Research On Identity Authentication Based On Hybrid Cloud

In recent years, cloud computing has been widely used in production and life.Due to the demand for cloud data security and economic requirements, the hybrid cloud has become the trend of cloud deployments. The hybrid cloud identity authentication technology has already been an important role to ensure network security. Identity authentication based on hybrid cloud is divided into two parts for authentication in cloud and authentication across cloud. This paper focuses on the authentication in cloud.This paper compares the PKI, IBC, Kerberos three kinds of authentication mechanism. Through the analysis, found that Kerberos has low complexity and is suitable for the characteristic of distributed deployment. And Kerberos's feature makes it compared with other two kinds of authentication mechanism is more suitable for authentication in cloud. As a kind of mature authentication mechanism, Kerberos can guarantee the security of communication to some extent. However, it is undeniable that Kerberos has significant security risks.Through the study of cryptography and the analysis of the process and principle of Kerberos, it is found that the reason of Kerberos key management problem is that Kerberos is based on symmetric encryption. In cryptography, encryption methods are generally divided into symmetric and asymmetric encryption. The same key is used in symmetric encryption. The same key is used in symmetric encryption. However, in asymmetric encryption, the public key that is used for encryption cannot be decrypted.Therefore, it is difficult to guarantee the security of Kerberos. In this paper,asymmetric encryption technology is used in Kerberos mechanism, so as to avoid the security problem.Through the exposition of the exchange process in two cases of domain authentication and inter domain authentication, the improved Kerberos is explained.The domain authentication is detailed in three parts. In the case of inter domain authentication section the differences between domain authentication and inter domain authentication are explained. On the basis of the improved process, the system is designed and implemented by combining domain authentication and inter domain authentication. And the design idea, process and the realization process of data exchange are also introduced in detail.