Research Of Strong Zero-knowledge Authentication Scheme Based On The Passwords In Cloud Computing Environment

Cloud computing is a new computing model that can enable users to do such work as data processing at any time.Cloud services can provide users with huge storage and computing resources,and it can solve the problem of limited local resources and thereby improves work efficiency.However,with the rapid rise of cloud computing applications and cloud services,data security and privacy issues are facing unprecedented challenges.In general,to solve the problem of network information security mechanism,the implementation of the user authentication is the most basic and the most important issue which will pave the way for subsequent control of user access privileges.Among all kinds of the authentication technologies,password-based authentication has been widely concerned because of its portability.Password-Authenticated Key Exchange(PAKE)uses the shared password or password authentication value between the user and the server to realize the authentication of the server to the user,and at the same time,it helps users to complete the session key generation.This is an effective method to solve such authentication problem.Nowadays,many related protocols have been proposed.But for the security response to the needs of the cloud environment,there are still some problems need to be solved.For example,how to reduce the user password memory difficulties,weak password for strong authentication;how to realize mutual authentications;how to meet the optimization of safety and efficiency;how to resist various attacks as much as possible.In view of these issues,this paper deals with the problem of remote data transmission security and identity authentication in cloud environment.The main contents of this paper are as follows:1.A strong zero knowledge authentication mechanism based on virtual password is proposed.In a distributed network environment,considering that users can hardly remember complicated passwords with high security,and often choose to associate with their own or of some specific meanings of the string as a password,and will not take the initiative to change the password regularly,by employing dynamic password identity authentication model with challenge/response security policy,we propose a zero knowledge authentication scheme based on virtual password,which is based on the dynamic password authentication model.Our scheme can ensure the privacy and security for both the communication sides.In addition,the user can freely select the password,and the need to be remembered is only a short password of weak entropy.Our security analysis shows that our proposed authentication scheme can achieve strong password authentication and overcome several attacks.Our scheme is suitable for realizing the two-way authentication between the user and the server in distributed network environment.2.Through the security analysis of the authentication key agreement scheme proposed by Chen et al.,which is based on smart card and password,it is found that their scheme may suffer an off-line password guessing attack and lack the perfect forward security.In view of this,based on the strong zero knowledge authentication scheme based on virtual password given above,by employing session key agreement protocol,this thesis presents a kind of zero knowledge authentication scheme based on both virtual password and session key agreement.This scheme can not only realize the user authentication,but can also establish a secure communication channel for both sides of the users in the open network,and so can ensure the security of the mutual information transmission.This scheme can well resist the off-line password guessing attack existed in the schemes such as Chen et al.and achieve the perfect forward security.It can be used to realize the data security transmission and the user's identity authentication in the big data environment.