Research On Key Technologies Of Authentication In Service Orientied Big Data Environment

Service Oriented Architecture (SOA) has become the ideal architecture of building open business collaboration relationship among data centers in big data environment. While in SOA environment oriented big data, the problems such as dynamic change of data center business collaboration and the opening of service, cause serious security danger in authentication. Besides, privacy leakage problem made by the big data leads to new challenge of authentication service implementation. To implement dynamic and efficient authentication which can keep the private information’s safe in big data environment becomes one of the hotspot in the field of information security.Based on the deep analysis of SOA authentication requirements of big data, the thesis mainly studies identity authentication technology and service invocation authentication technology. The paper designs the SOA system authentication framework. Based on the characteristics of the framework, the thesis proposes identity authentication protocol and service invocation authentication in which can protect the privacy of users. It provides effective methods of implementing of identity authentication and service invocation authentication effectively in big data environment. The main research work is as follows:1. Based on the thorough analysis of SOA authentication requirements, it proposes the SOA authentication system framework, which is suitable for big data environment. In order to achieve the identity authentication and service invocation authentication in big data environment, authentication system framework is designed. Besides, it describes the composition and function of authentication system, and the working process of identity and service invocation authentication. This framework integrates identity authentication and service invocation authentication. Moreover, it conforms to SOA authentication requirements in big data environment, and provides base in the research and design of specific authentication schemes.2. The thesis designs identity authentication model supporting the user privacy protection and puts forward identity authentication protocol within and across the data center. Aimed at the characteristics of dynamic collaboration and frequent interaction between data centers, and the problem of sensitive information leakage in the process of user authentication process, it proposes identity authentication model which has privacy protection function. This model implements the privacy security interaction and the establishment of dynamic authentication relationship between the entities. In order to achieve the security of single sign-on in the complex big data environment, it puts forward identity authentication protocol having privacy function. By designing the protocol, identity authentication efficiency within and across the data center improves, and user privacy in the process of authentication interaction is fully protected.3. The thesis proposes service invocation authentication protocol based on certicateless aggregate signature. In order to solve the problems of illegal tampered and forgery to SAML in service invocation, to ensure identifiable path of message at the same time, to improve the efficiency of service invocations among entities, and to combine to the characteristics of multi-user participation in service invocation, it designs certificateless aggregate signature scheme. This scheme supports service invocation validation party to authenticate source reliability at real-time as well as to the signature entity identity verification. It has high efficiency of signature and authentication, and the security of this scheme is proved under the standard model. Besides, service invocation authentication protocol is designed based on that scheme. That protocol has the function of entity authentication, reliability validation of message source, identification of transmission path, and secure information transmission in the process of service invocation.4. Based on the research of key technology, it designs secure authentication service prototype system. On the basis of overall authentication system framework, the key modules are implemented. Therefore, it verifies the correctness of identity authentication protocol and service invocation authentication protocol.