# Property-based anonymous attestation in trusted cloud computing.

1. IntroductionWith the development of information technology, cloud computing has been the important trend of the third revolution in information technology, after the personal computer and the Internet, and the focus of industry and, Science [1]. Many cloud providers offer services at various layers of the cloud computing. Weather providers offer services of basic computational infrastructure and allow their customers to develop their own applications and effectively control their own computations and data, PaaS providers allow their costumers to develop cloud applications of their own, or SaaS providers allow their costumers to create their own documents using the applications and to get out of control of their computations and data. So the trustiness attestation to platforms becomes an important problem needed to be resolved in cloud computing [2].

A security scheme was supported in [3, 4] based on the research on the potential security problems existing in current IasS. In this scheme, hardware, network connection, platform virtualization, software for cloud computing, utility computing, and service level agreement are enhanced in the IaaS.

Trusted computing was introduced into IaaS firstly and a concept called Trusted Cloud Computing Platform (TCCP) was proposed in [5, 6]. All virtual computing nodes are guaranteed to be trusted by configuration-based remote attestation. However, since the configuration of the latest restart of the platform is static, the dynamic attacks such as buffer overflow and DMA attack cannot be handled. Moreover, since the signature is carried out by the Endorsement Key of TPM, the leakage of privacy may be caused based on the fact that the usage of Endorsement Key can be tracked.

A remote attestation for virtual computing node was supported in [7, 8].The following events such as changing, updating, and patching the configuration of virtual platform are updated in the attestation by TPM. However, this scheme is actually a static remote attestation based on configuration and it cannot attest the running states of virtual computing node.

The authors in [7, 8] support remote attestation for virtual machine; virtual TPM is improved to update attestation by the means of the following events such as changing, updating, and patching the configuration of virtual platform. However, it is actually a static remote attestation based on configuration, while it cannot attest the running states of virtual platform. Additionally, this scheme only deals with the trust root based on software and lacks both trusted guarantee provided by TPM and attestation of physical platform on which the virtual machines are running.

The goal of trusted computing is to improve the security and trustworthiness of computing platforms [9-12], and the well-known group--TCG--has published many specifications, such as the Trusted Platform Module (TPM) [13, 14] and library Trusted Software Stack (TSS) [15].

Remote attestation is one of the core technologies of trusted computing. In TCG1.1 specification, the attestation is designed with challenge information in plain text [16, 17]. In the process of the remote attestation, one platform sends a challenge information and random number to obtain one or more PCR values in order to validate the platform state. Each TPM has only an Endorsement Key (EK), issued by the TPM manufacturers, to identify the identity of the Trusted Platform. For security and privacy, EK does not directly support encryption or remote attestation. Instead, using the signature key AIK generated by EK and registered by PCA to achieve the remote attestation, the attestor signs the PCR with AIK and sends the signature and the corresponding measure attached log SML and AIK certificate to the challenger. Then, the challenger verifies the proof to guarantee the trust and security of the platform.

However, the proof protocol has some evident shortage. First, the protocol uses PCR to achieve the proof, which will expose the local platform configuration information (including hardware and software). Second, the proof protocol cannot guarantee the anonymity of attestor.

In recent years, Direct Anonymous Attestation (DAA) [18, 19] has been proposed as the protocol of remote attestation between platforms. The protocol has become part of TCG1.2 specification. DAA protocol is based on three entities, that is, the TPM platform, DAA signatory, and DAA verifiers. The DAA protocol consists of two steps. First, the signatory validates TPM platform and generates the DAA certificate for the TPM platform. Second, the TPM platform interacts with verifiers using the DAA certificate. By zero-knowledge proof, verifiers verify the DAA certificate without violating the premise of the platform privacy. However, since the DAA protocol has many times of zero-knowledge proof, which induces very large computational complexity, the DAA protocol is difficult to be a viable protocol.

A property-based attestation for computing platforms was introduced in [20]. A trusted third party converts the platform configuration information into the property certificates, which can avoid the leakage of information of platform. Based on [20], the paper in [21] proposed a protocol for property-based attestation. Property certificates corresponding to the platform configuration information are issued and managed by a trusted third-party CA; the protocol achieves anonymous proof by a series of complex interactions' agreement. However, lots of zero-knowledge proofs may induce a high complexity. Moreover, the trusted third party must know all of the platform status information, which is actually to transfer part of work of the verifiers to a trusted third party and to increase the burden of CA. The paper [19] proposed an anonymous protocol of remote attestation based on property certificates. Due to involvement of lots of interactions, the computational complexity is very large.

