Cross-cloud security certification system and method based on identifier

A security authentication and identification technology, applied in the fields of government affairs, military affairs, commerce, finance, and cryptography, it can solve the problems of heavy load, serious key escrow, tedious certificate operation problems, etc., to reduce the certificate management process, avoid security risks, The effect of simplifying the certification work

Active Publication Date: 2018-10-16
XIDIAN UNIV
View PDF3 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In 2015, Binu et al. designed a mobile-based remote identity authentication scheme in cloud service scenarios. This scheme uses a certificate management mechanism and has a heavy load; although the scheme proposed by Chen et al. can realize the two-way authentication relationship between users and CSPs , but key escrow is more serious
MishraR in the document "Anonymous Remote User Authentication and Key Agreement for CloudComputing[C] / / Proceedings of the Third International Conference on SoftComputing for Problem Solving, 2014", Dong Z, Zhang L, Li J in the document "SecurityEnhanced Anonymous Remote User Authentication and Key Agreement for CloudComputing[C] / / Computational Science and Engineering, 2014”proposes a cloud authentication scheme based on certificateless cryptography, which realizes the anonymity of user identification, but cannot resist man-in-the-middle attacks, making it impossible for cloud service providers to ensure Authenticity of user identification information
In 2016, the paper "Identity Authentication Scheme Based on PTPM and Certificateless Public Key in Cloud Environment" published by Wang Zhonghua and others proposed an identification authentication scheme, which realized the credibility of authentication results between users and cloud service providers. , but does not consider issues such as anonymity of user identity and cross-cloud authentication
[0005] The public key cryptography system based on public key infrastructure is not enough to guarantee the issuance of certificates for many users, which will bring cumbersome certificate operation problems; the public key key system based on identification has serious key escrow; the certificateless public key cryptography system is not suitable Efficient use in large cloud network environments

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-cloud security certification system and method based on identifier
  • Cross-cloud security certification system and method based on identifier
  • Cross-cloud security certification system and method based on identifier

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023]Currently, there are three main technologies to solve the identity authentication problem between users and cloud service providers. The certificate-based public key cryptosystem is suitable for large-scale networks, but the management of certificates consumes a lot of resources; the identity-based public key cryptosystem can Solve the problem of the uniqueness of cloud user identification, but it will cause key escrow; the non-certificate public key cryptosystem can effectively solve the problems in the first two authentications because it does not require a certificate and the user owns the secret value. Cannot authenticate efficiently. Aiming at the above problems, the present invention carried out innovation and research, and proposed a cross-cloud security hybrid authentication system based on identification. The identification is a group of bytes related to the user. Through the identification, the cloud system can know the user's authority and What the user is all...

Embodiment 2

[0026] The overall composition of the identity-based cross-cloud security authentication system is the same as that of Embodiment 1. In the present invention, the inter-cloud security agent connects to the authentication center and connects to each cloud domain. The inter-cloud security agent of the present invention has two responsibilities. One is Manage the digital certificates issued by the certification center, including the application, issuance, query, and issuance of the revocation list of digital certificates, etc. The second is to save the root KGC in each cloud domain r The generated system public parameters realize the transmission of information between various cloud domains in the system. In the present invention, due to the introduction of the hierarchical model, the inter-cloud security agent is endowed with a new meaning.

Embodiment 3

[0028] The overall structure of the identity-based cross-cloud security authentication system is the same as that of Embodiment 1-2. In the shared key ring structure of the sub-root of the hierarchical model of the present invention, there are n nodes, a positive integer of n≥0, and the threshold value is k. 0≤k≤n, once the sub-root KGC is maliciously attacked by the attacker, due to the effect of the threshold, the number of sub-keys must reach the threshold or above the threshold, that is to say, the attacker must attack at least k sub-keys It is possible to obtain the master key, and any sub-key below the threshold cannot restore the master key, because the equations below k cannot solve the equation system with unknown number k, and even if the attacker can forge k sub-keys The key must also fully ensure that all the k subkeys are correct to protect the security of the master key and system security. And even if KGC c One of them is attacked, and for the user's private ke...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a cross-cloud security certification system and a cross-cloud security certification method based on an identifier, in order to mainly solve the problem that cloud service providers within cloud domains securely manage privacy data of users. The cross-cloud security certification system introduces a layered identifier model and adopts a shared key ring structure, so that identity identifier of the user is unique; the user can get rid of a series of complicated certificate operations, thereby expanding a large-scale cloud network environment. The cross-cloud security certification method comprises the steps of: designing public and private key pairs for the users and the cloud service providers respectively by using the cross-cloud security certification system; sending and verifying messages; and performing key agreement to achieve identifier certification of both certification sides. The cross-cloud security certification system and the cross-cloud security certification method of the invention have the beneficial effects that: a cross-cloud certification model is built and a certificateless key agreement protocol is adopted, each link has safety protection, thus security and reliability of the whole system can be ensured; in addition, a computation complexity is low, thus certification and secure access requirements on the condition that the users in acloud environment respectively belong to different cloud domains can be met, and a practical application requirement that only one-time certification is needed for different cloud domains also can bemet.

Description

technical field [0001] The invention belongs to the technical field of cryptography, in particular to digital signatures and cross-domain authentication, and specifically to an identification-based cross-cloud security authentication system and method, which are widely used in business, government affairs, finance, military and other fields, especially cloud services . Background technique [0002] The number of cloud computing users is huge. In order to enable users to use cloud service resources with confidence, cloud service providers must manage users' private data safely, and whether the entity management of the service system is effective will directly affect the security of information services. To solve this problem, a complete identification authentication mechanism is particularly important. Authentication issues are the foundation of cloud environment trust. Only when authentication issues are resolved, users can achieve a two-way trust relationship with cloud ser...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L9/08H04L9/30
CPCH04L9/0838H04L9/3073H04L9/3263H04L9/3268H04L9/3273
Inventor 马文平赵茭茭
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap