云计算中面向数据安全的身份认证策略研究

doi:10.3969/j.issn.1671-1122.2017.03.012

信息网络安全 ›› 2017, Vol. 17 ›› Issue (3): 72-77.doi: 10.3969/j.issn.1671-1122.2017.03.012

云计算中面向数据安全的身份认证策略研究

国杰彬¹, 李运发²(), 张大军³

1.宁波市公安局鄞州分局,浙江宁波 315000
2.杭州电子科技大学计算机学院,浙江杭州 310018
3.宁波市公安局,浙江宁波 315000

收稿日期:2016-11-15 出版日期:2017-03-20 发布日期:2020-05-12
作者简介:
作者简介：国杰彬（1979—）,男,浙江,工程师,本科,主要研究方向为网络安全管理;李运发（1969—）,男,湖北,副教授,博士,主要研究方向为系统安全、云计算、虚拟机、性能评估等;张大军（1972—）,男,辽宁,工程师,本科,主要研究方向为网络安全。
基金资助:
国家自然科学基金[61472112]

Research on an Authentication Strategy for Data Security in Cloud Computing

Jiebin GUO¹, Yunfa LI²(), Dajun ZHANG³

1. Yinzhou Branch Bureau of Ningbo Public Security Bureau, Ningbo Zhejiang 315000, China
2. School of Computer Science and Technology, Hangzhou Dianzi University, Hangzhou Zhejiang 310018, China
3. Ningbo Public Security Bureau, Ningbo Zhejiang 315000; China

Received:2016-11-15 Online:2017-03-20 Published:2020-05-12

摘要/Abstract

摘要：

随着虚拟化技术的不断发展,云计算得到了广泛的应用,越来越多的用户喜欢将数据存储在云端,因此如何在云计算中对动态变化的数据用户进行身份认证就显得十分重要。为了解决这个问题,基于用户属性,文章提出了一种面向数据安全的身份认证策略。针对注册用户和非注册用户,分别提出了一种面向注册用户的身份认证方法和一种面向本地代理服务器的身份认证方法。构建了一种加密代理服务器并提出了一种改进的HE-RSA加密算法,构成了面向数据安全的身份认证策略。为了证明这种身份认证策略的有效性,文章对其安全性、可扩展性和效率进行了分析,结果表明在云计算中使用这种身份认证策略能够确保数据资源的安全性并具有良好的可扩展性和效率。

关键词: 云计算, 数据安全, 身份认证

Abstract:

With the rapid development of virtualization technology, cloud computing begin to be widely used in data processing, data analysis. Data are usually stored to cloud server by more and more users. Thus, it becomes a challenge problem that how to protect the security of data in cloud computing. In order to solve this problem, we propose an authentication strategy for data security in cloud computing based on the attributes of user. We first put forward a kind of identity authentication methods for registered users. Then, we propose an authentication method for local agent server in view of the unregistered users. We build an encryption agent server and improve HE-RSA encryption algorithm. All these constitute the identity authentication strategy for data security. In order to show the effectiveness of the identity authentication strategy, the security, the scalability and the efficiency of this strategy are analyzed. The results show the strategy can ensure the security of data resources and has good scalability and efficiency in cloud computing.

Key words: cloud computing, data security, identity authentication

中图分类号:

TP393.08

国杰彬, 李运发, 张大军. 云计算中面向数据安全的身份认证策略研究[J]. 信息网络安全, 2017, 17(3): 72-77.

Jiebin GUO, Yunfa LI, Dajun ZHANG. Research on an Authentication Strategy for Data Security in Cloud Computing[J]. Netinfo Security, 2017, 17(3): 72-77.

