Research On Key Establishment Protocol And Its Application In Cloud Storage

In all kinds of network applications, the realization of communication of confidentiality, data integrity and the authentication sex in suspect and open network is the most popular concern. The fundamental guarantee of the realization the three security service is the safety of the secret key, because of the openness of modern password system and agreement. We hope to establish safe channel communications subject which should be able to run safe agreement. The safe agreement, which called secret key management agreement, can generate the secret key. Many scholars initiated a great deal of research work and have made great achievements in secret key management, but there are still Problems that need to be resolved, and we should do further research. This Report focuses on secret key management technology and its application in the network-based virtual disk. Paper main research works are as follows:In dynamic and large-scale groups, the overhead of key generating and key updating is usually relevant to the group size, which becomes a performance bottleneck in achieving scalability. Therefore, scalable group key management protocol, which is independent from group size, is the basis for wide applications of group communication. The paper proposes a novel key management protocol, which designates un-trusted routers of Internet as transmitting nodes to organize a hierarchical key material transmitting tree for transmitting information that can generate Session Encryption Key (SEK). Members of group that are partitioned into subgroups attach to different transmitting nodes, and compute SEK using received key material and own secret parameter. The load of key management can be shared by the transmitting nodes which can not reveal the content of group communications, and the overhead for key management of each transmitting node is independent of the group size. In addition, the new protocol conduces to constant computation and communication overhead during key updating.Group key agreement protocols provide efficient security mechanisms for distributed applications which are spread across multiple computing resources. Existing protocols are limited by the use of Public Key Infrastructures (PKI), which needs more computation overhead or by their scalability, requiring more communication rounds linear in the number of group members. In order to overcome these shortcomings, this paper proposes a two-party passwore-based authenticated key agreement (TPAKA) protocol which against dictionary attacks. The proposed protocol achieves authentication using password-based encryption, and is provably secure under the Computational Gap Diffie-Hellman (CGDH) assumption. By analysis and comparison, the protocol achieves efficiency in terms of both computation complexity and communication overhead.TPAKA protocol is quite practical for client-server architecture. However, it is not suitable for large-scale client-to-client communication environments. TPAKA protocol requires each pair of communicating entities to share a password, which is very inconvenient in key management for large-scale client-to-client communication environments. To avoid this inconvenience, a TTP-based two-party authenticated key exchange (TTP-TPAKE) protocol is proposed. This protocol can be completed in five steps and three rounds, and communicating entities can authenticate each other and establish a session key through a trusted third-party. A formal proof was presented to demonstrate the AKE security and the MA security of the proposed TTP-TPAKE protocol in the ideal cipher model and random oracle model.Along with the development of the process of information, data resource management gets more and more attention of the enterprise. But it often meets the following questions:firstly, as the lack of safety security, file would be stolen or lost. Secondly, mass file storage, which burden the server, lead to low efficiency. Finally, it is not easy to operate and manage file access. So we developed the network virtual disk system based on cloud computing, the system used the Key agreement technology, combined identity authentication, SHA-2 hash function, AES Transparent encryption, file fingerprint, cloud platform management, disaster tolerance with the sharing the examination and approval, which based on authority control. The system has a variety of functions, such as local virtual disk data encryption, Data remote backup and sharing the examination, and guarantees the security of user data. It comprehensively tested the function and safety, which designed based on cloud computing network virtual disk.