可信终端动态运行环境的可信证据收集机制

可信计算的链式度量机制不容易扩展到终端所有应用程序,因而可信终端要始终保证其动态运行环境的可信仍然困难.为了提供可信终端动态运行环境客观、真实、全面的可信证据,提出了可信终端动态运行环境的可信证据收集机制.首先,在可信终端的应用层引入一个可信证据收集代理,并将该代理作为可信平台模块(trusted platform module,简称TPM)链式度量机制的重要一环,利用TPM提供的度量功能保证该代理可信;然后通过该代理收集可信终端的内存、CPU、网络端口、磁盘文件、策略配置数据和进程等的运行时状态信息,并利用TPM提供的可信存储功能,保存这些状态信息作为终端运行环境的可信证据,并保障可信证据本身的可信性.该可信证据收集机制具有良好的可扩展性,为支持面向不同应用的信任评估模型提供基础.在Windows平台中实现了一个可信证据收集代理的原型,并以一个开放的局域网为实验环境来分析可信证据收集代理所获取的终端动态运行环境可信证据以及可信证据收集代理在该应用实例中的性能开销.该应用实例验证了该方案的可行性.     

云计算中动态可信平台模块的实现

针对目前在云计算环境中用户虚拟计算环境不可信的问题,利用可信平台模块虚拟化技术,在云服务器端为用户构造一个虚拟可信平台模块,然后以虚拟可信平台模块为基石,为用户在云服务器端构造了一个虚拟的可信计算环境,从而使现有的云计算用户中虚拟计算环境的可信情况获得了有效保障。通过与现有的可信平台模块虚拟化方案作对比发现,所提方案不仅周全地考虑了在云计算中虚拟机效率损耗的相关问题,而且相较显著提高了它的安全性和执行效率,更加适合被应用于用户虚拟计算环境。     

跨平台的可信执行环境模块方案研究

针对现有TPM、MTM等可信计算模块不能跨平台使用,未考虑算法、协议、功能更新等问题,提出一种基于硬件的可信执行环境模块（TEEM, trusted execution environment module）架构,该架构利用ARM TrustZone技术构建一个运行在硬件安全隔离环境中的可信计算模块。该模块能够为多种平台提供可信计算功能,具备较强的移动性和便携性,并且允许用户根据需要灵活地配置、升级模块的功能和算法。设计并实现了基于TEEM架构的原型系统,原型系统的安全性分析和性能测试结果表明,TEEM能够为用户提供一个安全、稳定、高效的可信执行环境。     

通用可组合安全的WLAN Mesh网络可信接入认证协议

现有的WLAN Mesh网络接入协议和可信网络接入协议在性能和安全性方面不能很好的满足WLAN Mesh网络可信接入的要求.针对这一情况,提出了一种高效的可证明安全的WLAN Mesh网络可信接入协议MN-TAP,该协议仅需4轮交互就能实现访问请求者,策略执行点和策略决策点三者之间的用户认证和密钥确认,同时在第一轮交互中就实现了策略决策点对访问请求者平台身份的认证和平台完整性的校验,提高了协议执行的效率,降低了服务器端的负载.利用通用可组合安全模型对新协议进行了安全性证明,并对协议性能进行了对比分析.结果表明:新协议达到通用可组合安全,且与现有协议相比性能优势明显.     

安全可信智能移动终端研究

从软件方案、基于可信执行环境(TEE)方案和基于典型安全元件(SE)方案3个方面对智能移动终端安全技术进行了探讨。软件层面探讨了一般运行环境中的安全技术,基于TEE的方案探讨了TEE的系统架构、隔离技术和安全执行技术,基于SE的方案探讨了基于本地SE和云端SE的安全增强技术。认为只有将可信硬件平台和可信软件加以结合,才能为智能移动终端提供完整的安全保障。     

可信网络的平台认证与接入

文中首先分析出了传统网络面临的安全威胁,介绍了与传统网络不同的可信网络平台认证模型,给出了可信平台模块TPM在平台认证中的作用,提出了用可信网络模块TNM来加强接入的安全性。     

