Cross-trust-domain authentication method used for distributed network system

Abstract

The invention discloses a cross-trust-domain authentication method used for a distributed network system. According to the method, a distributed secrete key generation and threshold signature mechanism based on an elliptical curve cryptosystem is adopted to construct a virtual bridge authentication center (VBAC), and cross-domain interaction authentication between different trust domain entities in the distributed network system is completed through the VBAC. The cross-trust-domain authentication method has the advantages of being universally applicable to various organization structures, agile, dynamic, low in cost, short in authentication path, high in bit safety, high in efficiency and the like, in addition, the method can be realized by hardware easily, can easily solve the problem of cross-domain interaction authentication between the different trust domain entities of the dynamic distributed network system under the condition that terminal resources or the communication bandwidth is limited, and has wide application prospects in cloud computation, a cloud storage network, the internet of things, a wireless sensor network, an agile manufacturing system and a virtual organization.

Description

technical field [0001] The invention relates to a cross-trust domain authentication method used in a distributed network system. Background technique [0002] With the rapid development of information technology and the widespread popularization of network applications, distributed applications in cross-domain large-scale network environments have gradually become a new focus of the IT industry and academia because of their intensification, scale and high scalability. In dynamic distributed network applications such as cloud computing and cloud storage networks, the Internet of Things, wireless sensor networks, agile manufacturing systems, and virtual organizations, collaboration across regions and trust domains is inevitable, and there are frequent interactions or large-scale interactions between multiple systems. Flow of data at scale. In order to ensure the safe and efficient sharing of data between different dynamic and loosely coupled trust domain systems, it is necess...

AI Technical Summary

Problems solved by technology

However, it is not easy to find a trusted third party that all domains trust in the actual environment, and the cost of temporarily establishing and maintaining a third-party bridge certification authority is relatively high

[0004] Document 2 "An Improved Virtual Enterprise Security Interaction Model Based on Threshold RSA Signature" (Zhang Wenfang, Wang Xiaomin, He Dake. Computer Research and Development, 2012, 49(8): 1662-1667) proposed a virtual enterprise-oriented cross- Domain authentication method, by building a virtual authentication center trusted by all member enterprise domains, to complete cross-domain authentication between entities in different trust domains, which reduces system operating costs to a certain extent, but the virtual authentication center cannot fully realize bridge authentication The role of the center

At the same time, this method uses the threshold RSA signature system to realize the creation, operation and maintenance of the virtual certification center. Due to the particularity of the RSA key structure, it must introduce a special key distribution organization to complete the generation and distribution of the virtual certification center key. The key distribution organization is likely to become a system security bottleneck, so there is a hidden danger of private key leakage of the virtual certification center

In addition, because the method is implemented by the RSA public key cryptographic algorithm, compared with the elliptic curve cryptosystem, its bit security and operating efficiency are lower, the key is longer, and the communication volume is larger.

Document 3 "Virtual Enterprise Security Interactive Authentication Scheme Against Alliance Attacks" (Zhang Yaling, Zhang Jing, Wang Xiaofeng. Computer Integrated Manufacturing System-CIMS, 2008, 14(7): 1410-1416 "gives a threshold-based DSA signature system Compared with the elliptic curve cryptosystem, the virtual authentication center cross-domain authentication method also has the problems of low bit security, low operating efficiency, long key, and large communication volume.

Since the certificate issuance process of this method must require the leader's enterprise domain to participate, when the leader cannot provide services in time due to busy business and other reasons, it will become a bottleneck in the efficiency of the system operation

In addition, this method cannot resist collusion attacks from internal members of the virtual enterprise

In summary, the above-mentioned cross-domain authentication method based on the virtual authentication center has the following disadvantages: the virtual authentication center cannot fundamentally realize the role of the bridge authentication center, the system cannot realize distributed operation, and there are certain security and efficiency bottlenecks. DSA and RSA signatures are constructed, so there are problems such as low bit security, low efficiency, long keys, large communication volume, and difficult hardware implementation, which cannot effectively solve the dynamic distributed system under the condition of limited terminal resources or communication bandwidth. cross-domain interactive authentication

Images