J. of university of anbar for pure science : Vol.6:NO.

2 : 2012

ISSN: 1991-8941

Trusted Cloud Computing

Sufyan T. Faraj * Waleed K. Awad* Kashif Kifayat **
University of Anbar - College of Computer
LJMU - School of Comp. & Math.Liverpool, UK .

Abstract: Cloud computing is a new consumption and delivery model for IT services. The cloud has
become an attractive platform for enterprises to deploy and execute their business services for business to
business (B2B) and government to government (G2G) collaborations, etc. There are many concerns about
cloud computing especially in terms of security, privacy and trust. These main issues have prevented
businesses from fully accepting cloud platforms. Cloud computing demands three primary security
requirements: confidentiality, integrity, and availability. In this paper we discuss some these issues by
reviewing a recently proposed model [1] that interestingly handles secure messaging among services
deployed within the same cloud or on different clouds. Then, we report on our ongoing work which is
based on enhancing and developing this model. This is mainly achieved by adding a new service layer
which is responsible for offering a high level of trust between collaborative parties. The added layer
facilitates the integration of this model with the Public-Key Infrastructure (PKI). The main objective of the
developed model is to increase the trust of the whole system by preventing any unauthorized party from
joining the connectivity service. Indeed, our system can prevent any involved organization from launching
masquerade attacks.

Keywords-authentication service; Business to Business; cloud computing; PKI; security; trust

INTRODUCTION other cloud clients and to fulfill confidentiality

Cloud computing can be considered as and integrity demands. Moreover, since the IT
one of the latest developments in the Internet. No infrastructure well be under control of the cloud
one really yet knows exactly where it is going or provider, the customer has not only to trust the
what the cloud will cover. It is expected that security mechanisms and configuration of the
users will rent applications, software, and others cloud provider, but also the cloud provider itself.
as a services. Clients will not need to have In general, important requirements of cloud
computer with special properties such as clients are that their data is processed in a
(sophisticated hardware, minimal OS, etc.) confidential way (confidentiality), and that their
because the processing power and storage will data and computation is processed in the
move from client hardware to centralized expected way and has not been tampered with
infrastructures. Many users, enterprises and other (integrity and verifiability). Secure outsourcing
organizations will not need to store and operate of arbitrary computation and data storage is
large amounts of data. Using cloud computing particularly difficult to fulfill if a cloud client
users, enterprises, other organizations, and even does not trust the cloud provider at all [3].
governments can store and operate this huge Voas and Zhang [4] discussed that there
amount of data in the cloud. Cloud providers can have been six main phases of computing
provide unlimited storage (e.g. S3) and parallel paradigms, from dummy terminals/mainframe, to
computing resources (e.g. EC2) [2]. PCs, networking computing, to grid and cloud
While sharing IT infrastructure in cloud computing. In phase 1, many users shared
computing is cost-efficient and provides more powerful mainframe using dummy terminals. In
flexibility for the clients, it introduces security phase 2, stand-alone PCs became powerful
risks organizations have to deal with. This is enough to meet the majority of user’s needs. In
necessary so that they can isolate their data from phase 3, PCs, laptops and servers were connected
J. of university of anbar for pure science : Vol.6:NO.2 : 2012

