Research On Key Technologies Of Authentication Supporting Privacy-preserving

By using the loosely-coupled,platform-independent and reusable Web service,Service Oriented Architecture(SOA)is widely applied in cloud computing and big data,the service's openness and the complexity of the business process collaboration are increasing,the users' private information might be illegally collected by the aggressor even though they had been passed SOA's security certification.Therefore,how to possess the security certification and keep the private information's safe is research hotspot need to be solved urgently in the present.Aiming at solving the problem of privacy-preserving in the SOA authentication,this thesis mainly focus on the authentication's general framework of the privacy-preserving,the design of anonymous authentication protocol and service invocation authentication.This thesis is mainly as follows:1.This thesis proposes the general authentication framework supporting privacy-preserving,which can integrate identity authentication and service invocation authentication in the multi-field cooperation enviroment,simultaneously the general framework protects the user's private information effectively.Firstly,this thesis analyzes the characteristics of secure authentication and requirements of the privacy-preserving in service oriented multi-field collaboration environment.Then we detailedly describe the composition and function of authentication framework,and design the protocol process of the identity authentication and service invocation authentication.2.A one-off public algorithm(OPKA-PDTPK)which can resist the attack from the dishonest third-party is proposed,this method solves the existing impersonation attack which can not be resisted and cause by dishonest third-party,ensure the confidentiality of the users' private information,meanwhile,provide the support for designing the identity authentication protocol supporting privacy-preserving theoretically.Because the identity index is added during the distribution the secret key,when the public verification information was released,the users and service suppliers might judge the integrity of the above information,that will increase the supervision level;users and service providers can judge whether the third party is honest or not via verifying the identity index that the third party published and the publicly verifiable information while is generated during the private key extraction,consequently this algorithm can supervise the behavior of the third party.At the same time,the index algorithm can reduce the number of bilinear operation,improving the efficiency of trace for malicious users.3.Anonymous Authentication Protocol(OPKB-APP),suitable in in the multi-field cooperation environment,is presented in this thesis and solved the problem of privacy disclosure might appeared when the aggressor acquired users' information and the semi-trusted service provider reused those information.The strong anonymity of the OPKA-PDTPK promise the concealment of user's identity information in identity authentication protocol,in the meantime,introducing the hierarchical identity-based cryptography can premise that building of multi-trusted environment.If the main parameters are maintain consistent,the OPKA-PDTPK ensured the unnecessity of exchange the system para meters during the process of multi-filed authentication,reducing the frequency of mutual authentication;based on the applied pi calculation,the thesis conduct the formalized model about the confidentiality,authentication,anonymity,unlinkability and forward security,to verify the above security attribute with the automate verification tool named ProVerif.4.The thesis proposes a service invocation authentication protocol(SI-PPAP)with the function of privacy protection,solving the problem of sensitive information disclosure when executing service invocation authentication in service oriented multi-domain collaboration environment.There are many service providers participate jointly during the process of service invocation,in accordance with this characteristic and the service path,the thesis adopts certificateless aggregate signcryption(C LASC)to integrate the signcryption,which support the service providers to join the certification process dynamically;for satisfying the demands of integrality,reliability validation of message source,identification of transmission path,verification efficiently and privacy-preserving,the CLASC and Diffie-Hellman algorithm had been used to insure the mutual information only decoded for specified service provider,this protocol can control the scope of disclosure of the user's private information.Because of the aggregate signcryption algorithm,the length of interchange information in the SOAP message is shorter than existed protocols,which means SI-PPAP transfer the data more efficiently.