云环境下远程用户身份认证技术研究
发布时间:2019-06-10 00:49
【摘要】:作为一种新兴的计算模式,云计算越来越受到人们的关注。在云计算中,云用户通过采用向云端请求服务的方式获取大量的软硬件资源。然而,云服务的透明性使得用户对数据不再拥有控制权,且云服务提供商的可信性不易评估,云安全问题就显得尤为重要。云计算是根据用户的服务请求为其提供服务并进行相应操作,因此,在云计算环境下如何能够进行安全有效的身份认证是云用户和云服务提供商都关注的问题。基于目前云认证技术在效率和安全性上存在的缺陷,本文分别从公有云或私有云环境、混合云环境两个方面对云计算中的身份认证技术进行研究。 针对公有云或私有云环境中云认证技术中安全性不高、实现复杂等问题,本文提出一种适用于云环境的基于ECC的动态口令认证方案。该方案是基于云用户和云服务提供商两方来实现双向认证的,通过使用椭圆曲线密码技术加强了对口令的保护,增加了口令修改的功能,并能够抵抗如重放攻击、中间人攻击、特权内部人员攻击、冒充攻击、拒绝服务攻击等多种攻击方式,从而提高了方案的安全性。与现有云认证方案进行比较发现,该方案既操作简单又加强了对口令的保护,同时也提高了目前云认证技术的安全性和效率 针对混合云环境中,云用户在不同的公有云注册导致需要记忆大量的用户名和口令,而公有云则需要维护大量的用户注册信息,加重了其负担。该种方式既不便利,又增加了公有云的管理成本,而且公有云中的用户注册表极易成为攻击者的攻击目标,系统的安全性比较低。针对该问题,本文提出一种适用于混合云环境的基于ECC的3PAKE的跨云认证协议。在该方案中,云用户在私有云的帮助下实现与公有云之间高效安全的双向认证,并在双方认证完成后生成会话密钥。在随机预言模型下证明了该协议具有前向安全性,并能够抵抗窃取验证元攻击、口令猜测攻击、假冒攻击和修改攻击等多种攻击方式。通过与其它方案进行比较发现,该协议在效率和安全性上都具有一定优势。该方案既减轻了公有云的负担,也降低了对公有云的安全要求,适用于拥有海量用户的混合云环境。
[Abstract]:As a new computing model, cloud computing has attracted more and more attention. In cloud computing, cloud users obtain a large number of software and hardware resources by requesting services from the cloud. However, the transparency of cloud services makes users no longer have control over the data, and the credibility of cloud service providers is not easy to evaluate, so cloud security is particularly important. Cloud computing is to provide services to users according to their service requests and carry out corresponding operations. Therefore, how to carry out secure and effective identity authentication in cloud computing environment is a concern of both cloud users and cloud service providers. Based on the shortcomings of cloud authentication technology in efficiency and security, this paper studies the identity authentication technology in cloud computing from two aspects: public cloud environment or private cloud environment and hybrid cloud environment. In order to solve the problems of low security and complex implementation of cloud authentication technology in public or private cloud environment, this paper proposes a dynamic password authentication scheme based on ECC, which is suitable for cloud environment. The scheme is based on two-way authentication between cloud users and cloud service providers. Through the use of Elliptic Curve Cryptography (Elliptic Curve Cryptography), the password protection is strengthened, the password modification function is added, and the ability to resist replay attacks and man-in-the-middle attacks. The security of the scheme is improved by many attack modes, such as privilege internal attack, impersonation attack, denial of service attack and so on. Compared with the existing cloud authentication schemes, it is found that the scheme not only has the advantages of simple operation and strengthened password protection, but also improves the security and efficiency of the current cloud authentication technology for hybrid cloud environment. The registration of cloud users in different public clouds results in the need to remember a large number of user names and passwords, while the public cloud needs to maintain a large number of user registration information, which adds to its burden. This method is not only not convenient, but also increases the management cost of the public cloud, and the user registration table in the public cloud is easy to become the target of attackers, and the security of the system is relatively low. In order to solve this problem, this paper proposes a cross-cloud authentication protocol based on ECC for hybrid cloud environment. In this scheme, cloud users realize efficient and secure bidirectional authentication with the help of private cloud, and generate session key after mutual authentication is completed. Under the random prophecy model, it is proved that the protocol has forward security and can resist many attack modes, such as stealing authentication element attack, password guessing attack, fake attack and modification attack. Compared with other schemes, the protocol has some advantages in efficiency and security. This scheme not only reduces the burden of public cloud, but also reduces the security requirements of public cloud, and is suitable for hybrid cloud environment with large number of users.
