Research On Cloud Security Identity Authentication And Access Control Based On CPK

As an emerging computing paradigm of information technology in recent years，cloud computing has been developing rapidly. Through the use of an enormouscomputing resources pool which consist of different resources in different locations, anda unified scheduling and management of resources, cloud computing provides usersdynamically scalable service, provides remarkable and innovative computing services,thus the cloud computing has great prospects for development. However, with the wideapplication of cloud computing, its serious crisis of confidence and security risks havebecome increasingly prominent.Due to users’ identity migration in the virtual environment, traditional accesscontrol techniques have limitations in the matter of centralized data storage securityprotection, which puts forward higher requirements in the identity authentication, accesscontrol management, key management. As a durable discipline, cryptology areimportant means to achieve the confidentiality of information, and that provides cloudcomputing with the most basic protection. However the cryptographic techniques usedfor authentication and access control in cloud computing environments is still in theprimary research stage. Through analysis of cloud computing security risks, this thesismainly researches application methods of CPK for authentication and access control incloud computing environment. Firstly, a cloud system authentication scheme based onCPK is proposed, which implements transfer users identity in a virtual environment viabinding of user and virtual machine identity labels based on CPK, and the relevantauthentication protocol is designed to address issues such as fraudulent usage of virtualmachine; Secondly, multi-level key distribution access control scheme based on CPK inthe cloud computing environment is proposed, which adds the BLP model elements inthe model with appropriate modifications to suit the cloud environment, and thusregulate to the model access rules to define security level hierarchical structure of usersand information stored in cloud systems, improves the multi-level access control basedon ECC, and by using multi-level access control to derive multi-level key, by using thesecurity levels in CPK identity, the thesis makes the two schemes form a unified system;finally the thesis conducts a test simulation to achieve the key distribution and userauthentication process in CPK key system, and verifies the correctness of the proposedschemes.The proposed schemes achieved authentication and multi-level access control via Cryptographic techniques in the thesis have the characteristics of universal applicability,and can be widely applied in a variety of applications in cloud computing. The thesisprovides approach to realize controlling user access to sensitive data in incredibleenvironments such as cloud computing environment.