基于无证书环签名的虚拟机可信证明方案

由于虚拟环境的复杂性和动态性,使用传统方法证明其安全状态时会出现运算效率低下的情况;而环签名具有运算效率高、匿名性强的特点,利用无证书公钥系统可解决密钥管理问题。为此,提出一种采用无证书环签名机制的虚拟机可信证明方案。私钥生成中心（PKG）验证平台物理环境的状态可信后,由PKG和虚拟可信平台模块（vTPM）管理器利用无证书算法共同生成vTPM签名密钥,虚拟机对外证明时采用环签名机制,将证明者的信息隐藏在环成员列表中,从而实现虚拟机对外的匿名身份证明和状态证明。在完成证明准备工作后,虚拟机不需要在每次证明和迁移时重复生成虚拟身份证明密钥（vAIK）证书,因此大大提高了证明效率;另外方案具有很强的安全性和匿名性,适用于虚拟机数量巨大的云计算环境。     

一种基于XEN平台的可信虚拟机迁移协议

为保证可信虚拟机迁移的安全性,并减少迁移后在目的端密钥的重新生成,采用一种适于迁移的vTPM密钥层次,并在此基础上提出一种增加了双方身份和平台状态认证的可信虚拟机迁移协议。首先,引入中间层gSRK、SK实现对vSRK、vAIK的间接保护和签名,以此确保vTPM密钥在目的平台的重新使用;其次,在迁移前增加双方身份和平台状态认证,并使用D-H算法协商会话密钥,为双方建立一个可信的通信通道。最后,基于XEN平台利用协商好的会话密钥进行可信虚拟机的迁移。分析表明,该协议能够有效保证可信虚拟机迁移的安全性要求。     

可信数据库环境下无证书认证的可信密钥共享

基于DAS模型的可信数据库环境下,数据拥有者将数据加密以后存储于第三方数据库服务提供商,数据拥有者与被授权用户间的可信数据共享本质上是数据密钥的可信共享。现有的DAS模型中密钥管理方法的安全落脚点都是假设数据拥有者与各用户能事先分别安全共享一个用户密钥,而在可信数据库环境下如何进行数据拥有者与用户间的可信用户密钥共享却是一个未解决的问题。基于无证书签名认证机制,提出了一种可信数据库环境下的可信用户密钥共享协议,并对该协议的有效性和安全性进行了分析。该协议完全无需安全传输通道和可信第三方作为支撑,且有较好的执行效率;同时基于DL问题、Inv-CDH问题、q-StrongDH问题等数学难题,该协议被证明能有效抵御无证书安全模型下的各种攻击。     

满足多种安全属性的复合型支付协议及其逻辑分析

针对典型电子支付协议存在的安全目标单一,不能满足日益提高的安全需求等问题,提出了一种能够满足认证性、密钥新鲜性、密钥秘密性、非否认性、公平性、可追究性和原子性等多种安全属性的复合型安全支付协议,该协议的认证子协议基于令牌概念设计,能够实现高效认证及会话密钥协商。通过引入公钥证书证明协议主体的身份、借助可信方传递付款收据以及采用FTP方式传送电子货币和付款收据等方式提出了支付子协议。使用逻辑分析方法对该协议进行严格逻辑推理验证,结果表明该协议能够满足多种安全属性。     

基于属性的自证实模型及其安全协议

针对可信环境下被验证方需要向验证方发送其软硬件基本配置信息来证明其完整性而产生的攻击问题,给出一种基于虚拟机技术的属性自证实（PSA）模型及其安全协议,并对协议进行安全性分析。首先通过在被验证平台上建立一个可信虚拟机,然后由该虚拟机实现对被验证平台上其他组件的度量,并可靠地报告代表当前平台运行环境的安全属性给验证方。自证实方式可以提高通信的安全性,并且减少维护独立可信第三方时所需的开销;使用基于属性的远程证明方式,能够提高被验证方的安全性;安全协议引入了TPM的不可迁移密钥特性来防止假冒攻击的发生。     

优化的匿名电子现金支付协议及其形式化验证*

针对匿名电子现金支付协议存在的缺陷,提出了一种能够满足多种安全属性的优化协议。将会话密钥的协商与使用分为两个阶段进行,确保协议密钥保密性的实现;引入电子证书证明交易主体的身份,确保协议非否认性的实现;借助可信方传递付款收据,避免交易主体不诚实所导致的公平性缺失;引入FTP传输方式传送电子货币和付款收据,确保实现可追究性与公平性,进一步增强协议的鲁棒性。对优化协议进行形式化验证,结果表明,优化协议满足密钥保密性、非否认性、公平性、可追究性、原子性等安全属性。     

