attacks and cause privacy leakage of carpooling users. In addition, the trust issue between unfamiliar vehicles and passengers reduces the efficiency of carpooling. To address these issues, this paper introduced a trusted and pr<span>ivacy-preserving carpooling matching scheme in Vehicular Networks (T</span>PCM). TPC<span>M scheme introduced travel preferences during carpooling matching, according to the passengers’ individual travel preferences needs, which adopt</span>ed th<span>e privacy set intersection technology based on the Bloom filter to match t</span>he passengers with the vehicles to achieve the purpose of protecting privacy an<span>d meeting the individual needs of passengers simultaneously. TPCM sch</span>eme adopted a multi-faceted trust management model, which calculated the trust val<span>ue of different travel preferences of vehicle based on passengers’ carp</span>ooling feedback to evaluate the vehicle’s trustworthiness from multi-faceted when carpooling matching. Moreover, a series of experiments were conducted to verify the effectiveness and robustness of the proposed scheme. The results show that the proposed scheme has high accuracy, lower computational and communication costs when compared with the existing carpooling schemes.展开更多
文摘With the recent technological developments,massive vehicular ad hoc networks(VANETs)have been established,enabling numerous vehicles and their respective Road Side Unit(RSU)components to communicate with oneanother.The best way to enhance traffic flow for vehicles and traffic management departments is to share thedata they receive.There needs to be more protection for the VANET systems.An effective and safe methodof outsourcing is suggested,which reduces computation costs by achieving data security using a homomorphicmapping based on the conjugate operation of matrices.This research proposes a VANET-based data outsourcingsystem to fix the issues.To keep data outsourcing secure,the suggested model takes cryptography models intoaccount.Fog will keep the generated keys for the purpose of vehicle authentication.For controlling and overseeingthe outsourced data while preserving privacy,the suggested approach considers the Trusted Certified Auditor(TCA).Using the secret key,TCA can identify the genuine identity of VANETs when harmful messages aredetected.The proposed model develops a TCA-based unique static vehicle labeling system using cryptography(TCA-USVLC)for secure data outsourcing and privacy preservation in VANETs.The proposed model calculatesthe trust of vehicles in 16 ms for an average of 180 vehicles and achieves 98.6%accuracy for data encryption toprovide security.The proposedmodel achieved 98.5%accuracy in data outsourcing and 98.6%accuracy in privacypreservation in fog-enabled VANETs.Elliptical curve cryptography models can be applied in the future for betterencryption and decryption rates with lightweight cryptography operations.
基金This work was supported by the Ministry of Education and China Mobile Research Fund Project(MCM20200102)the 173 Project(No.2019-JCJQ-ZD-342-00)+2 种基金the National Natural Science Foundation of China(No.U19A2081)the Fundamental Research Funds for the Central Universities(No.2023SCU12129)the Science and Engineering Connotation Development Project of Sichuan University(No.2020SCUNG129).
文摘Due to the need for massive device connectivity,low communication latency,and various customizations in 6G architecture,a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integrated network scenario.However,the openness and heterogeneity of the 6G network cause the problems of network security.To improve the trustworthiness of 6G networks,we propose a trusted computing-based approach for establishing trust relationships inmulti-cloud scenarios.The proposed method shows the relationship of trust based on dual-level verification.It separates the trustworthy states of multiple complex cloud units in 6G architecture into the state within and between cloud units.Firstly,SM3 algorithm establishes the chain of trust for the system’s trusted boot phase.Then,the remote attestation server(RAS)of distributed cloud units verifies the physical servers.Meanwhile,the physical servers use a ring approach to verify the cloud servers.Eventually,the centralized RAS takes one-time authentication to the critical evidence information of distributed cloud unit servers.Simultaneously,the centralized RAS also verifies the evidence of distributed RAS.We establish our proposed approach in a natural OpenStack-based cloud environment.The simulation results show that the proposed method achieves higher security with less than a 1%system performance loss.
基金This work was partly supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT),(No.2020-0-00952,Development of 5G edge security technology for ensuring 5G+service stability and availability,50%)the Institute of Information and Communications Technology Planning and Evaluation(IITP)grant funded by the MSIT(Ministry of Science and ICT),Korea(No.IITP-2022-2020-0-01602,ITRC(Information Technology Research Center)support program,50%).
文摘Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security.However,for Android,TEE technologies still contain restrictions and limitations.The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE.Another issue of hardware-based TEE is the cross-platform problem.Since every mobile device supports different TEE vendors,it becomes an obstacle for developers to migrate their trusted applications to other Android devices.A software-based TEE solution is a potential approach that allows developers to customize,package and deliver the product efficiently.Motivated by that idea,this paper introduces a VTEE model,a software-based TEE solution,on Android devices.This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics:computing performance and security.The experiment shows that the VTEE model can host other software-based TEE services and deliver various cryptography TEE functions on theAndroid environment.The security evaluation shows that adding the VTEE model to the existing Android does not addmore security issues to the traditional design.Overall,this paper shows applicable solutions to adjust the balance between computing performance and security.
文摘A key requirement of today’s fast changing business outcome and innovation environment is the ability of organizations to adapt dynamically in an effective and efficient manner. Becoming a data-driven decision-making organization plays a crucially important role in addressing such adaptation requirements. The notion of “data democratization” has emerged as a mechanism with which organizations can address data-driven decision-making process issues and cross-pollinate data in ways that uncover actionable insights. We define data democratization as an attitude focused on curiosity, learning, and experimentation for delivering trusted data for trusted insights to a broad range of authorized stakeholders. In this paper, we propose a general indicator framework for data democratization by highlighting success factors that should not be overlooked in today’s data driven economy. In this practice-based research, these enablers are grouped into six broad building blocks: 1) “ethical guidelines, business context and value”, 2) “data leadership and data culture”, 3) “data literacy and business knowledge”, 4) “data wrangling, trustworthy & standardization”, 5) “sustainable data platform, access, & analytical tool”, 6) “intelligent data governance and privacy”. As an attitude, once it is planned and built, data democratization will need to be maintained. The utility of the approach is demonstrated through a case study for a Cameroon based start-up company that has ongoing data analytics projects. Our findings advance the concepts of data democratization and contribute to data free flow with trust.
文摘The mobile transient and sensor network’s routing algorithm detects available multi-hop paths between source and destination nodes.However,some methods are not as reliable or trustworthy as expected.Therefore,finding a reliable method is an important factor in improving communication security.For further enhancement of protected communication,we suggest a trust cluster based secure routing(TCSR)framework for wireless sensor network(WSN)using optimization algorithms.First,we introduce an efficient cluster formation using a modified tug of war optimization(MTWO)algorithm,which provides loadbalanced clusters for energy-efficient data transmission.Second,we illustrate the optimal head selection using multiple design constraints received signal strength,congestion rate,data loss rate,and throughput of the node.Those parameters are optimized by a butterfly optimal deep neural network(BO-DNN),which provides first-level security towards the selection of the best head node.Third,we utilize the lightweight signcryption to encrypt the data between two nodes during data transmission,which provides second-level security.The model provides an estimation of the trust level of each route to help a source node to select the most secure one.The nodes of the network improve reliability and security by maintaining the reliability component.Simulation results showed that the proposed scheme achieved 45.6%of delivery ratio.
文摘The ongoing research on secure and trustworthy issues in next generation Internet technology is still insufficient. China has achieved some progress in the field of the trusted next generation Internet. Under the support of the National High Technology Research and Development Program of China (863 Program), Tsinghua University and other units have completed the program named "Research on Critical Technologies and Demonstration Applications of the Trusted Next Generation Internet", which targets the secure and trustworthy problems existing in the current Internet. With focus on tackling the technical problem of authentic address access in the Internet, a prototype system for trusted Internet infrastructure, security service and typical applications are designed and implemented. It is expected that the trusted next generation Internet will support the trusted computer network, trusted telecom network and trusted broadcast & TV network applications.
基金the National NaturalScience Foundation of China under Grant90412012 and 60673187
文摘As the information network plays a more and more important role globally, the traditional network theories and technologies, especially those related to network security, can no longer meet the network development requirements. Offering the system with secure and trusted services has become a new focus in network research. This paper first discusses the meaning of and aspects involved in the trusted network. According to this paper, the trusted network should be a network where the network's and users' behaviors and their results are always predicted and manageable. The trustworthiness of a network mainly involves three aspects: service provider, information transmission and terminal user. This paper also analyzes the trusted network in terms of trusted model for network/user behaviors, architecture of trusted network, service survivability and network manageability, which is designed to give ideas on solving the problems that may be faced in developing the trusted network.
文摘In cloud computing environment, as the infrastructure not owned by users, it is desirable that its security and integrity must be protected and verified time to time. In Hadoop based scalable computing setup, malfunctioning nodes generate wrong output during the run time. To detect such nodes, we create collaborative network between worker node (i.e. data node of Hadoop) and Master node (i.e. name node of Hadoop) with the help of trusted heartbeat framework (THF). We propose procedures to register node and to alter status of node based on reputation provided by other co-worker nodes.
基金sponsored by the National Natural Science Foundation of China granted No.61872430, 61402342, 61772384the National Basic Research Program of China 973 Program granted No.2014CB340601Foundation of Science and Technology on Information Assurance Laboratory (No. KJ-17-103)
文摘Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.
基金This work is supported by the NSFC(No.61772280,61772454,6171101570,61702236)Natural Science Foundation of Jiangsu Province under grant No.BK20150460,the Changzhou Sci&Tech Program(No.CJ20179027)the PAPD fund from NUIST.Prof.Hye-Jin Kim is the corresponding author.
文摘Cloud storage represents the trend of intensive,scale and specialization of information technology,which has changed the technical architecture and implementation method of electronic records management.Moreover,it will provide a convenient way to generate more advanced and efficient management of the electronic data records.However,in cloud storage environment,it is difficult to guarantee the trustworthiness of electronic records,which results in a series of severe challenges to electronic records management.Starting from the definition and specification of electronic records,this paper firstly analyzes the requirements of the trustworthiness in cloud storage during their long-term preservation according to the information security theory and subdivides the trustworthiness into the authenticity,integrity,usability,and reliability of electronic records in cloud storage.Moreover,this paper proposes the technology framework of preservation for trusted electronic records.Also,the technology of blockchain,proofs of retrievability,the open archival information system model and erasure code are adopted to protect these four security attributes,to guarantee the credibility of the electronic record.
基金funded by the Abu Dhabi University,Faculty Research Incentive Grant(19300483–Adel Khelifi),United Arab Emirates.Link to Sponsor website:https://www.adu.ac.ae/research/research-at-adu/overview.
文摘Pervasive schemes are the significant techniques that allow intelligent communication among the devices without any human intervention.Recently Internet of Vehicles(IoVs)has been introduced as one of the applications of pervasive computing that addresses the road safety challenges.Vehicles participating within the IoV are embedded with a wide range of sensors which operate in a real time environment to improve the road safety issues.Various mechanisms have been proposed which allow automatic actions based on uncertainty of sensory and managed data.Due to the lack of existing transportation integration schemes,IoV has not been completely explored by business organizations.In order to tackle this problem,we have proposed a novel trusted mechanism in IoV during communication,sensing,and record storing.Our proposed method uses trust based analysis and subjective logic functions with the aim of creating a trust environment for vehicles to communicate.In addition,the subjective logic function is integrated with multi-attribute SAW scheme to improve the decision metrics of authenticating nodes.The trust analysis depends on a variety of metrics to ensure an accurate identification of legitimate vehicles embedded with IoT devices ecosystem.The proposed scheme is determined and verified rigorously through various IoT devices and decision making metrics against a baseline solution.The simulation results show that the proposed scheme leads to 88%improvement in terms of better identification of legitimate nodes,road accidents and message alteration records during data transmission among vehicles as compared to the baseline approach.
基金supported by National Key R&D Program of China—Industrial Internet Application Demonstration-Sub-topic Intelligent Network Operation and Security Protection(2018YFB1802400).
文摘The important issues of network TCP congestion control are how to compute the link price according to the link status and regulate the data sending rate based on link congestion pricing feedback information.However,it is difficult to predict the congestion state of the link-end accurately at the source.In this paper,we presented an improved NUMFabric algorithm for calculating the overall congestion price.In the proposed scheme,the whole network structure had been obtained by the central control server in the Software Defined Network,and a kind of dual-hierarchy algorithm for calculating overall network congestion price had been demonstrated.In this scheme,the first hierarchy algorithm was set up in a central control server like Opendaylight and the guiding parameter B is obtained based on the intelligent data of global link state information.Based on the historical data,the congestion state of the network and the guiding parameter B is accurately predicted by the machine learning algorithm.The second hierarchy algorithm was installed in the Openflow link and the link price was calculated based on guiding parameter B given by the first algorithm.We evaluate this evolved NUMFabric algorithm in NS3,which demonstrated that the proposed NUMFabric algorithm could efficiently increase the link bandwidth utilization of cloud computing IoT datacenters.
基金supported by the National Natural Science Foundation of China(The key trusted running technologies for the sensing nodes in Internet of things: 61501007The outstanding personnel training program of Beijing municipal Party Committee Organization Department (The Research of Trusted Computing environment for Internet of things in Smart City: 2014000020124G041
文摘According to the high operating costs and a large number of energy waste in the current data center network architectures, we propose a kind of trusted flow preemption scheduling combining the energy-saving routing mechanism based on typical data center network architecture. The mechanism can make the network flow in its exclusive network link bandwidth and transmission path, which can improve the link utilization and the use of the network energy efficiency. Meanwhile, we apply trusted computing to guarantee the high security, high performance and high fault-tolerant routing forwarding service, which helps improving the average completion time of network flow.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(No.NRF-2019R1A2C1090713).
