Research Of User Authentication Based On The Identity In Cloud Computing Environment

With the rapid popularization of cloud computing, more and more users store their personal data in cloud. Because of the vast scale of cloud computing, it carries the privacy of many users, the security of cloud computing facing more severe challenges, comparing with the traditional information system. As a precondition for user to interact with the cloud, user authentication plays an important role in cloud computing security, any authentication vulnerabilities are likely to pose a security threat to user privacy information or resources. At present, the identity authentication mode in most cloud product is based on the mode, which digital certificates are the main factors. This approach requires Certificate Authority to deal with lots of certificates’issuing, storage, backup and destruction and so on, to some extent, increasing time overhead of the identity authentication process, affecting the efficiency of cloud terminal.Based on the Hadoop distributed file system, this thesis makes research and discussion on the user identity authentication, the main research work includes:1. To summarize the security issues in cloud computing and research status at home and abroad, and taking the Hadoop distributed file system as the object, to analyse the user identity authentication problems that in its work flow.2. To propose an improved cloud user identity authentication scheme. The scheme are based on Identity-Based Cryptograph, it provides the authentication when users log on the system, and the identity authentication between Client and data storage node DataNode when to write and read data. Without been certified with the main server node NameNode, even if the illegal visitors steal the legitimate users’information, When to write and read data with DataNode, in view of the principle of analogous IBE algorithm, client will not pass the authentication.3. To design and implement a cloud file management system based on Hadoop distributed file system, proposing the access control strategy of file operation by different user authorities, it can distribute different operation authorities of the same file to the users who have different identities. To bind different files to different user groups, making the users only in this group do have the file operation right. In addition, to analyse the system’s security.The innovations of this thesis include:(1) In the proposed improved user identity authentication scheme, a trusted third-party organization is abandon, the Client autonomous generate keys, simplifying much complex management problem brought from key generation, transmission and storage. Under the premise of guaranteeing the security of cloud computing, this scheme improves the efficiency of the cloud user identity authentication.(2) Based on cloud user identity authentication, the proposed security access control strategy of cloud storage file system, subdivides the user identity authority and the related group of files, improves the security of system.