一种轻量级基于证书的认证密钥协商方案

认证密钥协议对于在公共网络上安全通信至关重要,它使通信方能够在恶意攻击者当前安全地设置共享会话密钥.基于证书的密码学(CBC)很好地解决了传统公钥密码体制中的证书撤销问题、基于身份的密码体制中的密钥托管问题和无证书密码体制中安全信道建立困难问题.现有的基于证书认证密钥协商方案大多都采用了昂贵的双线性配对,不适合计算资源有限的移动设备.本文设计了一种轻量级的基于证书的AKA协议,该协议用假名技术实现用户身份匿名.该协议提供了前向保密,抵抗中间人攻击,重放攻击等安全性分析.与以往基于证书的AKA协议相比,该协议在计算效率上具有明显的优势.     

新的复合型电子商务安全协议

针对典型电子商务安全协议存在的安全目标单一,不能满足日益增加的安全需求等问题,提出了一种能够满足多种安全属性的复合型电子商务安全协议,该协议包含认证子协议和支付子协议两部分。认证子协议基于令牌概念实现了高效认证及协商会话密钥。改进匿名电子现金支付协议,提出了支付子协议,引入电子证书证明交易主体的身份,确保协议非否认性的实现;借助可信方传递付款收据,避免交易主体不诚实所导致的公平性缺失;引入FTP传输方式传送电子货币和付款收据,确保实现可追究性与公平性,进一步增强协议的鲁棒性。     

基于ZKV方法的远程证明AIK证书生成协议

本文首先分析了身份认证密钥证书生成过程中平台信息暴露和可信第三方效率瓶颈等问题,提出了一个可选择的可信计算环境中远程证明身份认证密钥证书生成方案,以保证通信双方终端计算机平台信息的保密性。然后阐述了由零知识证明、Kerberos框架和虚拟可信平台模块三种技术相结合的身份认证密钥证书生成协议,称之为ZKV方法。最后对该方法的安全性和效率进行了分析,并构建原型系统验证了该方法的可行性。     

一种改进的直接匿名认证方案

介绍可信计算中直接匿名认证(DAA)方案的研究与发展,针对现有解决方案中由于EK密钥泄露而造成的Rudolph攻击,提出了一种改进的直接匿名认证方案。与原方案相比,改进的方案在Join阶段提出了一种新的密钥交换协议,在实现DAA证书发布者和示证者双向身份认证的同时,将EK证书的认证过程和DAA证书的签发过程分离,从而避免了Rudolph攻击的出现。通过利用CK模型对提出的密钥交换协议进行分析,表明改进的方案中的密钥交换协议达到SK安全等级;该方案保证了用户可控的匿名性,并且可信第三方不会成为方案瓶颈。     

Taming Virtualization

Although the term virtualization has been around for decades, only recently has it become a buzzword in the computer systems community with the revival of virtual machines (VMs), driven by efforts in industry and academia. VMs are software entities that emulate a real machine's functionality; they execute under the control of a hypervisor that virtualizes and multiplexes low-level hardware resources. Hypervisors come in two flavors: non-hosted, which run directly on top of the hardware, and hosted, which are integrated with a host operating system (OS). The presence of a hypervisor makes VMs subject to a level of visibility and control that's hard to achieve with real machines. The small size, isolation, and mediation power of an ideal hypervisor over VMs make it an interesting candidate for a trusted computing base, with applications in security research fields such as intrusion detection, integrity protection, and malware analysis, among others.     

TRainbow: a new trusted virtual machine based platform

Currently, with the evolution of virtualization technology, cloud computing mode has become more and more popular. However, people still concern the issues of the runtime integrity and data security of cloud computing platform, as well as the service efficiency on such computing platform. At the same time, according to our knowledge, the design theory of the trusted virtual computing environment and its core system software for such network-based computing platform is at the exploratory stage. In this paper, we believe that efficiency and isolation are the two key proprieties of the trusted virtual computing environment. To guarantee these two proprieties, based on the design principle of splitting, customizing, reconstructing, and isolation-based enhancing to the platform, we introduce TRainbow, a novel trusted virtual computing platform developing by our research group. With the two creative mechanisms, that is, capacity flowing amongst VMs and VM-based kernel reconstructing, TRainbow provides great improvements (up to 42%) in service performance and isolated reliable computing environment for Internet-oriented, large-scale, concurrent services.     

Design and implementation of a trusted monitoring framework for cloud platforms

Virtualization is a pillar technology in cloud computing for multiplexing computing resources on a single cloud platform for multiple cloud tenants. Monitoring the behavior of virtual machines (VMs) on a cloud platform is a critical requirement for cloud tenants. Existing monitoring mechanisms on virtualized platforms either takes a complete VM as the monitoring granularity, such that they cannot capture the malicious behaviors within individual VMs, or they focus on specific monitoring functions that cannot be used for heterogeneous VMs concurrently running on a single cloud node. Furthermore, the existing monitoring mechanisms have made an assumption that the privileged domain is trusted to act as expected, which causes the cloud tenants’ concern about security because the privileged domain in fact could not act as the tenants’ expectation. We design a trusted monitoring framework, which provides a chain of trust that excludes the untrusted privileged domain, by deploying an independent guest domain for the monitoring purpose, as well as utilizing the trusted computing technology to ensure the integrity of the monitoring environment. Moreover, the feature of fine-grained and general monitoring is also provided. We have implemented the proposed monitoring framework on Xen, and integrated it into OpenNebula. Our experimental results show that it can offer expected functionality, and bring moderate performance overhead.     

云计算环境中的虚拟机同驻安全问题综述

在云计算环境中,为了实现资源共享,不同租户的虚拟机可能运行在同一台物理机器上,即虚拟机同驻,这将带来新的安全问题。为此,文章重点讨论同驻虚拟机所面临的一些新的安全威胁,包括资源干扰、隐蔽通道/侧信道、拒绝服务与虚拟机负载监听等,介绍现有虚拟机同驻探测方法,总结针对虚拟机同驻威胁的四种防御思路,并分析未来的研究趋势。     

A secure fog-based platform for SCADA-based IoT critical infrastructure

The rapid proliferation of Internet of things (IoT) devices, such as smart meters and water valves, into industrial critical infrastructures and control systems has put stringent performance and scalability requirements on modern Supervisory Control and Data Acquisition (SCADA) systems. While cloud computing has enabled modern SCADA systems to cope with the increasing amount of data generated by sensors, actuators, and control devices, there has been a growing interest recently to deploy edge data centers in fog architectures to secure low-latency and enhanced security for mission-critical data. However, fog security and privacy for SCADA-based IoT critical infrastructures remains an under-researched area. To address this challenge, this contribution proposes a novel security “toolbox” to reinforce the integrity, security, and privacy of SCADA-based IoT critical infrastructure at the fog layer. The toolbox incorporates a key feature: a cryptographic-based access approach to the cloud services using identity-based cryptography and signature schemes at the fog layer. We present the implementation details of a prototype for our proposed secure fog-based platform and provide performance evaluation results to demonstrate the appropriateness of the proposed platform in a real-world scenario. These results can pave the way toward the development of a more secure and trusted SCADA-based IoT critical infrastructure, which is essential to counter cyber threats against next-generation critical infrastructure and industrial control systems. The results from the experiments demonstrate a superior performance of the secure fog-based platform, which is around 2.8 seconds when adding five virtual machines (VMs), 3.2 seconds when adding 10 VMs, and 112 seconds when adding 1000 VMs, compared to the multilevel user access control platform.     

可信服务链安全架构研究

针对网络功能虚拟化中服务链的安全性问题,提出一种基于可信计算的安全服务链架构。首先,基于可信计算为网络功能虚拟化架构设置可信管理中心模块,为虚拟网络功能实例的生成、服务链的生成和调整提供可信认证;然后,针对服务链的生成和调整设计了相关安全协议;最后,将HOTP协议引入模型之中,实现了服务链各实例之间的安全认证与安全传输,并支持服务链节点的动态扩充和调整。经过架构仿真分析表明,本安全架构在保证服务链动态性的同时提高了安全性。     

嵌入式系统可信虚拟化技术的研究与应用

嵌入式系统在生活中的应用日益广泛,传统的安全增强手段已无法有效应对各种安全问题,增强嵌入式系统的安全性成为目前亟需解决的问题。为提高嵌入式系统及其应用程序的安全性,结合嵌入式系统的虚拟化技术与可信计算技术,设计并实现基于虚拟TCM的可信计算平台框架,实现了虚拟TCM和基于虚拟TCM的可信增强技术,提出并实现了一个基于虚拟TCM的会话认证方法,将信任链从硬件操作系统层扩展到了虚拟域的应用软件层。实验结果表明,虚拟TCM与物理TCM相结合能够有效保证嵌入式系统、虚拟域和应用程序的安全可信。     

云计算平台中的虚拟化技术与安全机制

随着云计算的普及,其安全问题变得越来越重要。本文通过研究存储虚拟化和网络虚拟化技术,设计并部署了一个弹性和安全的虚拟化集群。该集群利用虚拟化技术把云计算用户空间在逻辑上相互隔离,有效地解决了共享性和安全性之间的矛盾。该集群也具有良好的可扩展性、高可用性和较低的成本。