together through local networks to share computing in different way. However, generally
resources and increase performance. In phase 4, we can define cloud computing as a technology
local networks were connected to other local that uses the internet and central remote servers
networks forming a global network such as the to maintain data and applications. Cloud
Internet to utilize remote applications and computing allows consumers and businesses to
resources. In phase 5, grid computing provided use applications without installation and access
shared computing power and storage through a their personal files at any computer with internet
distributed computing system. In phase 6, cloud access.
computing further provides shared resources on According to the U.S. National Institute
the Internet in a scalable and simple way. of Standards and Technology (NIST), cloud
Comparing these six computing computing can also be defined as "a model for
paradigms, it looks like that cloud computing is a enabling convenient, on-demand network access
return to the original mainframe computing to a shared pool of configurable computing
paradigm. However, these two paradigms have resources (e.g., networks, servers, storage,
several important differences. The most applications, and services) that can be rapidly
important difference is that mainframe provisioned and released with minimal
computing offers finite computing power, while management effort or service provider
cloud computing provides almost infinite power interaction". [6]
and capacity. In addition, in mainframe
computing dummy terminals acted as user
interface devices, while in cloud computing
powerful PCs can provide local computing
power and cashing support [4].
Cloud Computing represents one of the
most significant shifts in information technology
that are likely to see fast growth. A Cloud can be
viewed as a type of parallel and distributed
system consisting of a collection of
interconnected and virtualized computers that are
dynamically provisioned and presented as one or
more unified computing resources. Figure1. Computing paradigm shift over six
This work aims to effectively integrate distinct phases [5]
the Public-Key Infrastructure (PKI) with a
recently proposed (by Chen et al [1]) promising B. Characteristics of cloud computing
model of cloud computing in order to solve some There are many characteristics in cloud
of its important security concerns, and hence also computing. Some of the most important of them
to offer a high level of trust within this paradigm. are listed below [7].
This paper can be considered as a work-in-  On-demand: Cloud computing provider
progress report on our work in this field. The must be able to deliver computing resources
remaining of this paper is organized as follows: whenever the customer needs them. It is
Section 2 overviews some general concepts of usually assumed that cloud contains infinite
cloud computing. Section 3 briefly discusses storage capacity for any software available
security and trust concerns of cloud computing. in market. The available computing
Then, the original Chen et al architecture is resources in cloud are nearly infinite (i.e.,
introduced in Section 4. In Section 5, some the customer is not limited to the set of
aspects of PKI and digital certificates are servers located at one site and it is the
explained. Next, our proposed architecture for responsibility of the cloud computing
trusted e-contract based cloud computing is provider to have sufficient resources to
described in Section 6. Finally, Section 7 satisfy the requirements of all their
concludes the paper. customers).
 Pay-per-use: Another new aspect of cloud
Cloud Computing Overview computing is application of a usage based
A. Definition billing model. The customer pays only for
There is not yet a consensus for what use of processors or storage. That means
exactly the term "cloud computing" means; the consumer does not need to large
where everyone in the IT field defines cloud investment, license or paying software, etc.,
J. of university of anbar for pure science : Vol.6:NO.2 : 2012

but the consumer can rent any services in

efficient and rapid manner.  Private cloud computing: Private cloud
 Maintenance and upgrading: In cloud computing resides within the boundaries of
computing concept, the cloud provider an organization and is used exclusively for
maintains and updates all the computing the organization’s benefits. Private cloud is
resources whether the resource is hardware similar to that of intranet. This type of
or software. That means the customer cloud computing has more benefits with
should not care to all problems such as increased security, reliability, and corporate
maintenance, update, repairs and so on. ownership of the cloud. The data and
 Rapid elasticity: The amount of computer applications in an organization require a
processing, storage and network bandwidth secure connection. By using the concept of
are available according to customer cloud computing, private cloud computing
demand. has become a viable choice for the
organizations to implement cloud
C. Cloud service models computing. It is predicted that the future IT
Cloud Providers offer services that can be corporations would be greatly dependent on
grouped into three major categories [7]: this type of cloud computing. Examples of
private cloud are Microsoft's.
 Software as a Service (SaaS): Software as a  Public cloud computing: Public cloud
Service provides software applications as a computing somewhat resembles internet
service. Therefore, in the cloud users do not where the access is available to public
required to purchase the software rather the domain. Public clouds are administrated by
payment will be based on pay-per-use third parties or vendors over the Internet,
model. and services are offered on pay-per-use
 Platform as a Service (PaaS): Platform as a basis. This helps the users to create and use
Service is a set of software and product a service or application at a much lower
development tools that allows building cost when compared to the cost incurred in
applications on the providers’ platform. purchasing, installing, maintaining and
Here a layer of software or development licensing in individual computers. This is
environment provided as service. also called provider cloud. The examples
 Infrastructure as a Service (IaaS): for this type of cloud computing is Amazon
Infrastructure as a Service is a service Elastic compute cloud, Google app engine,
delivery model in which an organization is and Windows Azure.
given control over applications and  Hybrid cloud computing: Hybrid cloud
resources like storage, servers, hardware, computing combines the features of both
components. This model is similar to a private and public cloud computing.
utility company model, as you pay for what Enterprises or organization need this type
you use. Table 1 includes some available of environment because it cannot develop
providers according to these three service itself on private cloud alone and they might
models. require the public cloud to meet various
organizational demands.
Table 1. Major Providers of the Cloud Services
Service Type Provider Name
SaaS Saleceforce, Microsoft,
Google Docs
PaaS Google App Engine
IaaS Amazon S3, Amazon EC2

