Network interconnection model based on trusted computing

doi:10.11772/j.issn.1001-9081.2014.07.1936

Journal of Computer Applications ›› 2014, Vol. 34 ›› Issue (7): 1936-1940.DOI: 10.11772/j.issn.1001-9081.2014.07.1936

Previous Articles Next Articles

Network interconnection model based on trusted computing

LIU Yibo,YIN Xiaochuan,GAO Peiyong,ZHANG Yibo

College of Information and Navigation, Air Force Engineering University, Xi'an Shaanxi 710077, China

Received:2013-12-30 Revised:2014-02-20 Online:2014-07-01 Published:2014-08-01
Contact: LIU Yibo

基于可信计算的网络互联模型

刘一博,殷肖川,高培勇,张毅卜

空军工程大学信息与导航学院, 西安 710077

通讯作者: 刘一博
作者简介:刘一博(1991-)，男，河南洛阳人，硕士研究生，主要研究方向:网络与信息对抗;殷肖川(1961-)，男，湖北武汉人，教授，主要研究方向:网络与信息对抗;高培勇(1989-)，男，河南郑州人，硕士研究生，主要研究方向:无线自组织网络;张毅卜(1989-)，男，陕西西安人，硕士研究生，主要研究方向:网络流量测量。

Abstract

Abstract:

Problem of intranet security is almost birth with network interconnection, especially when the demand for network interconnection is booming throughout the world. The traditional technology can not achieve both security and connectivity well. In view of this,a method was put forward based on trusted computing technology. Basic idea is to build a trusted model about the network interconnection system,and the core part of this model is credible on access to the person's identity and conduct verification:first, the IBA algorithm is reformed to design an cryptographic protocol between authentication system and accessors,and the effectiveness is analyzed in two aspects of function and accuracy; second,an evaluation tree model is established through the analysis of the entity sustainable behavior, so the security situation of access terminals can be evaluated.At last,the evaluation method is verified through an experiment.

摘要：

针对传统互联技术难以实现内外网在安全可信情况下互联互通互操作的问题，将可信计算中的相关技术应用到网络互联中，实现内外网在安全隔离情况下的信息交互。研究了网络可信互联框架模型，结合该模型，对基于身份的公钥认证算法进行改进，设计了认证系统与接入者之间的密码协议。分析实体的持续性行为进行并建立评估树模型，对接入者自身的安全状况进行综合可信度评估。最后，通过测试实验对评估方法进行分析与验证，实验结果表明，该评估模型排除时效偏差等不利因素的影响，具有可行性和有效性。

CLC Number:

LIU Yibo YIN Xiaochuan GAO Peiyong ZHANG Yibo. Network interconnection model based on trusted computing[J]. Journal of Computer Applications, 2014, 34(7): 1936-1940.

刘一博殷肖川高培勇张毅卜. 基于可信计算的网络互联模型[J]. 计算机应用, 2014, 34(7): 1936-1940.

