Internet of Things(IoT)networks are characterized by a multitude of wireless,interconnected devices that can dynamically join or exit the network without centralized administration or fixed infrastructure for routing....Internet of Things(IoT)networks are characterized by a multitude of wireless,interconnected devices that can dynamically join or exit the network without centralized administration or fixed infrastructure for routing.While multipath routing in IoT networks can improve data transmission reliability and load balancing by establishing multiple paths between source and destination nodes,these networks are susceptible to security threats due to their wireless nature.Traditional security solutions developed for conventional networks are often ill-suited to the unique challenges posed by IoT environments.In response to these challenges,this paper proposes the integration of the Ad hoc On-demand Multipath Distance Vector(AOMDV)routing protocol with a trust model to enhance network performance.Key findings from this research demonstrate the successful fusion of AOMDV with a trust model,resulting in tangible improvements in network performance.The assessment of trustworthiness bolsters both security and routing capabilities in IoT networks.The trust model plays a crucial role in mitigating black hole attacks in IoT networks by evaluating the trustworthiness of nodes and helping in the identification and avoidance of malicious nodes that may act as black holes.Simulation results validate the efficacy of the proposed trust-based routing mechanism in achieving its objectives.Trust plays a pivotal role in decision-making and in the creation of secure distribution systems.By assessing the trustworthiness of nodes,both network security and routing efficiency can be enhanced.The effectiveness of the proposed trust-based routing mechanism is scrutinized through simulations,offering insights into its potential advantages in terms of improved network security and routing performance in the context of the IoT.展开更多
The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistic...The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistics.In these existing mechanisms,the identification of malicious flows depends on the IP address.However,the IP address is easy to be changed by attacks.Comparedwith the IP address,the certificate ismore challenging to be tampered with or forged.Moreover,the traffic trend in the network is towards encryption.The certificates are popularly utilized by IoT devices for authentication in encryption protocols.DTLShps proposed a new way to verify certificates for resource-constrained IoT devices by using the SDN controller.Based on DTLShps,the SDN controller can collect statistics on certificates.In this paper,we proposeCertrust,a framework based on the trust of certificates,tomitigate the Crossfire attack by using SDN for IoT.Our goal is threefold.First,the trust model is built based on the Bayesian trust system with the statistics on the participation of certificates in each Crossfire attack.Moreover,the forgetting curve is utilized instead of the traditional decay method in the Bayesian trust system for achieving a moderate decay rate.Second,for detecting the Crossfire attack accurately,a method based on graph connectivity is proposed.Third,several trust-based routing principles are proposed tomitigate the Crossfire attack.These principles can also encourage users to use certificates in communication.The performance evaluation shows that Certrust is more effective in mitigating the Crossfire attack than the traditional rerouting schemes.Moreover,our trust model has a more appropriate decay rate than the traditional methods.展开更多
The mobile transient and sensor network’s routing algorithm detects available multi-hop paths between source and destination nodes.However,some methods are not as reliable or trustworthy as expected.Therefore,finding...The mobile transient and sensor network’s routing algorithm detects available multi-hop paths between source and destination nodes.However,some methods are not as reliable or trustworthy as expected.Therefore,finding a reliable method is an important factor in improving communication security.For further enhancement of protected communication,we suggest a trust cluster based secure routing(TCSR)framework for wireless sensor network(WSN)using optimization algorithms.First,we introduce an efficient cluster formation using a modified tug of war optimization(MTWO)algorithm,which provides loadbalanced clusters for energy-efficient data transmission.Second,we illustrate the optimal head selection using multiple design constraints received signal strength,congestion rate,data loss rate,and throughput of the node.Those parameters are optimized by a butterfly optimal deep neural network(BO-DNN),which provides first-level security towards the selection of the best head node.Third,we utilize the lightweight signcryption to encrypt the data between two nodes during data transmission,which provides second-level security.The model provides an estimation of the trust level of each route to help a source node to select the most secure one.The nodes of the network improve reliability and security by maintaining the reliability component.Simulation results showed that the proposed scheme achieved 45.6%of delivery ratio.展开更多
Dispersed computing is a new resourcecentric computing paradigm.Due to its high degree of openness and decentralization,it is vulnerable to attacks,and security issues have become an important challenge hindering its ...Dispersed computing is a new resourcecentric computing paradigm.Due to its high degree of openness and decentralization,it is vulnerable to attacks,and security issues have become an important challenge hindering its development.The trust evaluation technology is of great significance to the reliable operation and security assurance of dispersed computing networks.In this paper,a dynamic Bayesian-based comprehensive trust evaluation model is proposed for dispersed computing environment.Specifically,in the calculation of direct trust,a logarithmic decay function and a sliding window are introduced to improve the timeliness.In the calculation of indirect trust,a random screening method based on sine function is designed,which excludes malicious nodes providing false reports and multiple malicious nodes colluding attacks.Finally,the comprehensive trust value is dynamically updated based on historical interactions,current interactions and momentary changes.Simulation experiments are introduced to verify the performance of the model.Compared with existing model,the proposed trust evaluation model performs better in terms of the detection rate of malicious nodes,the interaction success rate,and the computational cost.展开更多
