A Model of Trusted Measurement Model

A model of Trusted Measurement supporting behavior measurement based on trusted connection architecture (TCA) with three entities and three levels is proposed, and a frame to illustrate the model is given. The model synthesizes three trusted measurement dimensions including trusted identity, trusted status and trusted behavior, satisfies the essential requirements of trusted measurement, and unified the TCA with three entities and three levels.


Introduction
Trusted measurement is a complicated security mechanism, which involves a wide range of factors while the measurement methods are varied.Many scholars have conducted extensive research on it.In the paper [1][2][3][4][5][6], a famous formal trusted calculation model is proposed for the first time, and this model can accurately describe the trust, but because of the complexity which makes it difficult to be widely used.In the paper [5][6][7][8][9][10][11][12][13][14][15][16][17], the PTM model is supported by the European IST FP6, reflects that trusted derivation and trusted evolution are strict punitive, and well reflects the trust degree changes dynamically with the change of time and context.With the good computing performance and strong scalability, yet the model can't adapt to different application scenarios.In the paper [18][19][20], Hassan et al proposed another trusted measurement model, which is based on vector and establishes a mathematical model with some uncertainty.Because of the introduction of trust, history, time and so on, this model makes significant progress when comparing with other models.
It has dynamic adaptability, has certain defenses against malicious behavior, but lacks of corresponding risk assessment mechanism.In the paper [21][22][23][24], Sun et al proposed a trust model based on entropy.On the basis of the fact that the nature of the uncertainty of trust relationship can be displayed according to the entropy in the information theory, the model can reflect the global trust degree by the trust chain transfer and update the trust dynamically.But Sun didn't give a specific mathematical model explicitly while the definition of the behavior was ambiguous.This paper presents a unified reliability model, which synthesizes three trusted measurement dimensions including trusted identity, trusted status and trusted behavior and extends the trusted measurement mechanism at present.The model bases on identity measurement and status measurement, regards the behavior measurement as the core, and carries out the comprehensive measurement for the status and identity of access requesters by the feedback of behavior.( , , ) BM SD Data EV , in which SD indicates the identity of sender and receiver, Data is the content of the behavior, EV is the environment of the behavior.The identity measurement model

The measurement model supporting behavior measurement
In trusted network, the identity measurement focuses on the authentication of access requesters and the verification of authorization data, and the identity authentication comprises non anonymous authentication and anonymity authentication.
Then non anonymous and anonymous authentication algorithm are described separately as follows.

Platform authentication
(1) The establishment of parameters: suppose ( , ) Ga Gb is a pair of bilinear group, 1 G and 2 G are both cyclic group, the given bilinear map is : e Ga Ga Gb u o , ga and gb are the generators of Ga and Gb respectively, the as private key of system and s Pks ga as public key, finally the public parameter of system is ( 1, 2, , , , , ) G G ga gb p Pks H .
(2) The key generation: the trusted cyber requesters select * x RZ P where x is the private key of requesters, then calculate x IDPK ga which is regarded as public key of identity for requesters, send ID of requesters and IDPK to the managers of trusted network policy.After that, the managers register users according to ID and

IDPK
x IPK ga , meanwhile, issue a certificate including ID and IDPK to the requesters, then managers calculate s I IDPK .(4) Since the legitimacy of identity of requesters has been judged, the requesters and managers will consult with a common session key K.Then, the managers encrypt K and the public key of TMP and sent them to users.The requesters encrypt users and authorization data by using K to send to server.The managers can complete the identity authentication of the requesters by verifying their authorization data.Finally the requesters and the managers can carry on the data transmission through the session key.

GCMM matecconf/201 4023
The security of the algorithm can be proved through that constructs an attacker A to interact with the IPK owner C, and then pretends to be C. Construct a function F which is the attacker of K-CCA hard problem, that is, this function knows the set of data as .The function F treats A as its own call subroutine, and simulates the honest IPK owners to produce the corresponding A.

