Font Size: a A A

Research On Key Technology Of Authentication And Key Negotiation In Cloud Computing Environment

Posted on:2015-10-22Degree:DoctorType:Dissertation
Country:ChinaCandidate:F XieFull Text:PDF
GTID:1108330467456435Subject:Management of engineering and industrial engineering
Abstract/Summary:PDF Full Text Request
In recent years, as a new model for the use of IT resources, relying on its strong computingpower, on-demand service, high reliability and low IT infrastructure investment, Cloud Compu-ting attracts more attention from the academia, industry, government and other people from allwalks of life. Security is the most key issue for Cloud Computing in its development process,and the reason why most users avoid cloud computing system is that they are afraid that data se-curity and privacy security cannot be ensured in cloud computing. The frequently-occurringcloud security incidents have also confirmed that this fear is not alarmist.However the Cloud Computing system is built and whatever delivery model is adopted, da-ta transmission is always one of the most frequent operations in Cloud Computing and the mostvulnerable link where the security problems frequently occur. Transmission encryption technol-ogy shall be used on the basis of the identity authentication to ensure that data transmission hasrealized confidentiality, integrity, availability, non-repudiation and other security objectives.In the traditional open system, identity authentication is mainly a one-way authentication,namely the user identity is authenticated by the server, and only the authenticated users can usethe system to provide services. Considering the complexity of Cloud Computing environmentwhere there are not only illegal users but also malicious servers, these "Black Clouds" are easy toacquire a large number of user data and with larger a greater harmfulness. Therefore, users in thecloud environment shall also authenticate the authenticity of servers, namely the two-way au-thentication between the user and the server.The encrypted data transmission requires the communication parties to jointly agree a ses-sion key and use the key for the symmetric encryption of data to be transmitted. Authenticationand Key Agreement is used in the network information security technology to complete the iden-tity authentication and establish a task to share the session key. Password-based authentication isstill the most convenient and the most widely-used technology for identity authentication. Theclassical key exchange protocol based on password authentication is the shared password (orverification element) between the server and the client;the client identity is authenticated by theserver with the shared information, and the session key is agreed by the two parties. The fol- low-up researchers also put forward some key exchange protocols based on password authenti-cation, but there are still some problems no matter from the protocol itself or from the applica-tion environment of Cloud Computing.Therefore, this paper discusses the password authentication and key agreement protocol inthe Cloud Computing environment from the point of improving the security of Cloud Computing.The main research achievements are as follows:First, in view of the questions of authentication and key agreement between client and serv-er,3two-way authentication and key agreement protocols are proposed, with their security areanalyzed and proven subsequently.This paper analyzes and discusses the most common two-way (both client and server) au-thentication and key agreement in the Cloud Computing environment. On the basis of EKE pro-tocol by Bellovin and Merritt, a authentication and key agreement protocol with shared key isfirstly put forward, and the protocol security is proved under CK01model; a authentication andkey agreement protocol based on password and public key system is then put forward to effec-tively resist the attacks caused by the reveal of password and temporary key; given the relativelyhigh cost of a public key system, a two-way key agreement protocol based on verification ele-ment is also provided, and its security and efficiency are analyzed.Secondly, according to the problem of two client’s authentication and key agreement ofsingle cloud, put forward two protocols of authentication and key agreement which assised bythird-party.This paper analyzes and discusses the authentication and key agreement of two clients insingle cloud. Given that the passwords to be maintained for each client are huge and difficult topopularize and apply if any two clients directly carry out the authentication and key agreement, athird party server is introduced to solve this problem; the secret is shared between the two clientswith the aid of server to facilitate the authentication and key agreement, namely the so-called3PAKE which is actually the two-way authentication with the aid of a third party. This paperfirstly introduces the S-3PAKE protocol proposed by Lu et al, and analyzes its security. Consid-ering the existing loopholes, this paper introduces a two-way key agreement protocol based onpassword authentication with the aid of a third party, and analyzes its security; given that the protocol under the equilibrium model is vulnerable to be revealed and attacked by server, thispaper introduces the VB-3PAKE protocol, and analyzes its security.Third, for a cloud computing environment cross-domain authentication and key agreementproblems, and puts forward two protocols: PKI-based cross-domain client password authentica-tion and key agreement protocol; verifier-based cross-domain password authentication and keyagreement protocol.This paper analyzes and discusses the cross-domain password authentication and keyagreement in the Cloud Computing environment. Given that a third party server is introduced tohelp two clients in the same cloud to carry out the authentication and key agreement, the twocross-domain clients respectively carry out the password authentication and key agreement withthe aid of their own domain servers, namely the so-called4PAKE which is actually the two-wayauthentication with the aid of two servers. This paper firstly introduces the influential Byun2007protocol, and analyzes its security. The PKI-based cross-domain password authentication andkey agreement protocol is proposed, and it is analyzed that this protocol can provide better secu-rity but the PKI construction is difficult; the cross-domain password authentication and keyagreement protocol based on verification element is proposed, and it is analyzed that this proto-col can provide better security under the same execution efficiency when comparing to someother cross-domain protocols.Fourth, according to the authentication and secret key agreement of the users’ group in theenvironment of the cloud computing, put forward a new agreement protocol of group’s keywhich based on password authentication.This paper introduces the authentication and key agreement carried out by user groups in theCloud Computing environment, and analyzes the security of sharing session key established be-tween the several existing typical groups of users; on this basis, this paper introduces a newgroup key exchange protocol based on password authentication, and analyzes its security whichis proved under the standard model. Its security is obviously enhanced under the basically samecomputing efficiency and communication efficiency.
Keywords/Search Tags:two-way authentication, key agreement protocol, single sign-on (SSO), password authentication, verification element, Cross-Domain authentication
PDF Full Text Request
Related items