基于TPM的可信集群系统设计与实现

集群系统既有分布式系统的特点,又有单一系统的特征。由于传统集群计算节点缺少可信计算平台的支持,集群作为一个单一的系统缺少可信安全技术的支持。作为一个分布式系统,其可信安全机制和信任链传递机制又很不同于单机系统。在TCG可信计算的规范和可信链的基础之上,提出了可信集群的构架,构建了基于TPM的可信集群,实现了基于可信集群架构的可信集群系统。针对集群中的应用,对所实现的可信集群系统如何解决集群中的可信安全问题作了探讨和研究。     

可信计算与可信网络

论文对主流的可信计算技术——TCPA和NGSCB进行了分析,并对可信计算平台(TCP)进行了研究,对基于可信计算的可信网络的三个基本属性进行了分析和研究,最后介绍了可信网络的发展现状。     

移动智能终端可信环境分析

阐述了移动智能终端所面临的安全问题,介绍了两个国际标准组织TCG和GP以及他们针对移动智能终端安全问题所提出的技术方案和标准规范。最后给出了国内在可信环境方面的标准进展。     

移动支付可信服务管理平台技术发展

介绍了移动支付可信服务管理平台的概念与内涵、探讨了可信服务管理平台国内外发展现状、产业链关系和定位,分析了可信服务管理平台技术功能。     

Access network evolution beyond third generation mobile communications

Second-generation mobile radio systems have been deployed successfully worldwide. These systems have evolved to higher data rates and packet transmission. Third-generation mobile radio systems are currently being standardized worldwide to be initially deployed in 2001 and 2002 in different regions of the world. New advanced multimedia services are under development, and first services are already being offered in second-generation systems, which will provide new business opportunities. Already today discussion is starting on the development of systems beyond third-generation mobile radio systems due to the long timeframe for system specification and international standardization. However, today there is no clear vision available on such systems. This discussion takes into account the new deregulated and liberalized communication environment. This article presents a concept for a system beyond third-generation mobile radio systems, which comprises a combination of several optimized access systems in a common IP-based medium access and core network platform. These different access systems will interwork through horizontal and vertical handover, service negotiation, and global roaming. The different access systems are allocated to different mutually complementing cell layers in the sense of hierarchical cells with respect to cell size, coverage, and mobility to provide globally optimized seamless services to users. This vision requires extensive international research and standardization activities to solve many technical challenges. Key issues are the global interworking of different access systems on a common platform, advanced antenna concepts, and the implementation of multimode and multiband terminals and base stations through software-defined radio concepts.     

移动IP网络多层次移动支持机制的研究

首先对业界提出的支持网络移动性的方法从网络分层的层面进行分类和比较,将支持移动性的机制分为三个层次机制:网络层移动性机制、传送层移动性机制,应用层移动性机制、对其中代表性的机制进行分析和阐述,并在此基础上,提出多层次支持IP移动性的模型和机制——多层自适应移动策略表(MLSA-MPT)机制,将不同层次(网络层和应用层)的移动性支持机制结合起来,使网络能够根据业务的实际需求,通过动态选择不同层次的移动支持机制,完成多业务和多应用环境下对移动性的支持。     

基于博弈理论的移动自组网激励机制研究

摘 要：针对移动自组网中节点在报文转发过程中的表现出的自私行为,利用博弈理论,从静态和动态2个方面对其进行了完整的建模与分析。首先,提出了一种严厉针锋相对策略,并建立了一个无限重复报文转发博弈模型,求得了激励一致性条件。然后,利用演化博弈理论对节点由自私向协作转变的动态过程进行了分析,并证明了严厉针锋相对策略的演化稳定性。仿真结果表明,即使在自私节点比率为1的条件下,只要合理选择惩罚参数,均可有效激励自私节点的协作转发行为,整体网络性能最多可提升80%。     

移动Ad Hoc网络的密钥管理机制

移动 Ad　Hoc 网络(MANET)是一种具有全新概念的无线网络,不依赖于任何固定的物理基础设施和集中式的组织管理机构,通过无线链路实现移动节点之间的通信。然而,Ad　Hoc 网络的固有特性使其更易遭受各种安全威胁,因此实用有效的密钥管理机制是保障网络安全的一个关键。本文提出了几种信任模型,结合这些模型对现有的密钥管理方案进行了分析讨论,指出了其中存在的问题,并就今后的研究方向给出一些看法。     