图/表 1

参考文献 22

[1]	CHEN L,CHEN X S,JIANG J F,et al.Research and Practice of Dynamic Network Security Architecture for IaaSPlatforms[J].Tsinghua Science and Technology,2014,19(5):496-507.
[2]	LI H,DAI Y,TIAN L,et al.Identity-Based Authentication for Cloud Computing[C]// Springer.Proceedings of the First International Conference on Cloud Computing, December 1 - 4, 2009. Beijing, China.BerlinHeidelberg:Springer, 2009: 157-166.
[3]	CRAMTON J, LIM, HW, et al.What can Identity-Based Cryptography Offer toWeb Services[C]// ACM. Proceedings ofthe 2007 ACM Workshop on Secure Web Services, Fairfax, VA, USA.New York:ACM,2007,26-36.
[4]	ABAWAJY J.Determining Service Trustworthiness in InterCloud Computing Environments[C]//IEEE.Proceedings of the 10th International Symposium on Pervasive Systems,Kaohsiung, Taiwan,China.New York:IEEE,2009, 784-788.
[5]	KANG L, ZHANG X.Identity-Based Authentication in Cloud Storage Sharing[C]//IEEE.IEEE International Conference on Multimedia Information Networking and Security,Nanjing, China.New York:IEEE,2010, 851-855.
[6]	LIN R H, WU B D, YANG F C,et al.An Efficient Adaptive Failure Detection Mechanism for Cloud Platform based on VolterraSeries[J].China Communications ,2014, 11(4): 1-12.
[7]	YANG K, JIA X.An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing[J].IEEE Transactions on Parallel and Distributed Systems,2013, 24(9):1717-1726.
[8]	CHOUDHURY AJ, KUMAR P, SAIN M,et al.AStrong User Authentication Framework for Cloud Computing[C]// IEEE.Proceedings ofIEEE Asia-Pacific Services Computing Conference (APSCC), JejuIsland, South Korea.New York:IEEE,2011:110-115.
[9]	KHAN RH, YLITALO J, AHMED AS.OpenID Authentication as aService in OpenStack[C]// IEEE.Proceedings of the 7th International Conference onInformation Assurance and Security (IAS)Melaka, Malaysia.New York:IEEE,2011:372-377.
[10]	CHEN TH, YEH H, SHIH WK.An Advanced ECCDynamic ID-Based Remote Mutual Authentication Scheme for CloudComputing[C]//IEEE.Proceedings ofthe 5th FTRA International Conference Multimediaand Ubiquitous Engineering (MUE), Loutraki, Greece.New York:IEEE,2011:155-159.
[11]	ARSHAD J, TOWNEND P, XU J.A Novel Intrusion Severity Analysis Approach for Clouds[J].Future Generation Computer Systems, 2013, 29: 416-428.
[12]	RONG C, NGUYEN ST, JAATUN MG.Beyond Lightning: A Survey on Security Challenges in Cloud Computing[J].Computers and Electrical Engineering, 2013, 39: 47-54.
[13]	KSHETRI N.PrivacyandSecurityIssuesinCloudComputing:TheRoleof InstitutionsandInstitutionalevolution[J].Telecommunications Policy,2013,37: 372-386.
[14]	DONG X, YU J, LUO Y, CHEN Y,et al.Achieving An Effective, Scalable andPrivacy-preserving Data Sharing Servicein Cloud Computing[J].Computers &security, 2014, 42:151-164.
[15]	MACKAY M, BAKER T, AL-YASIRI A.Security-oriented Cloud Computing Platform for CriticalInfrastructures[J].Computer Law &Security Review, 2012, 28: 679-686.
[16]	WEI L, ZHU H, CAO Z,et al.Security and Privacy for Storage and Computation in CloudComputing[J].Information Sciences, 2014, 258: 371-386.
[17]	冯登国,张敏,张妍,等. 云计算安全研究[J].软件学报, 2011, 22(1):71-83.
[18]	张辉,王伟,郭栋. 一种基于微服务范式的桌面云构建框架[J]. 信息网络安全,2017(2):35-42.
[19]	吴吉义, 沈千里, 章剑林, 等. 云计算: 从云安全到可信云[J].计算机研究与发展,2011,48:229-233.
[20]	张大军,李运发,郑周. 云计算中数据资源的安全共享机制[J].信息网络安全,2012(8):79-82.
[21]	AIHASIB A, HAQUE A M.A Comparative Study of the Performance and Security Issues of AES and RSA Cryptography[C]// ICCIT .Proceedings of the 3rd International Conference on Convergence and Hybrid Information Technology (ICCIT), November 11-13 ,2008,Busan.New York:IEEE,2008:505-510.
[22]	KOCHER P C.Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems[C]// CRYPTO'96.Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO'96), August 18 - 22, 1996 ,London. London :Springer-Verlag , 1996:104-113.

云计算中面向数据安全的身份认证策略研究

Research on an Authentication Strategy for Data Security in Cloud Computing

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 1

参考文献 22

相关文章 15

编辑推荐

Metrics

本文评价

[1]	傅智宙, 王利明, 唐鼎, 张曙光. 基于同态加密的HBase二级密文索引方法研究[J]. 信息网络安全, 2020, 20(4): 55-64.
[2]	刘渊, 乔巍. 云环境下基于Kubernetes集群系统的容器网络研究与优化[J]. 信息网络安全, 2020, 20(3): 36-44.
[3]	刘晓芬, 陈晓峰, 连桂仁, 林崧. 基于d级单粒子的可认证多方量子秘密共享协议[J]. 信息网络安全, 2020, 20(3): 51-55.
[4]	白嘉萌, 寇英帅, 刘泽艺, 查达仁. 云计算平台基于角色的权限管理系统设计与实现[J]. 信息网络安全, 2020, 20(1): 75-82.
[5]	张富友, 王琼霄, 宋利. 基于生物特征识别的统一身份认证系统研究[J]. 信息网络安全, 2019, 19(9): 86-90.
[6]	任良钦, 王伟, 王琼霄, 鲁琳俪. 一种新型云密码计算平台架构及实现[J]. 信息网络安全, 2019, 19(9): 91-95.
[7]	余奕, 吕良双, 李肖坚, 王天博. 面向移动云计算场景的动态网络拓扑描述语言[J]. 信息网络安全, 2019, 19(9): 120-124.
[8]	王紫璇, 吕良双, 李肖坚, 王天博. 基于共享存储的OpenStack虚拟机应用分发策略[J]. 信息网络安全, 2019, 19(9): 125-129.
[9]	崔艳鹏, 冯璐铭, 闫峥, 蔺华庆. 基于程序切片技术的云计算软件安全模型研究[J]. 信息网络安全, 2019, 19(7): 31-41.
[10]	葛新瑞, 崔巍, 郝蓉, 于佳. 加密云数据上支持可验证的关键词排序搜索方案[J]. 信息网络安全, 2019, 19(7): 82-89.
[11]	田春岐, 李静, 王伟, 张礼庆. 一种基于机器学习的Spark容器集群性能提升方法[J]. 信息网络安全, 2019, 19(4): 11-19.
[12]	赵谱, 崔巍, 郝蓉, 于佳. 一种针对El-Gamal数字签名生成的安全外包计算方案[J]. 信息网络安全, 2019, 19(3): 81-86.
[13]	张振峰, 张志文, 王睿超. 网络安全等级保护2.0云计算安全合规能力模型[J]. 信息网络安全, 2019, 19(11): 1-7.
[14]	张顺, 陈张凯, 梁风雨, 石润华. 基于Bell态的量子双向身份认证协议[J]. 信息网络安全, 2019, 19(11): 43-48.
[15]	张敏, 许春香, 黄闽英. 远程医疗环境下面向多服务器的轻量级多因子身份认证协议研究[J]. 信息网络安全, 2019, 19(10): 42-49.