English

应用科学学报 >

2015 , Vol. 33 >Issue 2: 215 - 222

DOI: https://doi.org/10.3969/j.issn.0255-8297.2015.02.011

计算机科学与应用

云计算环境的联盟身份认证方案设计

展开
  • 1. 长治学院计算机系,山西长治046010
    2. 北京科技大学计算机与通信工程学院,北京100083
王崇霞,副教授,研究方向:密码学与网络安全、云计算安全,E-mail:cxwang2000@sina.com;周贤伟,教授,博导,研究方向:云计算、智慧网络、空间网络,E-mail: xwzhouli@sina.com

收稿日期: 2014-09-10

  修回日期: 2014-11-30

  网络出版日期: 2014-11-30

基金资助

国家自然科学基金(No.61170014);教育部科学技术研究重大项目基金(No.311007);山西省教研项目基金(No.J2014113)资助

收起

Design of Alliance Identity Authentication Scheme in Cloud Computing Environment

Expand
  • 1. The Computer Department of Changzhi University, Changzhi 046010,
    Shanxi Province, China
    2. School of Computer and Communication Engineering, University of Science
    and Technology Beijing, Beijing 100083, China

Received date: 2014-09-10

  Revised date: 2014-11-30

  Online published: 2014-11-30

Fold

摘要

提出一种云计算联盟环境的“契约”关联认证协议. 协议通过组合公开、私有数据的签名算法,在联盟云间建立“契约”信任关系,进而实现联盟云中用户身份信息的分布式管理和“契约”关联认证. 协议采用公告板、时间戳、签名、抗碰撞散列函数等方法,能减少信息交互,有效预防数据篡改、重放和中间人攻击等. 理论分析表明,该协议具有安全高效的特点,且以较小的计算量和通信开销,为云计算环境的联盟身份认证提供一种简洁又安全的解决方案.

关键词: 云计算联盟; “契约”关联认证; 签名算法; 协议

本文引用格式

王崇霞1, 丁颜2, 刘倩2, 周贤伟2 . 云计算环境的联盟身份认证方案设计[J]. 应用科学学报, 2015 , 33(2) : 215 -222 . DOI: 10.3969/j.issn.0255-8297.2015.02.011

Abstract

 This paper presents a “contract”-related certification protocol in a cloud computing
alliance environment. With a signature algorithm of combined public and private
data, “contract” trust relationship is built among alliance clouds. By taking advantage of
the trust relationship, distributed management of user identity information and “contract”
related certification are realized in the cloud alliance. The proposed protocol uses bulletin
board, time stamp, signature, and anti-collision hash function to reduce information interaction,
effectively preventing data tampering, replay, and middle attack. Theoretical
analysis shows that the proposed protocol is secure and efficient. It requires less computation
and communication overhead, and provides a concise and security solution for alliance
identity authentication in a cloud environment.

Key words: cloud computing alliance; “contract”-related certification; signature algorithm; protocol

参考文献

[1] Peter Mell,Timothy Grance. The NIST Definition of Cloud Computing (Draft). NIST special publication, 2011 - pre-developer.att.com.

[2] Joost Reede.On A-Select and Federated Identity Management Systems [D]. twente university,Netherlands,http://essay.utwente.nl/712/1/scriptie_Reede.pdf,2007.

[3] A.B.Spantzel, A.C.Squieeiarini, E.Bertino. Integrating federated digital Identity Management and trust negotiation[C]. IEEE Security and Privacy Magazine. 2005.

[4] Hongwei Li,Yuanshun Dai,Ling Tian,Haomiao Yang. Identity-Based Authentication for Cloud Computing[R].  Cloud Computing of Lecture Notes in Computer Science, 2009(5931): 167-177.

[5] Liang Yan,Chunming Rong,Gansen Zhao. Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography[J]. Cloud Computing of Lecture Notes in Computer Science,2009(5931): 157-166.

[6] Elisa Bertino,Federica Paci,Rodolfo Ferrini. Privacy-preserving Digital Identity Management for Cloud Computing[J].Bulletin of the IEEE Computer Society Technical Committee on Data Engineering, 2009,32(1):21-27.

[7] Z. Hao,S. Zhong,N. Yu. A Time-Bound Ticket-Based Mutual Authentication Scheme for Cloud Computing[J]. International Journal of Computers, Communications & Control, 2011,6(2):227-235.

[8] Zhang Qikun, Li Yuanzhang, Song Danjie,Tan Yuan. Alliance-Authentication Protocol in Clouds Computing Environment [J]. China Communications, 2012, 9(7) : 43-54.

[9] Zheng Jun, Guo Xianchen, Zhang Quanxin, Zhang Qikun. A cross domain authentication protocol based on ID[J]. International Journal of Computer Science Issues, 2013, 10(1): 264-270.

[10] Zh. Lei, Q. Wu, Q. Bo, J. Domingo Ferrer. Asymmetric group key agreement protocol for open networks and its application to broadcast encryption[J]. Computer Networks 2011(55): 3246–3255.

[11] 王崇霞, 高美真, 刘倩, 周贤伟. 混合云联合身份认证与密钥协商协议设计[J].电信科学, 2014,30(4) : 95-100.

Wang Chongxia, Gao Meizhen, Liu Qian, Zhou Xianwei. Design of Identity Based on Authentication and Key Agreement Protocol for Hybrid Cloud[J]. Telecommunication Science, 2014,30(4) : 95-100.(in Chinese)

[12] 彭华熹. 一种基于身份的多信任域认证模型[J]. 计算机学报, 2006, 29(8):1271-1282.

Peng Huaxi. An Identity-Based Authentication Model for Multi-Domain[J].Chinese Journal of Computers, 2006, 29(8):1271-1282.(in Chinese)

[13] Kata, J., & Lindell, Y. Introduction to modern cryptography[M]. New York: CRC Press, 2007.

[14] 汪定,马春光,张启明. 一种强口令认证方案的攻击和改进[J]. 计算机科学, 2012,39(6) : 72-76.

Wang Ding, Ma Chunguang, Zhang Qiming. Attacks and Improvements on a Strong-password Authentication Scheme[J]. Computer Science, 2012,39(6) : 72-76.(in Chinese)
 
Options
文章导航

/