DTAIS:Distributed trusted active identity resolution systems for the Industrial Internet

In recent years,the Industrial Internet and Industry 4.0 came into being.With the development of modern industrial intelligent manufacturing technology,digital twins,Web3 and many other digital entity applications are also proposed.These applications apply architectures such as distributed learning,resource sharing,and arithmetic trading,which make high demands on identity authentication,asset authentication,resource addressing,and service location.Therefore,an efficient,secure,and trustworthy Industrial Internet identity resolution system is needed.However,most of the traditional identity resolution systems follow DNS architecture or tree structure,which has the risk of a single point of failure and DDoS attack.And they cannot guarantee the security and privacy of digital identity,personal assets,and device information.So we consider a decentralized approach for identity management,identity authentication,and asset verification.In this paper,we propose a distributed trusted active identity resolution system based on the inter-planetary file system(IPFS)and non-fungible token(NFT),which can provide distributed identity resolution services.And we have designed the system architecture,identity service process,load balancing strategy and smart contract service.In addition,we use Jmeter to verify the performance of the system,and the results show that the system has good high concurrent performance and robustness.

Implementing Operating System Support for Extended Trusted Path in TPM-Capable Environments

Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module （TPM） technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author＇s research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.

TPTVer： A Trusted Third Party Based Trusted Verifier for Multi-Layered Outsourced Big Data System in Cloud Environment

Cloud computing is very useful for big data owner who doesn't want to manage IT infrastructure and big data technique details. However, it is hard for big data owner to trust multi-layer outsourced big data system in cloud environment and to verify which outsourced service leads to the problem. Similarly, the cloud service provider cannot simply trust the data computation applications. At last,the verification data itself may also leak the sensitive information from the cloud service provider and data owner. We propose a new three-level definition of the verification, threat model, corresponding trusted policies based on different roles for outsourced big data system in cloud. We also provide two policy enforcement methods for building trusted data computation environment by measuring both the Map Reduce application and its behaviors based on trusted computing and aspect-oriented programming. To prevent sensitive information leakage from verification process,we provide a privacy-preserved verification method. Finally, we implement the TPTVer, a Trusted third Party based Trusted Verifier as a proof of concept system. Our evaluation and analysis show that TPTVer can provide trusted verification for multi-layered outsourced big data system in the cloud with low overhead.

A Secure Trust Model for P2P Systems Based on Trusted Computing

Trust is one of the most important security requirements in the design and implementation of peer-to-peer （P2P） systems. In an environment where peers＇ identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer＇s identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing （TC） technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group （DAWG） is up to 0.6 and the percentage of malicious peers is up to 70%7 the service selection failure rate is less than 0.15.

Design and Implementation of Trusted-Router Based on Trust Management System

This paper presents a scheme to perform QoS management and assure network security by using the trusted-router based on the Trust Management System.In this trusted-router,every IP packet is forwarded and queued by its trust value,which is the quantification of the network's expectation for this packet's and its owner's behavior in the network.We outline the algorithms to calculate the trust value of the trusted-router and the IP packet.We also introduce the trust-based QoS management algorithm and the deployment of the trusted-routers which carry out this algorithm.The simulation results show that the least trusted IP packets will be dropped to save resources for those highly trusted IP packets.This will ecourage all the elements in the network to keep a good trust record.

Quorum systems for intrusion-tolerance based on trusted timely computing base

Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous quorum systems are subject to DOS attacks, while asynchronous quorum systems need a larger system size （at least 3f＋1 for generic data, and f fewer for self-verifying data）. In order to solve the problems above, an intrusion-tolerance quorum system （ITQS） of hybrid time model based on trust timely computing base is presented （TTCB）. The TTCB is a trust secure real-time component inside the server with a well defined interface and separated from the operation system. It is in the synchronous communication environment while the application layer in the server deals with read-write requests and executes update-copy protocols asynchronously. The architectural hybridization of synchrony and asynchrony can achieve the data consistency and availability correctly. We also build two kinds of ITQSes based on TTCB, i.e., the symmetrical and the asymmetrical TTCB quorum systems. In the performance evaluations, we show that TTCB quorum systems are of smaller size, lower load and higher availability.

A New Direct Anonymous Attestation Scheme for Trusted NFV System

How to build a secure architecture for network function virtualization(NFV)is an important issue.Trusted computing has the ability to provide security for NFV and it is called trusted NFV system.In this paper,we propose a new NFV direct anonymous attestation(NFV-DAA)scheme based on trusted NFV architecture.It is based on the Elliptic curve cryptography and transfers the computation of variable D from the trusted platform module(TPM)to the issuer.With the mutual authentication mechanism that those existing DAA schemes do not have and an efficient batch proof and verification scheme,the performance of trusted NFV system is optimized.The proposed NFV-DAA scheme was proved to have a higher security level and higher efficiency than those existing DAA schemes.We have reduced the computation load in Join protocol from 3G_1to 2G_1 exponential operation,while the time of NFV-DAA scheme's Sign protocol is reduced up to 49%.

