【摘要】：作為一種新興的計算模式,云計算越來越受到人們的關(guān)注。在云計算中,云用戶通過采用向云端請求服務(wù)的方式獲取大量的軟硬件資源。然而,云服務(wù)的透明性使得用戶對數(shù)據(jù)不再擁有控制權(quán),且云服務(wù)提供商的可信性不易評估,云安全問題就顯得尤為重要。云計算是根據(jù)用戶的服務(wù)請求為其提供服務(wù)并進(jìn)行相應(yīng)操作,因此,在云計算環(huán)境下如何能夠進(jìn)行安全有效的身份認(rèn)證是云用戶和云服務(wù)提供商都關(guān)注的問題�；谀壳霸普J(rèn)證技術(shù)在效率和安全性上存在的缺陷,本文分別從公有云或私有云環(huán)境、混合云環(huán)境兩個方面對云計算中的身份認(rèn)證技術(shù)進(jìn)行研究。 針對公有云或私有云環(huán)境中云認(rèn)證技術(shù)中安全性不高、實現(xiàn)復(fù)雜等問題,本文提出一種適用于云環(huán)境的基于ECC的動態(tài)口令認(rèn)證方案。該方案是基于云用戶和云服務(wù)提供商兩方來實現(xiàn)雙向認(rèn)證的,通過使用橢圓曲線密碼技術(shù)加強(qiáng)了對口令的保護(hù),增加了口令修改的功能,并能夠抵抗如重放攻擊、中間人攻擊、特權(quán)內(nèi)部人員攻擊、冒充攻擊、拒絕服務(wù)攻擊等多種攻擊方式,從而提高了方案的安全性。與現(xiàn)有云認(rèn)證方案進(jìn)行比較發(fā)現(xiàn),該方案既操作簡單又加強(qiáng)了對口令的保護(hù),同時也提高了目前云認(rèn)證技術(shù)的安全性和效率 針對混合云環(huán)境中,云用戶在不同的公有云注冊導(dǎo)致需要記憶大量的用戶名和口令,而公有云則需要維護(hù)大量的用戶注冊信息,加重了其負(fù)擔(dān)。該種方式既不便利,又增加了公有云的管理成本,而且公有云中的用戶注冊表極易成為攻擊者的攻擊目標(biāo),系統(tǒng)的安全性比較低。針對該問題,本文提出一種適用于混合云環(huán)境的基于ECC的3PAKE的跨云認(rèn)證協(xié)議。在該方案中,云用戶在私有云的幫助下實現(xiàn)與公有云之間高效安全的雙向認(rèn)證,并在雙方認(rèn)證完成后生成會話密鑰。在隨機(jī)預(yù)言模型下證明了該協(xié)議具有前向安全性,并能夠抵抗竊取驗證元攻擊、口令猜測攻擊、假冒攻擊和修改攻擊等多種攻擊方式。通過與其它方案進(jìn)行比較發(fā)現(xiàn),該協(xié)議在效率和安全性上都具有一定優(yōu)勢。該方案既減輕了公有云的負(fù)擔(dān),也降低了對公有云的安全要求,適用于擁有海量用戶的混合云環(huán)境。
[Abstract]:As a new computing model, cloud computing has attracted more and more attention. In cloud computing, cloud users obtain a large number of software and hardware resources by requesting services from the cloud. However, the transparency of cloud services makes users no longer have control over the data, and the credibility of cloud service providers is not easy to evaluate, so cloud security is particularly important. Cloud computing is to provide services to users according to their service requests and carry out corresponding operations. Therefore, how to carry out secure and effective identity authentication in cloud computing environment is a concern of both cloud users and cloud service providers. Based on the shortcomings of cloud authentication technology in efficiency and security, this paper studies the identity authentication technology in cloud computing from two aspects: public cloud environment or private cloud environment and hybrid cloud environment. In order to solve the problems of low security and complex implementation of cloud authentication technology in public or private cloud environment, this paper proposes a dynamic password authentication scheme based on ECC, which is suitable for cloud environment. The scheme is based on two-way authentication between cloud users and cloud service providers. Through the use of Elliptic Curve Cryptography (Elliptic Curve Cryptography), the password protection is strengthened, the password modification function is added, and the ability to resist replay attacks and man-in-the-middle attacks. The security of the scheme is improved by many attack modes, such as privilege internal attack, impersonation attack, denial of service attack and so on. Compared with the existing cloud authentication schemes, it is found that the scheme not only has the advantages of simple operation and strengthened password protection, but also improves the security and efficiency of the current cloud authentication technology for hybrid cloud environment. The registration of cloud users in different public clouds results in the need to remember a large number of user names and passwords, while the public cloud needs to maintain a large number of user registration information, which adds to its burden. This method is not only not convenient, but also increases the management cost of the public cloud, and the user registration table in the public cloud is easy to become the target of attackers, and the security of the system is relatively low. In order to solve this problem, this paper proposes a cross-cloud authentication protocol based on ECC for hybrid cloud environment. In this scheme, cloud users realize efficient and secure bidirectional authentication with the help of private cloud, and generate session key after mutual authentication is completed. Under the random prophecy model, it is proved that the protocol has forward security and can resist many attack modes, such as stealing authentication element attack, password guessing attack, fake attack and modification attack. Compared with other schemes, the protocol has some advantages in efficiency and security. This scheme not only reduces the burden of public cloud, but also reduces the security requirements of public cloud, and is suitable for hybrid cloud environment with large number of users.
【學(xué)位授予單位】：蘭州理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前8條

1 劉林東;鄔依林;;基于云計算的USBKey身份認(rèn)證技術(shù)研究[J];廣東第二師范學(xué)院學(xué)報;2011年05期

2 曹陽;洪岐;余冬梅;;基于橢圓曲線密碼體制的OTP身份認(rèn)證方案[J];計算機(jī)與數(shù)字工程;2011年10期

3 張建勛;古志民;鄭超;;云計算研究進(jìn)展綜述[J];計算機(jī)應(yīng)用研究;2010年02期

4 薛凱;李海霞;楊樹國;;一種針對云計算登陸問題的認(rèn)證技術(shù)[J];科學(xué)技術(shù)與工程;2011年06期

5 謝琪;吳吉義;王貴林;劉文浩;陳德人;于秀源;;云計算中基于可轉(zhuǎn)換代理簽密的可證安全的認(rèn)證協(xié)議[J];中國科學(xué):信息科學(xué);2012年03期

6 陳康;鄭緯民;;云計算:系統(tǒng)實例與研究現(xiàn)狀[J];軟件學(xué)報;2009年05期

7 馮登國;張敏;張妍;徐震;;云計算安全研究[J];軟件學(xué)報;2011年01期

8 李健;張笈;;PKI在云計算中的應(yīng)用研究[J];信息網(wǎng)絡(luò)安全;2011年08期

相關(guān)博士學(xué)位論文 前2條

1 朱智強(qiáng);混合云服務(wù)安全若干理論與關(guān)鍵技術(shù)研究[D];武漢大學(xué);2011年

2 李凌;云計算服務(wù)中數(shù)據(jù)安全的若干問題研究[D];中國科學(xué)技術(shù)大學(xué);2013年

，

本文編號：2496037