D. Types of cloud computing

There are three main types of cloud
computing namely private, public, and hybrid
cloud computing. These three types are also Figure 2. Types of Cloud Computing
called deployment models (See also Figure 2)
[8].
J. of university of anbar for pure science : Vol.6:NO.2 : 2012

CLOUD COMPUTING SECURITY ISSUES technologies. Then they presented an electronic

Although, there are great benefits of cloud contract (e-contract) based solution that provides
computing such as (ease of use, low cost, etc.). a secure Connectivity as a Service (CaaS) for
Cloud computing also have some disadvantages, intra-cloud and inter-cloud communications with
the key challenges that related with cloud is little configuration effort.
security, privacy and trust. The top concern is the The interaction of components of this
security needed to be addressed when architecture (See Figure 3) starts from
considering moving critical applications and collaborating parties. At the beginning, each
sensitive data to public cloud environments. collaborator resides within its own
Security in the Cloud is often intangible and less administrative domain. To form an extranet for
visible. The off-premises computing paradigm dynamic B2B collaboration, all collaborators
that comes with cloud computing has incurred (e.g., organizations A, B, and C in the figure)
great concerns on the security of data, especially must subscribe to the offered Connectivity
the integrity and confidentiality of data, where Service. Next, according to the nature of the
cloud service providers may have complete collaboration, each organization can either invite
control on the computing infrastructure that (its business partners) or be invited to join a
underpins the services. Various security collaboration to form an extranet. Finally, an e-
challenges that can be characterized as particular contract is formed and signed by each
to cloud-computing context are [9]: collaborating parties. The connectivity service
 Failures in Providers Security can configure and instantiate an extranet as
 Attacks by other customer specified in the e-contract (e.g., Extranet 1 and
 Security of third party access Extranet 2 in Figure 3). Thus, the services
deployed in clouds can communicate with each
 Availability and reliability issues
other within the extranet (e.g., Service A1 and
 Identity and access management
Service B1 within Extranet 1 and Service A2 and
 Lack of security and quality levels Service C1 within Extranet 2) [1].
Connectivity Service can be considered as a
According to Cloud Security Alliance (CSA),
trusted third party service provider for both intra-
the top seven security threats of cloud computing
cloud and inter-cloud secure communication in
are [10]:
order to demonstrate B2B collaboration through
 Abuse and Nefarious Use of Cloud
e-contracts (An e-contract simply is an
Computing
agreement between two or more entities created
 Insecure Application Programming and "signed" in electronic form [11]).
Interfaces
 Malicious Insiders
 Shared Technology Vulnerabilities
 Data Loss/Leakage
 Account, Service & Traffic Hijacking
 Unknown Risk Profile

As far as the paradigm of cloud computing is

concerned, the issue of trust cannot be totally
separated from the other two concerns of security
and privacy. We believe that the right and proper
deployment of some cryptographic techniques
and other related security procedures will not
only result in higher security and privacy levels,
but will also significantly support building trust
into cloud computing.
Figure 3. Architecture of e-contract based
Related Cloud Computing secure connectivity service
Architecture
In [1], Chen et al presented architecture for It can be noted that according to this model
secure communication in a cloud-based or architecture, in order to use the connectivity
collaborative in B2B environment. They service, an organization needs first to join the
examined this issue by reviewing existing service by invitation from another one (or by
J. of university of anbar for pure science : Vol.6:NO.2 : 2012