Remote attestation based on the TCCP has many defects. First, every proof involves the operation of TC, which aggravates the burden of TC. Second, the remote attestation cannot guarantee the anonymity of platform. To overcome these defects, we introduce a protocol based on trusted ring signature. In the protocol, the signature of both the public and the private keys is replaced with TPM signature key, so that the security of remote attestation is guaranteed by TPM. The proof does not directly require TC, and TC only provides a series of TPM signature public keys, which reduces the burden on TC. Trusted ring signature can guarantee unconditional anonymity of the signature party and protect the privacy of the platform.

2. Protocol Description

In this paper, the process of remote attestation consists of two steps. First, TC converts the platform configuration information PCR of computing nodes into property certificate. Second, computing nodes provide the property certificate for verifier by remote attestation. Figure 1 shows the interactions of the protocol.

2.1. Property Certificate Issue. The Trusted Computer (TC) is responsible for the issue of the property certificates of the corresponding computing nodes. TC has all of the property certificates of the platform, denoted as P = {[P.sub.1], ... , [P.sub.n]}. Let {[PCR.sub.1], ... , [PCR.sub.m]} denote all of the platform configuration information PCRs. We define the set C = {[C.sub.1] , .... , [C.sub.m]} as follows.

If the remote attestation of [PCR.sub.i] is verified as in [3, 4], then [C.sub.i] = 1. Otherwise, [C.sub.i] = 0. The map between property certificates and corresponding platform configuration information is defined as follows:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (1)

where [a.sub.ij] is 0 or 1 and [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII], then TC issues a property certificate [P.sub.i], which identifies a platform that has the property [P.sub.i]. Otherwise, TC issues the property certificate which indicates that the platform does not have the property [P.sub.i].

For example, if the computing node N involves the property certificate [P.sub.i], then computing node N requires a series of remote attestations of {[PCR.sub.j] | [a.sub.ij] = 1}. Then, TC issues property certificate [P.sub.i] in accordance with the above-described method and sends property certificate [P.sub.i] to TPM N securely.

We simplify the process as follows.

(1) TPMN checks the current PCR to determine whether it needs to start the process of generating the property certificates. If the current PCR is not equal to the PCR used to generate the latest property certificate by TC, TPM N start the process of generating the property certificates.

(2) TC sends the challenge [N.sub.T] PCRs to N.

(3) TPM N sends the result of the remote signature Sig[{PCR,[N.sub.T]}.sub.SK], PCR, SML to TC.

(4) TC uses PCR to generate the property certificates.

3. Anonymous Attestation Based on RSA

3.1. Attestation Execution. Before attestation, TPM generates a signature key (pk, sk); sk is stored by TPM and pk is registered by TC, so that TC stores all of the signature public keys of computing nodes in cloud computing. In the remote attestation, TC supports signature public keys required in the trusted ring signature. Let H: {0,1} * [right arrow] [{0, 1}.sup.k] be secure hash function. The process of remote attestation is as follows.

Let A be user and let B be cloud computing node; B provides remote attestation for A, and A verifies the attestation.

(1) A sends request for remote attestation and [N.sub.A] [member of] [{0, 1}.sup.k] to B.

(2) TPM B obtains t - 1 valid signature public keys [pk.sub.2], ... , [pk.sub.t] from TC. We assume that TPM B has signature key ([pk.sub.1], [sk.sub.1]).

(3) TPM B generates the signature of [P.sub.L] with [pk.sub.2], ... , [pk.sub.t]. Let D{data, K} denote decryption by K, and let E{data, K} denote encryption by K; TPM B chooses [N.sub.B], [r.sub.2], ... , [r.sub.t][member of] [{0, 1}.sup.k] and generates the signature as follows:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]. (2)

(4) B sends [pk.sub.1], ... , [pk.sub.t], [r.sub.1], ... , [r.sub.t], M, [P.sub.L] to A.

(5) A verifies the signature as follows:

[N.sub.B] = E {M, [sk.sub.A]},

[t.summation over (i=1)] D{[r.sub.i], [pk.sub.i]} = H([P.sub.L]| [N.sub.A][parallel] [N.sub.B]). (3)

(6) A verifies the property certificate [P.sub.L] and sends [N.sub.B] to B.

