Research And Implementation Of Security Authentication And Authorization Technology Towards Cloud Privacy Preserving System

With the rapid development of Cloud Computing, more and more enter-prises transform their business to the cloud servic providers and store their data in the cloud server. However, privacy and security is getting more and more challenging because the cloud server is not credible and enterprises could not control data’s transmission and storage location. Based on the technologies of ZKPK, Paillier homomorphic cryptography and DES, Cloud Privacy Preserv-ing System proposes a privacy-preserving scheme and preserves privacy secu-rity and data integrity of typical SaaS cloud services such as publish-subscribe service. At the same time, with the development of Internet, data opening and sharing is increasingly important. Therefore, how to open privacy preserving services of Cloud Privacy Preserving System to the third applications securely is of great importance.The paper aims at solving the problems that how to combine privacy-preserving schemes with the authentication and authorization technology ef-fectively in Cloud Computing. Based on OAuth2.0and digital signature tech-nology of HMAC-SHA1, the paper designs and realizes the security authenti-cation and authorization system towards Cloud Privacy Preserving System. At first, the authentication and authorization process and security risks of OAuth2.0have been studied; the privacy-preserving mechanism of Cloud Privacy P-reserving System has been analyzed; some open source libraries of OAuth such as doorkeeper and weibo2have been analyzed and summarized. Then the sys-tem is implemented by using Rails and based on the design idea of MVC. The system can not only provide third applications with HTTPS APIs of authentica- tion, authorization and resources, but also provide the administrator and users’ s management interfaces. The system is more secure because the administra-tor and users can know detailed accesses of third applications, and cancel the authorization of the third application when the third application is not secure. Finally, comprehensive and detailed tests show the feasibility of the system.