| With the development of cloud computing, various cloud service providers are trying toachieve the integration of services on the same infrastructure platform. So they need for acomprehensive and secure sign-on unified authentication mechanism. Unified authenticationmechanism generally require the center control point, which forces service providers to accepthis authority passively. This authentication model cannot meet the large-scale mixed opencloud services model in which relationships between providers are complex, since bothcooperation and competition are in there.The relationship among cloud computing service providers is becoming more and morecomplex, single sign-on architecture could be confronted with the problems (such as securitybottleneck, mandatory dependencies, key escrow, etc.) brought by central authority. Trying tosolve these problems, a decentralized authentication mechanism using hierarchicalidentity-based cryptography is proposed in this paper. The secret value of central authoritywill be shared by service providers, as a result, providers’ability of self-control is guaranteed.The most important work of central authority is replaced by the corporation among mainparticipants in the first level. Fake public key idea and sliding window can increase theattacking difficulty of adversary. Cross domain authentication and key exchanging method arealso supported. The proof of the correctness and safety are also given. Based on comparinganalysis, our scheme has superiority on not relying on central authority, without certificatesmaintenance, no key escrow, cross-domain authentication, monitoring mechanism and so on. |
PDF Full Text Request