An Improved Grid Security Infrastructure by Trusted Computing

Current delegation mechanism of grid security infrastructure （GSI） can＇t satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.     

TPM context manager and dynamic configuration management for trusted virtualization platform

It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM （trusted platform module） context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM （virtual machine） configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG （trusted computing group） static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.     

Design and Implementation of a Bootstrap Trust Chain

The chain of trust in bootstrap process is the basis of whole system trust in the trusted computing group （TCG） definition. This paper presents a design and implementation of a bootstrap trust chain in PC based on the Windows and today＇s commodity hardware, merely depends on availability of an embedded security module （ESM）. ESM and security enhanced BIOS is the root of trust, PMBR （Pre-MBR） checks the integrity of boot data and Windows kernel, which is a checking agent stored in ESM. In the end, the paper analyzed the mathematic expression of the chain of trust and the runtime performance compared with the common booring process. The trust chain bootstrap greatly strengthens the security of personal computer system, and affects the runtime performance with only adding about 12% booting time.     

Trustworthiness Technologies of DDSS

The most significant strategic development in information technology over the past years has been ＂trusted computing＂ and trusted computers have been produced. In this paper trusted mechanisms adopted by PC is imported into distributed system, such as chain of trust, trusted root and so on. Based on distributed database server system （DDSS）, a novel model of trusted distributed database server system （TDDSS） is presented ultimately. In TDDSS role-based access control, two-level of logs and other technologies are adopted to ensure the trustworthiness of the system.     

Improved verifiability scheme for data storage in cloud computing

In Cloud computing,data and service requests are responded by remote processes calls on huge data server clusters that are not totally trusted.The new computing pattern may cause many potential security threats.This paper explores how to ensure the integrity and correctness of data storage in cloud computing with user’s key pair.In this paper,we aim mainly at constructing of a quick data chunk verifying scheme to maintain data in data center by implementing a balance strategy of cloud computing costs,removing the heavy computing load of clients,and applying an automatic data integrity maintenance method.In our scheme,third party auditor (TPA) is kept in the scheme,for the sake of the client,to periodically check the integrity of data blocks stored in data center.Our scheme supports quick public data integrity verification and chunk redundancy strategy.Compared with the existing scheme,it takes the advantage of ocean data support and high performance.     

Trust Based Pervasive Computing

Pervasive computing environment is a distributed and mobile space. Trust relationship must be established and ensured between devices and the systems in the pervasive computing environment. The trusted computing （TC） technology introduced by trusted computing group is a distributed-system-wide approach to the provisions of integrity protection of resources. The TC＇s notion of trust and security can be described as conformed system behaviors of a platform environment such that the conformation can be attested to a remote challenger. In this paper the trust requirements in a pervasive/ubiquitous environment are analyzed. Then security schemes for the pervasive computing are proposed using primitives offered by TC technology.     

Mobile Agent系统的整体安全机制研究

安全问题是移动Agent技术应用到分布计算环境中的关键问题,在分析了现有安全策略的基础上,提出了一种基于可信任第三方的移动Agent整体安全设计方案,为解决移动Agent的安全问题提供了一种新方法.     

基于以太坊的格上属性基可搜索加密方案

提出了一种基于以太坊的安全、灵活、高效的格上属性基可搜索加密方案.方案基于格密码体制提出,解决了传统基于双线性配对技术的属性基可搜索加密方案存在的不可抗量子攻击安全问题.方案使用基于以太坊技术的分散存储方法解决了传统云存储系统中单点故障问题,并且方案中数据拥有者代替私钥生成器为用户生成私钥,这避免传统方案由于密钥托管问...     

Architecture of Trusted PC

This paper, focusing on the trusted computing group＇s standards, explained the key concept of trusted compuling and provided the architecture of trusted PC. It built trust bottom-up by starting with trusted hardware and adding layers of trusted software. It is a system-level solution available to all applications running on the member platforms. This solution reduces the security burden on applications and thus simplifies application programming.     

A Peer-to-Peer resource sharing scheme using trusted computing technology

Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.     

