Study On Trustworthiness Analysis And Enhancement Method For Virtual Instrument Network Measurement And Control System

Trust enhancement is important means for measurement and control systems to work properly with high credibility. Subject selection of this dissertation has great academic value and realistic significance. The research work obtains financial support from Industry Academy Research Project of Education Ministry, Guangdong Province High Level Talent Project and Guangzhou Science and Technology Planning Project.We reviews advance of VINMCS related fields, including integrity enhancement,identity authentication, access control and trustworthiness evaluation in this paper. Based on that, we propose research direction and contents of VINMCS trust enhancement. The main work includes the following parts:First, by analysis of VINMCS framework and trust modeling methods, we present a trustable VINMCS framework. In the light of trustworthiness VINMCS objective, trust enhancement design is incorporated into system modeling, and formalized benefit model for menace is constructed. From the model, we recognize that measures, such as reduction of probability λ of manipulating measurement results by exploiting system vulnerabilities, declination of severity θ of system faults, improvement of detection rate δ of attack behavior and enlargement of punishment dynamics ρ, are all approaches for improvement of system trustworthiness. In the light of trust evaluation regulations, we put up with an evaluation approach. We integrate proofs, from formalized proof, design assessment and trust testing, to obtain trust values of function attributes, and then compute trust value of trust technology and the whole system. It is more applicable to differing evaluating objective.Then, based on systematical investigation of integrity verification and enhancement for field nodes, we raise an integrity verification method by randomization of constant property set. The application server randomly chooses a small part of constant properties for computing checksum, lessening the burden of deploying node secrets and protecting their confidentiality. Integrity identification codes vary in a random pattern, preventing from behavior like replay, guessing and forging codes from lookup. We also put up with An improved SHA1-based Hash algorithm for generating Integrity identification codes of field nodes. By use of initial variables with enhanced randomization and an intersect two-pipe iteration structure, the algorithm has its mean value randomization to drop from80.3583to80.0107, even closer to the ideal number80than SHA-1algorithm. Therefore, it can resist attacking behavior of forging plain text by conflict prefix, making attacking more difficult. We also explore trust chain transferring, API Hook and, extended trust platform module ETPM, use them to carry on software integrity enhancement, verification and upgrading protection for the application server.Next, we explore identity authentication and access control methods for VINMCS. We design a framework for authentication and access control and put forward A USBKey-based two-secret authentication scheme. With randomized fresh identity credential produced from nTbit time stamp T1and identity credential V1, the scheme has a much lower cracking probability which is only1/2nTof that of PKI-based scheme, with security reaching the level of hardware-based two-factor scheme. We bring about an access control enhanced method with support property-based multilevel protection, enforcing a higher-level protection on critical modules and data information. The method satisfies the requirement of JJF1182-2007specification for software protection, with overhead brought by access inspection of as low as1.5%~3.5%.Besides, we carry out a systematic study of VINMCS trust evaluation methods and propose a trust evaluation framework for VINMCS, which divided trust evaluation process into3stages of trust proof collection, trust proof quantification and evaluation aggregation. The research group explores a multisource trust proof collection and quantification method. Compared with traditional single-source methods, it reflects more accurately trust validity of enhancement technology, menace-resistant capabilities and trust state of VINMCS during its regular working period. We discuss an abstract-operator-based VINMCS trust value fuzzy aggregation algorithm. The fuzzy aggregation formulae are derived using abstract operator and, which can adjust effects of property trust value on trust values of trust function and the whole system, and thus can be used for multiple trust evaluation needs.Finally, the team carried application experiments and analysis of trustable VINMCS. We perform trust enhancement approaches for air-quality monitor platform under the internet of things implemented and trust evaluation operations. Field node terminals collect constant property values of monitor devices and theirselves, and produce dynamically changing fresh integrity proofs. The integrated service platform performs PKI authentication on field nodes and USB-based PKI authentication on users, strengthening trustability of field nodes and user identity. We design a tamper-resist storage terminal device by use of security microprocessor chip, reinforcing protection on critical data. We also developed a USB-based metrology-support device, with MCU as its hardware structure core unit, and a dedicated hardware encryption for increasing the efficiency of encryption, decryption, signature and verification. Thus two-way PKI-based identity authentication is implemented in the device, satisfying the requirement of measurement and calibration institutions for verification of virtual instrument.