云计算环境的身份认证的研究

发布时间：2018-03-14 01:49

本文选题：云计算　切入点：身份认证　出处：《北京工业大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着计算机技术及互联网的快速发展，云计算作为一种新兴的计算模式，已经被广泛的应用于各个领域。全球各IT企业纷纷制定和发布自己的云战略。云计算的进一步发展，给安全领域带来了新的冲击与挑战，大量的用户将其隐私数据存储在“云”中，一旦合法用户的身份被假冒，就会造成隐私数据的外泄，所以亟需提出一个安全可靠的身份认证方案来加强云计算环境的安全性。由于传统的身份认证技术只是对于人的认证，却无法保证终端平台的可信性，而且对于隐私数据传统的软件加密方式容易被破解，因此本文提出了一种基于TCM安全芯片的身份认证及隐私数据保护的方案，在本方案中用户端、第三方可信服务器和云管理器都将配置TCM芯片，以保证能够证明终端平台的可信以及利用TCM内部的密钥对来保护隐私数据。本方案利用TCM安全芯片的加密和认证等功能，提供了安全级别更高的身份认证方法，可有效防止中间人的假冒攻击及网络钓鱼；引入可信第三方服务器，对用户身份信息进行注册并统一的管理和保存，可保护用户身份信息免遭云内部恶意员工的窃取及滥用；创建私有的虚拟机节点，对用户可用数据（计算数据、存储数据等）提供安全保护及隔离功能。本文首先分析了云计算所面临的数据安全问题，并总结了国内外身份认证技术的研究现状；概要介绍了密码技术，可信计算，可信计算密码支撑平台及虚拟化技术等相关内容；然后在分析了现有身份认证方案存在的不足的基础上，提出了基于TCM安全芯片的身份认证及隐私数据保护的方案，设计了本方案中的各个功能模块，具体阐述了本身份认证方案中涉及到的四个重要阶段，包括用户身份信息注册阶段，申请并使用云服务阶段，，用户身份认证阶段和再次申请并使用云服务阶段；接着对本文提出的身份认证方案进行了详细的安全性分析，并将本方案与目前应用于云计算中的身份认证技术（OpenID单点登录协议和基于PKI的联合身份认证技术）加以比较分析；最后针对本文提出的身份认证方案的两个具体应用场景（手机云存储服务场景和网络银行云服务场景）进行了分析和描述，并简述了本方案为两个应用系统带来的好处。
[Abstract]:With the rapid development of computer technology and Internet, cloud computing, as a new computing model, has been widely used in various fields. It brings a new impact and challenge to the security field. A large number of users store their privacy data in the "cloud". Once the identity of the legitimate user is fake, it will cause the privacy data to leak out. Therefore, it is urgent to propose a secure and reliable authentication scheme to enhance the security of cloud computing environment. Because the traditional identity authentication technology is only for people's authentication, but can not guarantee the credibility of the terminal platform, and for the privacy data, the traditional software encryption method is easy to be cracked. Therefore, this paper proposes a scheme of identity authentication and privacy data protection based on TCM security chip. In this scheme, the client, third-party trusted server and cloud manager will configure TCM chip. In order to ensure the credibility of the terminal platform and to use the key pair inside TCM to protect privacy data, this scheme provides a higher security level authentication method by using the functions of encryption and authentication of TCM security chip. It can effectively prevent the fake attack of middleman and phishing, introduce trusted third party server, register and unify management and preservation of user identity information, and protect user identity information from theft and abuse by malicious employees inside the cloud. Create private virtual machine nodes to provide security protection and isolation for user available data (computational data, storage data, etc.). This paper first analyzes the data security problems faced by cloud computing, and summarizes the status quo of identity authentication technology at home and abroad, introduces the cryptography technology, trusted computing, Based on the analysis of the shortcomings of the existing authentication schemes, this paper proposes a scheme of identity authentication and privacy data protection based on TCM security chip. The function modules of this scheme are designed, and the four important stages involved in the authentication scheme are elaborated, including the registration stage of user identity information, the application and use of cloud service. The user identity authentication stage and the application and use of cloud service stage; then the security analysis of the identity authentication scheme proposed in this paper is carried out in detail. The scheme is compared with OpenID single sign-on protocol and joint identity authentication technology based on PKI, which is currently used in cloud computing. Finally, two application scenarios (mobile phone cloud storage service scenario and network bank cloud service scenario) are analyzed and described, and the benefits of this scheme for the two application systems are briefly described.
【学位授予单位】：北京工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】