A cross-trust domain authentication method for distributed network system

Abstract

The invention discloses a cross-trust domain authentication method for a distributed network system. The method adopts a distributed key generation based on an elliptic curve cryptosystem and a threshold signature mechanism to construct a virtual bridge authentication center VBCA, and uses the virtual bridge authentication center to VBCA completes the cross-domain interactive authentication between different trust domain entities in the distributed network system. The inventive method is universal to various organizational structures, agile and dynamic, low cost, short authentication path, high bit security, high efficiency and easy hardware It is beneficial to solve the problem of cross-domain interactive authentication between entities in different trust domains in a dynamic distributed network system with limited terminal resources or communication bandwidth. In cloud computing and cloud storage networks, Internet of Things, wireless sensor networks, It has broad application prospects in agile manufacturing systems and virtual organizations.

Description

technical field [0001] The invention relates to a cross-trust domain authentication method for a distributed network system. Background technique [0002] With the rapid development of information technology and the widespread popularization of network applications, distributed applications in a cross-domain large-scale network environment have gradually become a new focus issue in the IT industry and academia because of their intensification, scale and high scalability. In dynamic distributed network applications such as cloud computing and cloud storage networks, Internet of Things, wireless sensor networks, agile manufacturing systems, and virtual organizations, collaboration across regions and trust domains is inevitable, and there are frequent interactions or large-scale interactions between multiple systems. Scale data flow. In order to ensure the safe and efficient sharing of data between systems in different trust domains that are dynamically loosely coupled, it is ...

AI Technical Summary

Problems solved by technology

However, it is not easy to find a trusted third party that all domains trust in the actual environment, and the cost of temporarily establishing and maintaining a third-party bridge certification authority is relatively high

[0004] Document 2 "An Improved Virtual Enterprise Security Interaction Model Based on Threshold RSA Signature" (Zhang Wenfang, Wang Xiaomin, He Dake. Computer Research and Development, 2012, 49(8): 1662-1667) proposed a virtual enterprise-oriented cross- Domain authentication method, by building a virtual authentication center trusted by all member enterprise domains, to complete cross-domain authentication between entities in different trust domains, which reduces system operating costs to a certain extent, but the virtual authentication center cannot fully realize bridge authentication The role of the center

At the same time, this method uses the threshold RSA signature system to realize the creation, operation and maintenance of the virtual certification center. Due to the particularity of the RSA key structure, it must introduce a special key distribution organization to complete the generation and distribution of the virtual certification center key. The key distribution organization is likely to become a system security bottleneck, so there is a hidden danger of private key leakage of the virtual certification center

In addition, because the method is implemented by the RSA public key cryptographic algorithm, compared with the elliptic curve cryptosystem, its bit security and operating efficiency are lower, the key is longer, and the communication volume is larger.

Document 3 "Virtual Enterprise Security Interactive Authentication Scheme Against Alliance Attacks" (Zhang Yaling, Zhang Jing, Wang Xiaofeng. Computer Integrated Manufacturing System-CIMS, 2008, 14(7): 1410-1416 "gives a threshold-based DSA signature system Compared with the elliptic curve cryptosystem, the virtual authentication center cross-domain authentication method also has the problems of low bit security, low operating efficiency, long key, and large communication volume.

Since the certificate issuance process of this method must require the leader's enterprise domain to participate, when the leader cannot provide services in time due to busy business and other reasons, it will become a bottleneck in the efficiency of the system operation

In addition, this method cannot resist collusion attacks from internal members of the virtual enterprise

In summary, the above-mentioned cross-domain authentication method based on the virtual authentication center has the following disadvantages: the virtual authentication center cannot fundamentally realize the role of the bridge authentication center, the system cannot realize distributed operation, and there are certain security and efficiency bottlenecks. DSA and RSA signatures are constructed, so there are problems such as low bit security, low efficiency, long keys, large communication volume, and difficult hardware implementation, which cannot effectively solve the dynamic distributed system under the condition of limited terminal resources or communication bandwidth. cross-domain interactive authentication

Images