(7) B verifies [N.sub.B] to guarantee the success of the remote attestation.

Remark 1. Since [pk.sub.1], ... , [pk.sub.t] are different from each other, then, we can choose suitable [N.sub.B] to overcome this aforementioned shortcoming, because the protocol has requirement that [pk.sub.1], ... , [pk.sub.t] have the same bits, for example, 2048 bits.

3.2. Correctness. In the signature scheme, the signing and verifying are consistent with each other as follows:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]. (4)

3.3. Unconditional Anonymity. Ring signature scheme is characterized by anonymity. Let Sig = {[r.sub.1], ... , [r.sub.m]} be a valid ring signature for message m, and let [U.sub.i] be a member of the ring. Then [U.sub.i] can generate the ring signature. From the verification, we can obtain that the probability that the user distinguishes the signer is 1/t. So the scheme is unconditional anonymous.

3.4. Security Analysis. The security analysis is based on the Strong RSA Assumption. Strong RSA Assumption is a given RSA modulus, and a given random number z < N. It is difficult to find r, y(r > 1, y < N), satisfying [y.sup.r] = z.

The proof of security can be simplified as the following theorem.

Theorem 2. Assume that the attacker F with the ability of adaptive chosen message and identity can break our scheme by a nonnegligible probability [epsilon] within PPT time. Then, there exists an algorithm C, which can solve the problem of the Strong RSA Assumption by a nonnegligible probability [epsilon]' = O([epsilon]) within PPT time, where O([epsilon]) represents O([epsilon]) [greater than or equal to] k[epsilon], and k is a constant not dependent on [epsilon].

Proof. We assume that C is a challenger. The target of C is to obtain a solution of the Strong RSA Assumption by F.

(1) Setup. C runs the setup algorithm. C maintains t signature public keys [pk.sub.1], ... , [pk.sub.t]. Let [H.sub.1], [H.sub.2] be two random oracles, and the construction of the machine [H.sub.1], [H.sub.2] is listed as follows. C sends {[pk.sub.1], ... , [pk.sub.t],[H.sub.1],[H.sub.2]} to the attacker F as public parameters.

(2) Inquiring [H.sub.1]. C maintains a list [H.sup.L.sub.1] containing the array {[N.sub.Ai], [h.sub.i]}. C chooses [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] random numbers [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] as answers. When F inquires [H.sub.1]-value of [N.sub.Ai], C recovers {[N.sub.Ai], [h.sub.i]} from [H.sup.L.sub.1] and sends [h.sub.i] to F.

(3) Inquiring [H.sub.2]. C maintains a list of the array {[N.sub.Ai], [R.sub.i]}, [R.sub.i] = {[r.sub.2], ... , [r.sub.t]}. C chooses [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] random numbers [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] as answers. When F inquires [H.sub.2]-value of [N.sub.Ai], C recovers {[N.sub.Ai], [R.sub.i]} from [H.sup.L.sub.2] and sends [R.sub.i] to F.

(4) Inquiring Signature. C maintains a list of the array {[N.sub.Ai], [R'.sub.i]}, [R'.sub.i] = {[r.sub.1], ... , [r.sub.t]} = [r.sub.1] [union][R.sub.i]. When F inquires signature of [N.sub.Ai], C checks whether [N.sub.Ai] is in [H.sup.L.sub.1]. Then, C recovers {[N.sub.Ai], [R'.sub.i]} and sends [R'.sub.i] to F.

C simulates TPM, and the attacker F makes interaction with C. The output of C obeys the above strategy.

Then, F stops inquiring, and F generates a signature R' about [N.sub.A] ([N.sub.A] has never been asked) by simulating TPM, which meets Ver ([N.sub.A], [pk.sub.1], ... , [pk.sub.t], R') = 1. C recovers {[N.sub.A], h} from [H.sup.L.sub.1] and recovers {[N.sub.A], R} from [H.sup.L.sub.2]. Letting c = h - [[SIGMA].sup.t.sub.i=2][r.sub.i], we have [c.sup.pk] = [r.sub.1], which resolves the problem of Strong RSA Assumption.

It is easy to obtain that the probability that C successfully resolved the problem of Strong RSA Assumption is [epsilon]' = O([epsilon]). There is a question that c = h - [[SIGMA].sup.t.sub.i=2][r.sub.i] had been asked before the signature. However, by a simple analysis, we can obtain that the probability is [1/2.sup.[square root of k]], which can be omitted. So the probability that C successfully resolves the problem of Strong RSA Assumption is also [epsilon]'= O([epsilon]).

