面向云隐私保护系统的安全认证与授权技术的研究与实现

发布时间：2018-03-26 21:18

本文选题：云计算　切入点：隐私保护　出处：《北京邮电大学》2014年硕士论文

【摘要】：随着云计算的快速发展,越来越多的企业将数据和服务外包给云服务提供商,存储在云端的服务器中。但是由于云服务器不可信、企业无法控制数据的传输和存储位置等因素,使得云计算在快速发展的同时,隐私安全问题也日益突出。云隐私保护系统使用零知识证明技术、Paillier同态加密技术、DES加解密等技术,提供了一种隐私保护机制,解决了典型SaaS云服务(如发布-订阅服务)中隐私数据的安全性及完整性。同时,随着互联网的快速发展,数据共享和开放的需求日益迫切。因此,如何安全地将云隐私保护系统的隐私保护服务向第三方应用开放,具有非常重要的研究意义。本文旨在解决云计算环境下如何将隐私保护机制与认证授权技术有效结合、如何开放云隐私保护系统的隐私保护服务的问题。基于OAuth2.0的认证与授权技术,利用基于HMAC-SHA1的数字签名等技术,本文设计并实现了面向云隐私保护系统的安全认证与授权系统。本文首先研究了()Auth2.0的认证与授权流程、存在的安全风险,分析了云隐私保护系统的隐私保护机制,分析和总结了doorkeeper、新浪微博OAuth等开源OAuth库的实现方案；然后,基于MVC的分层设计思想,使用Rails语言实现了面向云隐私保护系统的安全认证与授权系统。本系统不仅可以对外提供基于HTTPS的认证与授权接口及资源接口,供第三用应用认证、授权、获取隐私保护服务；同时,本系统向管理员和用户提供管理界面,使得用户可以掌控全局,随时了解第三方应用的访问情况,以便发生危险时及时取消第三方应用的授权,使得认证与授权系统更加安全。最后,通过全面细致的测试,验证本系统可行。
[Abstract]:With the rapid development of cloud computing, more and more enterprises outsource data and services to cloud service providers and store them in cloud servers. With the rapid development of cloud computing, privacy security issues are becoming increasingly prominent. Cloud privacy protection systems use zero-knowledge proof technology, Paillier homomorphic encryption technology, des encryption and decryption technology, to provide a privacy protection mechanism. It solves the security and integrity of privacy data in typical SaaS cloud services (such as publish-subscribe service). At the same time, with the rapid development of the internet, the demand of data sharing and openness becomes more and more urgent. How to safely open the privacy protection service of cloud privacy protection system to third party application has very important research significance. This paper aims to solve the problem of how to effectively combine privacy protection mechanism with authentication authorization technology in cloud computing environment and how to open the privacy protection services of cloud privacy protection system. Using digital signature technology based on HMAC-SHA1, this paper designs and implements a security authentication and authorization system for cloud privacy protection system. This paper analyzes the privacy protection mechanism of cloud privacy protection system, analyzes and summarizes the implementation schemes of open source OAuth libraries such as doordoorkeeper, Sina Weibo and so on. Then, the layered design idea based on MVC is introduced. The security authentication and authorization system for cloud privacy protection system is implemented by using Rails language. This system can not only provide authentication and authorization interface and resource interface based on HTTPS, but also provide the third application authentication, authorization and privacy protection service. At the same time, the system provides a management interface for administrators and users, so that users can control the overall situation and know the access situation of third-party applications at any time, in order to cancel the authorization of third-party applications in case of danger. Make the authentication and authorization system more secure. Finally, through a comprehensive and detailed test, verify the feasibility of the system.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】