本文選題：云計(jì)算安全體系結(jié)構(gòu) + 密鑰更新�。� 參考：《北京科技大學(xué)》2016年博士論文

【摘要】：近年來(lái),隨著計(jì)算機(jī)行業(yè)的迅猛發(fā)展,作為網(wǎng)絡(luò)計(jì)算功能新標(biāo)志的云計(jì)算越來(lái)越受到廣泛關(guān)注。這種付費(fèi)使用的分布式計(jì)算給IT產(chǎn)業(yè)帶來(lái)諸多優(yōu)勢(shì),比如為了滿足用戶的不同需求實(shí)時(shí)擴(kuò)展資源、提供更快的計(jì)算服務(wù)、大幅度降低運(yùn)營(yíng)成本等。盡管現(xiàn)階段云計(jì)算受歡迎的程度與日俱增,然而云計(jì)算同時(shí)也帶來(lái)了嚴(yán)峻的安全問(wèn)題,這在很大程度上影響了云計(jì)算的應(yīng)用,因此,和傳統(tǒng)模型相比,在云計(jì)算中保證終端用戶的機(jī)密性和完整性更具挑戰(zhàn)性。此外,云服務(wù)通常是多租戶服務(wù),這意味著一個(gè)單獨(dú)的基礎(chǔ)設(shè)施、平臺(tái)或軟件同時(shí)為多個(gè)相互不可信的用戶提供服務(wù),因此,加強(qiáng)這些數(shù)據(jù)的機(jī)密性保護(hù)是亟待解決的難題。密鑰管理是數(shù)據(jù)保護(hù)的基礎(chǔ)措施之一,進(jìn)一步研究解決這個(gè)問(wèn)題,對(duì)于整體提升云計(jì)算的安全性和實(shí)用性具有重大意義。本論文以橢圓曲線、隨機(jī)預(yù)言機(jī)模型和哈希函數(shù)等數(shù)學(xué)工具,從云計(jì)算安全體系結(jié)構(gòu)、密鑰更新、重加密、數(shù)字簽名和組密鑰協(xié)商協(xié)議等方面進(jìn)行研究,主要工作如下：1)提出了新的云計(jì)算安全體系結(jié)構(gòu)。在體系結(jié)構(gòu)中添加支持身份管理認(rèn)證的,基于時(shí)限的密鑰管理方案和改進(jìn)后的基于訪問(wèn)密鑰層次結(jié)構(gòu)的密鑰管理方案,實(shí)現(xiàn)細(xì)粒度的訪問(wèn)控制以及支持云計(jì)算安全網(wǎng)絡(luò)的可擴(kuò)展性。在成員加入或離開時(shí)能夠高效地進(jìn)行密鑰更新,減少了密鑰推導(dǎo)和簽名檢查階段的計(jì)算時(shí)間。方案增強(qiáng)了云計(jì)算安全體系結(jié)構(gòu)的安全性、實(shí)用性和完整性。2)提出了新的密鑰更新方案、基于數(shù)據(jù)重加密的方案以及無(wú)證書數(shù)字簽名方案。密鑰更新方案基于密鑰策略的屬性加密方案(KP-ABE),支持可擴(kuò)展性和層次結(jié)構(gòu)訪問(wèn)而不需要復(fù)雜的數(shù)據(jù)結(jié)構(gòu)。采用新密鑰更新方案提出一個(gè)以用戶為中心的隱私保護(hù)密碼訪問(wèn)控制協(xié)議,在不依賴于任何特定的云供應(yīng)商的情況下,實(shí)現(xiàn)安全性、高效靈活性以及隱私保護(hù)。在BBS加密和E1Gamal密碼系統(tǒng)的基礎(chǔ)上提出基于代理的重加密方案,但是在發(fā)生數(shù)據(jù)訪問(wèn)時(shí),必須使用非對(duì)稱密鑰進(jìn)行重加密且保證代理必須是完全可信的。針對(duì)這些缺陷,提出云供應(yīng)商負(fù)責(zé)重加密任務(wù)的方案,所有數(shù)據(jù)重加密操作都由云供應(yīng)商負(fù)責(zé),增強(qiáng)了可擴(kuò)展性。任何授權(quán)用戶都可以直接在云中寫和讀加密的數(shù)據(jù),實(shí)現(xiàn)了更快速的訪問(wèn)。組成員關(guān)系發(fā)生變化時(shí),這個(gè)方案會(huì)保證數(shù)據(jù)的機(jī)密性以及前向保密性和后向保密性。針對(duì)一些早期CL-DS方案大多數(shù)都使用了雙線性對(duì)和MTP函數(shù)導(dǎo)致計(jì)算開銷大,且不能抵抗不同攻擊等缺陷,使用ECC設(shè)計(jì)一個(gè)高效安全的低計(jì)算開銷的方案。通過(guò)CL-PKC中兩種敵手做兩個(gè)挑戰(zhàn)-應(yīng)答游戲,定義方案的攻擊模型,可證明方案在自適應(yīng)選擇消息和身份攻擊下存在性不可偽造。3)提出了一個(gè)新的認(rèn)證組密鑰協(xié)商協(xié)議。針對(duì)低功率移動(dòng)設(shè)備采用傳統(tǒng)的基于PKI的認(rèn)證組密鑰協(xié)商協(xié)議,導(dǎo)致計(jì)算效率較低、開銷較大等問(wèn)題,設(shè)計(jì)一個(gè)基于ECC的認(rèn)證組密鑰協(xié)商協(xié)議。新協(xié)議有以下主要特點(diǎn)：1.無(wú)需使用雙線性對(duì)和MTP運(yùn)算；2.能抵抗已知攻擊；3.成員的加入和離開更加靈活：4.協(xié)議棄用公鑰認(rèn)證的CA并且通過(guò)IBC和ECC減少了計(jì)算開銷,提高了計(jì)算效率;5.在移動(dòng)云網(wǎng)絡(luò)中容易實(shí)現(xiàn)。
[Abstract]:In recent years, with the rapid development of the computer industry, the cloud computing, as a new symbol of network computing, has attracted more and more attention. This paid use of distributed computing brings many advantages to the IT industry, such as expanding resources to meet the different needs of the users, providing faster computing services, and greatly reducing the cost of operation. In spite of the increasing popularity of cloud computing at the present stage, cloud computing has also brought serious security problems, which greatly affects the application of cloud computing. Therefore, it is more challenging to ensure the confidentiality and integrity of end users in cloud computing compared with traditional models. In addition, cloud services are usually multi tenants. Service, which means that a single infrastructure, platform or software provides services for multiple untrusted users at the