The application of Intelligent Internet of Things(IIoT)in constructing distribution station areas strongly supports platform transformation,upgrade,and intelligent integration.The sensing layer of IIoT comprises the e...The application of Intelligent Internet of Things(IIoT)in constructing distribution station areas strongly supports platform transformation,upgrade,and intelligent integration.The sensing layer of IIoT comprises the edge convergence layer and the end sensing layer,with the former using intelligent fusion terminals for real-time data collection and processing.However,the influx of multiple low-voltage in the smart grid raises higher demands for the performance,energy efficiency,and response speed of the substation fusion terminals.Simultaneously,it brings significant security risks to the entire distribution substation,posing a major challenge to the smart grid.In response to these challenges,a proposed dynamic and energy-efficient trust measurement scheme for smart grids aims to address these issues.The scheme begins by establishing a hierarchical trust measurement model,elucidating the trust relationships among smart IoT terminals.It then incorporates multidimensional measurement factors,encompassing static environmental factors,dynamic behaviors,and energy states.This comprehensive approach reduces the impact of subjective factors on trust measurements.Additionally,the scheme incorporates a detection process designed for identifying malicious low-voltage end sensing units,ensuring the prompt identification and elimination of any malicious terminals.This,in turn,enhances the security and reliability of the smart grid environment.The effectiveness of the proposed scheme in pinpointing malicious nodes has been demonstrated through simulation experiments.Notably,the scheme outperforms established trust metric models in terms of energy efficiency,showcasing its significant contribution to the field.展开更多
The main function of Internet of Things is to collect and transmit data.At present,the data transmission in Internet of Things lacks effective trust attestation mechanism and trust traceability mechanism of data sourc...The main function of Internet of Things is to collect and transmit data.At present,the data transmission in Internet of Things lacks effective trust attestation mechanism and trust traceability mechanism of data source.To solve the above problems,a trust attestation mechanism for sensing layer nodes is presented.First a trusted group is established,and the node which is going to join the group needs to attest its identity and key attributes to the higher level node.Then the dynamic trust measurement value of the node can be obtained by measuring the node data transmission behavior.Finally the node encapsulates the key attributes and trust measurement value to use short message group signature to attest its trust to the challenger.This mechanism can measure the data sending and receiving behaviors of sensing nodes and track the data source,and it does not expose the privacy information of nodes and the sensing nodes can be traced effectively.The trust measurement for sensing nodes and verification is applicable to Internet of Things and the simulation experiment shows the trust attestation mechanism is flexible,practical and efficient.Besides,it can accurately and quickly identify the malicious nodes at the same time.The impact on the system performance is negligible.展开更多
Infrastructure as a Service (laaS) has brought advantages to users because virtualization technology hides the details of the physical resources, but this leads to the problem of users being unable to perceive their...Infrastructure as a Service (laaS) has brought advantages to users because virtualization technology hides the details of the physical resources, but this leads to the problem of users being unable to perceive their security. This defect has obstructed cloud computing from wide-spread popularity and development. To solve this problem, a dynamic measurement protocol in laaS is presented in this paper. The protocol makes it possible for the user to get the real-time security status of the resources, thereby solving the problem of guaranteeing dynamic credibility. This changes the cloud service security provider from the operator to the users themselves. This study has verified the security of the protocol by means of Burrow-Abadi-Needham (BAN) logic, and the result shows that it can satisfy requirements for innovation, privacy, and integrity. Finally, based on different laaS platforms, this study has conducted a performance analysis to demonstrate that this protocol is reliable, secure, and efficient.展开更多
This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolat...This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolated circumstance from the virtual ddmain, and can be attested by a remote party in an efficient way. These properties will be guaranteed even if the guest operating system is malicious. This protects the secure sensitive codes against the malicious codes in the Guest OS, e.g., the kernel rootkits. We present an approach to dynamically measure and isolate the launch environment on the virtual machines based on the para-virtualization technology and a novel virtualization of trusted platform module (TPM). Our performance experiment result shows that the overhead introduced by vCerberus is minimized; the performance of the launch environment in vCerberus is as competitive as the guest OS running on mainstream hypervisors.展开更多
基金This project is partly funded by Science and Technology Project of State Grid Zhejiang Electric Power Co.,Ltd.“Research on active Security Defense Strategies for Distribution Internet of Things Based on Trustworthy,under Grant No.5211DS22000G”.