Smart city refers to the information system with Intemet of things and cloud computing as the core tec hnology and government management and industrial development as the core content,forming a large scale,heterogeneo...Smart city refers to the information system with Intemet of things and cloud computing as the core tec hnology and government management and industrial development as the core content,forming a large scale,heterogeneous and dynamic distributed Internet of things environment between different Internet of things.There is a wide demand for cooperation between equipment and management institutions in the smart city.Therefore,it is necessary to establish a trust mechanism to promote cooperation,and based on this,prevent data disorder caused by the interaction between honest terminals and malicious temminals.However,most of the existing research on trust mechanism is divorced from the Internet of things environment,and does not consider the characteristics of limited computing and storage capacity and large differences of Internet of hings devices,resuling in the fact that the research on abstract trust trust mechanism cannot be directly applied to the Internet of things;On the other hand,various threats to the Internet of things caused by security vulnerabilities such as collision attacks are not considered.Aiming at the security problems of cross domain trusted authentication of Intelligent City Internet of things terminals,a cross domain trust model(CDTM)based on self-authentication is proposed.Unlike most trust models,this model uses self-certified trust.The cross-domain process of internet of things(IoT)terminal can quickly establish a trust relationship with the current domain by providing its trust certificate stored in the previous domain interaction.At the same time,in order to alleviate the collision attack and improve the accuracy of trust evaluation,the overall trust value is calculated by comprehensively considering the quantity weight,time attenuation weight and similarity weight.Finally,the simulation results show that CDTM has good anti collusion attack ability.The success rate of malicious interaction will not increase significantly.Compared with other models,the resource consumption of our proposed model is significantly reduced.展开更多
Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for s...Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security.However,for Android,TEE technologies still contain restrictions and limitations.The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE.Another issue of hardware-based TEE is the cross-platform problem.Since every mobile device supports different TEE vendors,it becomes an obstacle for developers to migrate their trusted applications to other Android devices.A software-based TEE solution is a potential approach that allows developers to customize,package and deliver the product efficiently.Motivated by that idea,this paper introduces a VTEE model,a software-based TEE solution,on Android devices.This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics:computing performance and security.The experiment shows that the VTEE model can host other software-based TEE services and deliver various cryptography TEE functions on theAndroid environment.The security evaluation shows that adding the VTEE model to the existing Android does not addmore security issues to the traditional design.Overall,this paper shows applicable solutions to adjust the balance between computing performance and security.展开更多
Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits s...Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits security design defects,such as an unconditional trust mechanism and the default acceptance of BGP route announcements from peers by BGP neighboring nodes,easily triggering prefix hijacking,path forgery,route leakage,and other BGP security threats.Meanwhile,the traditional BGP security mechanism,relying on a public key infrastructure,faces issues like a single point of failure and a single point of trust.The decentralization,anti-tampering,and traceability advantages of blockchain offer new solution ideas for constructing secure and trusted inter-domain routing mechanisms.In this paper,we summarize the characteristics of BGP protocol in detail,sort out the BGP security threats and their causes.Additionally,we analyze the shortcomings of the traditional BGP security mechanism and comprehensively evaluate existing blockchain-based solutions to address the above problems and validate the reliability and effectiveness of blockchain-based BGP security methods in mitigating BGP security threats.Finally,we discuss the challenges posed by BGP security problems and outline prospects for future research.展开更多
Blockchain with these characteristics of decentralized structure, transparent and credible, time-series and immutability, has been considering as a promising technology. Consensus algorithm as one of the core techniqu...Blockchain with these characteristics of decentralized structure, transparent and credible, time-series and immutability, has been considering as a promising technology. Consensus algorithm as one of the core techniques of blockchain directly affects the scalability of blockchain systems. Existing probabilistic finality blockchain consensus algorithms such as PoW, PoS, suffer from power consumptions and low efficiency;while absolute finality blockchain consensus algorithms such as PBFT, HoneyBadgerBFT, could not meet the scalability requirement in a largescale network. In this paper, we propose a novel optimized practical Byzantine fault tolerance consensus algorithm based on EigenTrust model, namely T-PBFT, which is a multi-stage consensus algorithm. It evaluates node trust by the transactions between nodes so that the high quality of nodes in the network will be selected to construct a consensus group. To reduce the probability of view change, we propose to replace a single primary node with a primary group. By group signature and mutual supervision, we can enhance the robustness of the primary group further. Finally, we analyze T-PBFT and compare it with the other Byzantine fault tolerant consensus algorithms. Theoretical analysis shows that our T-PBFT can optimize the Byzantine fault-tolerant rate,reduce the probability of view change and communication complexity.展开更多
This paper summarizes the state of art in quantum communication networks and trust management in recent years.As in the classical networks,trust management is the premise and foundation of quantum secure communication...This paper summarizes the state of art in quantum communication networks and trust management in recent years.As in the classical networks,trust management is the premise and foundation of quantum secure communication and cannot simply be attributed to security issues,therefore the basic and importance of trust management in quantum communication networks should be taken more seriously.Compared with other theories and techniques in quantum communication,the trust of quantum communication and trust management model in quantum communication network environment is still in its initial stage.In this paper,the core technologies of establishing secure and reliable quantum communication networks are categorized and summarized,and the trends of each direction in trust management of quantum communication network are discussed in depth.展开更多