subscription for a more generalized framework). scalable tools for key management problems.
However, this system might suffer from serious The main problem in a symmetric key
attacks, when unreal (or unauthorized) cryptosystem is its key-management problem
organization attaches itself and threaten the where the same key is used to encrypt and
whole system security. This case can decrease decrypt the message. This secret key system has
the trust value among the real organization. the significant flaw that if the key is discovered
Therefore, in this work, we are developing or intercepted by someone else, messages can
and enhancing the mentioned model by easily be decrypted .Therefore the public key
effectively integrating it with PKI. This can be cryptosystems are presented as a solution to this
considered as adding a new layer for trust which problem with its dual-key system. In a public
is responsible for detecting unreal organizations. key cryptosystem, private keys are kept secret by
Moreover, our enhancement will contribute to their owners, while the corresponding public
trust from other complimentary direction via keys are stored in a public repository with the
preventing authorized or collaborated names of their owners [14].
organization from launching masquerading PKI is the set of hardware, software, people,
attacks through the proper management of PKI policies and procedures needed to create,
certificates. manage, store, distribute, and revoke public key
There is now a wide acceptance among certificates based on public key cryptography”
security experts to use cryptographic signatures [13]. The basic components of PKI certification
based on PKI. This can be considered as the system are [14], [15], [16]:
most secure and reliable method of signing e-
contracts online. The X.509 is a widely accepted 1. End-entities: End-entities in a PKI can be
standard for developing PKI-based human beings, devices or even software
authentication services. According to this programs. The cryptographic operations
standard, after the certificate is generated, the (encryption, decryption and digital signature)
requirement of transmission needs the format of are performed by the end-entities. In general,
certificate to be changed into Abstract Syntax the end-user may request certificates from a
Notation One (ASN.1) binary file, which is a certification authority (CA), receive the
standard to be exchanged between certificate from the CA, and then use the
communicating application programs [12]. More certified keys and certificates in PKI enabled
details about PKI certificates are in the following application services.
section. 2. Certification Authority (CA): It is also named
trusted third party (TTP). CA is an entity in
PKI AND DIGITAL CERTIFICATES PKI, which is responsible for issuing and
PKI enables users of a basically unsecure manage certificates for the other entities in
public network such as the Internet to securely the system and also checks with registration
and privately exchange data and money. This is authority (RA) to verify the requestor’s
basically done through the use of a public and a information. In the context of a PKI,
private cryptographic key pair that is obtained certification is the act of binding the identity
and shared through a trusted authority. PKI with a public key. This binding occurs in the
provides for a digital certificate that can identify form of a signed data structure referred as a
an individual or an organization. It also provides certificate.
directory services that can store and, when 3. Registration Authorities (RA): RA is a
necessary, revoke the certificates. PKI assumes component that is responsible to verify the
the use of public key cryptography, which is the identity of end-entities .It is possible to
most common method on the Internet for implement the necessary registration
authenticating a message sender and checking functions by a CA, but many PKI
the integrity of a message [13]. implementations separate the operations
Public key cryptography with its dual key performed by the CA and the RA to avoid the
system (public and private keys) seems to best complexity of tasks.
solve the integrity, authentication, and non- 4. Digital Certificates: It is an electronic
repudiation requirements of open networks. It is document which uses a digital signature to
more suitable when compared with the classic bind a public key with identity information
cryptographic methods. It gained more such as the name of a person or an
popularity in the Internet world because of its organization, their address, and so forth. The
certificate can be used to verify that a public
J. of university of anbar for pure science : Vol.6:NO.2 : 2012

key belongs to an individual. It is also known The Proposed System Architecture

public key certificate (PKC) or identity Enabling trusted e-contract based
certificate. Digital certificates contain collaboration between organizations in the cloud
information such as public key, the entity environments can be a significant application of
owning this public key and a set of other B2B in cloud computing. Our proposed work is
attributes written in the certificate with a an enhancement of the Chen et al model [1]
valid digital signature of the issuer. There are described previously. It can be noticed that in
a lot of certificate types. Some of them are Chen et al model, in order to use connectivity
X.509 Public Key Certificates, Simple Public service, the organization needs to join the service
Key Certificates (SPKC), Pretty Good by invitation from another one (or by
Privacy (PGP) Certificates, and Attribute subscription for generalized case). Therefore this
Certificates. In this work we will adopted a system might suffer from some attacks, where
version of X.509 public key certificates. unreal organization can attach itself and threaten
Figure 4 illustrates the general structure of an the system security. This case can decrease the
X.509 v3 certificate. trust value among real organizations. In addition,
5. Certificate Repositories (CR): A certificate generalizing this work to enable reliable, secure,
repository, sometimes referred to as a and trusted subscription of organizations requires
certificate directory, it is an entity in PKI. To additional upper layer work. Attacks from
establish trust and/or secure communication, insiders (i.e. from organizations already involved
certificates should be available for anyone in one or more e-contracts collaboration) are
who needs them. CR could simply be posted indeed another major concern of this earlier
on a public homepage, and put in a database. work.
This is referred to as a repository. Our proposed system model addresses all
6. Certificate Policies (CP): A certificate policy these problems and more by adding new upper
(CP) is a named set of rules that indicates the service layer to the above model. This added
applicability of a certificate to a particular layer is called Authentication Service layer (See
community and/or class of applications with Figure 5) and it is responsible to increase the
common security requirements. trust value of the whole framework. This is
7. Certificate Practices Statement (CPS): The mainly achieved by detecting and preventing
certificate practice statement (CPS) translates unreal (or unauthorized) organizations that want
certificate policies into operational to join the connectivity service, facilitating the
procedures on the CA level. The certificate prevention of masquerade attacks from insiders,
policy focuses on a certificate; the CPS and by offering the required platform for secure
focuses on a CA. and reliable system subscription and log out.
This functionality of the added layer depends on
PKI-based digital certificates. Thus, a proper and
efficient integration of the basic model of e-
contract based collaboration with the PKI is
needed. We have already completed the required
architectural design and started implementing
some of its basic components in an experimental
private cloud environment.
The basic components of the added
authentication service are:
 Certificate Authority (CA): It is in charge
of generating certificates for organizations,
i.e. signing an organization's public key and
identity information with its own private
key.
 Registration Authority (RA): It is in charge
of verifying organization's identity and
associating that identity with its public key.
 Validation Authority (VA): It is a validation
system that can confirm whether a specific
Figure 4. X.509 V3 certificate [12]
organization's certificate produced by this
J. of university of anbar for pure science : Vol.6:NO.2 : 2012

