| Networks suffer from different attacks and threats.It is essential to understand the security or trust status of network and devices according to security data such as network behaviors.Network trust management is a cyclic process of data collection,trust evaluation and trust relationship maintenance.Networks can be divided into networks without a trusted center and networks with a trusted center.We will face large-scale heterogeneous integrated networks in the future.In networks with a trusted center,this center might suffer from attacks and the single point of failure,thus becoming not fully trusted.Thus,we conduct research on decentralized network trust management.However,decentralized network trust management has several problems in security data collection,trust evaluation and trust management.First,data collection lacks secure decentralized incentives in decentralized scenarios.Second,network trust evaluation should achieve decentralization,privacy preservation and incentives,but there are currently no network trust evaluation frameworks that satisfy these requirements simultaneously.Third,in heterogeneous integrated networks of decentralized scenarios,inter-domain trust management does not consider privacy preservation.In addition,there exists a problem of weak inter-domain trust synchronization.In order to address the aforementioned problems,this Ph D thesis proposes corresponding solutions.In summary,this thesis’ s contributions are described as follows:(1)In order to provide incentives for data collection in decentralized network scenarios,we design a decentralized security data collection system,called B4SDC(A Blockchain system for Security Data Collection).Through controlling the scale of route discovery and allowing forwarders to upload their receipts(i.e.,received messages)on blockchain,we can constrain the amount of payment of collector,ensure fairness to the forwarders and avoid collusion attacks.Meanwhile,a secure digital signature is adopted to resist spoofing attacks.Nodes are allowed to accumulate stakes through message forwarding,and we propose a novel proof-of-stake based consensus mechanism.It not only offers incentives for all participating nodes,but also avoids blockchain forking and guarantees high efficiency and real decentralization.(2)In order to simultaneously achieve the decentralization,privacy preservation and incentive provision of network trust evaluation,we design a decentralized privacy preserving network trust evaluation framework,called Se DID(An SGX-enabled Decentralized network trust evaluation framework based on Intrusion Detection).We propose a new consensus mechanism,which can prevent blockchain from forking and ensure the efficiency and decentralization of consensus.The number of blocks that a miner has created within a recent period determines the miner’s difficulty of block creation.According to nodes’ contributions,we design a reward distribution algorithm in order to incent data collection and trust evaluation.Intel SGX(Software Guard Extension)is employed to preserve data and pattern privacy,thus the disclosure of sensitive data can be avoided.(3)In order to preserve privacy in inter-domain trust management and synchronize trust values across multiple domains in an efficient way,we propose pseudonym and trust value management for heterogeneous integrated networks,called De PTVM(Decentralized Pseudonym and Trust Value Management for integrated networks).In inter-domain networking,different network operators jointly maintain a list of <pseudonym,trust value>pairs by employing trust obfuscation and verifiable shuffling based on blockchain in order to simultaneously support anonymous trust evaluation and pseudonym unlinkability. |
PDF Full Text Request