3.5. Efficiency. In our trusted ring signature scheme, there are three operations that are involved, such as nonsymmetric encryption, nonsymmetric decryption, and hash operations. Let E denote the nonsymmetric encryption operation, let D denote the nonasymmetric decryption operation, and let H denote hash operation. The efficiency of the signature is listed as follows.

In the remote attestation, the computing node conducts nonsymmetric encryption once, nonsymmetric decryption t many times, and hash operation once. Then, the total amount of calculation is E+(t-1)D+H, see Table 1.

Since the hash operation can be omitted with respect to the nonsymmetric operation, the amount of calculation of computing node can be simply represented by the nonsymmetric encryption E. By calculation, the total amount of calculation is approximately S = (1 + 4t/3n)E.

4. Anonymous Attestation Based on ECC

4.1. Attestation Execution. Let [G.sub.1], [G.sub.2] be defined as multiplicative group whose order is p, and g is the generator of [G.sub.1]. Bilinear map is [G.sub.1] x [G.sub.1] [right arrow] [G.sub.2], where e(g, g) = I. Let [x.sub.1], ... , [x.sub.n] be TPM signature private keys and let [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] be the corresponding TPM signature public keys.

Let A be user and let B be cloud computing node; B provides remote attestation for A, and A verifies the attestation.

(1) A sends request for remote attestation and [N.sub.A] [member of] [Z.sup.*.sub.q] to B.

(2) TPM B obtains t - 1 valid signature public keys [pk.sub.2], ... , [pk.sub.t] from TC. We assume that TPM B has signature key ([pk.sub.1], [sk.sub.1]).

(3) TPM B generates the signature of [P.sub.L] with [pk.sub.2], ... , [p.sub.kt]. TPMB chooses [r.sub.2], ... , [r.sub.t][member of] [Z.sup.*.sub.q] and generates the signature as follows:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (5)

(4) B sends [pk.sub.1], ... , [pk.sub.t], [s.sub.1], ... , [s.sub.t], [P.sub.L] to A.

(5) A verifies the signature as follows:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (6)

(6) A verifies the property certificate [P.sub.L].

This anonymous attestation is based on Boneh's ring signature scheme [20]. We obtain the analysis of the scheme as follows.

4.2. Correctness. In the signature scheme, the signing and verifying are consistent with each other as follows:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (7)

4.3. Unconditional Anonymity. Similar with anonymous attestation based on ECC, we can easily obtain that the probability that the user distinguishes the signer is 1/t. So the scheme is unconditional anonymous.

4.4. Security Analysis. The security analysis is based on the CDHI problem. CDHI problem is a given [g.sup.x] (x is unknown). It is difficult to calculate [g.sup.1/x]. Similar to Theorem 2, we can obtain the following theorem.

Theorem 3. Assume that the attacker F with the ability of adaptive chosen message and identity can break our scheme by a nonnegligible probability [epsilon] within PPT time. Then, there exists an algorithm C, which can solve the problem of the CDHI problem by a nonnegligible probability [epsilon]' = O([epsilon]) within PPT time, where O([epsilon]) represents O([epsilon]) [greater than or equal to] k[epsilon], and k is a constant not dependent on [epsilon].

4.5. Efficiency. In the remote attestation, the computing node conducts ECC 2t - 1 times and hash operation once. Then, the total amount of calculation is T = (2t-1) [??]+H, where [??] is the ECC encryption.

5. Formalized Proof of the Protocol

Here, we give the key exchange process of the protocol. Let [K.sub.TC_B] be the shared key between TC and TPM B, and let [K.sub.TC_A] be the shared key between TC and A; the target of this section is to obtain the shared key [K.sub.AB] between A and TPM B.The detailed process is listed as follows:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (8)

To guarantee the anonymity of B, the shared key [K.sub.AB] is actually a shared key between CM and A. A does not know that B is the signer.

Here, we use the Ban Logic [21] to obtain the formalized proof of the protocol.

