| Authentication of cloud security, as the basis of cloud security, is the guarantee of other security strategy, if other security strategies can take their effect. In the present way of cloud security authentication, most of cloud products take the certificate based traditional authentication, in which certificate is the most important part. However, traditional certificate-based authentication, due to its inherent certificate operation of certificate request, certificate verification, certificate sending and so on, has lower efficiency in computational and communicating cost, which increases cloud terminal's load and makes cloud terminal have a poor scalability. In addition, certificate management of certificate granting, revocation, issuing etc also is a fussy work. In allusion to the character above, in this paper, we propose an identity-based cloud security authentication scheme which regards the hashing value of some user's legal identity as the user's public key, vivificating the user's public key only by the user's identity and the hash function, and has the characters of non-certificate, shorter key size and less interaction etc. This scheme is implemented by bilinear function, an emerging cryptographic technique, and its security is ensured by BDHP (Bilinear Diffie-Hellman Problem), in addition, in this scheme, we use exclusive or, a less cost operation, when constructs conversational key, instead of public operation in traditional authentication. By the result of the simulating experiment, we can find that the efficiency of authentication is improved much. And farther, we also analyze the reason why the SAP (SSL Authentication Protocol) has lower efficiency in computational and communicating. Longer key size, using digital certificate, interaction for many times contribute to the lower efficiency of SAP, which also displays the excellence characters of short key size, non-certificate, less interaction of Identity-based Authentication.In allusion to client's key escrow in the identity-based cloud security authentication scheme, in this paper, we propose the cloud-terminal-control-key identity based authentication scheme. In this scheme, the cloud terminal makes a pair new public key/private key according to the pair public key/private key created by Cloud End, and uses the pair new key to authenticate with Cloud End. By scheme analysis and the result of the simulating experiment, this scheme can overcome key escrow in the basis of withholding the characters of non-certificate, less interaction and short key size and so on, and increases less cost.In allusion to the scene that some corporation puts its data in hybrid cloud and the model that users authenticate directly with the public cloud when they access the corporation's data in public cloud has low efficiency. We also propose a Kerberos-based authentication model of across cloud. In this model, all of clients authenticate by "identity-based cloud security authentication scheme" or "client-control-key identity based authentication scheme" with TA (Trusted Authorization) system in the corporation private cloud, instead of authentication with the TA system of public cloud out of corporation. And then the clients access data in the public cloud by handing the ticket which was granted by the TA system of private cloud to the public cloud. This model releases the load of client; plays down the security need of client and is convenient for corporation to manage its data and to change the policy of data access; actualizes the function of Single Sign On between the private cloud and one or many public clouds. |
PDF Full Text Request