【摘要】：在信息技術(shù)快速發(fā)展的今天,信息安全技術(shù)已成為整個互聯(lián)網(wǎng)保駕護航的利器。如今隨著云計算技術(shù)的逐步普及,用戶隱私遭到泄露的事件卻頻頻發(fā)生。如何在云計算的環(huán)境中安全地進行密鑰管理,防止用戶身份被冒充已成為迫切需要解決的問題。安全的密鑰管理方案可以有效地抵御網(wǎng)絡(luò)攻擊者的非法攻擊。目前,對基于證書的密鑰管理和基于身份的密鑰管理的研究,已取得較多成果。但是,對于云計算環(huán)境中的密鑰管理方案的研究,公開成果還較少。本文對有關(guān)密鑰管理方案進行了研究與分析�？紤]到基于證書的密鑰管理結(jié)構(gòu)在密鑰托管上的安全性,適合在大規(guī)模網(wǎng)絡(luò)環(huán)境中應(yīng)用,而基于身份的密鑰管理方案在效率方面的顯著提升等特點,提出了一種基于秘密共享思想的密鑰管理改進方案。本文主要研究工作如下。(1)對一個云計算環(huán)境中的三方口令交換認(rèn)證協(xié)議進行了研究與分析。該協(xié)議通過私有云作為中間機構(gòu),私有云所屬用戶和公共云分別在私有云處進行身份和身份口令的注冊,私有云進行密鑰托管和秘密分發(fā)。借由私有云分別轉(zhuǎn)發(fā)公有云和用戶的身份認(rèn)證消息碼,通信的雙方最終實現(xiàn)身份認(rèn)證。在面向跨平臺、多用戶的云環(huán)境中,該認(rèn)證協(xié)議可以抵抗用戶身份的偽造攻擊。(2)本文重點研究了基于身份的密鑰管理方案的特點。在Chen等人于文獻(xiàn)中提出的多方共管方案的基礎(chǔ)上,提出了一種改進的基于身份認(rèn)證的密鑰管理方案。和原方案中簡單的增加多個PKG中心不同,改進的密鑰管理方案中,設(shè)置的多個PKG中心采用了分層結(jié)構(gòu)。同層的多個PKG組成環(huán)形結(jié)構(gòu)以響應(yīng)不同群體的用戶。通過可驗證的門限秘密共享技術(shù),每一層的PKG個體均可以驗證其他節(jié)點子密鑰持有者,判斷其是否誠實。分層結(jié)構(gòu)用以保證密鑰的獨立性和動態(tài)性,成環(huán)結(jié)構(gòu)用以規(guī)避密鑰集中托管,提高效率。改進方案解決了原方案中的兩個問題：PKG中心自身誠信造成的密鑰托管問題和設(shè)置多PKG的系統(tǒng)效率問題。(3)分析了本文提出的方案在云環(huán)境中的應(yīng)用。通過環(huán)形的結(jié)構(gòu)滿足了云環(huán)境中用戶的分布式需求；在同層中可有多個環(huán),以實現(xiàn)云環(huán)境中的高擴展性；環(huán)與環(huán)之間是彼此可信連接的,以達(dá)到云中跨平臺的目的。并通過仿真分析得出,同等條件下,該方案在效率和存儲方面的結(jié)果均優(yōu)于IBC和PKI的加密認(rèn)證算法。安全性方面,在最底層的用戶端結(jié)合三方口令交換協(xié)議,能抵抗云環(huán)境中的離線口令窮盡猜測攻擊,保證了用戶端與云端之間身份認(rèn)證過程中的密鑰安全。
[Abstract]:With the rapid development of information technology, information security technology has become a sharp weapon to protect the whole Internet. Nowadays, with the gradual popularization of cloud computing technology, user privacy has been leaked frequently. How to manage the key safely in the cloud computing environment and prevent the user identity from being impersonated has become an urgent problem to be solved. A secure key management scheme can effectively resist illegal attacks by network attackers. At present, many achievements have been made in the research of certificate-based key management and identity-based key management. However, the research of key management scheme in cloud computing environment, the public results are still less. In this paper, the key management scheme is studied and analyzed. Considering the security of certificate-based key management structure in key escrow, which is suitable for large-scale network environment, and the significant improvement in efficiency of identity-based key management scheme, An improved key management scheme based on secret sharing is proposed. The main work of this paper is as follows. (1) A three-party password exchange authentication protocol in a cloud computing environment is studied and analyzed. The protocol uses private cloud as intermediate organization. Private cloud users and public clouds register identity and identity password in private cloud. Private cloud is used for key escrow and secret distribution. By transmitting the identity authentication message code of the public cloud and the user respectively by the private cloud, the two sides of the communication finally realize the identity authentication. In cross-platform and multi-user cloud environments, the authentication protocol can resist user identity forgery attacks. (2) this paper focuses on the characteristics of identity-based key management scheme. Based on the multi-party co-management scheme proposed by Chen et al in the literature, an improved key management scheme based on identity authentication is proposed. Different from the simple addition of multiple PKG centers in the original scheme, in the improved key management scheme, the multiple PKG centers are layered. Multiple PKG in the same layer form a ring structure to respond to different groups of users. By using the verifiable threshold secret sharing technique, the PKG individuals in each layer can verify the sub-key holders of other nodes and judge whether they are honest or not. The hierarchical structure is used to ensure the independence and dynamic of the key, and the ring structure is used to avoid the key set escrow and improve the efficiency. The improved scheme solves two problems in the original scheme: the key escrow problem caused by the credit of PKG center itself and the system efficiency problem of setting up multiple PKG. (3) the application of the proposed scheme in cloud environment is analyzed. The ring structure meets the distributed needs of users in the cloud environment; there can be multiple rings in the same layer to achieve high scalability in the cloud environment; the rings and rings are trusted to connect each other to achieve the purpose of cross-platform in the cloud. The simulation results show that the efficiency and storage efficiency of the scheme are better than that of IBC and PKI encryption and authentication algorithms under the same conditions. In the aspect of security, the bottom layer of the client, combined with the three-way password exchange protocol, can resist the off-line password exhaustive guessing attack in the cloud environment, and ensure the security of the key in the authentication process between the client and the cloud.
【學(xué)位授予單位】：西南交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TN918.4
，

本文編號：2316945