| Nowadays, advancing wave of science and technology has produced a lot of powerful forces:Cloud Computing, Internet of things, Big data, and the Mobile Internet, etc., given the way people live and work a new definition. Literally, however, the cloud is the core of everything. All of the intelligent operations in the world of Internet of things, segmentation and processing for the task in the big data, the entertainment and services enjoyed in mobile devices need to be done through the cloud. However, at present in the electronic cloud computing ecosystem, a great many clouds exist in isolation, especially the private clouds built by small and medium-sized enterprises. Then, the concept of Inter-cloud was born to link different cloud service providers, make the resource sharing is not restricted, give full play to the value of cloud computing and the Internet technology.Inter-cloud allows service providers to apply for access to resources of other clouds as the end users do. However, safely exchange huge amounts of information must be established on the basis of security access control. Recently, Data leakage happened in succession, including some from the famous security vendor, this is a wake-up call to people. And more intensive application Services bring more multifarious digital Identities. Now "Identity as a Service" makes us see how urgent it is to find a strong and effective identity authentication technology. With the globalization of security system, more and more enterprises apt to use authentication solutions provided by manufactures such as Novell, IBM, Oblix and Netegrtiy to achieve better network strategy and permission in accordance with the business objectives. Moreover, many international organizations and leading IT enterprise has issued a series of standard and authentication technology, but few of them focus on how to reduce the possibility of leakage of personal privacy, which is the key to a successful solution.Based on the analysis of the mainstream of identity authentication solutions, this theisi summarizes the security privacy requirements for Inter-cloud identity authentication system and then proposes a new design idea. According to the security theory of Active Bundle, the theis present SAB attribute authentication mechanism with the integrity check, self-destruction, and evaporation security mechanism, etc. to ensure the sensitive information to minimize exposure and allow the operation on unreliable equipment. Furthermore, on the basis of zero knowledge authentication and homomorphic encryption, this thesis designs bi-directional anonymous authentication. At the same time, combined with the single sign-on mechanism of SAML, cloud identity authentication system prototype "SAB-IABS" is constructed. Finally, a simulation experiment was designed to verify the scheme successfully, and then analyzed the security and performance of the system in practical application. |
PDF Full Text Request