基于密钥共享的分层混合认证模型

doi:10.11896/j.issn.1002-137X.2019.02.018

摘要/Abstract

摘要： 随着信息时代的迅速发展,云计算数据访问安全已经成为了用户最关心的问题。身份认证技术是确保参与者在开放的网络环境中实现安全通信的一种重要手段,如何利用身份认证技术为云环境安全保驾护航,成为学者研究的热点。文中通过公钥基础设施(Public Key Infrastructure,PKI)颁发CA证书以在不同云服务间建立信任,将多个采用身份密码体制(Identity-Based Encryption,IBE)的云联合起来;采用分层身份加密体系,引入共享密钥技术,通过选取成环结构,提出一种PKI-IBE混合认证模型方案,并对方案的安全性进行分析,从理论上证明了云环境下PKI-IBE(Public Key Infrastructure-Identity-Based Encryption)同层成环模型提供服务的可行性。同时文中设计了一种基于该模型的签密技术,通过公私密钥对实现云内认证以及跨云认证。安全性理论证明与性能分析表明,该方案在计算量稍增加的前提下,保证了足够的安全性,更加满足云环境下的用户分属不同云域的认证以及用户安全访问的需求,有效解决了云环境中数据访问的安全问题。

关键词: IBE, PKI, 层次模型, 身份认证, 云安全

Abstract: With the rapid development of the information age,cloud computing data access security has become the most concerned issue for users.Identity authentication technology is an important means to ensure that participants implement secure communications in an open network environment,and how to use identity authentication technology to escort the cloud environment has become a hot issue for many scholars.This paper proposed a public key infrastructure-identity-based encryption hybrid authentication model scheme by establishing a trust relationship between different cloud services by CA certificate that Public Key Infrastructure (PKI) issued,combining multiple clouds which use Identity Based Encryption (IBE) system,adopting hierarchical identity encryption system,introducing shared key technology,and choosing ring structure.And the security of the scheme was analyzed to prove the feasibility of providing ser-vices based on the identity-based hybrid authentication model in the cloud environment.At the same time,a signcryption technology based on this model was designed to achieve cloud authentication and cross cloud authentication by the public and private key pairs.Performance analysis shows that under the premise of a slight increase in the amount of calculation,the scheme ensures sufficient security,and better satisfies the requirements of users in the cloud environment belonging to different cloud domains and users’ secure access,and solves the problem of data access security in a cloud environment effectively.

Key words: Cloud security, Hierarchical model, IBE, Identity authentication, PKI

中图分类号:

TP309

赵茭茭, 马文平, 罗维, 刘小雪. 基于密钥共享的分层混合认证模型[J]. 计算机科学, 2019, 46(2): 115-119. https://doi.org/10.11896/j.issn.1002-137X.2019.02.018

ZHAO Jiao-jiao, MA Wen-ping, LUO Wei, LIU Xiao-xue. Hierarchical Hybrid Authentication Model Based on Key Sharing[J]. Computer Science, 2019, 46(2): 115-119. https://doi.org/10.11896/j.issn.1002-137X.2019.02.018

参考文献

[1]周洪波.云计算技术、应用、标准和商业模式[M].北京:电子工业出版社,2010.
[2]MELL P,GRANCE T.The NIST Definition of Cloud Computing:Technical Report 800-1450[R].National Institute of Standards and Technology(NIST),2011.
[3]XIE L Z.Cloud computing and cloud computing security over- view[J].Information Security and Communication Confidentiality,2012,23(12):24-25.(in Chinese)
谢灵智.云计算及云计算安全概述[J].信息安全与通信保密,2012,23(12):24-25.
[4]LUO J.Encryption mechanism for access control in cloud computing environment[J].Information Security and Communication Confidentiality,2012(11):44-46.(in Chinese)
罗俊.采用加密机制在云环境中进行访问控制[J].信息安全与通信保密,2012(11):44-46.
[5]ZHU Z Q.Research on Some Theoretical and Key Technologies of Hybrid Cloud Service Security[D].Wuhan:Wuhan University,2011(in Chinese)
朱智强.混合云服务安全若干理论与关键技术研究[D].武汉:武汉大学,2011.
[6]LI H,DAI Y,TIAN L,et al.Identity-Based Authentication for Cloud Computing[C]∥IEEE International Conference on Cloud Computing.Springer,Berlin,Heidelberg,2009.
[7]YAN L,RONG C,ZHAO G.Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography[C]∥IEEE International Confe-rence on Cloud Computing.Springer,Berlin,Heidelberg,2009.
[8]BINU S,MISBAHUDDIN M,RAJ P.A mobile based remote user mutual authentication scheme without verifier table for cloud based services[C]∥Proceedings of the Third International Symposium on Women in Compution and Informatics.New York,2015:502-509.
[9]ZHOU C C,TIAN X L,ZHANG N,et al.Research on Authentication Technology in Cloud Computing[J].Computer Science,2016,43(6A):339-341.(in Chinese)
周长春,田晓丽,张宁,等.云计算中身份认证技术研究[J].计算机科学,2016,43(6A):339-341.
[10]HU Y.Research on the Authentication of Cloud Computing En- vironment[D].Beijing:Beijing University of Technology,2014.(in Chinese)
扈莹.云计算环境的身份认证的研究[D].北京:北京工业大学,2014.
[11]CHEN P L,YANG J H,LIN C I.ID-Based user authentication scheme for cloud computing[J].Journal of Electronic Science and Technology,2013,11(2):221-224.
[12]LI X H,YANG B.Efficient identity-based signature authentication scheme in cloud service[J].Int’l Journal of Advancements in Computing Technology,2013,5(5):867-876.
[13]CAO C L,ZHANG R,ZHANG M Y,et al.IBC-Based entity authentication protocols for federated cloud systems[J].On Internet & Information Systems,2013,7(5):1291-1312.
[14]LEI Y,YANG S P.PKI-based signature mechanism[J].Com- munication Technology,2013(1):43-46.(in Chinese)
雷咏,杨世平.基于PKI的签名机制[J].通信技术,2013(1):43-46.
[15]CUI J K.CPK Based Authentication and Key Management Technology[D].Harbin:Harbin Institute of Technology,2010.(in Chinese)
崔杰克.基于CPK的认证及密钥管理技术研究[D].哈尔滨:哈尔滨工业大学,2010.
[16]TIAN J.Comparative Analysis and Application of PKI and IBC in Hybrid Cloud Service Authentication Technology[J].Computer Security,2014(6):33-35.(in Chinese)
田静.混合云服务身份认证技术PKI和IBC对比分析及应用[J].计算机安全,2014(6):33-35.
[17]LIU T Q.Research and Design of Authentication Service System Based on Identity and Password System in Cloud Environment[D].Zhengzhou:Henan University of Technology,2016.(in Chinese)
刘团奇.云环境下基于身份密码体制的认证服务体系的研究与设计[D].郑州.河南工业大学.2016.
[18]YANG B.IBC and PKI combination of applied research.Information Engineering University[D].Luoyang:Information Engineering University,2009.(in Chinese)
杨斌.IBC和PKI组合应用研究[D].洛阳:解放军信息工程大学,2009.
[19]SHAMIR A.How to share a Secret[J].Communications of the ACM,1979,22(11):612-613.
[20]BLAKLEY G R.Safeguarding cryptographic keys[C]∥Pro- ceedings of the AFIPS.1979:313-317.
[21]JIANG H.Research on key management based on authentication password system in cloud environment[D].Chengdu:Southwest Jiaotong University,2016.(in Chinese)
江昊.云环境中基于身份认证密码体制的密钥管理问题研究[D].成都:西南交通大学,2014.
[22]MA L L.Research on Identity Authentication Based on Combination of PKI and IBE in Hybrid Cloud Computing[D].Yunnan:Yunnan University,2016.(in Chinese)
马丽莉.混合云计算下基于PKI和IBE组合的身份认证机制研究[D].云南:云南大学,2016.
[23]MISHRA R.Anonymous remote user authentication and key agreement for cloud computing [C]∥Proceedings of the 3rd Int’lConference on Soft Computing for Problem Solving.Springer-Verlag,2014:899-913.
[24]DONG Z M,ZHANG L,LI J T.Security enhanced anonymous remote user authentication and key agreement for cloud computing[C]∥Proceedings of the 17th Int’l Conference on Computational Science and Engineering.IEEE Computer Society Press,2014:1746-1751.
[25]WNAG Z H,HAN Z,LIU J Q,et al.Authentication Scheme Based on PTPM and Certificateless Public Key in Cloud Environment[J].Journal of Software,2016,27(6):1523-1537.(in Chinese)
王中华,韩臻,刘吉强,等.云环境下基于PTPM和无证书公钥的身份认证方案[J].软件学报,2016,27(6):1523-1537.