Trusted Certified Auditor Using Cryptography for Secure Data Outsourcing and Privacy Preservation in Fog-Enabled VANETs

With the recent technological developments,massive vehicular ad hoc networks(VANETs)have been established,enabling numerous vehicles and their respective Road Side Unit(RSU)components to communicate with oneanother.The best way to enhance traffic flow for vehicles and traffic management departments is to share thedata they receive.There needs to be more protection for the VANET systems.An effective and safe methodof outsourcing is suggested,which reduces computation costs by achieving data security using a homomorphicmapping based on the conjugate operation of matrices.This research proposes a VANET-based data outsourcingsystem to fix the issues.To keep data outsourcing secure,the suggested model takes cryptography models intoaccount.Fog will keep the generated keys for the purpose of vehicle authentication.For controlling and overseeingthe outsourced data while preserving privacy,the suggested approach considers the Trusted Certified Auditor(TCA).Using the secret key,TCA can identify the genuine identity of VANETs when harmful messages aredetected.The proposed model develops a TCA-based unique static vehicle labeling system using cryptography(TCA-USVLC)for secure data outsourcing and privacy preservation in VANETs.The proposed model calculatesthe trust of vehicles in 16 ms for an average of 180 vehicles and achieves 98.6%accuracy for data encryption toprovide security.The proposedmodel achieved 98.5%accuracy in data outsourcing and 98.6%accuracy in privacypreservation in fog-enabled VANETs.Elliptical curve cryptography models can be applied in the future for betterencryption and decryption rates with lightweight cryptography operations.

Enhancing the Trustworthiness of 6G Based on Trusted Multi-Cloud Infrastructure:A Practice of Cryptography Approach

Due to the need for massive device connectivity,low communication latency,and various customizations in 6G architecture,a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integrated network scenario.However,the openness and heterogeneity of the 6G network cause the problems of network security.To improve the trustworthiness of 6G networks,we propose a trusted computing-based approach for establishing trust relationships inmulti-cloud scenarios.The proposed method shows the relationship of trust based on dual-level verification.It separates the trustworthy states of multiple complex cloud units in 6G architecture into the state within and between cloud units.Firstly,SM3 algorithm establishes the chain of trust for the system’s trusted boot phase.Then,the remote attestation server(RAS)of distributed cloud units verifies the physical servers.Meanwhile,the physical servers use a ring approach to verify the cloud servers.Eventually,the centralized RAS takes one-time authentication to the critical evidence information of distributed cloud unit servers.Simultaneously,the centralized RAS also verifies the evidence of distributed RAS.We establish our proposed approach in a natural OpenStack-based cloud environment.The simulation results show that the proposed method achieves higher security with less than a 1%system performance loss.

Cloud edge integrated security architecture of new cloud manufacturing system

With the rapid development of cloud manufacturing technology and the new generation of artificial intelligence technology,the new cloud manufacturing system(NCMS)built on the connotation of cloud manufacturing 3.0 presents a new business model of“Internet of everything,intelligent leading,data driving,shared services,cross-border integration,and universal innovation”.The network boundaries are becoming increasingly blurred,NCMS is facing security risks such as equipment unauthorized use,account theft,static and extensive access control policies,unauthorized access,supply chain attacks,sensitive data leaks,and industrial control vulnerability attacks.Traditional security architectures mainly use information security technology,which cannot meet the active security protection requirements of NCMS.In order to solve the above problems,this paper proposes an integrated cloud-edge-terminal security system architecture of NCMS.It adopts the zero trust concept and effectively integrates multiple security capabilities such as network,equipment,cloud computing environment,application,identity,and data.It adopts a new access control mode of“continuous verification+dynamic authorization”,classified access control mechanisms such as attribute-based access control,rolebased access control,policy-based access control,and a new data security protection system based on blockchain,achieving“trustworthy subject identity,controllable access behavior,and effective protection of subject and object resources”.This architecture provides an active security protection method for NCMS in the digital transformation of large enterprises,and can effectively enhance network security protection capabilities and cope with increasingly severe network security situations.

Machine learning and human‐machine trust in healthcare:A systematic survey

As human‐machine interaction(HMI)in healthcare continues to evolve,the issue of trust in HMI in healthcare has been raised and explored.It is critical for the development and safety of healthcare that humans have proper trust in medical machines.Intelligent machines that have applied machine learning(ML)technologies continue to penetrate deeper into the medical environment,which also places higher demands on intelligent healthcare.In order to make machines play a role in HMI in healthcare more effectively and make human‐machine cooperation more harmonious,the authors need to build good humanmachine trust(HMT)in healthcare.This article provides a systematic overview of the prominent research on ML and HMT in healthcare.In addition,this study explores and analyses ML and three important factors that influence HMT in healthcare,and then proposes a HMT model in healthcare.Finally,general trends are summarised and issues to consider addressing in future research on HMT in healthcare are identified.