Platform authentication
(1) The establishment of parameters: suppose , Ga Gb is large prime number multiplication group of P order, g is the generator of a G , the bilinear pairing is ( , ) ( The key generation: the trusted cyber requesters select * R P x Z and compute x PK g , make PK as public key of user platform, and request certificates from the managers of certified trusted network policy, which include platform identity and public key. (3) Authentication: At first the trusted cyber requesters send PK to the managers of certified trusted network policy, then the managers select

Security analysis
Authentication security depends on the security of platform identity authentication, so the following will analyze the security of the platform identity authentication process.The security of the algorithm can be proved through that constructs an attacker A to interact with the PK owner C, and then pretends to be C. Construct a function F which is the attacker of K-CCA hard problem, that is, this function knows the set of data as

.. } k k x h l x h l x h l x k k p p h h h Z l l l Z g g g g g
. The function F treats A as its own call subroutine, and simulates the honest PK owners to produce the corresponding A.
Therefore in the stage of the identity authentication, firstly we should verify the legitimacy of PI, and then the trusted cyber policy manager will generate a session key K, use the PK of requesters to encrypt session key K, send the encrypted K to requesters.The requesters encrypt the user identity UI and authorization data AUD by using the session key K to managers, who will verify whether the authorization data is legal, and if so, the authentication will be passed.

The status measurement model
Current research on the platform status measurement including integrity measurement for TCG, based on this, this paper proposed the network connection method to measure the status of the access requesters.When an access requester successfully has passed identity measurement, he will go on the status measurement.The status measurement is conducted firstly according to security policy for trusted network management strategy, then according to the users' authorization data for real time status measurement.The status measurement process is described in detail as follows.

.. [ ]} TPCR TPCR TPCR
TPCR n as the PCR of basic trusted configuration elements of requesters, the network service providers keep the requesters' desired configuration indicated as PCR n , the measure result function is defined as MRbt , whose description is as follows: , the measure result of requesters' basic trusted configuration conform to the security policy on trusted network server end.

The real time status measurement
The most important thing of real time measurement for network requesters is to confirm whether the network request process is malicious.Here we refer to malicious code measurement method to confirm whether the network request process is malicious.The most typical method to determine malicious code is static and the method has been widely used in all kinds of antivirus software, however, as the most serious defects, this method can't judge variant or unknown malicious code accurately.
The real time status of network requesters is the real time status of N processes of recorded access requesters, because of some shared characteristics of malicious processes such as unauthorized access of Trojan, virus self-replication and tampering with files, Worm network attacks, etc.Real time status measurement is mainly to measure the malicious process of the trusted network requesters, so the definition of the malicious degree of the network requesters' processes can confirm whether the real time status is credible.Suppose BQ indicates the malicious degree of processes, { [1], [2]....... [ ]} BQ bq bq bq m indicates the malicious degree of each process, the trusted network service providers set the set of permissions.
, the measure result of requesters' basic trusted configuration conform to the security policy on trusted network server end.

The behavior measurement model
The description is represented by the following quintuple ( , , ) M SID IPM BM .This paper will introduce the relationship between identity, status and behavior, and the feedback effect of behavior on identity and state.
Suppose in the time of T ' , if the behavior measurement of network requesters is trusted, the trusted network policy manager can improve the permission for user's access and modify the user's authorization data.The results of behavior measurement can change the user's identity and status information.Behavior feedback on identity information is mainly refers to the access permissions and authorization data information in the network access control mechanism, and the behavior is defined as feedback behavior.Besides, the behavior of requesters can be categorized as trusted and non-trusted behavior (Including threat and malicious behavior).The behavior has a feedback effect on the identity and state of network request, such as in a given period of time T ' , if network policy devices are trusted for the measurement on identity, status, behavior of requesters, then the trusted network policy manager can improve the permission for user's access and modify the user's authorization data.Whether it is trusted can be judged by the behavior feedback function F, which is defined as follows: ( , , ) ( , , ) F SID IPM BM True SID IPM BM

Conclusion
In view of the current state that trusted measurement mechanism lack of systematic measurement model and are based on static integrity, a multidimensional unified reliability model named UTM is proposed in this paper.And the model established unified measure relationship in trusted network through integrating trusted measure elements such as identity, status, behavior, etc.The model is a combination of static and dynamic measurement and an integration of multidimensional elements.With characteristics such as fine granularity, dynamic, behavioral measurement and so on, the model can provide the basis to develop a more fine-grained security policy.The model is based on the TCA with three entities and three levels, and the measurement method is easy to be integrated.

( 3 )
Authentication: At first the trusted cyber requesters send IDPK to the managers of certified trusted network policy, then the managers select * r RZ P to the requesters who calculate 1 x r T ga and sent it to managers back.Finally, the managers determine whether the requesters are legal by checking whether ( , ) ( , ) r e T Iga e ga ga is OK.
P e R g PK I .

2 (
to managers back.Finally, the managers determine whether the platform is legal by checking whether