Detailed description of the protocol is the following:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (9)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (10)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (11)

Assumption is as follows:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (12)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (13)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (14)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (15)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (16)

The credibility of TC is given as follows:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (17)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (18)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (19)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (20)

Freshness of random numbers is given as follows:

A|[equivalent to] # ([N.sub.A]), (21)

B |[equivalent to] # ([N.sub.B]), (22)

B |[equivalent to] # (N). (23)

Target of the protocol is the following:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (24)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (25)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (26)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (27)

Somerules of the Ban Logic applied in this paper are listed as follows:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (28)

P |[equivalent to] # (X) , P |[equivalent to] Q|~ X/P |[equivalent to] Q|[equivalent to] X, (29)

P |[equivalent to] Q|[right arrow] P, P |[equivalent to] Q|[equivalent to] X/P |[equivalent to] X, (30)

P |[equivalent to] X,P|[equivalent to] Y/P |[equivalent to] (X, Y), (31)

P |[equivalent to] (X, Y)/P |[equivalent to] X, (32)

P |[equivalent to] Q|[equivalent to] (X, Y)/P |[equivalent to] Q|[equivalent to] X, (33)

P |[equivalent to] Q|~ (X, Y)/P |[equivalent to] Q|~ X, (34)

P [??](X, Y)/P [??] X, (35)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (36)

P |[equivalent to] # (X)/P |[equivalent to] # (X, Y). (37)

Proof. From (9), we have

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (38)

From (13) and (27), we obtain

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (39)

It follows from (22) and (29) that

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (40)

By (22) and (33), we obtain

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (41)

By (18), (20), and (30), we have

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (42)

Then, (25) holds true.

It follows from (10) that

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (43)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (44)

By (13) and (27), we have

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (45)

It follows from (21) and (29) that

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (46)

By (18), (20), and (30), we obtain

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (47)

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (48)

By (17), (19), and (30), we have

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (49)

Then, (24) holds true.

With (44) and (49), we have

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (50)

It follows from (48) that

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (51)

Then,

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (52)

Then, (26) holds true.

From (10), we have

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (53)

By (27) and (42), we obtain

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (54)

Then, we have

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (55)

6. Scenario Comparison

Compared with anonymous attestation based on ECC, whose amount of calculation is T = (2t - 1) [??] + H, then we have

T/S = t[??]/(1 + 4t/3n)E = 3n[??]/4E x 2 - (1/t)/3n/4t + 1. (56)

Then, [lim.sub.t[right arrow][infinity]]T/S= 3n [??]/2E. So it means that if S > T, then [??] < 2E/3n which is hard to meet, since modern commercial ECC computing cannot have both a stronger security than RSA-2048 and a less calculation satisfying [??] < 2E/3n. So the anonymous attestation based on RSA has advantages with the growth of the ring numbers.

7. Conclusion

In this paper, we studied the anonymous remote attestation based on property certificate. We obtained property certificates by matrix replacement algorithm from platform configuration information and designed a trusted ring signature based on RSA Strong Assumption. By an analysis, the scheme is effective to resolve the security of cloud computing nodes. By simulation, we obtained the computational efficiency of the scheme. We also expand the protocol to the anonymous attestation based on ECC and give the scenario comparison between two schemes. However, in this paper, we only use the operation and deduce the property value, which has some limitations. So it is the next work to expand the scheme and make it more applicable.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

http://dx.doi.org/10.1155/2014/687158

Correspondence should be addressed to Zhen-Hu Ning; ning zhenhu@163.com

Received 17 December 2013; Accepted 3 February 2014; Published 25 March 2014

Academic Editor:Weifeng Sun

Acknowledgments

This work was partially supported by the program "Major Projects of the Wireless Mobile Communications" (2012ZX03002003), The Research Fund for the Doctoral Program (New Teachers), Ministry of Education of China (Grant no. 20121103120032), Humanity and Social Science Youth Foundation of Ministry of Education of China (Grant no. 13YJCZH065), Opening Project of Key Lab of Information Network Security of Ministry of Public Security (The Third Research Institute of Ministry of Public Security), China Postdoctoral Science Foundation, and General Program of Science and Technology Development Project of Beijing Municipal Education Commission of China.

References

[1] CCID, "White Paper of Chinese Cloud Computing Industry Development," http://tech.ccidnet.com/zt/.

[2] C.-L. Tsai and U.-C. Lin, "Information security of cloud computing for enterprises," Advances in Information Sciences and Service Sciences, vol. 3, no. 1, pp. 132-142, 2011.