文摘The application of Intelligent Internet of Things(IIoT)in constructing distribution station areas strongly supports platform transformation,upgrade,and intelligent integration.The sensing layer of IIoT comprises the edge convergence layer and the end sensing layer,with the former using intelligent fusion terminals for real-time data collection and processing.However,the influx of multiple low-voltage in the smart grid raises higher demands for the performance,energy efficiency,and response speed of the substation fusion terminals.Simultaneously,it brings significant security risks to the entire distribution substation,posing a major challenge to the smart grid.In response to these challenges,a proposed dynamic and energy-efficient trust measurement scheme for smart grids aims to address these issues.The scheme begins by establishing a hierarchical trust measurement model,elucidating the trust relationships among smart IoT terminals.It then incorporates multidimensional measurement factors,encompassing static environmental factors,dynamic behaviors,and energy states.This comprehensive approach reduces the impact of subjective factors on trust measurements.Additionally,the scheme incorporates a detection process designed for identifying malicious low-voltage end sensing units,ensuring the prompt identification and elimination of any malicious terminals.This,in turn,enhances the security and reliability of the smart grid environment.The effectiveness of the proposed scheme in pinpointing malicious nodes has been demonstrated through simulation experiments.Notably,the scheme outperforms established trust metric models in terms of energy efficiency,showcasing its significant contribution to the field.
基金Supported by the National Natural Science Foundation of China(61501007)General Project of Science and Technology Project of Beijing Municipal Education Commission(KM201610005023)
文摘The main function of Internet of Things is to collect and transmit data.At present,the data transmission in Internet of Things lacks effective trust attestation mechanism and trust traceability mechanism of data source.To solve the above problems,a trust attestation mechanism for sensing layer nodes is presented.First a trusted group is established,and the node which is going to join the group needs to attest its identity and key attributes to the higher level node.Then the dynamic trust measurement value of the node can be obtained by measuring the node data transmission behavior.Finally the node encapsulates the key attributes and trust measurement value to use short message group signature to attest its trust to the challenger.This mechanism can measure the data sending and receiving behaviors of sensing nodes and track the data source,and it does not expose the privacy information of nodes and the sensing nodes can be traced effectively.The trust measurement for sensing nodes and verification is applicable to Internet of Things and the simulation experiment shows the trust attestation mechanism is flexible,practical and efficient.Besides,it can accurately and quickly identify the malicious nodes at the same time.The impact on the system performance is negligible.
基金supported by the National Basic Research Program of China (No. 2014CB340600)the National Natural Science Foundation of China (Nos. 61332019, 61173138, 6127245, and 91118003)the New Products and Technology Research and Development Projects of Hubei Province (No. 2012BAA03004)
文摘Infrastructure as a Service (laaS) has brought advantages to users because virtualization technology hides the details of the physical resources, but this leads to the problem of users being unable to perceive their security. This defect has obstructed cloud computing from wide-spread popularity and development. To solve this problem, a dynamic measurement protocol in laaS is presented in this paper. The protocol makes it possible for the user to get the real-time security status of the resources, thereby solving the problem of guaranteeing dynamic credibility. This changes the cloud service security provider from the operator to the users themselves. This study has verified the security of the protocol by means of Burrow-Abadi-Needham (BAN) logic, and the result shows that it can satisfy requirements for innovation, privacy, and integrity. Finally, based on different laaS platforms, this study has conducted a performance analysis to demonstrate that this protocol is reliable, secure, and efficient.
基金Supported by the National Natural Science Foundation of China (60970125)the Major State Basic Research Development Program of China (2007CB310900)
文摘This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolated circumstance from the virtual ddmain, and can be attested by a remote party in an efficient way. These properties will be guaranteed even if the guest operating system is malicious. This protects the secure sensitive codes against the malicious codes in the Guest OS, e.g., the kernel rootkits. We present an approach to dynamically measure and isolate the launch environment on the virtual machines based on the para-virtualization technology and a novel virtualization of trusted platform module (TPM). Our performance experiment result shows that the overhead introduced by vCerberus is minimized; the performance of the launch environment in vCerberus is as competitive as the guest OS running on mainstream hypervisors.