Research And Implementation Of Cloud Computing Oriented Distributed Trusted Identity Authentication System

As a new pattern for organizing computing resources and providing computing services,cloud computing has become our country's key strategic focus and orientation.It is highly applied to support the smart cities,finance,military,medical care,education and some other industries.Cloud computing is featured by a multi-domain coexistence and multi-cloud hybrid,which leads to its massive identity management facing severe challenges.In the matter of distributed certificate validation and cross-domain authentication,the central service based on the Public Key Infrastructure(PKI)cannot meet authentication demands of massive and diversified users.This thesis focuses on the problem of trusted authentication in multi-domain cloud-computing scenarios,and proposes a multi-domain distributed PKI architecture based on blockchain.In order to achieve efficient and trusted authentication of user identities within and across domains,our work is dedicated to solving problems such as single node invalidation within the domain and complex cross-domain authentication caused by the centralized authentication pattern.The specific work is as follows:Aiming at problems of the certificate service system invalidation due to a single point attack on the PKI system,the basic idea is to decouple the certificate management module and the certificate issuing module from the Certification Authority(CA),and use blockchain ledger to replace lists of certificate issuance and revocation.This thesis proposed a decentralized PKI certificate service architecture and a blockchain-based certificate query method,for achieving distributed query service of user certificate,avoiding system crashes caused by single point failure of PKI,and enhancing system robustness.Since the block-by-block method for certificate queries in the blockchain incurs lot of time overhead,a dual cuckoo filter is designed to dynamically maintain the filter bucket to rapidly verify the validity of the certificate.The experimental results show that,when 500 digital certificates are generated at once,the average time required for each certificate is 3.413 ms and the occupied space is 1.439 KB,which is 74.5% less time and 64.9% less space than the Cert Chain scheme(IEEE INFOCOM 2018).To satisfy the requirements of multiple independent PKI cross-authentication,This thesis propose a method for constructing a multi-PKI fusion certificate service system based on blockchain for multi-domain distributed certificate verification,which simplifies the certificate query process,improves identity authentication efficiency,and resolves crossdomain authentication.It solves the problems of high complexity caused by multiple signatures between PKIs and low efficiency caused by certificate chain query.The low query efficiency caused by the increase of the block chain length after multi-domain block fusion,a block structure suitable for a multi-domain PKI certificate chain is designed to reduce the additional time consumption caused by the block-by-block query.The more space occupation caused by the increase in the length of the blockchain,a digital certificate authentication method based on block header information is proposed to reduce the space overhead caused by the introduction of the blockchain.The experimental results show that the certificate validity query time of dual-cuckoo-filter based method is 60.9% less than that of the block-by-block manner.Benefited from lightweight construction techniques,the space occupied by a single block is 0.295 KB,and the space occupied is reduced by 79.5%.On consideration of the above content,a multi-domain distributed trusted identity authentication system for cloud computing is designed and implemented.The system has functions such as issuing/managing/backing up identity certificates,distributed issuance/revocation of certificates based on blockchain,multi-domain fusion crossauthentication,etc.,which meet the needs of decentralized digital certificate storage and efficient query verification.The system is applied to the cloud desktop system of the cloud computing platform,which verifies the feasibility and efficiency of the scheme.