same time. Therefore, it is an urgent problem to strengthen the protection of these data confidentiality. Key management is one of the basic measures for data protection. It is of great significance. In this paper, some mathematical tools such as elliptic curve, random oracle model and hash function are used to study the cloud computing security architecture, key update, reencryption, digital signature and group key agreement protocol. The main work is as follows: 1) a new cloud computing security architecture is proposed. In the system, a time based key management scheme and an improved key management scheme based on the access key hierarchy are added to achieve fine-grained access control and support for the scalability of the cloud computing security network. The computing time of the key derivation and signature checking phase. The scheme enhances the security of the security architecture of the cloud computing security architecture, practicality and integrity.2) to propose a new key update scheme, the scheme based on the data re encryption and the certificate free digital signature scheme. The key update scheme is based on the key policy based attribute encryption scheme (KP-ABE). Extensibility and hierarchical access without complex data structures. A user centric privacy protection cryptographic access control protocol is proposed with a new key update scheme, which is secure, efficient, and privacy protected without relying on any particular cloud provider. In BBS encryption and E1Gamal cryptography, A proxy based reencryption scheme is proposed, but when data access is accessed, the asymmetric key must be reencrypted and the agent must be fully trusted. For these defects, the cloud vendor is responsible for reencrypting the task. All data re encryption operations are responsible for the cloud provider and enhanced Extensibility. Any authorized user can write and read encrypted data directly in the cloud to achieve faster access. When the group membership changes, this scheme ensures data confidentiality, forward secrecy and backward secrecy. For some early CL-DS schemes, most of the numbers use bilinear pairing and MTP function results. A high efficient and safe low computational cost scheme is designed with ECC, which can not resist different attacks such as different attacks. Two challenge response games are done by two enemies in the CL-PKC, and the attack model of the scheme is defined. It is proved that the scheme is new in the adaptive selection message and the identity attack under the existence of the non forgery.3. The authentication group key agreement protocol. For low power mobile devices using the traditional PKI based authentication group key agreement protocol, resulting in low computational efficiency and high overhead, a authentication group key negotiation protocol based on ECC is designed. The new protocol has the following main features: 1. no need to use bilinear pairing and MTP operation; 2. can resist the already Knowledge attack; the 3. members are more flexible to join and leave: the 4. protocol discarded the public key authentication CA and reduced the computing overhead through IBC and ECC, and improved the computing efficiency; 5. is easy to implement in the mobile cloud network.

