云环境中基于身份认证密码体制的密钥管理问题研究
发布时间:2018-11-07 16:42
【摘要】:在信息技术快速发展的今天,信息安全技术已成为整个互联网保驾护航的利器。如今随着云计算技术的逐步普及,用户隐私遭到泄露的事件却频频发生。如何在云计算的环境中安全地进行密钥管理,防止用户身份被冒充已成为迫切需要解决的问题。安全的密钥管理方案可以有效地抵御网络攻击者的非法攻击。目前,对基于证书的密钥管理和基于身份的密钥管理的研究,已取得较多成果。但是,对于云计算环境中的密钥管理方案的研究,公开成果还较少。本文对有关密钥管理方案进行了研究与分析。考虑到基于证书的密钥管理结构在密钥托管上的安全性,适合在大规模网络环境中应用,而基于身份的密钥管理方案在效率方面的显著提升等特点,提出了一种基于秘密共享思想的密钥管理改进方案。本文主要研究工作如下。(1)对一个云计算环境中的三方口令交换认证协议进行了研究与分析。该协议通过私有云作为中间机构,私有云所属用户和公共云分别在私有云处进行身份和身份口令的注册,私有云进行密钥托管和秘密分发。借由私有云分别转发公有云和用户的身份认证消息码,通信的双方最终实现身份认证。在面向跨平台、多用户的云环境中,该认证协议可以抵抗用户身份的伪造攻击。(2)本文重点研究了基于身份的密钥管理方案的特点。在Chen等人于文献中提出的多方共管方案的基础上,提出了一种改进的基于身份认证的密钥管理方案。和原方案中简单的增加多个PKG中心不同,改进的密钥管理方案中,设置的多个PKG中心采用了分层结构。同层的多个PKG组成环形结构以响应不同群体的用户。通过可验证的门限秘密共享技术,每一层的PKG个体均可以验证其他节点子密钥持有者,判断其是否诚实。分层结构用以保证密钥的独立性和动态性,成环结构用以规避密钥集中托管,提高效率。改进方案解决了原方案中的两个问题:PKG中心自身诚信造成的密钥托管问题和设置多PKG的系统效率问题。(3)分析了本文提出的方案在云环境中的应用。通过环形的结构满足了云环境中用户的分布式需求;在同层中可有多个环,以实现云环境中的高扩展性;环与环之间是彼此可信连接的,以达到云中跨平台的目的。并通过仿真分析得出,同等条件下,该方案在效率和存储方面的结果均优于IBC和PKI的加密认证算法。安全性方面,在最底层的用户端结合三方口令交换协议,能抵抗云环境中的离线口令穷尽猜测攻击,保证了用户端与云端之间身份认证过程中的密钥安全。
[Abstract]:With the rapid development of information technology, information security technology has become a sharp weapon to protect the whole Internet. Nowadays, with the gradual popularization of cloud computing technology, user privacy has been leaked frequently. How to manage the key safely in the cloud computing environment and prevent the user identity from being impersonated has become an urgent problem to be solved. A secure key management scheme can effectively resist illegal attacks by network attackers. At present, many achievements have been made in the research of certificate-based key management and identity-based key management. However, the research of key management scheme in cloud computing environment, the public results are still less. In this paper, the key management scheme is studied and analyzed. Considering the security of certificate-based key management structure in key escrow, which is suitable for large-scale network environment, and the significant improvement in efficiency of identity-based key management scheme, An improved key management scheme based on secret sharing is proposed. The main work of this paper is as follows. (1) A three-party password exchange authentication protocol in a cloud computing environment is studied and analyzed. The protocol uses private cloud as intermediate organization. Private cloud users and public clouds register identity and identity password in private cloud. Private cloud is used for key escrow and secret distribution. By transmitting the identity authentication message code of the public cloud and the user respectively by the private cloud, the two sides of the communication finally realize the identity authentication. In cross-platform and multi-user cloud environments, the authentication protocol can resist user identity forgery attacks. (2) this paper focuses on the characteristics of identity-based key management scheme. Based on the multi-party co-management scheme proposed by Chen et al in the literature, an improved key management scheme based on identity authentication is proposed. Different from the simple addition of multiple PKG centers in the original scheme, in the improved key management scheme, the multiple PKG centers are layered. Multiple PKG in the same layer form a ring structure to respond to different groups of users. By using the verifiable threshold secret sharing technique, the PKG individuals in each layer can verify the sub-key holders of other nodes and judge whether they are honest or not. The hierarchical structure is used to ensure the independence and dynamic of the key, and the ring structure is used to avoid the key set escrow and improve the efficiency. The improved scheme solves two problems in the original scheme: the key escrow problem caused by the credit of PKG center itself and the system efficiency problem of setting up multiple PKG. (3) the application of the proposed scheme in cloud environment is analyzed. The ring structure meets the distributed needs of users in the cloud environment; there can be multiple rings in the same layer to achieve high scalability in the cloud environment; the rings and rings are trusted to connect each other to achieve the purpose of cross-platform in the cloud. The simulation results show that the efficiency and storage efficiency of the scheme are better than that of IBC and PKI encryption and authentication algorithms under the same conditions. In the aspect of security, the bottom layer of the client, combined with the three-way password exchange protocol, can resist the off-line password exhaustive guessing attack in the cloud environment, and ensure the security of the key in the authentication process between the client and the cloud.
