Author Login Editor-in-Chief Peer Review Editor Work Office Work

Computer Engineering

Special Issue:

Previous Articles     Next Articles

Threshold Remote Attestation Scheme Based on Trusted Cloud Computing Platform

WANG Tuo 1, TIAN Song 2, CUI Wei-hong 1   

  1. (1. Institute of Remote Sensing Applications, Chinese Academy of Sciences, Beijing 100101, China; 2. College of Geoscience and Surveying Engineering, China University of Mining and Technology, Beijing 100083, China)
  • Received:2013-03-08 Online:2013-10-15 Published:2013-10-14

基于可信云计算平台的门限远程证明方案

王 拓1,田 松2,崔伟宏1   

  1. (1. 中国科学院遥感应用研究所,北京 100101;2. 中国矿业大学地球科学与测绘工程学院,北京 100083)
  • 作者简介:王 拓(1985-),男,博士研究生,主研方向:云计算,地理信息系统,信息安全;田 松,博士研究生;崔伟宏,研究员、博士生导师
  • 基金资助:
    国家自然科学基金资助项目(71150001)

Abstract: Current remote attestation schemes for cloud computing lack researches on trusted node of Infrastructure as a Service(IaaS). They can not effectively prevent the attestation from untrusted nodes based on IaaS. To overcome these shortcomings, this paper puts forward a threshold remote attestation scheme based on Trusted Cloud Computing Platform(TCCP), which uses verifiable secret sharing algorithm and threshold signature algorithm to implement the remote attestation of trusted nodes in the cloud environment. It also can evaluate the running state of the node and the cluster to implement dynamic metrics for each node in the cluster. The scheme can prevent conspiracy attack and the remote attestation of untrusted nodes based on the assumption of the Collusion Attack Algorithm with K traitors (K-CAA) in the random oracle model. Different critical trusted threshold values are tested in the research. The results show that efficiency of the scheme increases with the threshold value increases and critical trusted threshold decreases.

Key words: trusted cloud computing, threshold remote attestation, trusted cloud group, state metric, bilinearity, critical trusted threshold

摘要: 现有可信云计算模式下的远程证明方案缺乏针对基础架构即服务环境下节点群体的可信研究,无法有效阻止不可信节点对外进行远程证明。为解决该问题,提出一种基于可信云计算平台的门限远程证明方案。采用可验证秘密分享算法和门限签名算法,实现云环境下可信群体中个体的远程证明,并对个体及其所在群体的运行状态进行评估以完成对个体的动态度量。在假设 K叛徒联合攻击计算问题难解的前提下,根据随机预言模型验证该方案可以有效阻止不可信节点的对外证明以及群体中不可信节点的合谋欺诈。选取不同的临界可信阈值和门限进行实验,结果表明,该方案的效率随着门限的增大和临界可信阈值的减小而增大。

关键词: 可信云计算, 门限远程证明, 可信云群体, 状态度量, 双线性, 临界可信阈值

CLC Number: