Research And Implementation Of User Authentication And Audit Technology For Cloud Computing

Cloud computing is a new computing model. Through the network, it provides a scalable distributed computing ability and software/hardware resources according to user’s need. In the cloud computing environment, the trusted internal and external environment is the premise of secure communication between users and cloud server. Due to the openness and complexity, the security issues of cloud computing are becoming serious. The identity authentication and access control technology are two important issues of cloud computing security. The traditional authentication schemes only pay attention to users and ignore certification of the server. The permissions of role in access control model are directly author by system administrator and can not be change.This paper realizes the cloud computing file management system, including functions of group data upload, download and share. In the mean time, Paper introduces the technology of bidirectional authentication based on identity and the access control based on user behavior evaluation. The innovations as follows:(1) Design and implement the group function in the file management system based on HDFS. The system achieves the file transmission security between user and group by using symmetric encryption algorithm, such as 3-DES, DES and AES, etc.(2) Through the improvement of IBE technology, realize the bidirectional identity authentication between users and server. The authentication structure consists of PKG, groups and users. Paper solves the key escrow problem by reconstructing key pair at the client. In order to improve the security of cloud computing environment, paper uses bidirectional identity authentication to ensure the legitimacy of the two sides and avoids the problems of legal user access to illegal server and the illegal user access the legal server.(3) With the user behavior audit results in group, paper calculates the trust value of user’s behavior by using FAHP. It is more in line with the objective requirement of behavior evaluation. This paper combines role-based access control and privilege assignment rules, and implements the dynamic power distribution. It can effectively suppress some illegal behavior of the cloud user.