To describe the dynamic propcrty of trust relationship, wt propose atime-related trust model and extend Joang's subjective logic to fit for time-related trust model.The extension includes prepositional conjunction...To describe the dynamic propcrty of trust relationship, wt propose atime-related trust model and extend Joang's subjective logic to fit for time-related trust model.The extension includes prepositional conjunction, disjunction and negation for traditional logic anddiscounting and consensus operators that are evidential operators specially designed for thepropagation and computation of trust relationships. With the extension of subjective logic fortime-related trust, our time-related trust modelis suitable to model the dynamic trust relationshipin practice. Finally an example of reputation assessment is offered to demonstrate the usage of ourtrust model.展开更多
Based on fuzzy set theory, a fuzzy trust model is established by using membership function to describe the fuzziness of trust. The trust vectors of subjective trust are obtained based on a mathematical model of fuzzy ...Based on fuzzy set theory, a fuzzy trust model is established by using membership function to describe the fuzziness of trust. The trust vectors of subjective trust are obtained based on a mathematical model of fuzzy synthetic evaluation. Considering the complicated and changeable relationships between various subjects, the multi-level mathematical model of fuzzy synthetic evaluation is introduced. An example of a two-level fuzzy synthetic evaluation model confirms the feasibility of the multi-level fuzzy synthesis evaluation model. The proposed fuzzy model for trust evaluation may provide a promising method for research of trust model in open networks.展开更多
Container virtual technology aims to provide program independence and resource sharing.The container enables flexible cloud service.Compared with traditional virtualization,traditional virtual machines have difficulty...Container virtual technology aims to provide program independence and resource sharing.The container enables flexible cloud service.Compared with traditional virtualization,traditional virtual machines have difficulty in resource and expense requirements.The container technology has the advantages of smaller size,faster migration,lower resource overhead,and higher utilization.Within container-based cloud environment,services can adopt multi-target nodes.This paper reports research results to improve the traditional trust model with consideration of cooperation effects.Cooperation trust means that in a container-based cloud environment,services can be divided into multiple containers for different container nodes.When multiple target nodes work for one service at the same time,these nodes are in a cooperation state.When multi-target nodes cooperate to complete the service,the target nodes evaluate each other.The calculation of cooperation trust evaluation is used to update the degree of comprehensive trust.Experimental simulation results show that the cooperation trust evaluation can help solving the trust problem in the container-based cloud environment and can improve the success rate of following cooperation.展开更多
In big data of business service or transaction,it is impossible to provide entire information to both of services from cyber system,so some service providers made use of maliciously services to get more interests.Trus...In big data of business service or transaction,it is impossible to provide entire information to both of services from cyber system,so some service providers made use of maliciously services to get more interests.Trust management is an effective solution to deal with these malicious actions.This paper gave a trust computing model based on service-recommendation in big data.This model takes into account difference of recommendation trust between familiar node and stranger node.Thus,to ensure accuracy of recommending trust computing,paper proposed a fine-granularity similarity computing method based on the similarity of service concept domain ontology.This model is more accurate in computing trust value of cyber service nodes and prevents better cheating and attacking of malicious service nodes.Experiment results illustrated our model is effective.展开更多
It is necessary to construct an effective trust model to build trust relationship between peers in peer-to-peer (P2P) network and enhance the security and reliability of P2P systems. The current trust models only fo...It is necessary to construct an effective trust model to build trust relationship between peers in peer-to-peer (P2P) network and enhance the security and reliability of P2P systems. The current trust models only focus on the consumers' evaluation to a transaction, which may be abused by malicious peers to exaggerate or slander the provider deliberately. In this paper, we propose a novel trust model based on mutual evaluation, called METrust, to suppress the peers' malicious behavior, such as dishonest evaluation and strategic attack. METrust considers the factors including mutual evaluation, similarity risk, time window, incentive, and punishment mechanism. The trust value is composed of the direct trust value and the recommendation trust value. In order to inhibit dishonest evaluation, both participants should give evaluation information based on peers' own experiences about the transaction while computing the direct trust value. In view of this, the mutual evaluation consistency factor and its time decay function are proposed. Besides, to reduce the risk of computing the recommendation trust based on the recommendations of friend peers, the similarity risk is introduced to measure the uncertainty of the similarity computing, while similarity is used to measure credibility. The experimental results show that METrust is effective, and it has advantages in the inhibition of the various malicious behaviors.展开更多
With the rapid development of the sixth generation(6G)network and Internet of Things(IoT),it has become extremely challenging to efficiently detect and prevent the distributed denial of service(DDoS)attacks originatin...With the rapid development of the sixth generation(6G)network and Internet of Things(IoT),it has become extremely challenging to efficiently detect and prevent the distributed denial of service(DDoS)attacks originating from IoT devices.In this paper we propose an innovative trust model for IoT devices to prevent potential DDoS attacks by evaluating their trustworthiness,which can be deployed in the access network of 6G IoT.Based on historical communication behaviors,this model combines spatial trust and temporal trust values to comprehensively characterize the normal behavior patterns of IoT devices,thereby effectively distinguishing attack traffic.Experimental results show that the proposed method can efficiently distinguish normal traffic from DDoS traffic.Compared with the benchmark methods,our method has advantages in terms of both accuracy and efficiency in identifying attack flows.展开更多
To keep open network more efficacious and secure, it is necessary that a nice trust model and method of trust management must be developed. The reason why traditional trust models are incomplete in their function to m...To keep open network more efficacious and secure, it is necessary that a nice trust model and method of trust management must be developed. The reason why traditional trust models are incomplete in their function to manage trust is explained, and a general model based on hybrid trust model and introducer protocol is provided. The hybrid model is more flexible and efficacious to manage trust compared with hierarchy model and Web model. The introducer protocol is a better solution to build, maintain and refresh the trust relationship in open network environment.展开更多
Software systems in distributed environment are changing from a close and relatively static form, whose users are familiar with each other, to an open and highly dynamic mode, which can be visited by public. In such c...Software systems in distributed environment are changing from a close and relatively static form, whose users are familiar with each other, to an open and highly dynamic mode, which can be visited by public. In such circumstance, trust evaluation model becomes focus of intense research at current time. Trust evaluation model establishes a management framework of trust relationship between entities, involving expression and measurement of trust, comprehensive calculation of direct trust value and recommended trust value, and recognition of malicious entities and recommendations. Based on the analysis of several typical trust evaluation models, the classification of trust evaluation ideas and modes is discussed, the questions existing in current research and the directions of future research are pointed out.展开更多
In the open network environment, malicious attacks to the trust model have become increasingly serious. Compared with single node attacks, collusion attacks do more harm to the trust model. To solve this problem, a co...In the open network environment, malicious attacks to the trust model have become increasingly serious. Compared with single node attacks, collusion attacks do more harm to the trust model. To solve this problem, a collusion detector based on the GN algorithm for the trust evaluation model is proposed in the open Internet environment. By analyzing the behavioral characteristics of collusion groups, the concept of flatting is defined and the G-N community mining algorithm is used to divide suspicious communities. On this basis, a collusion community detector method is proposed based on the breaking strength of suspicious communities. Simulation results show that the model has high recognition accuracy in identifying collusion nodes, so as to effectively defend against malicious attacks of collusion nodes.展开更多
In view of the security weakness in resisting the active attacks by malicious nodes in mobile ad hoc networks,the trust metric is introduced to defend those attacks by loading a trust model on the previously proposed ...In view of the security weakness in resisting the active attacks by malicious nodes in mobile ad hoc networks,the trust metric is introduced to defend those attacks by loading a trust model on the previously proposed Distance-Based LAR.The improved Secure Trust-based Location-Aided Routing algorithm utilizes direct trust and recommendation trust to prevent malicious nodes with low trust values from joining the forwarding.Simulation results reveal that ST-LAR can resist attacks by malicious nodes effectively;furthermore,it also achieves better performance than DBLAR in terms of average end-to-end delay,packet delivery success ratio and throughput.展开更多
Trusted platform model (TPM) is special-purpose integrated circuits (ICs) built into a variety of platforms to enable strong user authentication and machine attestation-essential to prevent inappropriate access to...Trusted platform model (TPM) is special-purpose integrated circuits (ICs) built into a variety of platforms to enable strong user authentication and machine attestation-essential to prevent inappropriate access to confidential and sensitive information and to protect against compromised networks. Existing TPM products have some limitations. This paper adopts J2810TPM Single Chip cryptogram MCU produced by Jetway Company to construct typical TPM after comparing existing TPM products. Finally, an improved construction approach of TPM based on J2810 is proposed.展开更多
文摘Internet of Things(IoT)networks are characterized by a multitude of wireless,interconnected devices that can dynamically join or exit the network without centralized administration or fixed infrastructure for routing.While multipath routing in IoT networks can improve data transmission reliability and load balancing by establishing multiple paths between source and destination nodes,these networks are susceptible to security threats due to their wireless nature.Traditional security solutions developed for conventional networks are often ill-suited to the unique challenges posed by IoT environments.In response to these challenges,this paper proposes the integration of the Ad hoc On-demand Multipath Distance Vector(AOMDV)routing protocol with a trust model to enhance network performance.Key findings from this research demonstrate the successful fusion of AOMDV with a trust model,resulting in tangible improvements in network performance.The assessment of trustworthiness bolsters both security and routing capabilities in IoT networks.The trust model plays a crucial role in mitigating black hole attacks in IoT networks by evaluating the trustworthiness of nodes and helping in the identification and avoidance of malicious nodes that may act as black holes.Simulation results validate the efficacy of the proposed trust-based routing mechanism in achieving its objectives.Trust plays a pivotal role in decision-making and in the creation of secure distribution systems.By assessing the trustworthiness of nodes,both network security and routing efficiency can be enhanced.The effectiveness of the proposed trust-based routing mechanism is scrutinized through simulations,offering insights into its potential advantages in terms of improved network security and routing performance in the context of the IoT.
