Basic Search / Detailed Display

Author: 劉政宗
Cheng-Tsung Liu
Thesis Title: 適用於雲端環境且以身份為基礎之確保責任歸屬帳務協定
An Accountable Identity-based Billing Protocol for Cloud Environment
Advisor: 羅乃維
Nai Wei, Lo
Committee: 吳宗成
Tzong Chen, Wu
左瑞麟
Ray Lin, Tso
Degree: 碩士
Master
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2014
Graduation Academic Year: 102
Language: 英文
Pages: 62
Keywords (in Chinese): 雲端運算身份為基礎之加密系統身份辨識責任歸屬
Keywords (in other languages): Cloud computing, Identity-based cryptosystem, Authentication, Accountability
Reference times: Clicks: 287Downloads: 4
Share:
School Collection Retrieve National Library Collection Retrieve Error Report
  • 雲端運算是許多公司IT基礎設施的選擇,雲端運算提供商在客戶需要之時提供按使用量計價特性的服務。根據此特性,雲端運算提供商處理資源使用記錄時必須要提供一套安全並合理的作法。否則客戶在使用雲端服務的帳單很可能會不正確,並且難以追蹤問題的來源。因此,一套健全的帳務協定是非常重要的,並且其必須要包括以下幾種需求:在安全且有效率的身分驗證機制下傳輸訊息;帳務交易流程中必須參與者相互驗證服務規格的機制;並且在協定下的記錄資訊必須在可追究責任與不可否認的特性下儲存。
    在本篇論文中,我們設計出一套以身份為基礎之確保責任歸屬的帳務架構來解決上述的限制。我們加入以身份為基礎的加密機制到我們的協定來確保訊息交換的安全性與金鑰管理效率。我們在協定中也加入了可信的第三方稽核者來完成驗證機制。並且我們採用了可信賴平台模組中的證據資料來提供保證不可被竄改的記錄資訊機制。我們認為我們提出的這套適用於雲端環境的帳務協定可以有效的增加雲端服務產出帳單的可靠性。


    Cloud computing is becoming a widespread adoption of company’s IT infra-structure. Cloud computing providers offer the service when the customer needs them which is based on a pay-per-use basis. According to the basis, the cloud computing provider must make sure the log of cloud resources usage is recorded in a reasonable and secure way. Otherwise, the monthly bill which charged with the customer may be incorrect and makes difficult for the customer and the provider to reason why and how the disputed expense incurred. Hence, a robust billing protocol is vital for cloud computing environment. This environment requires several requirements: (1) the billing transaction, which including several message exchanges, needs a secure and efficient authentication mechanism; (2) the whole process for billing transaction must involves a mutual participants verification mechanism for the consistency of service specification; and (3) all of the logs in the protocol must store in an accountability and non-repudiation way.
    Our research goal in this paper is to design a feasible approach for accountable identity-based billing protocol to support these requirements: (1) we implement the identity-based encryption into our protocol to keep the message exchanging secure and efficient. (2) We added a trusted third party auditor which performs the verifica-tion mechanism for resolving the disputes. (3) Also, we adopt a trusted platform mod-ule which generating the attestation data to provide a non-tamper guaranteed log mechanism. Hence, we think that our proposed billing protocols are well-suitable for cloud environment, and significantly improve the reliability of monthly billing.

    中文摘要 I Abstract II 誌謝 III Contents IV List of Figures V List of Tables VI Chapter 1 Introduction 1 Chapter 2 Related Work 5 2.1 Billing Systems 6 2.2 Security Concern for Billing 8 2.3 Accountability 9 Chapter 3 The Proposed Protocol 11 3.1 Overview 11 3.2 Notations 14 3.3 Proposed Billing Protocol 16 3.3.1 Phase 1: The Preliminary 18 3.3.2 Phase 2: The Transaction Hash Chain Creation and Registration 19 3.3.3 Phase 3: Billing Transaction 20 3.4 Monitoring Techniques 24 3.5 Verification Mechanism 26 3.6 Monthly Invoice Generation 31 Chapter 4 Protocol Analysis 36 4.1 Security Analysis 36 4.2 Performance Analysis 40 4.3 Discussion 43 4.3.1 The concern of actual deployment 43 4.3.2 The concern of adopting other encryption algorithms 44 4.3.3 The concern of scalability in our protocol 44 Chapter 5 Conclusion 46 References 47

