Design And Optimization On Key Management System In Cloud Computing

Key management system, as the critical system to provide data integrity, data confidentiality,authentication, access control for information security，its research and design has always been acommon focus in fields of information security and systems engineering. The characteristics ofvirtualization, resource sharing, openness and scalability of cloud computing lead a tremendousshock and challenge to the deployment of traditional key management system. At present, it is anurgent problem to design and deploy key management system for cloud computing.According to the characteristics and the requirements of cloud computing environment keymanagement, the architecture, principles, services interfaces and protocols of key managementsystem is designed systemically, and the evaluation and selection methods of key service agentsin the system is optimized. The main works are as follows:1. Owing to the characteristics of big key species、large key numbers and complex keyapplication scenarios in cloud computing, three key management models of public cloud, privatecloud and hybrid cloud is presented based on three deployment models of cloud; then the systemarchitecture of cloud key management is designed for the code application scenario in publiccloud environment and its basic working principle is proposed; the key management client isdesigned specifically from the aspects of the function module and the structure of cryptologyservice domain based on the system architecture, and the cloud key service management center isdesigned from two aspects of cloud key service agent selection and evaluation subsystem andcloud key service agent; finally the key query, certificate verification, certificate registration, keyrevocation and key recovery,which are the main elements of key management system serviceinterface, and cloud key management protocol is defined.2. In the cloud Computing key management system architecture of the paper proposed,aiming at the framework of cloud key service agent evaluation and selection, an index system ofcloud key service agent’s capability is established; the key service agent’s capability is analyzedand modeled based on membership degree theory and is evaluated by cloud gravity centermethod；and cloud gravity center method is optimized with comprehensive variable weight andcomprehensive evaluation method, then the service selection strategy is proposed.3. The proposed method of cloud key service agent’s ability evaluation and selection issimulated and analyzed on the extended cloudSim platform and is compared with RandomDispatch and Round-Roubin, the results demonstrate that, the proposed method is able toimprove the load balance of cloud key service agent and responding time of users’ key management requests.