计算机工程 ›› 2019, Vol. 45 ›› Issue (10): 13-18.doi: 10.19678/j.issn.1000-3428.0053469

所属专题: 云计算专题

• 云计算专题 • 上一篇    下一篇

混合云环境下基于异构系统的跨域身份认证方案

江泽涛, 时晨   

  1. 桂林电子科技大学 广西图像图形与智能处理重点实验室, 广西 桂林 541004
  • 收稿日期:2018-12-24 修回日期:2019-02-21 出版日期:2019-10-15 发布日期:2019-10-17
  • 作者简介:江泽涛(1961-),男,教授、博士,主研方向为云计算、图像处理、网络信息安全;时晨(通信作者),硕士研究生。
  • 基金项目:
    国家自然科学基金(61572147,61876049);广西科技计划项目(AC16380108);广西图像图形与智能处理重点实验室项目(GIIP201701);广西研究生教育创新计划项目(2018YJCX46)。

Cross-Domain Identity Authentication Scheme Based on Heterogeneous Systems in Hybrid Cloud Environment

JIANG Zetao, SHI Chen   

  1. Guangxi Key Laboratory of Image and Graphic Intelligent Processing, Guilin University of Electronic Technology, Guilin, Guangxi 541004, China
  • Received:2018-12-24 Revised:2019-02-21 Online:2019-10-15 Published:2019-10-17

摘要: 在混合云环境下,为满足身份认证方案在不同密码系统之间的跨域认证需求,提出一种基于公共密钥基础设施(PKI)和无证书密码体制(CLC)的跨域身份认证方案。引入基于PKI的多中心认证管理机制,对不同密码系统安全域的用户匿名身份进行管控和追踪。在用户和云服务提供商的双向认证过程中,完成会话密钥的协商和不同密码系统匿名身份的转换。分析结果表明,该方案在实现不同密码系统之间跨域身份认证的同时,可抵抗重放攻击、替换攻击和中间人攻击,具有较高的安全性及计算效率。

关键词: 混合云, 异构系统, 跨域认证, 匿名性, 双向认证

Abstract: In the hybrid cloud environment,in order to meet the cross-domain authentication requirements of identity authentication schemes between different cryptosystems,a cross-domain identity authentication scheme based on Public Key Infrastructure(PKI) and Certificateless Cryptography(CLC) is proposed.The PKI-based multi-center authentication management mechanism is introduced to control and track the anonymous identity of users in different cryptosystem security domains.In the bidirectional authentication process between the user and the cloud service provider,the negotiation of the session key and the conversion of the anonymous identity of different cryptosystems are completed.The analysis results show that the scheme can resist replay attacks,replacement attacks and man-in-the-middle attacks while achieving cross-domain identity authentication between different cryptosystems,and it has high security and computational efficiency.

Key words: hybrid cloud, heterogeneous system, cross-domain authentication, anonymity, bidirectional authentication

中图分类号: