Research On Key Management Of Identity-based Cryptosystems In Cloud Computing Environment

Now with the gradually popularization of cloud computing technology, the users’ privacy leakage events have occurred frequently. How to safely manage keys in cloud computing environment and prevent the users’ identity being pretended has become an important problem. Secure key management scheme can effectively prevent network attackers attacking illegally. At present, there are many results on the key management based on the certificate and the status of the study. However, there are little results on key management schemes in cloud computing environment.In this paper, the relevant key management scheme is studied and analyzed.Considering the security of the key management structure based on the certificate on the key escrow which is suitable for the large-scale networks, while the key management scheme based on identity significantly increasing in efficiency and other characteristics, an improved key management scheme based on secret sharing thoughts is proposed.In this paper, the main research work is as follows.(1) The three-parties exchange passwords authentication protocol is studied and analyzed in the cloud computing environment. This agreement is deposited and distributed by the private cloud as intermediaries, the usersof private cloud and registration of public cloud in the identity and status in the private cloud passwordrespectively. Identity code forwarded by vs. private clouds to achieve the mutual communicatedbetween the users and the pubic cloud. In the cross-platform, multi-user oriented cloud environment, the authentication protocol can resist the users’ identity forgery attack.(2) The characteristics of key management scheme based on identity is studied. Based on the key escrow solution proposed by Chen in 2002, an improved key management scheme based on identity authentication is proposed. Different from the original scheme of simple adding multiple different PKG center, multiple PKG centers adopting hierarchical has set up in improved key management scheme. Multiple PKG of tree ring structure is used to response to different groups of users.Through verifiable threshold secret sharing technology, each layer of the PKG individuals can validate the upper key generation centers, and other key holders decide whether it is honest. Hierarchical structure is used to ensure the independence of the key and dynamic, ring structure is used to circumvent the private key escrow and improve efficiency. Improved scheme solved two problems in the original plan: one is the problem of PKG center its integrity of key escrow, and the other is the problem of setting more the system efficiency of PKG.(3) The application of the proposed scheme is analyzed in the cloud environment. By the annular structure meeting the requirements of a distributed cloud environment users; In the same layer there can include multiple rings, in order to realize the high scalability of the cloud environment; Each ring is trusted connected, in order to achieve the purpose of the cloud cross-platform. By the simulation analysis, in the same conditions, the solution in terms of efficiency and storage are better than the results of the IBC and PKI encryption authentication algorithms. In security, combining with the password exchange protocol in the bottom of the client can resist offline password end speculation attack in cloud environment, which ensured the client between the cloud and the key in the process of identity authentication security.