【学位授予单位】:西南交通大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN918.4
,
本文编号:2316945
[Abstract]:With the rapid development of information technology, information security technology has become a sharp weapon to protect the whole Internet. Nowadays, with the gradual popularization of cloud computing technology, user privacy has been leaked frequently. How to manage the key safely in the cloud computing environment and prevent the user identity from being impersonated has become an urgent problem to be solved. A secure key management scheme can effectively resist illegal attacks by network attackers. At present, many achievements have been made in the research of certificate-based key management and identity-based key management. However, the research of key management scheme in cloud computing environment, the public results are still less. In this paper, the key management scheme is studied and analyzed. Considering the security of certificate-based key management structure in key escrow, which is suitable for large-scale network environment, and the significant improvement in efficiency of identity-based key management scheme, An improved key management scheme based on secret sharing is proposed. The main work of this paper is as follows. (1) A three-party password exchange authentication protocol in a cloud computing environment is studied and analyzed. The protocol uses private cloud as intermediate organization. Private cloud users and public clouds register identity and identity password in private cloud. Private cloud is used for key escrow and secret distribution. By transmitting the identity authentication message code of the public cloud and the user respectively by the private cloud, the two sides of the communication finally realize the identity authentication. In cross-platform and multi-user cloud environments, the authentication protocol can resist user identity forgery attacks. (2) this paper focuses on the characteristics of identity-based key management scheme. Based on the multi-party co-management scheme proposed by Chen et al in the literature, an improved key management scheme based on identity authentication is proposed. Different from the simple addition of multiple PKG centers in the original scheme, in the improved key management scheme, the multiple PKG centers are layered. Multiple PKG in the same layer form a ring structure to respond to different groups of users. By using the verifiable threshold secret sharing technique, the PKG individuals in each layer can verify the sub-key holders of other nodes and judge whether they are honest or not. The hierarchical structure is used to ensure the independence and dynamic of the key, and the ring structure is used to avoid the key set escrow and improve the efficiency. The improved scheme solves two problems in the original scheme: the key escrow problem caused by the credit of PKG center itself and the system efficiency problem of setting up multiple PKG. (3) the application of the proposed scheme in cloud environment is analyzed. The ring structure meets the distributed needs of users in the cloud environment; there can be multiple rings in the same layer to achieve high scalability in the cloud environment; the rings and rings are trusted to connect each other to achieve the purpose of cross-platform in the cloud. The simulation results show that the efficiency and storage efficiency of the scheme are better than that of IBC and PKI encryption and authentication algorithms under the same conditions. In the aspect of security, the bottom layer of the client, combined with the three-way password exchange protocol, can resist the off-line password exhaustive guessing attack in the cloud environment, and ensure the security of the key in the authentication process between the client and the cloud.
【学位授予单位】:西南交通大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN918.4
,
本文编号:2316945
本文链接:https://www.wllwen.com/kejilunwen/wltx/2316945.html