References

［1］WU H, TAN C, WANG H. Study on the realization of differentiated services in network isolation system［J］. Journal of Computer Applications, 2008,28(3):620-628.(武海燕,谭成翔,汪海航.区分服务在网络隔离系统中的研究与实现［J］.计算机应用,2008,28(3):620-628.)
［2］LI F,SU L,SHI G, et al. Research status and development trends of access control model［J］.Acta Electronica Sinica, 2012,40(4):806-813. (李凤华,苏链,史国振,等.访问控制模型研究进展及发展趋势［J］.电子学报,2012,40(4):806-813.)
［3］ZHOU Y. Research on network isolation and secure data exchange prototype［D］.Shanghai: Tongji University,2006.(周永明.网络隔离与安全交互原型研究［D］.上海:同济大学,2006.)
［4］TIAN X, QIU Z, SUN C, et al. Network isolation and switching based on hardware region division and IP packet reintegration［J］.Journal of Computer Science, 2008,35(2):81-95.(田新广,邱志明,孙春来,等.基于硬件分区和IP报文还原的网络隔离与信息交换［J］.计算机科学,2008,35(2):81-95.)
［5］TANG J. One-way network isolation system's design and realization［D］. Chengdu: University of Electronic Science and Technology of China,2012.(唐晋.网络单向隔离控制系统的设计与实现［D］.成都：电子科技大学,2012.)
［6］JIANG X, JIANG Z. Design of enhanced memory protection trusted computing architecture［J］. Computer and Engineering and Design,2013,34(9):3108-3113.(姜徐,蒋志祥.增强存储保护的可信计算架构设计［J］.计算机工程与设计,2013,34(9):3108-3113.)
［7］SHI G, ZHANG J. Research and development of trustworthiness attestation in trusted computing［J］. Application Research of Computers,2011,28(12):4414-4419. (施光源,张建标.可信计算领域中可信证明的研究与进展［J］.计算机应用研究,2011,28(12):4414-4419.)
［8］DONG W, CHEN L Q. Recent advances on trusted computing in China［J］.Chinese Science Bulletin, 2012, 57(35):4529-4532.
［9］SHI R, FAN X. Session key agreement scheme for Ad Hoc network based on identity authentication［J］. Journal of Central South University,2010,41(6):2236-2239. (施荣华，樊翔宇. 基于身份认证的Ad Hoc密钥协商方案［J］.中南大学学报,2010,41(6):2236-2239.)
［10］LI Y, SU W, WANG Y. New ID-based identification scheme［J］.Journal of Harbin Engineering University, 2009, 30(1):54-60.(李艳平,苏万力,王育民.新的基于ID的身份鉴别方案［J］.哈尔滨工程大学学报, 2009, 30(1):54-60.)
［11］FIAT A, SHAMIR A. How to prove yourself: practial solution to identification and signature problems［C］// Proceedings on Advances in Cryptology-CRYPTO 1986. London: Springer-Verlag, 1986:186-194.
［12］WANG M. Research on identity-based digital signature and signcryption schemes［D］. Xi'an: Xidian University, 2006:1-20.(王萌.基于身份的数字签名及签密技术研究［D］.西安:西安电子科技大学,2006:1-20.)
［13］HESS F. Efficient identity based signature schemes based on pairings［C］// Proceedings of the 9th Annual International Workshop on Selected Areas in Cryptography. London：Springer-Verlag, 2002:310-324.
［14］WANG J, LIANG L,YU W. Design of trusted authentication-enabled mobile IPSec VPN system［J］. Computer and Engineering and Design, 2013,34(7):2343-2352. (王剑,梁灵飞,俞卫华.支持可信认证的IPSec VPN系统设计［J］.计算机工程与设计,2013,34(7):2343-2352.)
［15］DENG Y, CHEN Z. Policy embedded dynamic integrity active measurement architecture［J］. Application Research of Computers, 2013,30(1):162-264. (邓锐,陈左宁.基于策略嵌入和可信计算的完整性主动动态度量架构［J］. 计算机应用研究,2013,30(1):162-264.)
［16］FUKUYAMA F. Trust: The social virtues and the creation of prosperity［M］.London: Hamish Hamilton,1995.
［17］LIU Y, ZHEGN X,CHEN D. Trust predicting using roles-based reputation in trust network［J］. Journal of Beijing University of Posts and Telecommunications,2013,36(1):72-76.(刘迎春,郑小林,陈德人.信任网络中基于角色信誉的信任预测［J］. 北京邮电大学学报,2013,36(1):72-76.)
［18］DAI H. The research on trust evaluation mechanism based on trusted computing technology［D］.Nanjing: Nanjing University of Posts and Telecommunications, 2011:1-87. (戴桦. 基于可信计算技术的信任评估机制研究［D］.南京:南京邮电大学,2011:1-87.)

[1]	. Statistically significant sequential patterns mining algorithm under influence [J]. Journal of Computer Applications, 0, (): 0-0.
[2]	. Indoor fall detection algorithm based on Res2Net-YOLACT and feature fusion [J]. Journal of Computer Applications, 0, (): 0-0.
[3]	. One-shot video-based person re-identification with multi-loss learning and joint metric [J]. Journal of Computer Applications, 0, (): 0-0.
[4]	. Network embedding method based on multi-granularity community information [J]. Journal of Computer Applications, 0, (): 0-0.
[5]	. Data stream preference query based on extracted sequence according to temporal condition [J]. Journal of Computer Applications, 0, (): 0-0.
[6]	. Multiscale residual UNet based on attention mechanism to realize breast cancer lesion segmentation [J]. Journal of Computer Applications, 0, (): 0-0.
[7]	. Gene data generation method based on generative adversarial network [J]. Journal of Computer Applications, 0, (): 0-0.
[8]	. Prediction of NOx emission from fluid catalytic cracking unit based on ensemble empirical mode decomposition and long short-term memory network [J]. Journal of Computer Applications, 0, (): 0-0.
[9]	. Fundus vessel segmentation method combined with U-Net and adaptive threshold pulse coupled neural network [J]. Journal of Computer Applications, 0, (): 0-0.
[10]	. EE-GAN：Facial expression recognition method based on generative adversarial network and network integration [J]. Journal of Computer Applications, 0, (): 0-0.
[11]	. Recognition algorithm of vehicle logo on traffic road [J]. Journal of Computer Applications, 0, (): 0-0.
[12]	. Centered kernel alignment based multiple kernel one-class support vector machine [J]. Journal of Computer Applications, 0, (): 0-0.
[13]	. Multi-modal deep fusion for false information detection [J]. Journal of Computer Applications, 0, (): 0-0.
[14]	. First-arrival automatic picking algorithm based on clustering and local linear regression [J]. Journal of Computer Applications, 0, (): 0-0.
[15]	. Key Rcovery Attack of Blow-CAST-Fish Based on Differential Tables [J]. Journal of Computer Applications, 0, (): 0-0.

Network interconnection model based on trusted computing

基于可信计算的网络互联模型

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics