云计算环境的联盟身份认证方案设计

doi:10.3969/j.issn.0255-8297.2015.02.011

应用科学学报 ›› 2015, Vol. 33 ›› Issue (2): 215-222.doi: 10.3969/j.issn.0255-8297.2015.02.011

• 计算机科学与应用 • 上一篇

云计算环境的联盟身份认证方案设计

王崇霞1，丁颜2，刘倩2，周贤伟2

1. 长治学院计算机系，山西长治046010
2. 北京科技大学计算机与通信工程学院，北京100083

收稿日期:2014-09-10 修回日期:2014-11-30 出版日期:2015-03-30 发布日期:2014-11-30
作者简介:王崇霞，副教授，研究方向：密码学与网络安全、云计算安全，E-mail：cxwang2000@sina.com；周贤伟，教授，博导，研究方向：云计算、智慧网络、空间网络，E-mail: xwzhouli@sina.com
基金资助:
国家自然科学基金(No.61170014)；教育部科学技术研究重大项目基金(No.311007)；山西省教研项目基金(No.J2014113)资助

Design of Alliance Identity Authentication Scheme in Cloud Computing Environment

WANG Chong-xia1, DING Yan2, LIU Qian2, ZHOU Xian-wei2

1. The Computer Department of Changzhi University, Changzhi 046010,
Shanxi Province, China
2. School of Computer and Communication Engineering, University of Science
and Technology Beijing, Beijing 100083, China

Received:2014-09-10 Revised:2014-11-30 Online:2015-03-30 Published:2014-11-30

摘要/Abstract

摘要： 提出一种云计算联盟环境的“契约”关联认证协议. 协议通过组合公开、私有数据的签名算法，在联盟云间建立“契约”信任关系，进而实现联盟云中用户身份信息的分布式管理和“契约”关联认证. 协议采用公告板、时间戳、签名、抗碰撞散列函数等方法，能减少信息交互，有效预防数据篡改、重放和中间人攻击等. 理论分析表明，该协议具有安全高效的特点，且以较小的计算量和通信开销，为云计算环境的联盟身份认证提供一种简洁又安全的解决方案.

关键词: 云计算联盟, “契约”关联认证, 签名算法, 协议

Abstract: This paper presents a “contract”-related certification protocol in a cloud computing
alliance environment. With a signature algorithm of combined public and private
data, “contract” trust relationship is built among alliance clouds. By taking advantage of
the trust relationship, distributed management of user identity information and “contract”
related certification are realized in the cloud alliance. The proposed protocol uses bulletin
board, time stamp, signature, and anti-collision hash function to reduce information interaction,
effectively preventing data tampering, replay, and middle attack. Theoretical
analysis shows that the proposed protocol is secure and efficient. It requires less computation
and communication overhead, and provides a concise and security solution for alliance
identity authentication in a cloud environment.

Key words: cloud computing alliance, “contract”-related certification, signature algorithm, protocol

中图分类号:

TP393.08

王崇霞1，丁颜2，刘倩2，周贤伟2. 云计算环境的联盟身份认证方案设计[J]. 应用科学学报, 2015, 33(2): 215-222.

WANG Chong-xia1, DING Yan2, LIU Qian2, ZHOU Xian-wei2. Design of Alliance Identity Authentication Scheme in Cloud Computing Environment[J]. Journal of Applied Sciences, 2015, 33(2): 215-222.

参考文献

[1] Peter Mell,Timothy Grance. The NIST Definition of Cloud Computing (Draft). NIST special publication, 2011 - pre-developer.att.com.

[2] Joost Reede.On A-Select and Federated Identity Management Systems [D]. twente university，Netherlands，http://essay.utwente.nl/712/1/scriptie_Reede.pdf,2007.

[3] A.B.Spantzel, A.C.Squieeiarini, E.Bertino. Integrating federated digital Identity Management and trust negotiation[C]. IEEE Security and Privacy Magazine. 2005.

[4] Hongwei Li,Yuanshun Dai,Ling Tian,Haomiao Yang. Identity-Based Authentication for Cloud Computing[R]. Cloud Computing of Lecture Notes in Computer Science, 2009(5931): 167-177.

[5] Liang Yan,Chunming Rong,Gansen Zhao. Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography[J]. Cloud Computing of Lecture Notes in Computer Science,2009(5931): 157-166.

[6] Elisa Bertino,Federica Paci,Rodolfo Ferrini. Privacy-preserving Digital Identity Management for Cloud Computing[J].Bulletin of the IEEE Computer Society Technical Committee on Data Engineering, 2009,32(1):21-27.

[7] Z. Hao,S. Zhong,N. Yu. A Time-Bound Ticket-Based Mutual Authentication Scheme for Cloud Computing[J]. International Journal of Computers, Communications & Control, 2011,6(2):227-235.

