您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2015, Vol. 50 ›› Issue (11): 47-51.doi: 10.6040/j.issn.1671-9352.3.2015.081

• 论文 • 上一篇    下一篇

基于信誉权值策略的多重第三方远程证明机制

纪祥敏1,2, 苏航3, 向騻2, 周术诚1   

  1. 1. 福建农林大学计算机与信息学院, 福建 福州 350002;
    2. 武汉大学计算机学院, 湖北 武汉 430072;
    3. Works Applications Co. Ltd, 上海 200050
  • 收稿日期:2015-07-22 修回日期:2015-10-30 出版日期:2015-11-20 发布日期:2015-12-09
  • 作者简介:纪祥敏(1971-),男,博士研究生,讲师,研究方向为信息系统安全.E-mail:jixm168@126.com
  • 基金资助:
    国家重点基础研究发展计划(973计划)项目(2014CB340600);国家自然科学基金重点项目(6332019);国家自然科学基金资助项目(61173138,61272452)

Multiple third-party remote attestation mechanism based on credibility weights policy

JI Xiang-min1,2, SU Hang3, XIANG Shuang2, ZHOU Shu-cheng1   

  1. 1. College of Computer and Information Sciences, Fujian Agriculture and Forestry University, Fuzhou 350002, Fujian, China;
    2. School of Computer Science, Wuhan University, Wuhan 430072, Hubei, China;
    3. Works Applications Co. Ltd, Shanghai 200050, China
  • Received:2015-07-22 Revised:2015-10-30 Online:2015-11-20 Published:2015-12-09

摘要: 针对单一第三方失效而影响云计算环境证明有效性问题,提出一种基于多重第三方远程证明机制。将单一第三方扩展为第三方验证者集群,保证了在部分验证者受到安全威胁情况下,仍然能够为证明请求者提供可靠的证明结果。同时提出第三方筛选算法和基于信誉权值策略应对多个第三方合谋攻击,避免由于恶意指控清白验证者而导致最终断言失效情形。实验结果表明,该机制相对于单一验证者更为安全可靠,在实际应用中能有效防御合谋攻击。

关键词: 信誉权值策略, 多重第三方, 远程证明

Abstract: To overcome the invalidation problem due to single third-party attestation failures in cloud computing environments, we proposed a remote attestation mechanism based on multiple third-party by extending single third-party to third-party parties verifier cluster. The mechanism can ensure that sound attestation results is provided to the requester under the circumstance that part of the verifiers are invalid or attacked. In particular, considering multiple third-party collusion attack, we presented third-party filtering algorithms and credibility weight strategy to resist collusion attack, which minimizes ultimate assertion failures as a result of malicious innocence allegations simultaneously. Experimental results show that this mechanism, compared to the single verifier, is more reliable and better resisting collusion attack in practical applications.

Key words: credibility weights policy, multiple third-party, remote attestation

中图分类号: 

  • TP309
[1] 张严,冯登国,于爱民.云计算环境虚拟机匿名身份证明方案[J].软件学报,2013,24(12):2897-2908. ZHANG Yan, FENG Dengguo, YU Aimin. Virtual machine anonymous attestation incloud computing[J]. Journal of Software, 2013, 24(12):2897-2908.
[2] 王勇, 方娟, 任兴田,等.基于进程代数的TCG远程证明协议的形式化验证[J].计算机研究与发展, 2013, 50(2):325-331. WANG Yong, FANG Juan, REN Xingtian, et al. Formal verification of TCG remote attestation protocol based onprocess algebra[J].Journal of Computer Research and Development, 2013, 50(2):325-331.
[3] Ahmad-Reza Sadeghi, Christian Stuble. Property-based attestation for computing platforms:caring about properties, not machanisms[C]//Proceedings of the 2004 Workshop on New Security Paradigms, September. New York:ACM, 2005:1-5.
[4] LI Jianjun, LI Yingjia, HU Yajun, et al. An improved protocol for property-based attestation[C]//Proceedings of the 32nd Chinese Control Conference (CCC). Piscataway:IEEE, 2013:6343-6348.
[5] 秦余,冯登国. 基于组件属性的远程证明幸[J].软件学报,2009,20(6):1625-1641. QIN Yu, FENG Dengguo. Component property based remote attestation[J].Journal of Software, 2009, 20(6):1625-1641.
[6] QIN Yu, FENG Dengguo, ZHEN Xu. An anonymous property-based attestation protocol from bilinear maps[C]//Proceedings of International Conference on Computational Science and Engineering(CSE'09). Piscataway:IEEE, 2009:732-738.
[7] AWAD A, KADRY S, LEE B, et al. Property based attestation for a secure cloud monitoring system[C]//Proceedings of 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing (UCC). Los Alamitos:IEEE Computer Society, 2014:934-940.
[8] XIN Siyuan, ZHAO Yong, LI Yu. Property-based remote attestation oriented to cloud computing[C]//Proceedings of the 7th International Conference on Computational Intelligence and Security. Los Alamitos:IEEE Computer Society, 2011:1028-1032.
[9] 李尚杰,贺也平,刘冬梅,等.基于属性的远程证明的隐私性分析[J].通信学报,2009,30(1lA):146-152. LI Shangjie, HE Yeping, LIU Dongmei, et al. On privacy of property-based remote attestation[J]. Journal on Communications, 2009, 30(11A):146-152.
[10] ZHAO B H, GUO H. Dynamic remote attestation on trusted computing[J]. Applied Mechanics & Materials, 2015:696.
[11] AZIZ N, UDZIR N, MAHMOD R. Extending TLS with mutual attestation for platform integrity assurance[J]. Journal of Communications, 2014, 9(1):63-72.
[12] LI Xiaoyong, HAN Zhen, SHEN Changxiang. Software complexity based remote attestation[C]//Proceedings of the 1st International Conference on Innovative Computing, Information and Control. Los Alamitos:IEEE Computer Society, 2006:220-224.
[13] LI Jianjun, LI Yingjia, HU Yajun,et al. An improved protocol for property-based attestation[C]//Proceedings of the 32nd Chinese Control Conference (CCC). Piscataway:IEEE, 2013:6343-6350.
[14] PENG Xinguang, JIA Wei. Filter-based trusted remote attestation for web services[C]//Proceedings of the 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT 2010). Piscataway:IEEE, 2010:5-9.
[15] YU Y, WANG H, LIU B, et al. A trusted remote attestation model based on trusted computing[C]//Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Los Alamitos:IEEE Computer Society, 2013:1504-1509.
[16] ALAM M, ZHANG X, NAUMAN M, et al. Model-based behavioral attestation[C]//Proceedings of the 13th ACM Symposium on Access Control Models and Technologies. New York:ACM, 2008:175-184.
[1] 李晓策,潘晓中,麦涛涛. 多组件属性的远程证明[J]. 山东大学学报(理学版), 2016, 51(9): 53-58.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!