[3] W. Dawoud, I. Takouna, and C. Meinel, "Infrastructure as a service security: challenges and solutions," in Proceedings of the 7th International Conference on Informatics and Systems (INFOS '10), pp. 1-8, March 2010.

[4] Microsoft Corporation, "Building a secure platform for trustworthy computing," White Paper, Microsoft Corporation, 2002.

[5] N. Santos, K. P. Gummadi, and R. Rodrigues, "Towards trusted cloud computing," in Proceedings of the USENIX Workshop on Hot Topics in Cloud Computing, San Diego, Calif, USA, 2009.

[6] C. Mundie, P. de Vries, P. Haynes, and M. Corwine, "Microsoft white paper on trustworthy computing," Tech. Rep., Microsoft Corporation, 2002.

[7] K. Goldman, R. Sailer, D. Pendarakis, and D. Srinivasan, "Scalable integrity monitoring in virtualized environments," in Proceedings of the 5th ACM Workshop on Scalable Trusted Computing (STC '10), pp. 73-78, Chicago, Ill, USA, October 2010.

[8] D. Safford, "Clarifying misinformation on TCPA," White Paper, IBM Research, 2002.

[9] D. Safford, "The need for TCPA," White Paper, IBM Research, 2002.

[10] Trusted Computing Group, TPM Main Specification, Main Specification Version 1. 2 Rev. 85, Trusted Computing Group, 2005.

[11] Trusted Computing Platform Alliance, Main Specification, Version 1.1b, 2002.

[12] T. C. Group, "TCG software stack specification," 2003, http://www.trustedcomputinggroup.org/.

[13] Trusted Computing Group, "TCG specification architecture overview, Specification Revision 1. 4," 2007

[14] Trusted Computing Group, "Trusted computing platform alliance (TCPA) main specification, Version 1. 1a. Republished

as Trusted Computing Group (TCG) main specification, Version 1.1b," 2001, http://www.trustedcomputinggroup.org/.

[15] E. Brickell, J. Camenisch, and L. Chen, "Direct anonymous attestation," in Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS '04), pp. 132-145, ACM, Washington, DC, USA, October 2004.

[16] Trusted Computing Group, "TPM main specification, main specification Version 112 revision 94," 2006, http://www.tmstedcomputinggroup.org/.

[17] A.-R. Sadeghi and C. Stuble, "Property-based attestation for computing platforms: caring about properties, not mechanisms," in Proceedings of the New Security Paradigms Workshop, pp. 67-77, Virginia Beach, Va, USA, September 2004.

[18] L. Chen, R. Landfermann, H. Lohr, M. Rohe, A.-R. Sadeghi, and C. Stuble, "A protocol for property-based attestation," in Proceedings of the 1st ACM Workshop on Scalable Trusted Computing, pp. 7-16, Alexandria, Va, USA, November 2006.

[19] D. J. Luo, "Efficient certificatieless anonymous attestation to trusted cloud coputing platforms," International Journal of Advancements in Computing Technology, vol. 4, no. 17, 2012.

[20] D. Boneh, C. Gentry, B. Lynn et al., "Aggregate and verifiably encrypted signatures from Bilinear maps," in Advances in Cryptology: Proceedings of Enrocrypt, pp. 416-432, Springer, Heidelberg, Germany, 2003.

[21] M. Burrows, M. Abadi, and R. Needham, "Logic of authentication," ACM Transactions on Computer Systems, vol. 8, no. 1, pp. 18-36, 1990.

Zhen-Hu Ning, (1) Wei Jiang, (1,2) Jing Zhan, (1) and Peng Liang (1)

(1) College of Computer Science, Beijing University of Technology, Beijing 100124, China

(2) School of Computer, National University of Defense Technology, Changsha 410073, China

TABLE 1: The efficiency of the signature. E D H Amount of calculation of the 1 t- 1 1 computing node Amount of calculation of the user 0 t 1

Printer friendly Cite/link Email Feedback | |

Title Annotation: | Research Article |
---|---|

Author: | Ning, Zhen-Hu; Jiang, Wei; Zhan, Jing; Liang, Peng |

Publication: | Journal of Electrical and Computer Engineering |

Article Type: | Technical report |

Date: | Jan 1, 2014 |

Words: | 4654 |

Previous Article: | Design of a traffic-aware governor for green routers. |

Next Article: | A low leakage autonomous data retention flip-flop with power gating technique. |

Topics: |