文摘A centralized trusted execution environment(TEE)has been extensively studied to provide secure and trusted computing.However,a TEE might become a throughput bottleneck if it is used to evaluate data quality when collecting large-scale data in a crowdsourcing system.It may also have security problems compromised by attackers.Here,we propose a scheme,named dTEE,for building a platform for providing distributed trusted computing by leveraging TEEs.The platform is used as an infrastructure of trusted computations for blockchain-based crowdsourcing systems,especially to securely evaluate data quality and manage remuneration:these operations are handled by a TEE group.First,dTEE uses a public blockchain with smart contracts to manage TEEs without reliance on any trusted third parties.Second,to update TEE registration information and rule out zombie TEEs,dTEE uses a reporting mechanism.To attract TEE owners to join in and provide service of trusted computations,it uses a fair monetary incentive mechanism.Third,to account for malicious attackers,we design a model with Byzantine fault tolerance,not limited to a crash-failure model.Finally,we conduct an extensive evaluation of our design on a local cluster.The results show that dTEE finishes evaluating 10,000 images within one minute and achieves about 65 tps throughput when evaluating Sudoku solution data with collective signatures both in a group of 120 TEEs.
基金Natural Science Foundation of China(NSFC)under grant No.61372103the ZTE Industry-Academia-Research Cooperation Funds.
文摘How to build a secure architecture for network function virtualization(NFV)is an important issue.Trusted computing has the ability to provide security for NFV and it is called trusted NFV system.In this paper,we propose a new NFV direct anonymous attestation(NFV-DAA)scheme based on trusted NFV architecture.It is based on the Elliptic curve cryptography and transfers the computation of variableD from the trusted platform module(TPM)to the issuer.With the mutual authentication mechanism that those existing DAA schemes do not have and an efficient batch proof and verification scheme,the performance of trusted NFV system is optimized.The proposed NFV-DAA scheme was proved to have a higher security level and higher efficiency than those existing DAA schemes.We have reduced the computation load in Join protocol from 3G1 to 2G1 exponential operation,while the time of NFV-DAA scheme’s Sign protocol is reduced up to 49%.
文摘Extending the lifetime of the wireless sensor networks (WSNs), where recharging sensors is not always possible, has been a major concern for researchers for the past decade. In this paper, we study the cooperation between nodes in wireless sensor networks in forwarding packets to others, and we propose a new collaboration technique which stimulates intermediate nodes to forward packets toward their destination. Some nodes show selfish behavior by denying the forwarding packets to other nodes in commercial networks in an effort to preserve their own energy. This paper applies a technique which is used to prolong the network lifetime, based on a node’s energy and trust value, and additionally incorporates fuzzy logic, which stimulates nodes to forward packets by rewarding cooperation. According to simulation results, the proposed approach surpasses the Nuglets (virtual currency) approach and the Reputation approach in network energy and thus prolongs the network lifetime. Additionally, our proposed approach demonstrates better results in the number of dropped packets, PDR and forwarded packets to neighboring nodes.
文摘With the rapid development of intelligent transportation, carpooling with the help of Vehicular Networks plays an important role in improving transportati<span>on efficiency and solving environmental problems. However, attackers us</span>ually launch attacks and cause privacy leakage of carpooling users. In addition, the trust issue between unfamiliar vehicles and passengers reduces the efficiency of carpooling. To address these issues, this paper introduced a trusted and pr<span>ivacy-preserving carpooling matching scheme in Vehicular Networks (T</span>PCM). TPC<span>M scheme introduced travel preferences during carpooling matching, according to the passengers’ individual travel preferences needs, which adopt</span>ed th<span>e privacy set intersection technology based on the Bloom filter to match t</span>he passengers with the vehicles to achieve the purpose of protecting privacy an<span>d meeting the individual needs of passengers simultaneously. TPCM sch</span>eme adopted a multi-faceted trust management model, which calculated the trust val<span>ue of different travel preferences of vehicle based on passengers’ carp</span>ooling feedback to evaluate the vehicle’s trustworthiness from multi-faceted when carpooling matching. Moreover, a series of experiments were conducted to verify the effectiveness and robustness of the proposed scheme. The results show that the proposed scheme has high accuracy, lower computational and communication costs when compared with the existing carpooling schemes.