CA is still valid or not (for example,

because the associated private key was lost
or compromised).
 The End Users: They are the organizations'
representatives involved (or want to be
involved) in the collaboration.

Figure 6 shows the basic interaction steps

among these components with the client and the
cloud service. These steps are as follows:

 Step1: Client (organization) sends identity to Figure 6. The basic interaction steps between
RA. entities for authentication service
 Step2: RA checks client identity and other
information using a set of roles stored in RA. Before integrating the main two parts of the
 Step3: RA sends positive acknowledgment (if proposed system (i.e. the connectivity service
everything is OK) and the required key to and the authentication service layers), we are
CA. working in parallel also to complete the basic
 Step4: CA sends the key and certificate to the engine for the e-contract based cloud computing
client. collaboration. Among the require tools for this
 Step5: CA also sends the key and certificate engine are the SSL-based VPNs (virtual Private
to the VA. Networks). Such VPNs can provide a secure
 Step6: Client sends request using the connectivity for a group of collaborative services
obtained key. by forming a virtual extranet within a cloud
 Step7: Upon approval, VA communicates and/or between Clouds. Following the Chen et al
with the client using this key. work, we are also working on developing three
Amazon EC2 alike instances [17]. The first is for
Of course, the above mentioned interaction running OPEN VPN server v2.1 [18]. The
steps have to be extended in different aspects in second is for running a Web service deployed on
order to enable reliable and secure actions in the Apache tomcat v6.0 [19]. The third is for
cloud. Detailed and proper protocol running the Web service client. Java language is
implementations are required to be achieved to used for implementing the web service and client
take into account various possible threats in real applications. After completing the integration of
cloud computing settings. all parts of the system, a detailed evaluation
study will be performed to assess the total level
of trust offered by the whole framework.

CONCLUSION
Although that cloud computing gained a lot
of reputation, but still there is concern about this
concept throughout the world especially
regarding its security environments. In order to
make more organizations moves towards cloud
computing, strong mechanisms and technologies
are needed to be established such that to
overcome the problems of security, privacy, and
trust. In this paper, we have discussed security
and trust issues by reviewing recently developed
model that handles secure messaging and among
collaborative services within the environment of
cloud computing. We then described our
development on this model by adding new
Figure 5. The general architecture of the service layer that is responsible to increase trust
enhanced system for e-contract based cloud in such collaboration through proper integration
computing collaboration with PKI. As our work in the development of
 J. of university of anbar for pure science : Vol.6:NO.2 : 2012