[8] Zhang Qikun, Li Yuanzhang, Song Danjie,Tan Yuan. Alliance-Authentication Protocol in Clouds Computing Environment [J]. China Communications, 2012, 9(7) : 43-54.

[9] Zheng Jun, Guo Xianchen, Zhang Quanxin, Zhang Qikun. A cross domain authentication protocol based on ID[J]. International Journal of Computer Science Issues, 2013, 10(1): 264-270.

[10] Zh. Lei, Q. Wu, Q. Bo, J. Domingo Ferrer. Asymmetric group key agreement protocol for open networks and its application to broadcast encryption[J]. Computer Networks 2011(55): 3246–3255.

[11] 王崇霞, 高美真, 刘倩, 周贤伟. 混合云联合身份认证与密钥协商协议设计[J].电信科学, 2014,30(4) : 95-100.

Wang Chongxia, Gao Meizhen, Liu Qian, Zhou Xianwei. Design of Identity Based on Authentication and Key Agreement Protocol for Hybrid Cloud[J]. Telecommunication Science, 2014,30(4) : 95-100.（in Chinese）

[12] 彭华熹. 一种基于身份的多信任域认证模型[J]. 计算机学报, 2006, 29(8):1271-1282.

Peng Huaxi. An Identity-Based Authentication Model for Multi-Domain[J].Chinese Journal of Computers, 2006, 29(8):1271-1282.（in Chinese）

[13] Kata, J., & Lindell, Y. Introduction to modern cryptography[M]. New York: CRC Press, 2007.

[14] 汪定,马春光,张启明. 一种强口令认证方案的攻击和改进[J]. 计算机科学, 2012,39(6) : 72-76.

Wang Ding, Ma Chunguang, Zhang Qiming. Attacks and Improvements on a Strong-password Authentication Scheme[J]. Computer Science, 2012,39(6) : 72-76.（in Chinese）

[1]	李忠诚, 黄建华, 唐瑞琮, 胡庆春, 夏旭. 一种基于权益代表的可扩展共识协议[J]. 应用科学学报, 2020, 38(1): 51-64.
[2]	张孟康, 赵海涛, 于洪苏, 茅天奇, 朱洪波. 车载异构网络中基于PSRBP的多径TCP路径调度优化[J]. 应用科学学报, 2019, 37(2): 261-270.
[3]	高凯强, 赵海涛, 李大鹏. 多信道协同合作需求感知MAC协议[J]. 应用科学学报, 2018, 36(4): 580-588.
[4]	孙茂鑫, 钱红燕, 陈兵, 张轩. SDN环境下基于MPTCP协议的切换管理[J]. 应用科学学报, 2017, 35(1): 117-127.
[5]	李晓歌, 王辉, 张宾, 秦董洪. 快速园区网拓扑发现方法[J]. 应用科学学报, 2016, 34(6): 768-777.
[6]	辛昕, 钱振兴, 张新鹏, 代舒. 基于安全水印的三方交易系统[J]. 应用科学学报, 2015, 33(6): 575-584.
[7]	李默1，黄胜波1，赵亮2. 定向天线Ad Hoc 网络中的一种MAC 层广播机制[J]. 应用科学学报, 2015, 33(3): 262-273.
[8]	赵蕴龙1，王博识1，张凯1，董钊1，张磊2. 充分考虑节点编码机会的编码感知路由协议[J]. 应用科学学报, 2014, 32(1): 7-12.
[9]	邓春健1，王旭智2，罗仁泽3，邓生华1. RET天线扫描码构造方法及防碰撞算法[J]. 应用科学学报, 2012, 30(6): 655-660.
[10]	石雷1，韩江洪1，石怡2，魏振春1. 多包接收无线Mesh 网络的跨层优化[J]. 应用科学学报, 2012, 30(3): 227-233.
[11]	雷磊1;2，周进华1，朱颖锋1，刘维康1. 一种支持拥塞识别的ad hoc网络DCF协议速率自适应机制[J]. 应用科学学报, 2012, 30(1): 31-38.
[12]	宋留斌1，徐友云1;2，谢威2，余江1. 基于IEEE 802.11协议的MAC层协同组播策略[J]. 应用科学学报, 2011, 29(6): 559-564.
[13]	钱红燕陈兵秦小麟. 支持子网整体漫游的MIP-RS协议[J]. 应用科学学报, 2009, 27(2): 144-149.
[14]	刘晶;伏飞;肖军模. 扩展Meadows模型分析Ad Hoc网络路由协议安全性 [J]. 应用科学学报, 2008, 26(3): 250-250 .
[15]	官骏鸣;陆阳;盛锋. 用于Ad hoc网络的按需网状路由协议 [J]. 应用科学学报, 2008, 26(3): 257-257 .

云计算环境的联盟身份认证方案设计

Design of Alliance Identity Authentication Scheme in Cloud Computing Environment

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价