基金supported by Joint Funds of the National Natural Science Foundation of China and Xinjiang under Project U1603261.
文摘The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistics.In these existing mechanisms,the identification of malicious flows depends on the IP address.However,the IP address is easy to be changed by attacks.Comparedwith the IP address,the certificate ismore challenging to be tampered with or forged.Moreover,the traffic trend in the network is towards encryption.The certificates are popularly utilized by IoT devices for authentication in encryption protocols.DTLShps proposed a new way to verify certificates for resource-constrained IoT devices by using the SDN controller.Based on DTLShps,the SDN controller can collect statistics on certificates.In this paper,we proposeCertrust,a framework based on the trust of certificates,tomitigate the Crossfire attack by using SDN for IoT.Our goal is threefold.First,the trust model is built based on the Bayesian trust system with the statistics on the participation of certificates in each Crossfire attack.Moreover,the forgetting curve is utilized instead of the traditional decay method in the Bayesian trust system for achieving a moderate decay rate.Second,for detecting the Crossfire attack accurately,a method based on graph connectivity is proposed.Third,several trust-based routing principles are proposed tomitigate the Crossfire attack.These principles can also encourage users to use certificates in communication.The performance evaluation shows that Certrust is more effective in mitigating the Crossfire attack than the traditional rerouting schemes.Moreover,our trust model has a more appropriate decay rate than the traditional methods.
文摘The mobile transient and sensor network’s routing algorithm detects available multi-hop paths between source and destination nodes.However,some methods are not as reliable or trustworthy as expected.Therefore,finding a reliable method is an important factor in improving communication security.For further enhancement of protected communication,we suggest a trust cluster based secure routing(TCSR)framework for wireless sensor network(WSN)using optimization algorithms.First,we introduce an efficient cluster formation using a modified tug of war optimization(MTWO)algorithm,which provides loadbalanced clusters for energy-efficient data transmission.Second,we illustrate the optimal head selection using multiple design constraints received signal strength,congestion rate,data loss rate,and throughput of the node.Those parameters are optimized by a butterfly optimal deep neural network(BO-DNN),which provides first-level security towards the selection of the best head node.Third,we utilize the lightweight signcryption to encrypt the data between two nodes during data transmission,which provides second-level security.The model provides an estimation of the trust level of each route to help a source node to select the most secure one.The nodes of the network improve reliability and security by maintaining the reliability component.Simulation results showed that the proposed scheme achieved 45.6%of delivery ratio.
基金supported in part by the National Science Foundation Project of P.R.China (No.61931001)the Fundamental Research Funds for the Central Universities under Grant (No.FRFAT-19-010)the Scientific and Technological Innovation Foundation of Foshan,USTB (No.BK20AF003)。
文摘Dispersed computing is a new resourcecentric computing paradigm.Due to its high degree of openness and decentralization,it is vulnerable to attacks,and security issues have become an important challenge hindering its development.The trust evaluation technology is of great significance to the reliable operation and security assurance of dispersed computing networks.In this paper,a dynamic Bayesian-based comprehensive trust evaluation model is proposed for dispersed computing environment.Specifically,in the calculation of direct trust,a logarithmic decay function and a sliding window are introduced to improve the timeliness.In the calculation of indirect trust,a random screening method based on sine function is designed,which excludes malicious nodes providing false reports and multiple malicious nodes colluding attacks.Finally,the comprehensive trust value is dynamically updated based on historical interactions,current interactions and momentary changes.Simulation experiments are introduced to verify the performance of the model.Compared with existing model,the proposed trust evaluation model performs better in terms of the detection rate of malicious nodes,the interaction success rate,and the computational cost.
基金This paper was sponsored in part by Beijing Postdoctoral Research Foundation(No.2021-ZZ-077,No.2020-YJ-006)Chongqing Industrial Control System Security Situational Awareness Platform,2019 Industrial Internet Innovation and Development Project-Provincial Industrial Control System Security Situational Awareness Platform,Center for Research and Innovation in Software Engineering,School of Computer and Information Science(Southwest University,Chongqing 400175,China)Chongqing Graduate Education Teaching Reform Research Project(yjg203032).
