【摘要】：在信息技術(shù)快速發(fā)展的今天,信息安全技術(shù)已成為整個(gè)互聯(lián)網(wǎng)保駕護(hù)航的利器。如今隨著云計(jì)算技術(shù)的逐步普及,用戶(hù)隱私遭到泄露的事件卻頻頻發(fā)生。如何在云計(jì)算的環(huán)境中安全地進(jìn)行密鑰管理,防止用戶(hù)身份被冒充已成為迫切需要解決的問(wèn)題。安全的密鑰管理方案可以有效地抵御網(wǎng)絡(luò)攻擊者的非法攻擊。目前,對(duì)基于證書(shū)的密鑰管理和基于身份的密鑰管理的研究,已取得較多成果。但是,對(duì)于云計(jì)算環(huán)境中的密鑰管理方案的研究,公開(kāi)成果還較少。本文對(duì)有關(guān)密鑰管理方案進(jìn)行了研究與分析。考慮到基于證書(shū)的密鑰管理結(jié)構(gòu)在密鑰托管上的安全性,適合在大規(guī)模網(wǎng)絡(luò)環(huán)境中應(yīng)用,而基于身份的密鑰管理方案在效率方面的顯著提升等特點(diǎn),提出了一種基于秘密共享思想的密鑰管理改進(jìn)方案。本文主要研究工作如下。(1)對(duì)一個(gè)云計(jì)算環(huán)境中的三方口令交換認(rèn)證協(xié)議進(jìn)行了研究與分析。該協(xié)議通過(guò)私有云作為中間機(jī)構(gòu),私有云所屬用戶(hù)和公共云分別在私有云處進(jìn)行身份和身份口令的注冊(cè),私有云進(jìn)行密鑰托管和秘密分發(fā)。借由私有云分別轉(zhuǎn)發(fā)公有云和用戶(hù)的身份認(rèn)證消息碼,通信的雙方最終實(shí)現(xiàn)身份認(rèn)證。在面向跨平臺(tái)、多用戶(hù)的云環(huán)境中,該認(rèn)證協(xié)議可以抵抗用戶(hù)身份的偽造攻擊。(2)本文重點(diǎn)研究了基于身份的密鑰管理方案的特點(diǎn)。在Chen等人于文獻(xiàn)中提出的多方共管方案的基礎(chǔ)上,提出了一種改進(jìn)的基于身份認(rèn)證的密鑰管理方案。和原方案中簡(jiǎn)單的增加多個(gè)PKG中心不同,改進(jìn)的密鑰管理方案中,設(shè)置的多個(gè)PKG中心采用了分層結(jié)構(gòu)。同層的多個(gè)PKG組成環(huán)形結(jié)構(gòu)以響應(yīng)不同群體的用戶(hù)。通過(guò)可驗(yàn)證的門(mén)限秘密共享技術(shù),每一層的PKG個(gè)體均可以驗(yàn)證其他節(jié)點(diǎn)子密鑰持有者,判斷其是否誠(chéng)實(shí)。分層結(jié)構(gòu)用以保證密鑰的獨(dú)立性和動(dòng)態(tài)性,成環(huán)結(jié)構(gòu)用以規(guī)避密鑰集中托管,提高效率。改進(jìn)方案解決了原方案中的兩個(gè)問(wèn)題：PKG中心自身誠(chéng)信造成的密鑰托管問(wèn)題和設(shè)置多PKG的系統(tǒng)效率問(wèn)題。(3)分析了本文提出的方案在云環(huán)境中的應(yīng)用。通過(guò)環(huán)形的結(jié)構(gòu)滿(mǎn)足了云環(huán)境中用戶(hù)的分布式需求；在同層中可有多個(gè)環(huán),以實(shí)現(xiàn)云環(huán)境中的高擴(kuò)展性；環(huán)與環(huán)之間是彼此可信連接的,以達(dá)到云中跨平臺(tái)的目的。并通過(guò)仿真分析得出,同等條件下,該方案在效率和存儲(chǔ)方面的結(jié)果均優(yōu)于IBC和PKI的加密認(rèn)證算法。安全性方面,在最底層的用戶(hù)端結(jié)合三方口令交換協(xié)議,能抵抗云環(huán)境中的離線口令窮盡猜測(cè)攻擊,保證了用戶(hù)端與云端之間身份認(rèn)證過(guò)程中的密鑰安全。
[Abstract]:With the rapid development of information technology, information security technology has become a sharp weapon to protect the whole Internet. Nowadays, with the gradual popularization of cloud computing technology, user privacy has been leaked frequently. How to manage the key safely in the cloud computing environment and prevent the user identity from being impersonated has become an urgent problem to be solved. A secure key management scheme can effectively resist illegal attacks by network attackers. At present, many achievements have been made in the research of certificate-based key management and identity-based key management. However, the research of key management scheme in cloud computing environment, the public results are still less. In this paper, the key management scheme is studied and analyzed. Considering the security of certificate-based key management structure in key escrow, which is suitable for large-scale network environment, and the significant improvement in efficiency of identity-based key management scheme, An improved key management scheme based on secret sharing is proposed. The main work of this paper is as follows. (1) A three-party password exchange authentication protocol in a cloud computing environment is studied and analyzed. The protocol uses private cloud as intermediate organization. Private cloud users and public clouds register identity and identity password in private cloud. Private cloud is used for key escrow and secret distribution. By transmitting the identity authentication message code of the public cloud and the user respectively by the private cloud, the two sides of the communication finally realize the identity authentication. In cross-platform and multi-user cloud environments, the authentication protocol can resist user identity forgery attacks. (2) this paper focuses on the characteristics of identity-based key management scheme. Based on the multi-party co-management scheme proposed by Chen et al in the literature, an improved key management scheme based on identity authentication is proposed. Different from the simple addition of multiple PKG centers in the original scheme, in the improved key management scheme, the multiple PKG centers are layered. Multiple PKG in the same layer form a ring structure to respond to different groups of users. By using the verifiable threshold secret sharing technique, the PKG individuals in each layer can verify the sub-key holders of other nodes and judge whether they are honest or not. The hierarchical structure is used to ensure the independence and dynamic of the key, and the ring structure is used to avoid the key set escrow and improve the efficiency. The improved scheme solves two problems in the original scheme: the key escrow problem caused by the credit of PKG center itself and the system efficiency problem of setting up multiple PKG. (3) the application of the proposed scheme in cloud environment is analyzed. The ring structure meets the distributed needs of users in the cloud environment; there can be multiple rings in the same layer to achieve high scalability in the cloud environment; the rings and rings are trusted to connect each other to achieve the purpose of cross-platform in the cloud. The simulation results show that the efficiency and storage efficiency of the scheme are better than that of IBC and PKI encryption and authentication algorithms under the same conditions. In the aspect of security, the bottom layer of the client, combined with the three-way password exchange protocol, can resist the off-line password exhaustive guessing attack in the cloud environment, and ensure the security of the key in the authentication process between the client and the cloud.
【學(xué)位授予單位】：西南交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TN918.4
，

本文編號(hào)：2316945