| As a new computing model, cloud computing has aroused people’s attention more and more. In the computing environment, the cloud user obtains a large number of IT hardware and software resources by way of sending a request for service. However, users have no control over the data owing to the transparency of cloud services and the credibility of the cloud service provider is not easy to assess, so cloud security issues become increasingly important. Cloud computing proceeds related operations according to user’s service requests, therefore, how to realize safe and efficient identity authentication in cloud environment is the main content for cloud users and cloud service providers. Due to the cloud authentication techniques flaws on the efficiency and security, this thesis does research on identity authentication in clouds from the two aspects of the public cloud or private cloud environment and the hybrid cloud environment.To solve the problem of low security and complex realization in cloud authentication in the public cloud or the private cloud environment, an ECC dynamic password-based authentication scheme is proposed in this thesis which realizes mutual authentication between the cloud user and the cloud service provider. The scheme adopts elliptic curve cryptography, adds password change phase and resists a variety of attacks such as replay attack, man in the middle attack, insider attack, impersonation attack and denial of service attack. Hence, the security of scheme is improved. Compared with existing cloud authentication schemes, this scheme not only operates simply, but also strengthens the protection of password. Password-based authentication used can improve the security and efficiency of the current cloud authentication schemes.In the hybrid cloud environment, users need to register in the different public cloud platforms, leading users to remember a large number of usernames and passwords. Simultaneously, the public cloud needs to maintain a large amount of information of registered users and the burden of the public cloud is increased. This method is not convenient and increases the cost of management. The user’s registry in the public cloud is highly vulnerable to be attacked and the security of the cloud system is relatively low. To solve this problem, an ECC-based3PAKE(three-party password authentication key exchange) cross-cloud authentication scheme is proposed in this thesis. With the help of private cloud in this scheme, the user achieves efficient and secure mutual authentication with public cloud, and session key is generated after completion of authentication. The scheme is proved to be forward secure in the random oracle model and resists attacks such as stolen verifier attack, password guessing attack, impersonation attack and modification attack. Compared with other schemes, the protocol has certain advantages in efficiency and security. In addition, the scheme reduces the burden and security requirements of the public cloud. From the above, this scheme is applicable to the hybrid cloud which has a large numbers of users. |
PDF Full Text Request