文摘Smart city refers to the information system with Intemet of things and cloud computing as the core tec hnology and government management and industrial development as the core content,forming a large scale,heterogeneous and dynamic distributed Internet of things environment between different Internet of things.There is a wide demand for cooperation between equipment and management institutions in the smart city.Therefore,it is necessary to establish a trust mechanism to promote cooperation,and based on this,prevent data disorder caused by the interaction between honest terminals and malicious temminals.However,most of the existing research on trust mechanism is divorced from the Internet of things environment,and does not consider the characteristics of limited computing and storage capacity and large differences of Internet of hings devices,resuling in the fact that the research on abstract trust trust mechanism cannot be directly applied to the Internet of things;On the other hand,various threats to the Internet of things caused by security vulnerabilities such as collision attacks are not considered.Aiming at the security problems of cross domain trusted authentication of Intelligent City Internet of things terminals,a cross domain trust model(CDTM)based on self-authentication is proposed.Unlike most trust models,this model uses self-certified trust.The cross-domain process of internet of things(IoT)terminal can quickly establish a trust relationship with the current domain by providing its trust certificate stored in the previous domain interaction.At the same time,in order to alleviate the collision attack and improve the accuracy of trust evaluation,the overall trust value is calculated by comprehensively considering the quantity weight,time attenuation weight and similarity weight.Finally,the simulation results show that CDTM has good anti collusion attack ability.The success rate of malicious interaction will not increase significantly.Compared with other models,the resource consumption of our proposed model is significantly reduced.
基金This work was partly supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT),(No.2020-0-00952,Development of 5G edge security technology for ensuring 5G+service stability and availability,50%)the Institute of Information and Communications Technology Planning and Evaluation(IITP)grant funded by the MSIT(Ministry of Science and ICT),Korea(No.IITP-2022-2020-0-01602,ITRC(Information Technology Research Center)support program,50%).
文摘Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security.However,for Android,TEE technologies still contain restrictions and limitations.The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE.Another issue of hardware-based TEE is the cross-platform problem.Since every mobile device supports different TEE vendors,it becomes an obstacle for developers to migrate their trusted applications to other Android devices.A software-based TEE solution is a potential approach that allows developers to customize,package and deliver the product efficiently.Motivated by that idea,this paper introduces a VTEE model,a software-based TEE solution,on Android devices.This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics:computing performance and security.The experiment shows that the VTEE model can host other software-based TEE services and deliver various cryptography TEE functions on theAndroid environment.The security evaluation shows that adding the VTEE model to the existing Android does not addmore security issues to the traditional design.Overall,this paper shows applicable solutions to adjust the balance between computing performance and security.
基金the National Natural Science Foundation of China,GrantNumbers(62272007,62001007)the Natural Science Foundation of Beijing,GrantNumbers(4234083,4212018)The authors also acknowledge the support from King Khalid University for funding this research through the Large Group Project under Grant Number RGP.2/373/45.
文摘Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits security design defects,such as an unconditional trust mechanism and the default acceptance of BGP route announcements from peers by BGP neighboring nodes,easily triggering prefix hijacking,path forgery,route leakage,and other BGP security threats.Meanwhile,the traditional BGP security mechanism,relying on a public key infrastructure,faces issues like a single point of failure and a single point of trust.The decentralization,anti-tampering,and traceability advantages of blockchain offer new solution ideas for constructing secure and trusted inter-domain routing mechanisms.In this paper,we summarize the characteristics of BGP protocol in detail,sort out the BGP security threats and their causes.Additionally,we analyze the shortcomings of the traditional BGP security mechanism and comprehensively evaluate existing blockchain-based solutions to address the above problems and validate the reliability and effectiveness of blockchain-based BGP security methods in mitigating BGP security threats.Finally,we discuss the challenges posed by BGP security problems and outline prospects for future research.
基金supported by Nature Key Research and Development Program of China (2017YFB1400700)the National Natural Science Foundation of China (61602537, U1509214)+1 种基金the Central University of Finance and Economics Funds for the Youth Talent Support Plan (QYP1808)First-Class Discipline Construction in 2019,open fund of Key Laboratory of Grain Information Processing and Control (KFJJ-2018-202)
文摘Blockchain with these characteristics of decentralized structure, transparent and credible, time-series and immutability, has been considering as a promising technology. Consensus algorithm as one of the core techniques of blockchain directly affects the scalability of blockchain systems. Existing probabilistic finality blockchain consensus algorithms such as PoW, PoS, suffer from power consumptions and low efficiency;while absolute finality blockchain consensus algorithms such as PBFT, HoneyBadgerBFT, could not meet the scalability requirement in a largescale network. In this paper, we propose a novel optimized practical Byzantine fault tolerance consensus algorithm based on EigenTrust model, namely T-PBFT, which is a multi-stage consensus algorithm. It evaluates node trust by the transactions between nodes so that the high quality of nodes in the network will be selected to construct a consensus group. To reduce the probability of view change, we propose to replace a single primary node with a primary group. By group signature and mutual supervision, we can enhance the robustness of the primary group further. Finally, we analyze T-PBFT and compare it with the other Byzantine fault tolerant consensus algorithms. Theoretical analysis shows that our T-PBFT can optimize the Byzantine fault-tolerant rate,reduce the probability of view change and communication complexity.