    [1] Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008, November). Cloud computing and grid computing 360-degree compared. In Grid Computing Environments Work-shop, 2008. GCE'08 (pp. 1-10). Ieee.
    [2] Mell, P., & Grance, T. (2009). The NIST definition of cloud computing. National Institute of Standards and Technology, 53(6), 50.
    [3] Haeberlen, A. (2010). A case for the accountable cloud. ACM SIGOPS Operat-ing Systems Review, 44(2), 52-57.
    [4] Medvinsky, G., & Neuman, C. (1993, December). NetCash: A design for practi-cal electronic currency on the Internet. In Proceedings of the 1st ACM confer-ence on Computer and communications security (pp. 102-106). ACM.
    [5] Barmouta, A., & Buyya, R. (2003, April). Gridbank: A grid accounting services architecture (gasa) for distributed systems sharing and integration. In Parallel and Distributed Processing Symposium, 2003. Proceedings. International (pp. 8-pp). IEEE.
    [6] Foster, I., Kesselman, C., Tsudik, G., & Tuecke, S. (1998, November). A security architecture for computational grids. In Proceedings of the 5th ACM conference on Computer and communications security (pp. 83-92). ACM.
    [7] Ruiz-Agundez, I., K Penya, Y., & G Bringas, P. (2010, October). A taxonomy of the future internet accounting process. In ADVCOMP 2010, The Fourth Interna-tional Conference on Advanced Engineering Computing and Applications in Sciences (pp. 111-117).
    [8] Hirsh, D., Mills, C., & Ruth, G. R. (1991). Internet accounting: background.
    [9] da Silva, F. A. P., Neto, P. A. D. M. S., Garcia, V. C., Assad, R. E., & Trinta, F. A. M. (2012). Accounting models for cloud computing: A systematic mapping study. In Proceedings of 8th International Conference on Grid Computing and Applica-tions (GCA).
    [10] Litzkow, M. J., Livny, M., & Mutka, M. W. (1988, June). Condor-a hunter of idle workstations. In Distributed Computing Systems, 1988., 8th International Con-ference on (pp. 104-111). IEEE.
    [11] Buyya, R., Abramson, D., & Giddy, J. P. (2000, May). Nimrod/G: An architec-ture for a resource management and scheduling system in a global computational grid. In High Performance Computing in the Asia-Pacific Region, 2000. Pro-ceedings. The Fourth International Conference/Exhibition on (Vol. 1, pp. 283-289). IEEE.
    [12] Kwon, O. K., Hahm, J., Kim, S., & Lee, J. (2004, June). GRASP: a grid resource allocation system based on OGSA. In High performance Distributed Computing, 2004. Proceedings. 13th IEEE International Symposium on (pp. 278-279). IEEE.
    [13] IBM Tivoli Usage and Accounting Manager V7. 1 Handbook. IBM, International Technical Support Organization, 2008.
    [14] Dahan, M., Roberts, E., & Boisseau, J. (2007, November). TeraGrid User Portal v1. 0: Architecture, Design, and Technologies. In International Workshop on Grid Computing Environments.
    [15] Dai, X., & Grundy, J. (2007). NetPay: An off-line, decentralized micro-payment system for thin-client applications. Electronic Commerce Research and Applica-tions, 6(1), 91-101.
    [16] Bellare, M., Garay, J. A., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., ... & Waidner, M. (2000). Design, implementation, and deployment of the iKP se-cure electronic payment system. Selected Areas in Communications, IEEE Jour-nal on, 18(4), 611-627.
    [17] Patil, V., & Shyamasundar, R. K. (2005). E-coupons: an efficient, secure and delegable micro-payment system. Information Systems Frontiers, 7(4-5), 371-389.
    [18] Rivest, R. L., & Shamir, A. (1997, January). PayWord and MicroMint: Two sim-ple micropayment schemes. In Security Protocols (pp. 69-87). Springer Berlin Heidelberg.
    [19] Park, K. W., Han, J., Chung, J., & Park, K. H. (2013). THEMIS: A Mutually ver-ifiable billing system for the cloud computing environment. Services Computing, IEEE Transactions on, 6(3), 300-313.
