Research On Trusted Identification Issuing And Authentication Mechanism In Cloud Service Scenario

With the rapid development of the information age,the cloud computing market has rapidly expanded.Clouds that carry many user privacy data face severe security challenges.In order to protect user privacy and ensure that participants implement secure communications in an open network environment,identity authentication technology is particularly important.And how to use identity authentication technology to escort the cloud environment has become a hot issue for many scholars.The public management system based on digital certificates was first proposed and can be applied to large-scale network environments.However,the management of a large number of certificates is a problem that the cloud environments need to face.Identity-based public key cryptography solves this problem,but the users can only trust the private key generation center to obtain the private key,which inevitably brings the issue of hosting.And this system is not suitable for a wide range or open network environment.The certificateless public keycryptography is a cryptography between traditional public key cryptography and identity-based public key cryptography.It cleverly solves the problem of certificate management and key escrow issues,and it has become one of the most promising directions in the cryptography.For identity-based authentication in cloud service scenarios,the research work in this paper is as follows:Firstly,in order to achieve unified user authentication in cloud environment,this paper combines the certificate-based public management system and identity-based certificateless signcryption technology,and proposes a new combination authentication model under cloud service system.The model begins with the establishment of a trust relationship between domains by a trusted third-party digital certificate authority CA.The CA is responsible for issuing digital certificates for each cloud domain,sothat users can get rid of a series of complicated certificate operations;A certificateless public key cryptography is used in the domain to unite multiple clouds to solve key escrow problems and introduces a hierarchical identity structure to ensure the uniqueness of user identities.At the same time,the shared key technology is adopted to strictly protect the master key.In this way,the security protection of each link is separately achieved,thereby guaranting the security of the entire system.And according to the characteristics of the scheme,a system analysis is carried out to prove the feasibility of providing services based on the identity-based hybrid authentication model in the cloud environment.At the same time,compared with other schemes,it is found that the scheme has higher security.Secondly,according to the cloud security hybrid authentication model,combined with bilinear pairing mapping,this paper proposes a key agreement scheme for intra-cloud and inter-cloud in a cloud environment,which realizes two-way authenticationbetween the user and the cloud authentication center,andcompletes the negotiation of the session key.By analyzing thesecurity performance of key agreement protocols in the cloud,comparingthe security attributes and computational efficiency of cross-cloud key agreement protocols with other schemes,and shows that theschememeets the requirements forauthentication that beloging to different cloud domains and secure access for users in the cloud environment.Effectively solves the problem of data access security in the cloud environment,and it can better meet the practical application requirementsof only one authentication in different cloud domains.Finally,in order to solve the problem of limited resources for multi-user signature authentication,this paper focuses on the characteristics of the aggregate signature and combined with the identity-based certificateless signature scheme,first deeply analyzes the certificateless aggregate signature scheme proposed by Du et al.,and points out that the scheme has security loophole,failing to claim the claimed security features.Then,based on the two types of certificateless attack models,using bilinear technology to improve the Du scheme,and design anew,more secureaggregate signature scheme.It also proves that this improved scheme that based on the CDH calculation problemsatisfies the existence of unforgeability under adaptive selection attack under the random oracle model.Comparing with several other schemes,it is found that the scheme guarantees the security of the signature with less computational overhead.Itis more suitable for the authentication between multiple users in the cloud service scenario.