this system is still in progress, we will try to Intelligence and Software Engineering (CiSE),
deploy the best available security practices to Wuhan, China December 2010, pp. 1-3.
prevent possible threats from outsiders and [8]. Joe Nisha . “Cloud Computing – An
insiders. We believe that achieving this goal is overview on cloud computing concepts,” India
necessary to build the required level of trust in Study Channel, Posted on 06 Sep 2011.
cloud computing. [9] Pardeep Kumar, Vivek Kumar Sehgal , Durg
Singh Chauhan, P. K. Gupta and Manoj
REFERENCES Diwakar, “Effective Ways of Secure, Private and
Trusted Cloud Computing,” IJCSI International
[1] Shiping Chen, Surya Nepal, and Ren Ping Journal of Computer Science, May 2011.
Liu, "Secure Connectivity for Intra-cloud and [10] S. Srinivasamurthy, F. Wayne, and D. Q.
Inter-cloud Communication," ICPP Workshops, Liu, “Survey on Cloud Computing Security,”
2011, pp. 154-159. Computer, 2010 (available at
[2] Srinivasa Rao, Nageswara Rao, and Kusuma http://salsahpc.indiana.edu/CloudCom2010/).
Kumari, "Cloud computing: An overview,” [11] http://en.wikipedia.org/wiki/elecetonic_
Journal of Theoretical and Applied Information contract.
Technology, Vol.9, No.1, 2009. [12]. W. Zhao, "Implementation of Software
[3] Ahmad-Reza Sadeghi, Thomas Schneider, Tools for the Medium-Size Certification
and Marcel Winandy,"Token-based cloud Authority _ X.509 Certificate", ECE Dept.,
computing - Secure outsourcing of data and George Mason University, December 2003.
arbitrary computations with lower latency," 3rd [13]. http://en.wikipedia.org/wiki/ PKI (public
International Conference on Trust and key infrastructure).
Trustworthy Computing (TRUST'10) - [14] E. YILDIZ ,"A Proposal for Turkish
Workshop on Trust in the Cloud, June 22, Government Public Key Infrastructure Trust
Berlin, Germany. Model" , MSc Thesis, December 2001.
[4] Jeffrey Voas and Jia Zhang, "Cloud [15]. Sufyan T. F. Al-Janabi. and Amer Kais.
computing new wine or just new bottle,” Journal “Development of Certificate Authority Services
of IT Professional, Volume 11, Issue 2, March for Web Applications” The First International
2009. Conference on Future Communication Networks
[5] P. Mell and T. Grance, The NIST Definition (ICFCN ’2012), Baghdad, Iraq, April 2012
of Cloud Computing, National Institute of (Submitted).
Standards and Technology, 2009. [16] ITU-T Recommendation X.509, “The
[6] VICTOR DELGADO, “Exploring the limits Directory: Public Key and Attribute Certificates
of cloud computing,” Master of Science Thesis, Framework, 2000.
Stockholm, Sweden 2010. [17] Amazon EC2: http://aws.amazon.com/ec2/.
[7]. Jianfeng Yang and Zhibin Chen, “Cloud
Computing Research and Security Issues,” [18] OpenVPN: http://openvpn.net.
International Conference on Computational [19] Apache Tomcat: http://tomcat.apache.org/.