    [20] RSA Data Security, Understanding Public Key Infrastructure (PKI) An RSA Data Security White Paper. Retrieved from ftp://ftp.rsa.com/pub/pdfs/understanding_pki.pdf.
    [21] Shamir, A. (1985, January). Identity-based cryptosystems and signature schemes. In Advances in cryptology (pp. 47-53). Springer Berlin Heidelberg.
    [22] Boneh, D., & Franklin, M. (2001, January). Identity-based encryption from the Weil pairing. In Advances in Cryptology—CRYPTO 2001 (pp. 213-229). Springer Berlin Heidelberg.
    [23] Du, H., & Wen, Q. (2007, December). An efficient identity-based short signature scheme from bilinear pairings. In Computational Intelligence and Security, 2007 International Conference on (pp. 725-729). IEEE.
    [24] Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., & Molina, J. (2009, November). Controlling data in the cloud: outsourcing computation without outsourcing control. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 85-90). ACM.
    [25] Raj, H., Robinson, D., Tariq, T. B., England, P., Saroiu, S., & Wolman, A. (2011). Credo: Trusted Computing for Guest VMs with a Commodity Hypervisor. Tech-nical Report MSR-TR-2011-130, Microsoft Research.
    [26] Haeberlen, A., Aditya, P., Rodrigues, R., & Druschel, P. (2010, October). Ac-countable Virtual Machines. In OSDI (pp. 119-134).
    [27] Ko, R. K., Jagadpramana, P., & Lee, B. S. (2011, November). Flogger: A file-centric logger for monitoring file access and transfers within cloud compu-ting environments. In Trust, Security and Privacy in Computing and Communica-tions (TrustCom), 2011 IEEE 10th International Conference on (pp. 765-771). IEEE.
    [28] Wongthai, W., Rocha, F. L., & van Moorsel, A. (2013, March). A Generic Log-ging Template for Infrastructure as a Service Cloud. In Advanced Information Networking and Applications Workshops (WAINA), 2013 27th International Conference on (pp. 1153-1160). IEEE.
    [29] Macko, P., Chiarini, M., Seltzer, M., & Harvard, S. E. A. S. (2011). Collecting provenance via the Xen hypervisor. In 3rd USENIX Workshop on the Theory and Practice of Provenance.
    [30] Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., & Boneh, D. (2003, October). Terra: A virtual machine-based platform for trusted computing. In ACM SIGOPS Operating Systems Review (Vol. 37, No. 5, pp. 193-206). ACM.
    [31] Curry, S., Darbyshire, J., Fisher, D. W., Hartman, B., Herrod, S., Kumar, V., ... & Wolf, D. E. (2010). Infrastructure security: Getting to the bottom of compliance in the cloud. RSA Security Brief.
    [32] "ISO/IEC 11889-1:2009" . ISO.org. International Organization for Standardiza-tion. Retrieved 29 November 2013.
    [33] Azab, A. M., Ning, P., Wang, Z., Jiang, X., Zhang, X., & Skalsky, N. C. (2010, October). HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM conference on Computer and commu-nications security (pp. 38-49). ACM.
    [34] Ye, L., Zhang, H., Shi, J., & Du, X. (2012, December). Verifying Cloud Service Level Agreement. In Global Communications Conference (GLOBECOM), 2012 IEEE (pp. 777-782). IEEE.
    [35] Sekar, V., & Maniatis, P. (2011, October). Verifiable resource accounting for cloud computing services. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (pp. 21-26). ACM.
    [36] Trusted Computing Group. TPM specifications version 1.2. Retrieved from https://www.trustedcomputinggroup.org/downloads/specifications/tpm/tpm.
    [37] Choi, S., Han, J., Lee, J., Kim, J., & Jun, S. (2008). Implementation of a tcg-based trusted computing in mobile device. In Trust, Privacy and Security in Digital Business (pp. 18-27). Springer Berlin Heidelberg.
    [38] Sailer, R., Zhang, X., Jaeger, T., & Van Doorn, L. (2004, August). Design and Implementation of a TCG-based Integrity Measurement Architecture. In USE-NIX Security Symposium (Vol. 13, pp. 16-16).
    [39] Rotondo, S. A. (2011). Trusted Computing Group. Encyclopedia of Cryptog-raphy and Security, 1331-1331.

    QR CODE