【學(xué)位授予單位】：北京科技大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2016
【分類號(hào)】：TN918.4

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉曉艷;;一種基于身份認(rèn)證的多智體密鑰管理方法[J];山西財(cái)經(jīng)大學(xué)學(xué)報(bào);2007年S2期

2 王燕;陳燕俐;曹曉梅;楊庚;;無(wú)線網(wǎng)絡(luò)中一種新型密鑰管理[J];信息網(wǎng)絡(luò)安全;2009年11期

3 石強(qiáng);張欣;;可信存儲(chǔ)的密鑰管理[J];中國(guó)科技信息;2011年09期

4 趙華偉;郭強(qiáng);舒明雷;呂家亮;黃太波;;軀感網(wǎng)密鑰管理特征及研究現(xiàn)狀分析[J];計(jì)算機(jī)應(yīng)用與軟件;2012年07期

5 黃江憑,張克騫;單密鑰算法中的密鑰管理問(wèn)題[J];中國(guó)金融電腦;1999年06期

6 戴瓊海,覃毅力,張瑩;組播通信的訪問(wèn)控制和密鑰管理[J];電子學(xué)報(bào);2002年S1期

7 王國(guó)明;侯整風(fēng);;信息隱藏技術(shù)在密鑰管理中的應(yīng)用研究[J];計(jì)算機(jī)工程與設(shè)計(jì);2008年18期

8 孫磊;戴紫珊;郭錦娣;;云計(jì)算密鑰管理框架研究[J];電信科學(xué);2010年09期

9 龔敏;陸萍;;基于城市通卡的發(fā)卡與密鑰管理研究[J];福建電腦;2012年05期

10 顧冠群 ,朱艷琴 ,徐永南;密鑰管理的設(shè)計(jì)與實(shí)現(xiàn)[J];電信科學(xué);1992年02期

相關(guān)會(huì)議論文 前7條

1 劉鵬;趙戰(zhàn)生;荊繼武;戴英俠;;批發(fā)銀行業(yè)環(huán)境中的密鑰管理[A];第十次全國(guó)計(jì)算機(jī)安全學(xué)術(shù)交流會(huì)論文集[C];1995年

2 王潮;張振華;應(yīng)仲平;徐拾義;牛志華;;WSN中基于身份的分散密鑰管理研究[A];第六屆中國(guó)測(cè)試學(xué)術(shù)會(huì)議論文集[C];2010年

3 馬春光;戴膺贊;;無(wú)線傳感器網(wǎng)絡(luò)動(dòng)態(tài)密鑰管理方案綜述[A];黑龍江省計(jì)算機(jī)學(xué)會(huì)2009年學(xué)術(shù)交流年會(huì)論文集[C];2010年

4 劉文遠(yuǎn);裴繼輝;王永栓;;PKI密鑰管理系統(tǒng)的研究與設(shè)計(jì)[A];2007年全國(guó)第十一屆企業(yè)信息化與工業(yè)工程學(xué)術(shù)會(huì)議論文集[C];2007年

5 王繪麗;李冰;張曉慧;孫斌;;Ad Hoc虛擬骨干網(wǎng)中密鑰管理的研究[A];2006通信理論與技術(shù)新進(jìn)展——第十一屆全國(guó)青年通信學(xué)術(shù)會(huì)議論文集[C];2006年

6 徐瑩;徐福緣;李生琦;;層級(jí)結(jié)構(gòu)中基于一元hash函數(shù)的存取控制方法研究[A];全國(guó)第十屆企業(yè)信息化與工業(yè)工程學(xué)術(shù)年會(huì)論文集[C];2006年

7 張軼北;高寶成;;基于簇結(jié)構(gòu)分布式認(rèn)證的Shamir機(jī)制研究[A];中國(guó)電子學(xué)會(huì)第十五屆信息論學(xué)術(shù)年會(huì)暨第一屆全國(guó)網(wǎng)絡(luò)編碼學(xué)術(shù)年會(huì)論文集（上冊(cè)）[C];2008年

相關(guān)重要報(bào)紙文章 前3條

1 ;眾多存儲(chǔ)企業(yè)關(guān)注密鑰管理[N];人民郵電;2007年

2 宋家雨;密鑰管理之秘訣[N];網(wǎng)絡(luò)世界;2007年

3 江信q，

本文編號(hào)：1871625