复杂电磁环境下机动通信网络抗毁性评估

在建立机动通信网络模型的基础上,分析了复杂电磁对抗环境的基本构成,探讨了敌方可能的基于重要性指标的攻击目标选择策略。建立了电子对抗条件下模拟环境模型。再结合节点连通性、信道带宽、信道丢失率和平均时延等多项指标,建立了复杂电磁环境下机动通信网络抗毁性评估模型,并完成了抗毁性评估计算及仿真分析。     

移动自组网中新的智能丢包区分机制

为了有效区分移动自组网中由于网络拥塞、路由切换和链路错误引起的丢包,通过模糊计算的综合评判模型,在发送端综合端到端往返延时、短期的吞吐量以及乱序数据包3个网络观测参数进行判断。仿真结果表明智能丢包区分算法对丢包原因的判断取得了较好的效果。基于该智能丢包区分算法的TCP改进方案TCP-Fuzzy,能够根据判断出的丢包原因采取恰当的拥塞控制策略,在各种不同的网络环境下都有较好的性能表现。     

Incentive mechanism based on auction model for mobile crowd sensing network

The selfishness and uncertainty of user behaviors in the mobile crowd sensing network make them unwilling to participate in sensing activities,which may result to a lower sensing task completion rate.To deal with these problems,an incentive mechanism based on auction model was proposed.In order to maximize the utility of each user,the proposed incentive method based on reverse auction (IMRA) leveraged a task-centric method to choose winners,and payed them according to a critical-price strategy.Furthermore,the proposed user-bidirectional interaction incentive mechanism (UBIM) helped drop-out users (buyers) to transfer their unfinished tasks to new users.Simulation results show that,compared with TRAC and IMC-SS,IMRA can achieve a better performance in terms of average user utility and tasks coverage ratio,and the task completion ratio can also be improved by UBIM.     

Residual resources aware distributed admission control mechanism in mobile multi-hop network

Without considering current residual resources of the medium, nodes in mobile ad hoc networks (MANETs) admit the data flow arbitrarily, and the quality of service (QoS) of the data flows deteriorates. To release the contending on the resources induced by the overloaded flows, the admission control mechanism can effectively keep the balance between injected data flows and network capacity, and it is viewed as the most important technology in MANET. A novel distributed residual resources aware admission control mechanism is proposed in this paper, where the residual resources and the service rate are studied thoroughly. Considering the medium utilization, frame retransmission and backoff procedure, the passive method is applied to predict the residual resources, and the binomial distribution is utilized to model the medium status; moreover, based on the cooperation between the source node and intermediate nodes, the path meeting the resource demand is probed across the network, and the flows are rejected while the residual resources cannot meet its demand. Results show that the network load can be constrained by our proposed admission control mechanism, and the QoS of the data flows can be guaranteed effectively.     

Data forwarding incentive mechanism based on auction model in mobile social network

Abstract:A data forwarding incentive mechanism based on auction model in mobile social network was proposed.In this incentive mechanism,the first-price sealed auction mode was extended,the transaction mode of virtual currency payment was adopted,and the procedure of data forwarding between nodes was abstracted into the auction transaction model.Based on the node's resource state,the virtual currency and the data property,the evaluation function of data forwarding transaction was given,and then the node gives the corresponding price according to the evaluation function and game strategy.Through the game analysis,the Nash equilibrium solution of AMIM was found,and the lowest bidder,of which the bid price was lower than the evaluation of data forwarding request node would been selected as the service provider for this data forwarding.In this incentive mechanism,the rational mobile nodes were enforced to voluntarily participate in data forwarding cooperation to maximize their own interests.The simulation experiment shows that AMIM mechanism can effectively reduce the energy consumption and improve the success rate and efficiency of data forwarding in the whole network system.     

Access network management modeling

The effective management of access networks presents challenges which are not found in other sectors of the telecommunications network. The approaches being developed for the management modeling of access networks allow systems with different technologies and from different vendors to be managed in a uniform way. The functional architecture used for SDH can be generalized so that it is applicable to access networks, and this forms the basis of the modeling of their logical functionality. Technology-specific models of the various elements can be integrated into a technology-independent network model, and the physical resources and logical structure can be modeled to simplify repairs and improve inventory management. The development of standards for the management of the access network is an evolutionary process, but sufficient standards are now in place in order to achieve a useful level of functionality over a Q3 interface. Developing solutions that take advantage of the initial telecommunications management network (TMN) standards allows experiences to be fed back into the standards bodies to generate a more complete set of standard specifications, leading to the goal of access network management as part of a totally integrated TMN