‫اﻟﺣوﺳﺑﺔ اﻟﺳﺣﺎﺑﯾﺔ اﻟﻣوﺛوﻗﺔ‬

‫ﻛﺎﺷف ﻛﻔﺎﯾﺎت‬ ‫وﻟﯾد ﻛرﯾم ﻋواد‬ ‫ﺳﻔﯾﺎن ﺗﺎﯾﻪ ﻓرج‬

E.mail: [email protected]
‫اﻟﺧﻼﺻﺔ‬
‫ اﻟﺣوﺳﺑﺔ اﺻﺑﺣت ﺑﯾﺋﺔ ﺟذاﺑﺔ ﻟﻠﺷرﻛﺎت او اﻟﺣﻛوﻣﺎت ﻟﻧﺷر وﺗﻧﻔﯾذا‬.‫اﻟﺣوﺳﺑﺔ اﻟﺳﺣﺎﺑﯾﺔ ﻧﻣوذج ﺟدﯾد ﻟﻼﺳﺗﻬﻼك واﻟﺗﺳﻠﯾم ﻟﺧدﻣﺎت ﺗﻛﻧﻠوﺟﯾﺎ اﻟﻣﻌﻠوﻣﺎت‬
‫ ﻫﻧﺎك اﻟﻌدﯾد ﻣن اﻟﻣﺧﺎوف ﺣول اﻟﺣوﺳﺑﺔ اﻟﺳﺣﺎﺑﯾﺔ وﻻ ﺳﯾﻣﺎ ﻣن ﺣﯾث اﻻﻣن واﻟﺳرﯾﺔ‬.‫اﻟﺦ‬.(G2G) ‫( او‬B2B) ‫اﻋﻣﺎﻟﻬم ﻟﻠﺗﻌﺎوﻧﺎت ﺳواء ﻛﺎﻧت‬
‫ ﺗﺗطﻠب اﻟﺣوﺳﺑﺔ اﻟﺳﺣﺎﺑﯾﺔ ﺛﻼث ﻣﺗطﻠﺑﺎت اﻣن‬.‫وﻗد ﻣﻧﻌت ﻫذة اﻟﻘﺿﺎﯾﺎ اﻟرﺋﯾﺳﯾﺔ اﻟﺷرﻛﺎت ﻣن ﻗﺑول ﻣﻧﺻﺎت اﻟﺣوﺳﺑﺔ اﻟﺳﺣﺎﺑﯾﺔ ﺑﺷﻛل ﻛﺎﻣل‬.‫واﻟﺛﻘﺔ‬
‫ ﻓﻲ ﻫذا اﻟﺑﺣث ﻧﺎﻗﺷﻧﺎ ﺑﻌض ﻫذﻩ اﻟﻘﺿﺎﯾﺎ ﻣن ﺧﻼل اﺳﺗﻌراض ﻧﻣوذج ﺗم اﻗﺗرﺣﻪ ﻣؤﺧ ار واﻟذي ﯾﻌﺎﻟﺞ اﻻرﺳﺎل‬.‫ اﻟﺗﻛﺎﻣﻠﯾﺔ واﻻﺗﺎﺣﯾﺔ‬,‫ اﻟﺳرﯾﺔ‬:‫رﺋﯾﺳﯾﺔ‬
‫ ﻧذﻛر ﺑﻌﻣﻠﻧﺎ اﻟﻣﺳﺗﻣر ﻋﻠﻰ واﻟذي ﯾﺳﺗﻧد ﻋﻠﻰ ﺗﺣﺳﯾن وﺗطوﯾر ﻫذا‬,‫ﺛم‬.‫اﻻﻣن ﺑﯾن اﻟﺧدﻣﺎت اﻟﻣﻧﺗﺷرة ﺿﻣن ﻧﻔس اﻟﺳﺣﺎﺑﺔ او ﻋﻠﻰ ﺳﺣﺎﺑﺎت ﻣﺧﺗﻠﻔﺔ‬
‫ اﻟطﺑﻘﺔ اﻟﻣﺿﺎﻓﺔ ﺗﺳﻬل‬.‫ وﯾﺗﺣﻘق ﻫذا ﺑﺄﺿﺎﻓﺔ طﺑﻘﺔ اﻟﺧدﻣﺔ ﺟدﯾدة واﻟﺗﻲ ﺗﻛون ﻣﺳؤوﻟﺔ ﻋن ﺗﻘدﯾم ﻣﺳﺗوى ﻋﺎل ﻣن اﻟﺛﻘﺔ ﺑﯾن اﻻطراف اﻟﺗﻌﺎوﻧﯾﺔ‬.‫اﻟﻧﻣوذج‬
‫ اﻟﻬدف اﻟرﺋﯾﺳﻲ ﻟﻠﻧﻣوذج اﻟﻣطور ﻫو زﯾﺎدة ﺛﻘﺔ اﻟﻧظﺎم ﺑﺎﻟﻛﺎﻣل ﺑﻣﻧﻊ اي ﻛﯾﺎن ﻏﯾر ﻣﺧول‬.(PKI) ‫ﺗﻛﺎﻣل ﻫذا اﻟﻧﻣوذج ﻣﻊ اﻟﺑﻧﯾﺔ اﻟﺗﺣﺗﯾﺔ ﻟﻠﻣﻔﺗﺎح اﻟﻣﻌﻠن‬
.‫ ﻧظﻣﻧﺎﯾﻣﻛن ان ﯾﻣﻧﻊ اي ﻣﻧظﻣﺔ ﻣﻌﻧﯾﺔ ﻣن اطﻼق ﻫﺟﻣﺎت اﻟﺗﻧﻛر‬,‫ ﻓﻲ اﻟﺣﻘﯾﻘﺔ‬.‫ﻣن اﻻﻧﺿﻣﺎم اﻟﻰ ﺧدﻣﺔ اﻟرﺑط‬