相关文章 15

[1]	曹萌, 于洋, 梁英, 史红周. 基于区块链的大数据交易关键技术与发展趋势 Key Technologies and Development Trends of Big Data Trade Based on Blockchain 计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163
[2]	冷峰, 张明凯, 延志伟, 张翠玲, 曾宇. 国密算法在资源公钥基础设施(RPKI)中的应用 Application of Chinese Cryptographic Algorithm in RPKI 计算机科学, 2021, 48(11A): 678-681. https://doi.org/10.11896/jsjkx.210100030
[3]	陈孟东, 郭东升, 谢向辉, 吴东. 基于异构计算平台的规则处理器的设计与实现 Design and Implementation of Rule Processor Based on Heterogeneous Computing Platform 计算机科学, 2020, 47(4): 312-317. https://doi.org/10.11896/jsjkx.190300104
[4]	李兆斌, 崔钊, 魏占祯, 赵洪, 郭超. 基于物理层信道特征的无线网络认证机制 Wireless Network Authentication Method Based on Physical Layer Channel Characteristics 计算机科学, 2020, 47(12): 267-272. https://doi.org/10.11896/jsjkx.190900095
[5]	程庆丰, 李钰汀, 李兴华, 姜奇. 面向边缘计算环境的密码技术研究综述 Research on Application of Cryptography Technology for Edge Computing Environment 计算机科学, 2020, 47(11): 10-18. https://doi.org/10.11896/jsjkx.200500003
[6]	姚沐言, 陶丹. 基于上采样单分类的智能手机手势密码隐式身份认证机制 Implicit Authentication Mechanism of Pattern Unlock Based on Over-sampling and One-class Classification for Smartphones 计算机科学, 2020, 47(11): 19-24. https://doi.org/10.11896/jsjkx.200600004
[7]	江泽涛, 徐娟娟. 云环境下基于代理盲签名的高效异构跨域认证方案 Efficient Heterogeneous Cross-domain Authentication Scheme Based on Proxy Blind Signature in Cloud Environment 计算机科学, 2020, 47(11): 60-67. https://doi.org/10.11896/jsjkx.191100068
[8]	刘静, 赖英旭, 杨胜志, Lina Xu. 一种面向WSN的双向身份认证协议及串空间模型 Bilateral Authentication Protocol for WSN and Certification by Strand Space Model 计算机科学, 2019, 46(9): 169-175. https://doi.org/10.11896/j.issn.1002-137X.2019.09.024
[9]	殷秋实, 陈建华. 多服务器环境下基于椭圆曲线密码的改进的身份认证协议 Improved Identity Authentication Protocol Based on Elliptic Curve Cryptographyin Multi-server Environment 计算机科学, 2018, 45(6): 111-116. https://doi.org/10.11896/j.issn.1002-137X.2018.06.019
[10]	杨冬菊,冯凯. 基于缓存的分布式统一身份认证优化机制研究 Distributed and Unified Authentication Optimization Mechanism Based on Cache 计算机科学, 2018, 45(3): 300-304. https://doi.org/10.11896/j.issn.1002-137X.2018.03.049
[11]	董健康, 唐超, 耿宏. 一种基于关联-层次的飞机复杂机电组件虚拟维修建模方法 Correlation-Hierarchy Based Virtual Maintenance Modeling Method for ComplexElectromechanical Components of Aircraft 计算机科学, 2018, 45(12): 192-195. https://doi.org/10.11896／j.issn.1002-137X.2018.12.031
[12]	刘璎瑛,程顺,丁绍刚,陆攀,孙元昊. 基于改进ViBe算法的园林游客检测研究 Garden Tourist Detection Based on Improved ViBe Algorithm 计算机科学, 2017, 44(Z6): 224-228. https://doi.org/10.11896/j.issn.1002-137X.2017.6A.051
[13]	张文雅,徐华中,罗杰. 基于ViBe的复杂背景下的运动目标检测 Moving Objects Detection under Complex Background Based on ViBe 计算机科学, 2017, 44(9): 304-307. https://doi.org/10.11896/j.issn.1002-137X.2017.09.057
[14]	田晖,陈羽翔,黄永峰,卢璥. 云数据持有性审计研究与进展 Research and Development of Auditing Techniques for Cloud Data Possession 计算机科学, 2017, 44(6): 8-16. https://doi.org/10.11896/j.issn.1002-137X.2017.06.002
[15]	叶君耀,郑东,任方. 改进的具有轻量级结构的Veron身份认证及数字签名方案 Improved Veron’s Identification with Lightweight Structure and Digital Signature Scheme 计算机科学, 2017, 44(3): 168-174. https://doi.org/10.11896/j.issn.1002-137X.2017.03.037

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed