Cross-Domain Authentication Scheme For Cloud Computing Environment

With the birth and rapid development of Internet technology,information and data explosively grow.Users need to continuously increase the input of system hardware to improve their computing ability and Storage capacity,but this way is limited and inefficient.In addition,server clusters configured according to high load will cause a lot of waste and idleness of resources and high maintenance cost when they are under low load.By modularizing and centralizing the demand,cloud service providers can effeciently improve the utilization of resources,facilitate users,and reduce costs by paying on demand.As a result,cloud computing technology with the core characteristics of resource leasing,application hosting and service outsourcing has attracted wide attention from all walks of life,and rapidly developed into a strategic emerging industry.Identity authentication is the foundation of cloud computing security.It mainly guarantees the identity of users and cloud service providers,and prevents illegal users from accessing cloud resources.With the rapid development of cloud computing technology,its deployment scale is becoming larger and larger,and users are traversing frequently between different trusted domains.However,the traditional cross-domain authentication technology cannot meet the security needs of cloud computing.In order to solve the above problems,based on certificateless cryptosystem,proxy re-signature system,bilinear mapping and PKI/CA system,this paper proposes two cross-domain authentication schemes which can be widely used in cloud computing environment.(1)To overcome the shortcomings of certificateless authentication schemes that can not meet the needs of cross-domain anonymous authentication,a cloud-based cross-domain authentication scheme is proposed based on bilinear mapping.In the proposed scheme,the authenticity of the identity of the authentication parties is guaranteed by the validity of the certificateless signature and the validity of the message,and the negotiation of the session key is completed while the two-way cross-domain authentication is completed.The hierarchical ID tree structure and "password+key"two-factor authentication method are introduced to ensure the uniqueness of the identity and enhance the security of the scheme.The temporary identity is used to realize the anonymity of the user's identity,and the malicious anonymity behavior of the user is controllable.The analysis shows that the proposed scheme is secure in CK model and can resist forgery,replay and replacement attacks.Its performance is more suitable for cloud computing environment.(2)Combining proxy re-signature technology with PKI/CA authentication system,a cloud-based cross-domain identity authentication scheme based on proxy re-signature is proposed.In the whole authentication process,the validity of the digital certificate and the validity of the authentication message can ensure the authenticity of the identities of the two parties,exchange their key agreement parameters while completing authentication,and determine the session key.In addition,establish trust between domains through the certificate conversion function of semi-trusted proxy.The relationship efficiently avoids the problems faced by traditional PKI system when it is applied in cloud computing environment.The analysis results show that the new cross-domain identity authentication scheme has the characteristics of anonymity and anonymity controllability of user identity,traceability of malicious users.Moreover,session key satisfies forward/backward security,and attackers cannot break the security of this scheme by replay attack and substitution attack.The new scheme retains the technical advantages of PKI and aims at cloud computing environment.The core features simplify the interactive authentication process and improve the efficiency of cross-domain identity authentication.