基金This work is supported by the National Natural Science Foundation of China(No.61572086)the Innovation Team of Quantum Security Communication of Sichuan Province(No.17TD0009)+1 种基金the Academic and Technical Leaders Training Funding Support Projects of Sichuan Province(No.2016120080102643)the Application Foundation Project of Sichuan Province(No.2017JY0168).
文摘This paper summarizes the state of art in quantum communication networks and trust management in recent years.As in the classical networks,trust management is the premise and foundation of quantum secure communication and cannot simply be attributed to security issues,therefore the basic and importance of trust management in quantum communication networks should be taken more seriously.Compared with other theories and techniques in quantum communication,the trust of quantum communication and trust management model in quantum communication network environment is still in its initial stage.In this paper,the core technologies of establishing secure and reliable quantum communication networks are categorized and summarized,and the trends of each direction in trust management of quantum communication network are discussed in depth.
文摘To describe the dynamic propcrty of trust relationship, wt propose atime-related trust model and extend Joang's subjective logic to fit for time-related trust model.The extension includes prepositional conjunction, disjunction and negation for traditional logic anddiscounting and consensus operators that are evidential operators specially designed for thepropagation and computation of trust relationships. With the extension of subjective logic fortime-related trust, our time-related trust modelis suitable to model the dynamic trust relationshipin practice. Finally an example of reputation assessment is offered to demonstrate the usage of ourtrust model.
文摘Based on fuzzy set theory, a fuzzy trust model is established by using membership function to describe the fuzziness of trust. The trust vectors of subjective trust are obtained based on a mathematical model of fuzzy synthetic evaluation. Considering the complicated and changeable relationships between various subjects, the multi-level mathematical model of fuzzy synthetic evaluation is introduced. An example of a two-level fuzzy synthetic evaluation model confirms the feasibility of the multi-level fuzzy synthesis evaluation model. The proposed fuzzy model for trust evaluation may provide a promising method for research of trust model in open networks.
基金This research work was supported by the National Natural Science Foundation of China(Grant No.61762031)Guangxi Key Research and Development Plan(No.2017AB51024)Guangxi key Laboratory of Embedded Technology and Intelligent System,Guangxi Fundamental Laboratory for Embedded Technology and Intelligent Systems.
文摘Container virtual technology aims to provide program independence and resource sharing.The container enables flexible cloud service.Compared with traditional virtualization,traditional virtual machines have difficulty in resource and expense requirements.The container technology has the advantages of smaller size,faster migration,lower resource overhead,and higher utilization.Within container-based cloud environment,services can adopt multi-target nodes.This paper reports research results to improve the traditional trust model with consideration of cooperation effects.Cooperation trust means that in a container-based cloud environment,services can be divided into multiple containers for different container nodes.When multiple target nodes work for one service at the same time,these nodes are in a cooperation state.When multi-target nodes cooperate to complete the service,the target nodes evaluate each other.The calculation of cooperation trust evaluation is used to update the degree of comprehensive trust.Experimental simulation results show that the cooperation trust evaluation can help solving the trust problem in the container-based cloud environment and can improve the success rate of following cooperation.
文摘In big data of business service or transaction,it is impossible to provide entire information to both of services from cyber system,so some service providers made use of maliciously services to get more interests.Trust management is an effective solution to deal with these malicious actions.This paper gave a trust computing model based on service-recommendation in big data.This model takes into account difference of recommendation trust between familiar node and stranger node.Thus,to ensure accuracy of recommending trust computing,paper proposed a fine-granularity similarity computing method based on the similarity of service concept domain ontology.This model is more accurate in computing trust value of cyber service nodes and prevents better cheating and attacking of malicious service nodes.Experiment results illustrated our model is effective.
基金supported by National Natural Science Foundation of China (No.60873231)Research Fund for the Doctoral Program of Higher Education (No.20093223120001)+2 种基金Science and Technology Support Program of Jiangsu Province (No.BE2009158)Natural Science Fund of Higher Education of Jiangsu Province(No.09KJB520010)Special Fund for Fast Sharing of Science Paper in Net Era by CSTD (No.2009117)
文摘It is necessary to construct an effective trust model to build trust relationship between peers in peer-to-peer (P2P) network and enhance the security and reliability of P2P systems. The current trust models only focus on the consumers' evaluation to a transaction, which may be abused by malicious peers to exaggerate or slander the provider deliberately. In this paper, we propose a novel trust model based on mutual evaluation, called METrust, to suppress the peers' malicious behavior, such as dishonest evaluation and strategic attack. METrust considers the factors including mutual evaluation, similarity risk, time window, incentive, and punishment mechanism. The trust value is composed of the direct trust value and the recommendation trust value. In order to inhibit dishonest evaluation, both participants should give evaluation information based on peers' own experiences about the transaction while computing the direct trust value. In view of this, the mutual evaluation consistency factor and its time decay function are proposed. Besides, to reduce the risk of computing the recommendation trust based on the recommendations of friend peers, the similarity risk is introduced to measure the uncertainty of the similarity computing, while similarity is used to measure credibility. The experimental results show that METrust is effective, and it has advantages in the inhibition of the various malicious behaviors.