【学位授予单位】:兰州理工大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2496037
[Abstract]:As a new computing model, cloud computing has attracted more and more attention. In cloud computing, cloud users obtain a large number of software and hardware resources by requesting services from the cloud. However, the transparency of cloud services makes users no longer have control over the data, and the credibility of cloud service providers is not easy to evaluate, so cloud security is particularly important. Cloud computing is to provide services to users according to their service requests and carry out corresponding operations. Therefore, how to carry out secure and effective identity authentication in cloud computing environment is a concern of both cloud users and cloud service providers. Based on the shortcomings of cloud authentication technology in efficiency and security, this paper studies the identity authentication technology in cloud computing from two aspects: public cloud environment or private cloud environment and hybrid cloud environment. In order to solve the problems of low security and complex implementation of cloud authentication technology in public or private cloud environment, this paper proposes a dynamic password authentication scheme based on ECC, which is suitable for cloud environment. The scheme is based on two-way authentication between cloud users and cloud service providers. Through the use of Elliptic Curve Cryptography (Elliptic Curve Cryptography), the password protection is strengthened, the password modification function is added, and the ability to resist replay attacks and man-in-the-middle attacks. The security of the scheme is improved by many attack modes, such as privilege internal attack, impersonation attack, denial of service attack and so on. Compared with the existing cloud authentication schemes, it is found that the scheme not only has the advantages of simple operation and strengthened password protection, but also improves the security and efficiency of the current cloud authentication technology for hybrid cloud environment. The registration of cloud users in different public clouds results in the need to remember a large number of user names and passwords, while the public cloud needs to maintain a large number of user registration information, which adds to its burden. This method is not only not convenient, but also increases the management cost of the public cloud, and the user registration table in the public cloud is easy to become the target of attackers, and the security of the system is relatively low. In order to solve this problem, this paper proposes a cross-cloud authentication protocol based on ECC for hybrid cloud environment. In this scheme, cloud users realize efficient and secure bidirectional authentication with the help of private cloud, and generate session key after mutual authentication is completed. Under the random prophecy model, it is proved that the protocol has forward security and can resist many attack modes, such as stealing authentication element attack, password guessing attack, fake attack and modification attack. Compared with other schemes, the protocol has some advantages in efficiency and security. This scheme not only reduces the burden of public cloud, but also reduces the security requirements of public cloud, and is suitable for hybrid cloud environment with large number of users.
【学位授予单位】:兰州理工大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前8条
1 刘林东;邬依林;;基于云计算的USBKey身份认证技术研究[J];广东第二师范学院学报;2011年05期
2 曹阳;洪岐;余冬梅;;基于椭圆曲线密码体制的OTP身份认证方案[J];计算机与数字工程;2011年10期
3 张建勋;古志民;郑超;;云计算研究进展综述[J];计算机应用研究;2010年02期
4 薛凯;李海霞;杨树国;;一种针对云计算登陆问题的认证技术[J];科学技术与工程;2011年06期
5 谢琪;吴吉义;王贵林;刘文浩;陈德人;于秀源;;云计算中基于可转换代理签密的可证安全的认证协议[J];中国科学:信息科学;2012年03期
6 陈康;郑纬民;;云计算:系统实例与研究现状[J];软件学报;2009年05期
7 冯登国;张敏;张妍;徐震;;云计算安全研究[J];软件学报;2011年01期
8 李健;张笈;;PKI在云计算中的应用研究[J];信息网络安全;2011年08期
相关博士学位论文 前2条
1 朱智强;混合云服务安全若干理论与关键技术研究[D];武汉大学;2011年
2 李凌;云计算服务中数据安全的若干问题研究[D];中国科学技术大学;2013年
,本文编号:2496037
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2496037.html