Trust in Clinical Practice: A Systematic Review

Background: The aim of this study is to gain a better understanding of the true importance of trust in clinical practice by looking at how it is formed, how it affects clinical practice, and how to improve it. Methods: Using the PRISMA-ScR checklist, a review of the literature was performed to identify research evaluating the importance of trust in the doctor-patient relationship. After thorough screening and removal of duplicates, 21 articles were used in the literature review. Results: The classifying themes that emerged in the selected articles were What Makes Trust and Effects of Trust. The theme of What Makes Trust garnered two subthemes as well: Impact of Doctor-Patient Relationship on Trust and Impact of Shared Decision-Making on Trust. Further to that, the overarching themes found were slightly more specific. They were Traits of Trust, Mistrust and Barriers to Trust, Positive Effects of Trust and the Effects of a Lack of Trust. We found that the best way to improve trust was to improve communication between the patient and the doctor. Additionally, we found that the biggest barrier to a trusting doctor patient relationship was a stigmatised condition, followed by a perception of a financially-motivated doctor. Finally, we found that a lack of trust can prevent patients from seeking and receiving proper treatment. Conclusions: With a better understanding of how trust is built and the extent of the role it plays in clinical practice, we hope that this growing knowledge can improve the practice of many doctors in the future. It is certain that more research needs to be done in this area, especially focusing on vulnerable and stigmatised populations such as chronic pain patients.

Survey on Key Technology Development and Application in Trusted Computing

Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.

Research on Mobile Internet Mobile Agent System Dynamic Trust Model for Cloud Computing

This paper analyzes the reasons for the formation of security problems in mobile agent systems, and analyzes and compares the security mechanisms and security technologies of existing mobile agent systems from the perspective of blocking attacks. On this basis, the host protection mobile agent protection technology is selected, and a method to enhance the security protection of mobile agents (referred to as IEOP method) is proposed. The method first encrypts the mobile agent code using the encryption function, and then encapsulates the encrypted mobile agent with the improved EOP protocol IEOP, and then traces the suspicious execution result. Experiments show that using this method can block most malicious attacks on mobile agents, and can protect the integrity and confidentiality of mobile agents, but the increment of mobile agent tour time is not large.

Behavior Measurement Model Based on Prediction and Control of Trusted Network

In order to construct the trusted network and realize the trust of network behavior,a new multi-dimensional behavior measurement model based on prediction and control is presented.By using behavior predictive equation,individual similarity function,group similarity function,direct trust assessment function,and generalized predictive control,this model can guarantee the trust of an end user and users in its network.Compared with traditional measurement model,the model considers different characteristics of various networks.The trusted measurement policies established according to different network environments have better adaptability.By constructing trusted group,the threats to trusted group will be reduced greatly.Utilizing trusted group to restrict individuals in network can ensure the fault tolerance of trustworthiness of trusted individuals and group.The simulation shows that this scheme can support behavior measurement more efficiently than traditional ones and the model resists viruses and Trojans more efficiently than older ones.

Protecting Terminals by Security Domain Mechanism Based on Trusted Computing

Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.

A Trusted Measurement Scheme Suitable for the Clients in the Trusted Network

The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network.But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection,it is easy to cause the loss of identity privacy.In order to solve the abovedescribed problems,this paper presents a trust measurement scheme suitable for clients in the trusted network,the scheme integrates the following attributes such as authentication mechanism,state measurement,and real-time state measurement and so on,and based on the authentication mechanism and the initial state measurement,the scheme uses the realtime state measurement as the core method to complete the trust measurement for the client.This scheme presented in this paper supports both static and dynamic measurements.Overall,the characteristics of this scheme such as fine granularity,dynamic,real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.

Development of Trusted Computing Research

Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computing in China are introduced in this paper, and then it analyzes some problems of trusted computing at present which are delay in theory research, some key technologies to be developed and lack of trusted software system. Some fields are worthy to be explored on are pointed out including key technology, basic theory and application in trusted computing.

A Neural Network-Based Trust Management System for Edge Devices in Peer-to-Peer Networks

Edge devices in Internet of Things(IoT)applications can form peers to communicate in peer-to-peer(P2P)networks over P2P protocols.Using P2P networks ensures scalability and removes the need for centralized management.However,due to the open nature of P2P networks,they often suffer from the existence of malicious peers,especially malicious peers that unite in groups to raise each other’s ratings.This compromises users’safety and makes them lose their confidence about the files or services they are receiving.To address these challenges,we propose a neural networkbased algorithm,which uses the advantages of a machine learning algorithm to identify whether or not a peer is malicious.In this paper,a neural network(NN)was chosen as the machine learning algorithm due to its efficiency in classification.The experiments showed that the NNTrust algorithm is more effective and has a higher potential of reducing the number of invalid files and increasing success rates than other well-known trust management systems.

Modeling Trusted Computing

In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.