基金This work was supported in part by the National Key R&D Program of China under Grant 2020YFA0711301in part by the National Natural Science Foundation of China under Grant 61922049,and Grant 61941104in part by the Tsinghua University-China Mobile Communications Group Company Ltd.,Joint Institute.
文摘With the rapid development of the sixth generation(6G)network and Internet of Things(IoT),it has become extremely challenging to efficiently detect and prevent the distributed denial of service(DDoS)attacks originating from IoT devices.In this paper we propose an innovative trust model for IoT devices to prevent potential DDoS attacks by evaluating their trustworthiness,which can be deployed in the access network of 6G IoT.Based on historical communication behaviors,this model combines spatial trust and temporal trust values to comprehensively characterize the normal behavior patterns of IoT devices,thereby effectively distinguishing attack traffic.Experimental results show that the proposed method can efficiently distinguish normal traffic from DDoS traffic.Compared with the benchmark methods,our method has advantages in terms of both accuracy and efficiency in identifying attack flows.
文摘To keep open network more efficacious and secure, it is necessary that a nice trust model and method of trust management must be developed. The reason why traditional trust models are incomplete in their function to manage trust is explained, and a general model based on hybrid trust model and introducer protocol is provided. The hybrid model is more flexible and efficacious to manage trust compared with hierarchy model and Web model. The introducer protocol is a better solution to build, maintain and refresh the trust relationship in open network environment.
基金the National Natural Science Foundation of China (60503020, 60503033, 60703086)the Natural Science Foundation of Jiangsu Province(BK2006094)+2 种基金the Opening Foundation of Jiangsu Key Labo-ratory of Computer Information Processing Technology in Soochow Univer-sity(KJS0714)the Research Foundation of Nanjing University of Posts and Telecommunications (NY207052,NY207082, NY207084)Microsoft Re-search Asia Internet Services Theme 2008
文摘Software systems in distributed environment are changing from a close and relatively static form, whose users are familiar with each other, to an open and highly dynamic mode, which can be visited by public. In such circumstance, trust evaluation model becomes focus of intense research at current time. Trust evaluation model establishes a management framework of trust relationship between entities, involving expression and measurement of trust, comprehensive calculation of direct trust value and recommended trust value, and recognition of malicious entities and recommendations. Based on the analysis of several typical trust evaluation models, the classification of trust evaluation ideas and modes is discussed, the questions existing in current research and the directions of future research are pointed out.
基金supported by the National Natural Science Foundation of China(6140224161572260+3 种基金613730176157226161472192)the Scientific&Technological Support Project of Jiangsu Province(BE2015702)
文摘In the open network environment, malicious attacks to the trust model have become increasingly serious. Compared with single node attacks, collusion attacks do more harm to the trust model. To solve this problem, a collusion detector based on the GN algorithm for the trust evaluation model is proposed in the open Internet environment. By analyzing the behavioral characteristics of collusion groups, the concept of flatting is defined and the G-N community mining algorithm is used to divide suspicious communities. On this basis, a collusion community detector method is proposed based on the breaking strength of suspicious communities. Simulation results show that the model has high recognition accuracy in identifying collusion nodes, so as to effectively defend against malicious attacks of collusion nodes.
基金supported by National Key Basic Research Program(973 Program) under Grant No.2011CB302903National Natural Science Foundation under Grant No.60873231+1 种基金Key Program of Natural Science for Universities of Jiangsu Province under Grant No.10KJA510035Scientific Research Foundation of NJUPT under Grant No.NY209016,China
文摘In view of the security weakness in resisting the active attacks by malicious nodes in mobile ad hoc networks,the trust metric is introduced to defend those attacks by loading a trust model on the previously proposed Distance-Based LAR.The improved Secure Trust-based Location-Aided Routing algorithm utilizes direct trust and recommendation trust to prevent malicious nodes with low trust values from joining the forwarding.Simulation results reveal that ST-LAR can resist attacks by malicious nodes effectively;furthermore,it also achieves better performance than DBLAR in terms of average end-to-end delay,packet delivery success ratio and throughput.
基金Supported by the National Natural Science Foundation of China (90104005,60373087,60473023) and Key Laboratory of Geo-Informatics of State Bureau of Surveying and Mapping(200626)
文摘Trusted platform model (TPM) is special-purpose integrated circuits (ICs) built into a variety of platforms to enable strong user authentication and machine attestation-essential to prevent inappropriate access to confidential and sensitive information and to protect against compromised networks. Existing TPM products have some limitations. This paper adopts J2810TPM Single Chip cryptogram MCU produced by Jetway Company to construct typical TPM after comparing existing TPM products. Finally, an improved construction approach of TPM based on J2810 is proposed.