Security Architecture of Trusted Virtual Machine Monitor for Trusted Computing

With analysis of limitations Trusted Computing Group （TCG） has encountered, we argued that virtual machine monitor （VMM） is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented ＂thin＂ virtual machine （VM）, Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base （TCB）. It provides isolation and integrity guarantees based on which general security requirements can be satisfied.     

An Anonymous Payment Protocol with Mobile Agents in Hostile Environments

By using Pedersen‘s verifiable secret sharing scheme and the theory of cross validation, we propose an anonymous payment protocol which have following features: protecting the confidentiality of sensitive payment information from spying by malicious hosts; using a trusted third party in a minimal way; verifying the validity of the share by the merchant; allowing agent to verify that the product which it is about to receive is the one it is paying for; keeping the customer anonymous.     

Public Key Cryptography Based on Ergodic Matrices over Finite Field

A new public key encryption scheme is proposed in this paper, which is based on a hard problem over ergodic matrices. The security of this scheme is equal to the MQ-problem： multivariate quadratic equations over finite fields. This problem has been shown to be NP-complete and can＇t be solved with polynomial time algorithm.     

基于可信计算的移动平台设计方案

在深入研究现有可信移动平台设计方案和TCG移动可信模块相关技术的基础上,提出了带有移动可信模块的可信移动平台设计方案.平台采用基带处理器和应用处理器分离的结构,利用移动可信模块构建了以应用处理器为中心的可信区域,为移动平台提供受保护的计算和存储空间,提高了移动平台的安全性、灵活性和可靠性.分析了现有可信移动平台安全引导过程安全漏洞,提出了改进的安全引导过程,并通过谓词逻辑对改进的引导过程进行了正确性验证.     

A Trusted Host＇s Authentication Access and Control Model Faced on User Action

The conception of trusted network connection （TNC） is introduced, and the weakness of TNC to control user＇s action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC＇s security of user control and authorization.     

一种基于可信计算平台的数字签名方案

为了提高数字签名方案的安全性,提出了一种基于可信平台的签名方案,该方案采用双私钥设计,同时,利用可信平台,以及智能卡等安全设备增加了系统的安全性.为防止消息在公共信道篡改,消息和签名将被用户与签名者的一次一密密码系统加密处理.最后,给出方案的正确性证明、安全性分析.     

Verifiable （ t, n） Threshold Signature Scheme Based on Elliptic Curve

Based on the difficulty of solving the ECDLP (elliptic curve discrete logarithm problem) on the finite field, we present a (t, n) threshold signature scheme and a verifiable key agreement scheme without trusted party. Applying a modified elliptic curve signature equation, we get a more efficient signature scheme than the existing ECDSA (ellipticcurve digital signature algorithm) from the computability and security view. Our scheme has a shorter key, faster computation, and better security.     

可信模块与强制访问控制结合的安全防护方案

基于可信计算思想,通过在现有移动终端中加入移动可信计算模块,并在核心网中加入安全服务提供者和安全软件提供商,构架了面向移动终端的统一安全防护体系,为用户提供安全服务.该方案有效利用了移动终端操作系统的特性,将基于角色的访问控制与可信验证相结合,实现了高效的可信链传递,使没有授权证书的非法软件和非法进程不能在系统中运行,...     

A protocol for fair electronic purchase based on concurrent signatures

E-commerce protocols for the electronic purchase of goods are difficult to design and implement due to their complexity and high security demands. Fairness of such protocols in literature highly depends on an additional TTP（trusted third party）. However, it is difficult to find such a TTP in some situations. In addition, fairness for customers has been neither fully considered nor well satisfied in existing electronic purchasing protocols. In this paper, a new protocol FEP （fair electronic purchase） without a special TTP but an online bank is presented based on a concurrent digital signature scheme. The FEP protocol guarantees fair electronic purchase of goods via electronic payment between consumers, merchants and their online banks. The protocol is practical and the analysis based on the game logics shows that it achieves the properties of viability, fairness, and timeliness.